Insights on digital risk and
personal security
Digital risk is evolving quickly. For individuals and families with greater public presence, professional responsibility, or complex personal lives, digital exposure is often higher. The impact of a security incident can extend beyond inconvenience to affect privacy, reputation, and financial well-being.
%20(1).avif)
%20(1).png)
Featured articles
A small selection of articles that help readers stay informed about personal and executive digital risk.

Introduction
Important family, financial, and legal information is increasingly stored across devices and online accounts, making a reliable backup plan an important part of protecting it.
For many families, these types of files now exist across different devices and services, so it helps to know where those files are stored, how they can be recovered, and what their risks are.
For high-net-worth individuals, families, and executives, backups are especially important because the information they rely on is often highly valuable, private, and difficult to replace. A lost device, ransomware attack, cloud account issue, or hardware failure can quickly disrupt personal, financial, or business matters.
Having a reliable backup plan helps ensure important files remain accessible, protected, and recoverable when something goes wrong.
Common risks to your data
Data can be lost in several ways, including lost or stolen devices, ransomware, or everyday backup failures such as cloud service outages, file corruption, or hardware failure.
Lost/Stolen Devices
If a device is lost, stolen, or destroyed, any files stored only on that device may be permanently lost. The best protection is to keep a backup in another place, such as a cloud account or an external hard drive.
Ransomware
Ransomware is another serious risk. This type of attack locks your files and demands payment to restore access. An offline backup, such as an external hard drive, protects your files since attackers cannot access it.
Everyday Backup Failures
Backups can also fail for everyday reasons. Automatic backup settings may be turned off, an important folder missed, files become corrupted, or a cloud service may be temporarily unavailable. A helpful rule of thumb is to keep three copies of important data: one on your device, one in the cloud, and one on an external hard drive.
Cloud backup as a first layer of protection
Cloud storage saves your data online through a service such as Google Drive, Apple iCloud, or Microsoft OneDrive. You can access files from any device with an internet connection, and many cloud services can back up your files automatically.
Cloud services you may already use
Apple iCloud
- Included on all Apple products (iPhone, iPad, Mac)
- Can be set to automatically back up photos, videos, contacts, documents and text messages
Google Drive
- Built into many Android devices and Chromebooks through a Google account
- Windows and Mac users need to install Google Drive for desktop and choose which folders to sync
Microsoft OneDrive
- Built into Windows 10/11 and included with Microsoft 365 subscriptions
- Can be set to automatically back up your Desktop, Documents, and Pictures folders
Using cloud backup securely
- Start by confirming that cloud backup is turned on for each device and the right files and folders are included.
- Check that recent files are being backed up and that you have enough storage for the information you want to protect.
- Protect every cloud account with a strong, unique password and multi-factor authentication.
Since cloud backups can sync unwanted changes, including ransomware-encrypted files, cloud backup should be paired with an offline backup that is disconnected when not in use.
Using a hard drive as an offline backup
An external hard drive provides an extra layer of protection if something goes wrong with your device or cloud account.
To use an external hard drive, connect it to your computer, copy your important files, and disconnect it once the backup is complete.
For added safety, store the drive in a secure location away from your main devices. A safety deposit box or personal safe is the most secure option.
A good place to start
- Identify the files that would be hardest to replace, such as legal documents, financial records, tax documents, insurance information, and family photos.
- Confirm cloud backup is turned on and includes those files.
- Protect cloud accounts with strong passwords and multi-factor authentication.
- Copy important files to an external hard drive and disconnect when finished.
- Store the hard drive somewhere safe, and separately from your main devices.
- Test your backups periodically to make sure the files can be recovered.
How Richter Guardian can help you
If you’re a client and have questions about securing your backup accounts, multi-factor authentication, protecting your devices from ransomware, or improving your overall device backup strategy, please contact our team.
Not yet a client but interested in Richter Guardian?
Request a private consultation to find out whether Richter Guardian is a good fit for you.

Understanding Mythos AI: What It Means for Your Digital Security
Introduction
Anthropic's Claude Mythos is an advanced AI model currently available only to a select group of vetted technology companies, not the general public. While it holds significant promise as a defensive tool, capable of uncovering security flaws before criminals can exploit them, the same capabilities could be misused to lower the effort needed to exploit weaknesses in email, banking, and personal accounts.
For high-net-worth individuals, families, and executives managing significant assets, this increases the risk of targeted fraud, account takeovers, and financial loss, making strong cybersecurity practices more important than ever.
What's Mythos AI?
Claude Mythos is an advanced artificial intelligence model developed by Anthropic, the company behind the widely used Claude AI assistant. It can be thought of as a much more powerful version of AI tools that many people already use for daily tasks. Mythos goes far beyond earlier models, especially in areas such as complex reasoning, software analysis, and, most importantly, the ability to identify weaknesses in computer systems.
At this time, Mythos is not available to the general public. It is still going through testing and review and has only been released in a highly controlled way to a small number of trusted organizations. These include major technology and security companies such as Microsoft, Apple, Amazon, Cisco, and CrowdStrike. This limited release is intentional. Anthropic has stated that Mythos is powerful enough to cause serious harm if misused, so they have chosen to share it cautiously and with careful oversight.
Why's everyone talking about it?
There are two main reasons Mythos is receiving so much attention. The first is concern within the cybersecurity community. Mythos represents a major step forward in what AI can do when applied to computer systems. Security professionals worry that existing defense tools and practices have not yet caught up. There is also concern that criminals could use tools like Mythos to make cybercrime faster, cheaper, and easier to carry out.
The second reason is business momentum. Every major AI announcement attracts investors and increases public interest. This often raises the perceived value of companies such as Anthropic, OpenAI, and Google. As a result, Mythos has become not only a security issue, but also a financial and market-driven story.
It is important to understand that Mythos is not an isolated development. Other companies, including OpenAI and Google, have already released AI models with similar cybersecurity-related capabilities, though generally at a lower level. What makes Mythos different is how quickly and efficiently it operates, as well as Anthropic’s openness in discussing both its potential benefits and its risks.
How does this affect you?
Mythos does not create entirely new types of cyber threats. Instead, it significantly lowers the level of skill, knowledge, and time needed for attackers to exploit existing weaknesses. These weaknesses exist in the everyday technology we all rely on, including phones, laptops, email systems, and banking or investment applications.
Cyberattacks that once required a team of highly skilled hackers may soon be possible for a single individual using AI tools. For individuals and families with significant financial assets, sensitive personal communications, or access to influential networks, this increases risk. The most common and serious threats remain personal email compromise, fraudulent wire transfers, and targeted account takeovers.
How you can keep safe
Regularly review your digital access points
Make sure all important accounts, such as banking, email, and investment platforms, use strong, unique passwords, and enable multi-factor authentication wherever it is available. In addition, use credit monitoring services to help detect fraud, unauthorized accounts, or identity misuse as early as possible.
Be cautious with unexpected messages
AI can now generate very realistic phishing emails, texts, and phone messages. If something seems unusual or urgent, verify it through a separate and trusted method before taking action.
Confirm your advisors are prepared
Organizations that manage your assets should be reviewing and strengthening their cybersecurity controls, including how sensitive data is protected and how fraud risks are managed.
Richter Family Office supports high‑net‑worth families and executives by integrating cybersecurity and risk considerations into wealth management, governance, and operational oversight.
Contact us with any concerns
Richter Guardian is actively monitoring developments related to Mythos AI and other emerging cyber risks. We will continue to share updated guidance as the situation evolves.
Please contact us immediately if you notice unusual account activity, suspicious communications, or unexpected requests involving sensitive or financial information.
Not yet on Richter Guardian but interested in learning more? Request a private consultation.

Travelling and Social Media – How To Keep Safe
INTRODUCTION
It’s natural to want to capture the moments from your special vacations and share them on platforms like Facebook and Instagram with family and friends. However, posting these photos while you are still on your trip can expose you to various cybersecurity risks. Cybercriminals often exploit social media to gather information about your travel plans, and by sharing your vacation in real time, you may unknowingly make yourself a target.
HOW TO ENHANCE YOUR SECURITY ON VACATION
By following these precautions, you can enjoy your vacation while minimizing the risks associated with social media sharing:
- Set Your Account to Private: Restrict access to your personal information by sharing only with people you know. Public settings allow anyone to view your posts, potentially putting you at risk.
- Decline Requests from Unfamiliar Individuals: Be cautious when receiving friend requests from strangers. Unfamiliar profiles might be cybercriminals in disguise, aiming to extract money or steal your identity.
- Avoid Posting Travel Details or Itineraries: Keep your travel arrangements private. Sharing confirmation numbers for hotel reservations, airline tickets, or excursions online can provide cybercriminals with valuable information they can exploit.
- Share Photos After Returning Home: Although it may be tempting to post in real-time, consider waiting until you’re back home. You can still share your vacation highlights, and it’s a safer approach.
- Educate Your Children on Social Media Safety: While you might be aware of how to stay safe online, your children might not. Ensure they understand the importance of secure sharing practices during and after the trip.
HOW RICHTER GUARDIAN CAN HELP YOU
Richter Guardian’s concierge service can help you secure your social media accounts during setup. Request a private consultation

Unveiling the dark side of voice-cloning artifical intelligence
INTRODUCTION
Voice-cloning AI, which is the technology that enables the replication of a person’s voice, can assist researchers with collecting and analyzing data from different languages, dialects, and accents. Voice-cloning AI is versatile and finds applications in various creative domains.
voice-cloning artifical intelligence and small businesses with voice-cloning AI. Deep learning models can now replicate the nuances, inflections, and specific characteristics of a person’s voice with just a few minutes of sample media.
IMPLICATIONS FOR FAMILIES AND SMALL BUSINESSES
While there are positive and creative uses for voice-cloning AI, it is important to be aware of the potential risks and misuse. Here are some ways in which voice-cloning AI could lead to cybercriminal activity:
- Impersonation and Social Engineering: Cybercriminals could use voice-cloning AI to mimic the voices of individuals in positions of authority, such as company executives. In doing so, cybercriminals could instruct employees into making unauthorized transactions.
- Phishing Attacks: Voice-cloning could be used to voice-phish; individuals can be deceived into sharing sensitive information over a call.
- Extortion and Blackmail: Cybercriminals may leverage voice-cloning to create audio deepfakes of the targeted individual for the purpose of extortion or blackmail.
RECOMMENDATIONS
Given the sophistication of these threats, Richter recommends individuals and businesses to safeguard themselves by employing the following:
- Multi-factor authentication (MFA) – If you currently use voice verification as a type of authentication, ensure to include another form of verification to help safeguard against voice-cloning AI.
- Establish protocol within your small-business – Set clear protocols for financial transactions and sensitive data sharing. Keep these protocols confidential.
- Remain skeptical – Individuals should exercise caution when receiving unexpected calls, especially if the caller requests sensitive information.
Browse by topic
Explore articles based on areas of risk and responsibility.
Latest articles
New articles and updates from the Richter Guardian team.

Toyota Confirms Ransomware Attack, Data Breach
Introduction
Toyota Finance Services (TFS), a subsidiary of the well-known automaker, has confirmed that they were hit with a ransomware attack. TFS detected unauthorized access to some of its systems in Africa and Europe after cybercriminals claimed an attack on the company. The cybercriminals, also known as the Medusa ransomware gang, claims responsibility for the attack.
Summary Of the Incident
The Medusa ransomware gang had listed ‘Toyota Financial Services’ to its data leak site on the dark web and demanded a ransom payment of $8,000,000 to delete allegedly stolen data. The cybercriminals published sample data that included financial documents, hashed account passwords, passport scans, etc. to prove the intrusion. As of right now, the incident is limited to Toyota Financial Services Africa & Europe. A spokesperson announced that the process of bringing their systems back online is already underway.
How to Stay Safe
- Reset All Passwords – If you are reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.
- Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.
How Richter Guardian can help you
Richter Guardian can help you determine if some of your user accounts were involved in a previous breach
Our platform can determine compromised credentials through comprehensive dark web monitoring.

BMO Scam Highlighting Vulnerabilities in Two-Factor Authentication
Introduction
A recent article published by CBC news highlighted a concerning scam that involved the Bank of Montreal (BMO). The scam managed to exploit vulnerabilities associated with the two-factor authentication (2FA) system of the bank. This advisory aims to provide an overview of the issue, its implications, and recommendations.
Summary of the Incident
The scam primarily targeted customers with lines of credit. Perpetrators pose as bank employees and use a combination of phishing techniques and flaws in the 2FA process to gain unauthorized access to customers’ accounts, subsequently making unauthorized transactions.
Implications
- The trustworthiness of 2FA is at stake. Customers generally perceive 2FA as a robust security measure, but this incident underscores potential vulnerabilities.
- The scam demonstrates that even with the second layer of authentication, user accounts can be compromised if the process isn’t foolproof.
- Potential loss of customer trust in banking institutions due to such vulnerabilities.
Recommendations
- Stay Informed: Regularly update oneself about the latest scams and phishing techniques. Always be skeptical of unsolicited calls or emails asking for personal or banking information.
- Use Advanced Security Features: Wherever possible, use advanced security features like biometric authentication or hardware-based security keys.
- Monitor Accounts: Regularly check bank accounts for unauthorized transactions and report any discrepancies immediately.
- Stay Educated: Participate in security awareness sessions provided by your Richter Guardian team, the bank or other trusted organizations.
How Richter Guardian can help you
While 2FA is an essential security feature, it is not infallible. Richter Guardian clients should be proactive in understanding its limitations and continuously seek ways to enhance their security posture.
Contact us at anytime you are unsure. If you receive a call from someone purporting to be your bank and you are unsure, call us to help you determine the legitimacy of their communication.
Not yet on Richter Guardian? Request a private consultation
Table 1 – Levels of two-factor authentication that may be available to protect your bank account.

Protecting Against Technical Support Fraud
Introduction
Cyber criminals have been carrying out technical support scams for over a decade. As technology evolves, so do the techniques of fraudulent tech support scammers, making it difficult for people to discern whether the technical support team they’re speaking to is legitimate. Technical support scams are so common that the FBI’s Internet Crime Report of 2022 reported that ‘Tech Support Crime’ had over 30,000 recorded victims in 2022.
Summary of A Technical Support Fraud
Technical support scammers use many different techniques to trap people and gain access to their computers and other devices. After they convince you that there is a problem, they request an exorbitant fee in return for their help. Here are two of the most common methods technical support scammers use to trick their victims:
- Phone calls, emails and text messages – Technical support scammers may call, email or send a text message and pretend to be a computer technician from Apple, Microsoft, or any well-known technology company. They will assure you that there is a problem with your computer, and request that you give them remote access to your computer to help remediate the issue.
- Pop-up warnings – Technical support scammers may trick you with pop-up windows; it may look like an error or warning message from your device, and it may use similar graphics from trusted websites. The pop-up will often provide a phone number that you can call to get help. The phone number will lead to a fraudulent tech support worker.
Recommendations
- Stay Informed – Always be skeptical of unsolicited calls, emails or text messages that report a problem with your device.
- Prevent Remote Access – When a technical support scammer has you on the line, they will convince you to provide them remote access to your device in order to run diagnostic tests. Do not provide remote access to your device.
- Trust Your Instincts – If you are suspicious about an unexpected message, call, or request for personal information or money, it is safe to assume it may be a scam.
- Stay Educated – Participate in security awareness sessions provided by your Richter Guardian team, your bank or other trusted organizations.
How Richter Guardian can help you
We understand that misleading pop-ups or warnings about your device through a call can cause uncertainty. Richter Guardian’s monitoring system and concierge service can give you peace of mind.
Your onboarded mobile and endpoint devices can be monitored by us. If there is a problem with your device, we will contact you to provide specific details about any potential alerts. Our experts can help you remediate the issue. Request a private consultation.

23andMe User Data Stolen in Credential Stuffing Attack
Introduction
The public biotechnology and genomics firm, 23andMe, confirmed on their website on October 6, 2023, that certain 23andMe customer profile information was circulating on hacker forms. The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. As a result, 23andMe have notified their customers, and have pushed for them to reset their passwords and enable multi-factor authentication (MFA).
How the Attack Happened
The hackers used credential stuffing to gain access to a set of user accounts on 23andMe. Credential stuffing is a type of cyber attack in which a hacker uses stolen usernames and passwords (obtained from another breach or purchased off the dark web) to access other websites in which the users are registered. Users that recycled their breached login credentials on 23andMe may have been the entry point for this attack.
A subset of the compromised users opted into 23andMe’s DNA Relatives feature, which allowed for hackers to scrape the data of their DNA Relative matches.
The number of accounts affected has not been released or disclosed by 23andMe.
If you think you may have been affected by this recent breach, reset your password, and opt for MFA on 23andMe. While the account may or may not be compromised, it is important that cybercriminals do not leverage your breached credentials to access other websites in which you may have an account on.
How to Stay Safe
- Reset All Passwords – If you have the bad habit of reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.
- Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.
How Richter Guardian can help you
Richter Guardian can help you determine if some of your user accounts were involved in a previous breach. Our platform can determine compromised credentials through comprehensive dark web monitoring. Request a private consultation.
Sources
- “Addressing Data Security Concerns”. 23andMe. 2023 October 6. Retrieved 10 October 2023.

Check-In Safely – Phishing Campaigns Target Hotels and Travel Agencies
Introduction
The tourism industry is crawling back to pre-pandemic numbers thanks to travel and lockdown restrictions being lifted globally. Unfortunately, cybercriminals have also come up with a new and sophisticated campaign to breach the systems of booking sites, hotels, and travel agencies. Subsequently, the cybercriminals use the systems of the compromised hotel or travel agency to send phishing emails to existing customers.
Summary of Hotel and Travel Agency Phishing Scam
- The Entry Point – The campaign starts with the threat actor inquiring about a reservation with the hotel or travel agency. Upon booking the stay, the threat actor uses ‘advanced social-engineering techniques’ to inquire about specific or special accommodations.
- Tricking Employees – After establishing a sense of urgency with the hotel employee, the threat actor sends over a URL via email, which supposedly contains crucial documents relevant to their accommodations. The URL provided directs the hotel employee to a genuine hosting site (Google Drive, Dropbox, etc.) and the hotel employee downloads an archive file thinking that it contains important documents.
- Malicious Executables – The archive file that was downloaded by the hotel employee contained malicious executables (malware) that would infiltrate the hotel employee’s computer. From there, the malware operates stealthily to capture login credentials, financial information, and other sensitive data without the hotel employees being aware.
- New Target – Once threat actors have successfully compromised the hotel’s system, the threat actors can move onto using the hotel’s communication channel to target legitimate customers.
- Phishing – The threat actors can now send phishing messages disguised as legitimate requests from the compromised hotel or travel agency. The phishing messages will ask for additional credit card verification from the customer. Since the message comes directly from the booking site through a legitimate communication channel, the customer has no reason to doubt the legitimacy of the email.
How to Stay Safe
- Avoid Clicking on Unsolicited Links – Always be skeptical of unsolicited links, even when they originate from a trusted source. Check URLs for any indicators of deception.
- Take Your Time – Threat actors, phishing emails, and sketchy requests for payments will typically call for immediate action. Take your time to discern any emails that require you to transfer sensitive information.
- Trust Your Instincts – If you are suspicious about a suspicious email, call the hotel or travel agency directly to confirm that the communication is indeed legitimate.
How Richter Guardian can help you
Richter Guardian can help you navigate complex phishing scams. Your onboarded mobile and endpoint devices are protected; the protection service can detect suspicious links and will work to block insecure websites. Request a private consultation.

AnyDesk reports that hackers infiltrated its prodution servers and initiated password resets
INTRODUCTION
On February 2, 2024, AnyDesk confirmed a recent cyberattack that resulted in hackers gaining access to the company’s production systems. The breach involved the theft of source code and private code signing keys.
AnyDesk is a widely used remote access solution that is popular among enterprises for remote support and accessing colocated servers.AnyDesk became aware of the attack after they detected an incident on their production servers. Following a security audit, they identified a compromise on their systems and implemented a response plan in collaboration with CrowdStrike.
Following the disclosure of the breach, cybersecurity company Resecurity promptly announced that an individual is attempting to vend the credentials of over 18,000 AnyDesk customers on a well-known cybercrime forum. The seller is seeking $15,000 in cryptocurrency for the compromised credentials.
IMPLICATIONS AND RECOMMENDATIONS
Although AnyDesk claims that passwords were not stolen in the attack, the threat actors still managed to successfully breach their production systems.
- If you use AnyDesk, modify your password.
- If the same password for AnyDesk is employed on other platforms, modify your password on those platforms aswell.
HOW RICHTER GUARDIAN CAN HELP YOU
f you receive a call from someone purporting to be technical support or receive a pop-up regarding the safety of your device and you are unsure, call us to help you determine the legitimacy of their communication.
Our platform includes dark web monitoring – a service that can determine whether compromised credentials have been found on the dark web. Request a private consultation.

What is Authorized push payment fraud?
INTRODUCTION
Authorized push payments involve an account holder granting permission to their bank or payment service to transfer funds directly from their account to another account. The payer usually triggers this transaction using services like online banking, phone banking, or peer-to-peer payment platforms.
Authorized push payment (APP) fraud, also known as bank transfer scams or authorised bank transfer fraud, occurs when a victim is tricked into authorizing a payment to an account controlled by a scammer.
Unlike unauthorized transactions where a fraudster gains access to someone’s account without permission, in APP fraud, the victim is deceived into willingly making the payment, often believing they are paying a legitimate entity or individual.
HOW DOES APP FRAUD HAPPEN?
Authorized push payment fraud can happen in various ways.
- Advance Fee Scams: The victims are asked to pay a fee to access a service or a prize, which are never delivered. For example, a scammer may impersonate a lottery organization, and will withhold the prize until an administrative fee is paid. When the payment is made, the victim never receives the reward.
- Impersonation: The scammer poses as a trusted entity, such as a bank, government agency, utility company, or even a friend or family member, and requests payment for a fake invoice, overdue bill, or urgent situation.
- Fake Services or Goods: The victim pays for goods or services that are never delivered or are significantly different from what was advertised. The scammer may set up a fake online store, auction, or classified ad to lure victims.
- Social Engineering: The scammer manipulates the victim through psychological tactics, exploiting emotions like fear, urgency, or greed to coerce them into making the payment.
- Business Email Compromise (BEC): Scammers compromise email accounts of businesses or individuals, or create lookalike accounts, and use them to request payments from employees, clients, or partners, often by impersonating company executives or vendors.
- Invoice Fraud: The scammer pretends to be a vendor and sends fake invoices to the business. The invoice may request payment for goods or services that were never delivered.
PREVENTION
We recommend the following measures to mitigate the risks of authorized push payment fraud.
- Verify the authenticity of requests for payments – ensure that the request for payment is legitimate by confirming the identity of the individual, organization or service you are initiating a payment for. If the payment is sent to an organization, check the organization’s website and contact their phone number to confirm the request.
- Establish payment protocols – establish clear protocols within your organization that outline how to properly authorize payments. Ensure relevant employees are aware of these protocols and procedures.
- Monitor transactions – check your accounts to identify any unusual activity that could indicate fraud.
HOW RICHTER GUARDIAN CAN HELP YOU
To combat APP fraud, it’s essential for individuals and businesses to remain vigilant and verify the authenticity of requests for payments. We understand that It can be difficult to approach this alone.
Transunion identity protection is included on our platform. Transunion identity protection will alert you of any unusual activity on your credit monitoring report that could indicate fraud.

Demystifying TikTok's collection of your data
INTRODUCTION
TikTok’s extensive data collection, including personal information and device usage patterns, raises privacy and security concerns, particularly due to its China-based parent company, ByteDance. While some experts argue that TikTok’s data collection is not inherently malicious, others express skepticism about the transparency of its practices.
WHAT TIKTOK GATHERS FROM YOU
TikTok collects various types of information from users:
- Personal Data: Tiktok has access to personal data like contacts, calendars, information about which device you’re using, which operating system and your location.
- TikTok monitors the content you engage with and for how long – similar to Facebook.
- Device Usage: TikTok monitors how you use your device and how it functions, including “keystroke patterns or rhythms, battery state, audio settings and connected audio devices,”.
- Location Data: TikTok can collect precise GPS information about its users.
IMPLICATIONS OF DATA COLLECTION
Data collection by social media platforms like TikTok can pose several risky implications for everyday users:
- Privacy Concerns: Social media platforms often collect extensive personal data, including contacts, location, and browsing habits. This raises concerns about user privacy, especially if this data is shared or sold to third parties without consent.
- Targeted Advertising: User data is often used to create targeted advertising campaigns. While some users may find this convenient, others may feel uncomfortable with the level of personalization and the potential manipulation of their preferences and behaviors.
- Data Breaches: Storing large amounts of personal data increases the risk of data breaches. If a platform’s security measures are breached, users‘ sensitive information could be exposed, leading to identity theft, financial fraud, or other forms of cybercrime.
- Surveillance and Tracking: Social media platforms track users‘ online activities across different websites and devices to create comprehensive profiles. This surveillance can infringe on user privacy and autonomy, as individuals may feel constantly monitored and manipulated by algorithms.
- Political Manipulation: Social media platforms have been implicated in spreading misinformation, propaganda, and divisive content. By collecting user data and targeting specific demographics, malicious actors can exploit social media for political manipulation and influence campaigns.

MOVEit Data Breach
INTRODUCTION
In May 2023, the Cl0p ransomware group started exploiting a newly discovered vulnerability in Progress Software’s MOVEit Transfer, a tool for enterprise file transfer. Although Progress swiftly released a fix, the impact was already significant. This extensive cyberattack by Cl0p targeted a wide range of sectors globally, affecting entities such as the public school system in New York City, a UK-based company providing HR and payroll services to clients like British Airways and the BBC, among others.
Over 2,000 organizations have reported being attacked, with data thefts affecting more than 62 million people
FALL OUT OF THE INCIDENT
With such a large exposure, many people have begun to receive notices that their personal information was compromised as part of this breach. Many of the organizations that people entrust their data to, like accounting firms and wealth management companies, were affected by this breach. Companies affected by this breach have a legal obligation in Canada to report to their customers if they believe their customers have had their personal information breached.
Companies that notify their customers of the breach often offer one to two years of credit monitoring and identity protection services at no cost.
Richter recommends that victims receiving these notices enroll in the free credit monitoring and identity protection services provided.
IMPLICATIONS
The diagram on the right illustrates how hackers use personal information to carry out attacks using your personal information. Credit monitoring and identity protection services can assist with identity theft and financial fraud implications; however, this protection is insufficient.
Hackers can still use your personal information to conduct blackmail and ransom operations. They can impersonate you online and wreak havoc on your social reputation. They can use it to mount very sophisticated phishing attacks.
SOLUTION
Richter Guardian is a state-of-the-art service that leverages AI to protect your digital life. Our service gives exclusive access to commercial-grade protection unavailable in the consumer market.
By protecting your online presence, Richter Guardian will defend you from impersonations, inadvertent leakage of critical data and worse, any compromise to your digital safety. By protecting your devices, Richter Guardian will thwart sophisticated phishing and other technical attacks. You can rest assured that our seasoned cybersecurity professionals are there for you to address any of your cybersecurity concerns.

SMS Phishing Scams Targeting Road Toll Payments
INTRODUCTION
A wave of SMS phishing attacks targeting Canadians with lures regarding unpaid road toll fees have been rolling out since the beginning of the year. 407 ETR has been warning customers to beware of fraudulent texts impersonating the company. The message is designed to deceive people into clicking on a malicious link, which would leave people vulnerable to personal data theft.
HOW TO SPOT A REAL MESSAGE
407 ETR will use specific communication methods to interact with customers that use the express toll route. If you are a customer that uses the 407, take note of these legitimate communication channels:
- 407 ETR sends payment reminder text messages from a six-digit short code. Messages don’t contain any personal or account information and include a link to their secure payment web page. Their texts will never include a direct link to pay.
- 407 ETR makes outbound automated payment reminder calls. These calls will not ask you for your personal information.
- 407 ETR will only send emails from info@407etr.com or communications@407etr.com. Ensure that the emails you receive do not have spelling errors.
HOW RICHTER GUARDIAN CAN HELP YOU
Transunion identity protection is included on our platform. Transunion identity protection will alert you of any unusual activity on your credit monitoring report that could indicate fraud. Request a private consultation.
%20(1).png)
Have questions after reading?
If something you’ve read raises a concern, our team can help you understand how it applies to you. Richter Guardian provides ongoing monitoring and expert support for individuals, families, and leadership teams.
- Clear visibility into personal digital risk
- Guidance from experienced cybersecurity professionals
- Support designed for both private clients and enterprise leadership
%20(1).avif)
.png)
