Insights on digital risk and
personal security

Digital risk is evolving quickly. For individuals and families with greater public presence, professional responsibility, or complex personal lives, digital exposure is often higher. The impact of a security incident can extend beyond inconvenience to affect privacy, reputation, and financial well-being.

Disclaimer icon
The articles below share insights from the Richter Guardian team, including security advisories, real-world case examples, and practical guidance intended for people whose roles, visibility, or circumstances place them at elevated risk.
Insights on digital risk and personal security

Browse by topic

Explore articles based on areas of risk and responsibility.

A secure app showing assets, alerts, and overall risk level

Digital protection tips

Guidance and tips for high-net-worth individuals, executives and their families to stay safe online.

A secure app showing assets, alerts, and overall risk level

Security advisories

Covers personal devices, accounts, and online presence.

A secure app showing assets, alerts, and overall risk level

Case studies

Real-world examples that illustrate how digital incidents occur and how they are managed.

Latest articles

New articles and updates from the Richter Guardian team.

Article illustration: Toyota Confirms Ransomware Attack, Data Breach

Toyota Confirms Ransomware Attack, Data Breach

Toyota Financial Services confirmed a ransomware attack by the Medusa gang affecting systems in Africa and Europe. We outline the incident, how to protect your credentials, and how Richter Guardian’s dark web monitoring can help.

Introduction

Toyota Finance Services (TFS), a subsidiary of the well-known automaker, has confirmed that they were hit with a ransomware attack. TFS detected unauthorized access to some of its systems in Africa and Europe after cybercriminals claimed an attack on the company. The cybercriminals, also known as the Medusa ransomware gang, claims responsibility for the attack.  

Summary Of the Incident

The Medusa ransomware gang had listed ‘Toyota Financial Services’ to its data leak site on the dark web and demanded a ransom payment of $8,000,000 to delete allegedly stolen data. The cybercriminals published sample data that included financial documents, hashed account passwords, passport scans, etc. to prove the intrusion. As of right now, the incident is limited to Toyota Financial Services Africa & Europe. A spokesperson announced that the process of bringing their systems back online is already underway.  

How to Stay Safe

  1. Reset All Passwords – If you are reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.  
  2. Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.  

How Richter Guardian can help you

Richter Guardian can help you determine if some of your user accounts were involved in a previous breach

Our platform can determine compromised credentials through comprehensive dark web monitoring.

Request a private consultation

Article illustration: BMO Scam Highlighting Vulnerabilities in Two-Factor Authentication

BMO Scam Highlighting Vulnerabilities in Two-Factor Authentication

A BMO scam exploited two-factor authentication flaws to target customers. We break down the incident, implications for 2FA trust, and recommendations—including stronger options like hardware keys.

Introduction

A recent article published by CBC news highlighted a concerning scam that involved the Bank of Montreal (BMO). The scam managed to exploit vulnerabilities associated with the two-factor authentication (2FA) system of the bank. This advisory aims to provide an overview of the issue, its implications, and recommendations.

Summary of the Incident

The scam primarily targeted customers with lines of credit. Perpetrators pose as bank employees and use a combination of phishing techniques and flaws in the 2FA process to gain unauthorized access to customers’ accounts, subsequently making unauthorized transactions.

Implications

  1. The trustworthiness of 2FA is at stake. Customers generally perceive 2FA as a robust security measure, but this incident underscores potential vulnerabilities.
  2. The scam demonstrates that even with the second layer of authentication, user accounts can be compromised if the process isn’t foolproof.
  3. Potential loss of customer trust in banking institutions due to such vulnerabilities.

Recommendations

  1. Stay Informed: Regularly update oneself about the latest scams and phishing techniques. Always be skeptical of unsolicited calls or emails asking for personal or banking information.
  2. Use Advanced Security Features: Wherever possible, use advanced security features like biometric authentication or hardware-based security keys.
  3. Monitor Accounts: Regularly check bank accounts for unauthorized transactions and report any discrepancies immediately.
  4. Stay Educated: Participate in security awareness sessions provided by your Richter Guardian team, the bank or other trusted organizations.

How Richter Guardian can help you

While 2FA is an essential security feature, it is not infallible. Richter Guardian clients should be proactive in understanding its limitations and continuously seek ways to enhance their security posture.

Contact us at anytime you are unsure. If you receive a call from someone purporting to be your bank and you are unsure, call us to help you determine the legitimacy of their communication.

Not yet on Richter Guardian? Request a private consultation

Table 1 – Levels of two-factor authentication that may be available to protect your bank account.  

Type of 2FA Method Description Level of Strength of Security
SMS-Based 2FA Sends a one-time code to the user’s registered mobile number, which they then input to authenticate. Moderate – Vulnerable to SIM swapping attacks and interception.
Push Notification
(e.g., through an app)
Sends a notification to the user’s registered device, prompting them to approve or deny the login request. High – More secure than SMS-based, but can still be vulnerable if the device is compromised.
Token-based Authenticator
(e.g., Google Authenticator, Authy)
Uses a time-based one-time password (TOTP) generated by an app. The user enters the code displayed on the app. High – Not vulnerable to SIM swapping; however, a device compromise could pose risks.
Hardware Tokens
(e.g., YubiKey, RSA SecurID)
Physical device that generates or holds digital authentication data. Some require a button press to display a code, while others transmit the code when plugged into a device. Very High – Not susceptible to most common cyber-attacks. Loss or theft of the device is the primary concern.
Biometric 2FA Uses the user’s unique physical or behavioral characteristics, such as fingerprint, face recognition, or voice pattern. High – Difficult to replicate but isn’t immune to all attacks (e.g., high-quality replicas or recordings). Also, concerns about data privacy persist.
Email-Based 2FA Sends a one-time code or link to the user’s registered email address, which they then use to authenticate. Moderate – Security depends on the strength and security of the user’s email account. Vulnerable to email hacking.
Article illustration: Protecting Against Technical Support Fraud

Protecting Against Technical Support Fraud

Tech support fraud remains widespread, with over 30,000 FBI-reported victims in 2022. Learn common tactics—fake calls, pop-ups, remote access—and how to avoid them with Richter Guardian’s help.

Introduction

Cyber criminals have been carrying out technical support scams for over a decade. As technology evolves, so do the techniques of fraudulent tech support scammers, making it difficult for people to discern whether the technical support team they’re speaking to is legitimate. Technical support scams are so common that the FBI’s Internet Crime Report of 2022 reported that ‘Tech Support Crime’ had over 30,000 recorded victims in 2022.  

Summary of A Technical Support Fraud

Technical support scammers use many different techniques to trap people and gain access to their computers and other devices. After they convince you that there is a problem, they request an exorbitant fee in return for their help. Here are two of the most common methods technical support scammers use to trick their victims:

  1. Phone calls, emails and text messages – Technical support scammers may call, email or send a text message and pretend to be a computer technician from Apple, Microsoft, or any well-known technology company. They will assure you that there is a problem with your computer, and request that you give them remote access to your computer to help remediate the issue.
  2. Pop-up warnings – Technical support scammers may trick you with pop-up windows; it may look like an error or warning message from your device, and it may use similar graphics from trusted websites. The pop-up will often provide a phone number that you can call to get help. The phone number will lead to a fraudulent tech support worker.

Recommendations

  1. Stay Informed – Always be skeptical of unsolicited calls, emails or text messages that report a problem with your device.  
  2. Prevent Remote Access – When a technical support scammer has you on the line, they will convince you to provide them remote access to your device in order to run diagnostic tests. Do not provide remote access to your device.  
  3. Trust Your Instincts – If you are suspicious about an unexpected message, call, or request for personal information or money, it is safe to assume it may be a scam.  
  4. Stay Educated – Participate in security awareness sessions provided by your Richter Guardian team, your bank or other trusted organizations.  

How Richter Guardian can help you

We understand that misleading pop-ups or warnings about your device through a call can cause uncertainty. Richter Guardian’s monitoring system and concierge service can give you peace of mind.

Your onboarded mobile and endpoint devices can be monitored by us. If there is a problem with your device, we will contact you to provide specific details about any potential alerts. Our experts can help you remediate the issue. Request a private consultation.

Article illustration: 23andMe User Data Stolen in Credential Stuffing Attack

23andMe User Data Stolen in Credential Stuffing Attack

23andMe confirmed customer data was exposed via credential stuffing and the DNA Relatives feature. We explain how it happened and how to secure your account and check for breached credentials.

Introduction

The public biotechnology and genomics firm, 23andMe, confirmed on their website on October 6, 2023, that certain 23andMe customer profile information was circulating on hacker forms. The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. As a result, 23andMe have notified their customers, and have pushed for them to reset their passwords and enable multi-factor authentication (MFA).

How the Attack Happened

The hackers used credential stuffing to gain access to a set of user accounts on 23andMe. Credential stuffing is a type of cyber attack in which a hacker uses stolen usernames and passwords (obtained from another breach or purchased off the dark web) to access other websites in which the users are registered. Users that recycled their breached login credentials on 23andMe may have been the entry point for this attack.  

A subset of the compromised users opted into 23andMe’s DNA Relatives feature, which allowed for hackers to scrape the data of their DNA Relative matches.  

The number of accounts affected has not been released or disclosed by 23andMe.

If you think you may have been affected by this recent breach, reset your password, and opt for MFA on 23andMe. While the account may or may not be compromised, it is important that cybercriminals do not leverage your breached credentials to access other websites in which you may have an account on.  

How to Stay Safe

  1. Reset All Passwords – If you have the bad habit of reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.  
  2. Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.  

How Richter Guardian can help you

Richter Guardian can help you determine if some of your user accounts were involved in a previous breach. Our platform can determine compromised credentials through comprehensive dark web monitoring. Request a private consultation.

Sources

  1. Addressing Data Security Concerns”. 23andMe. 2023 October 6. Retrieved 10 October 2023.
Article illustration: Check-In Safely – Phishing Campaigns Target Hotels and Travel Agencies

Check-In Safely – Phishing Campaigns Target Hotels and Travel Agencies

Cybercriminals are targeting hotels and travel agencies with social engineering, then using compromised systems to phish customers. Learn the attack chain and how to stay safe when you travel.

Introduction

The tourism industry is crawling back to pre-pandemic numbers thanks to travel and lockdown restrictions being lifted globally. Unfortunately, cybercriminals have also come up with a new and sophisticated campaign to breach the systems of booking sites, hotels, and travel agencies. Subsequently, the cybercriminals use the systems of the compromised hotel or travel agency to send phishing emails to existing customers.  

Summary of Hotel and Travel Agency Phishing Scam

  1. The Entry Point – The campaign starts with the threat actor inquiring about a reservation with the hotel or travel agency. Upon booking the stay, the threat actor uses ‘advanced social-engineering techniques’ to inquire about specific or special accommodations.  
  2. Tricking Employees – After establishing a sense of urgency with the hotel employee, the threat actor sends over a URL via email, which supposedly contains crucial documents relevant to their accommodations. The URL provided directs the hotel employee to a genuine hosting site (Google Drive, Dropbox, etc.) and the hotel employee downloads an archive file thinking that it contains important documents.
  3. Malicious Executables – The archive file that was downloaded by the hotel employee contained malicious executables (malware) that would infiltrate the hotel employee’s computer. From there, the malware operates stealthily to capture login credentials, financial information, and other sensitive data without the hotel employees being aware.  
  4. New Target – Once threat actors have successfully compromised the hotel’s system, the threat actors can move onto using the hotel’s communication channel to target legitimate customers.  
  5. Phishing – The threat actors can now send phishing messages disguised as legitimate requests from the compromised hotel or travel agency. The phishing messages will ask for additional credit card verification from the customer. Since the message comes directly from the booking site through a legitimate communication channel, the customer has no reason to doubt the legitimacy of the email.  

How to Stay Safe

  1. Avoid Clicking on Unsolicited Links – Always be skeptical of unsolicited links, even when they originate from a trusted source. Check URLs for any indicators of deception.  
  2. Take Your Time – Threat actors, phishing emails, and sketchy requests for payments will typically call for immediate action. Take your time to discern any emails that require you to transfer sensitive information.  
  3. Trust Your Instincts – If you are suspicious about a suspicious email, call the hotel or travel agency directly to confirm that the communication is indeed legitimate.  

How Richter Guardian can help you

Richter Guardian can help you navigate complex phishing scams. Your onboarded mobile and endpoint devices are protected; the protection service can detect suspicious links and will work to block insecure websites. Request a private consultation.

Article illustration: AnyDesk hackers infiltrated production servers

AnyDesk reports that hackers infiltrated its prodution servers and initiated password resets

AnyDesk confirmed a breach of production systems and code-signing keys; credentials of thousands of customers were later offered for sale. We outline implications and how to protect your accounts.

INTRODUCTION​

On February 2, 2024, AnyDesk confirmed a recent cyberattack that resulted in hackers gaining access to the company’s production systems. The breach involved the theft of source code and private code signing keys. ​

AnyDesk is a widely used remote access solution that is popular among enterprises for remote support and accessing colocated servers.AnyDesk became aware of the attack after they detected an incident on their production servers. Following a security audit, they identified a compromise on their systems and implemented a response plan in collaboration with CrowdStrike.​

Following the disclosure of the breach, cybersecurity company Resecurity promptly announced that an individual is attempting to vend the credentials of over 18,000 AnyDesk customers on a well-known cybercrime forum. The seller is seeking $15,000 in cryptocurrency for the compromised credentials.​

IMPLICATIONS AND RECOMMENDATIONS​

Although AnyDesk claims that passwords were not stolen in the attack, the threat actors still managed to successfully breach their production systems. ​

  1. If you use AnyDesk, modify your password. ​
  2. If the same password for AnyDesk is employed on other platforms, modify your password on those platforms aswell. ​

HOW RICHTER GUARDIAN CAN HELP YOU​

f you receive a call from someone purporting to be technical support or receive a pop-up regarding the safety of your device and you are unsure, call us to help you determine the legitimacy of their communication.

Our platform includes dark web monitoring – a service that can determine whether compromised credentials have been found on the dark web. ​Request a private consultation.

Article illustration: What is Authorized push payment fraud?

What is Authorized push payment fraud?

Authorized push payment (APP) fraud happens when victims are tricked into sending money to scammers. We explain how it works—impersonation, BEC, invoice fraud—and how to verify payments and reduce risk.

INTRODUCTION​

Authorized push payments involve an account holder granting permission to their bank or payment service to transfer funds directly from their account to another account. The payer usually triggers this transaction using services like online banking, phone banking, or peer-to-peer payment platforms.​

Authorized push payment (APP) fraud, also known as bank transfer scams or authorised bank transfer fraud, occurs when a victim is tricked into authorizing a payment to an account controlled by a scammer. ​

Unlike unauthorized transactions where a fraudster gains access to someone’s account without permission, in APP fraud, the victim is deceived into willingly making the payment, often believing they are paying a legitimate entity or individual.​​

HOW DOES APP FRAUD HAPPEN?​

Authorized push payment fraud can happen in various ways. ​

  1. Advance Fee Scams: The victims are asked to pay a fee to access a service or a prize, which are never delivered. For example, a scammer may impersonate a lottery organization, and will withhold the prize until an administrative fee is paid. When the payment is made, the victim never receives the reward. ​
  2. Impersonation: The scammer poses as a trusted entity, such as a bank, government agency, utility company, or even a friend or family member, and requests payment for a fake invoice, overdue bill, or urgent situation.​
  3. Fake Services or Goods: The victim pays for goods or services that are never delivered or are significantly different from what was advertised. The scammer may set up a fake online store, auction, or classified ad to lure victims.​
  4. Social Engineering: The scammer manipulates the victim through psychological tactics, exploiting emotions like fear, urgency, or greed to coerce them into making the payment.​
  5. Business Email Compromise (BEC): Scammers compromise email accounts of businesses or individuals, or create lookalike accounts, and use them to request payments from employees, clients, or partners, often by impersonating company executives or vendors.​
  6. Invoice Fraud: The scammer pretends to be a vendor and sends fake invoices to the business. The invoice may request payment for goods or services that were never delivered. ​

PREVENTION​

We recommend the following measures to mitigate the risks of authorized push payment fraud.​

  1. Verify the authenticity of requests for payments – ensure that the request for payment is legitimate by confirming the identity of the individual, organization or service you are initiating a payment for. If the payment is sent to an organization, check the organization’s website and contact their phone number to confirm the request. ​
  2. Establish payment protocols – establish clear protocols within your organization that outline how to properly authorize payments. Ensure relevant employees are aware of these protocols and procedures.​
  3. Monitor transactions – check your accounts to identify any unusual activity that could indicate fraud.

HOW RICHTER GUARDIAN CAN HELP YOU​

To combat APP fraud, it’s essential for individuals and businesses to remain vigilant and verify the authenticity of requests for payments. We understand that It can be difficult to approach this alone. ​

Transunion identity protection is included on our platform. Transunion identity protection will alert you of any unusual activity on your credit monitoring report that could indicate fraud.

Request a private consultation

Article illustration: Demystifying TikTok's collection of your data

Demystifying TikTok's collection of your data

TikTok collects extensive data—contacts, location, device usage, engagement. We outline what’s gathered, privacy and security implications, and when to reach out to Richter Guardian for guidance.

INTRODUCTION​

TikTok’s extensive data collection, including personal information and device usage patterns, raises privacy and security concerns, particularly due to its China-based parent company, ByteDance. While some experts argue that TikTok’s data collection is not inherently malicious, others express skepticism about the transparency of its practices.

WHAT TIKTOK GATHERS FROM YOU​

TikTok collects various types of information from users:

  1. Personal Data: Tiktok has access to personal data like contacts, calendars, information about which device you’re using, which operating system and your location.​
  2. ​TikTok monitors the content you engage with and for how long – similar to Facebook. ​
  3. Device Usage: TikTok monitors how you use your device and how it functions, including “keystroke patterns or rhythms, battery state, audio settings and connected audio devices,”.​
  4. Location Data: TikTok can collect precise GPS information about its users. ​​

IMPLICATIONS OF DATA COLLECTION​

Data collection by social media platforms like TikTok can pose several risky implications for everyday users:​

  1. Privacy Concerns: Social media platforms often collect extensive personal data, including contacts, location, and browsing habits. This raises concerns about user privacy, especially if this data is shared or sold to third parties without consent.​
  2. Targeted Advertising: User data is often used to create targeted advertising campaigns. While some users may find this convenient, others may feel uncomfortable with the level of personalization and the potential manipulation of their preferences and behaviors.​
  3. Data Breaches: Storing large amounts of personal data increases the risk of data breaches. If a platform’s security measures are breached, users‘ sensitive information could be exposed, leading to identity theft, financial fraud, or other forms of cybercrime.​
  4. Surveillance and Tracking: Social media platforms track users‘ online activities across different websites and devices to create comprehensive profiles. This surveillance can infringe on user privacy and autonomy, as individuals may feel constantly monitored and manipulated by algorithms.​
  5. Political Manipulation: Social media platforms have been implicated in spreading misinformation, propaganda, and divisive content. By collecting user data and targeting specific demographics, malicious actors can exploit social media for political manipulation and influence campaigns.
Article illustration: MOVEit Data Breach

MOVEit Data Breach

The Cl0p ransomware group exploited MOVEit Transfer, affecting 2,000+ organizations and 62 million people. We cover the fallout, why credit monitoring isn’t enough, and how Richter Guardian fills the gap.

INTRODUCTION​

In May 2023, the Cl0p ransomware group started exploiting a newly discovered vulnerability in Progress Software’s MOVEit Transfer, a tool for enterprise file transfer. Although Progress swiftly released a fix, the impact was already significant. This extensive cyberattack by Cl0p targeted a wide range of sectors globally, affecting entities such as the public school system in New York City, a UK-based company providing HR and payroll services to clients like British Airways and the BBC, among others.

Over 2,000 organizations have reported being attacked, with data thefts affecting more than 62 million people

FALL OUT OF THE INCIDENT​

With such a large exposure, many people have begun to receive notices that their personal information was compromised as part of this breach. Many of the organizations that people entrust their data to, like accounting firms and wealth management companies, were affected by this breach. Companies affected by this breach have a legal obligation in Canada to report to their customers if they believe their customers have had their personal information breached.​

Companies that notify their customers of the breach often offer one to two years of credit monitoring and identity protection services at no cost. ​

Richter recommends that victims receiving these notices enroll in the free credit monitoring and identity protection services provided. ​

IMPLICATIONS

The diagram on the right illustrates how hackers use personal information to carry out attacks using your personal information. Credit monitoring and identity protection services can assist with identity theft and financial fraud implications; however, this protection is insufficient. ​

Hackers can still use your personal information to conduct blackmail and ransom operations. They can impersonate you online and wreak havoc on your social reputation. They can use it to mount very sophisticated phishing attacks.

SOLUTION​

Richter Guardian is a state-of-the-art service that leverages AI to protect your digital life. Our service gives exclusive access to commercial-grade protection unavailable in the consumer market. ​

By protecting your online presence, Richter Guardian will defend you from impersonations, inadvertent leakage of critical data and worse, any compromise to your digital safety. By protecting your devices, Richter Guardian will thwart sophisticated phishing and other technical attacks. You can rest assured that our seasoned cybersecurity professionals are there for you to address any of your cybersecurity concerns.

Article illustration: SMS Phishing Scams Targeting Road Toll Payments

SMS Phishing Scams Targeting Road Toll Payments

SMS phishing scams impersonating 407 ETR are targeting Canadians with fake toll payment links. Learn how 407 ETR really contacts customers and how to verify messages with Richter Guardian.

INTRODUCTION​

​A wave of SMS phishing attacks targeting Canadians with lures regarding unpaid road toll fees have been rolling out since the beginning of the year. 407 ETR has been warning customers to beware of fraudulent texts impersonating the company. The message is designed to deceive people into clicking on a malicious link, which would leave people vulnerable to personal data theft. ​

HOW TO SPOT A REAL MESSAGE​

407 ETR will use specific communication methods to interact with customers that use the express toll route. If you are a customer that uses the 407, take note of these legitimate communication channels:​

  • 407 ETR sends payment reminder text messages from a six-digit short code. Messages don’t contain any personal or account information and include a link to their secure payment web page. Their texts will never include a direct link to pay.​
  • 407 ETR makes outbound automated payment reminder calls. These calls will not ask you for your personal information. ​
  • 407 ETR will only send emails from info@407etr.com or communications@407etr.com. Ensure that the emails you receive do not have spelling errors. ​

HOW RICHTER GUARDIAN CAN HELP YOU​

Transunion identity protection is included on our platform. Transunion identity protection will alert you of any unusual activity on your credit monitoring report that could indicate fraud. Request a private consultation.

Have questions after reading?

If something you’ve read raises a concern, our team can help you understand how it applies to you. Richter Guardian provides ongoing monitoring and expert support for individuals, families, and leadership teams.

  • Clear visibility into personal digital risk
  • Guidance from experienced cybersecurity professionals
  • Support designed for both private clients and enterprise leadership
Have questions after reading?