.png)
In early November, the Federal Bureau of Investigation (FBI) issued a warning regarding the abuse of compromised email accounts from U.S. and foreign government entities. These compromised accounts are being exploited to execute fraudulent Emergency Data Requests (EDRs) aimed at U.S.-based service providers.
An EDR is a legal mechanism enabling U.S. law enforcement agencies to urgently request confidential data from service providers without a subpoena. Threat actors would take advantage of the procedure by using compromised government email addresses to submit fraudulent EDRs and obtain customer data.
For example, Verizon disclosed that it received over 127,000 law enforcement requests for customer data during the second half of 2023, with more than 36,000 classified as EDRs. The company reported fulfilling approximately 90% of these requests.
Investigations into cybercrime forums reveal multiple methods used by threat actors to submit fraudulent EDRs. Some fake EDR vendors sell the capability to generate fake EDRs by targeting specific platforms, complete with counterfeit court documents. Other fake EDR vendors simply sell access to compromised government or law enforcement email accounts.
Key tactics used to compromise government or law enforcement email accounts include:
The notice serves as a reminder of the dangers posed by the sophistication of scams threat actors can orchestrate once they have access to compromised credentials.
To mitigate risks, organizations and individuals must prioritize cybersecurity hygiene:
Richter Guardian can aid in improving your cyber hygiene so that you can lessen the risk of being compromised.
%20(1).png)
Richter Guardian gives you enterprise-level cybersecurity tailored for individuals, families, and executives.
Anthropic's Claude Mythos is an advanced AI model currently available only to a select group of vetted technology companies, not the general public. While it holds significant promise as a defensive tool, capable of uncovering security flaws before criminals can exploit them, the same capabilities could be misused to lower the effort needed to exploit weaknesses in email, banking, and personal accounts.
For high-net-worth individuals, families, and executives managing significant assets, this increases the risk of targeted fraud, account takeovers, and financial loss, making strong cybersecurity practices more important than ever.
Claude Mythos is an advanced artificial intelligence model developed by Anthropic, the company behind the widely used Claude AI assistant. It can be thought of as a much more powerful version of AI tools that many people already use for daily tasks. Mythos goes far beyond earlier models, especially in areas such as complex reasoning, software analysis, and, most importantly, the ability to identify weaknesses in computer systems.
At this time, Mythos is not available to the general public. It is still going through testing and review and has only been released in a highly controlled way to a small number of trusted organizations. These include major technology and security companies such as Microsoft, Apple, Amazon, Cisco, and CrowdStrike. This limited release is intentional. Anthropic has stated that Mythos is powerful enough to cause serious harm if misused, so they have chosen to share it cautiously and with careful oversight.
There are two main reasons Mythos is receiving so much attention. The first is concern within the cybersecurity community. Mythos represents a major step forward in what AI can do when applied to computer systems. Security professionals worry that existing defense tools and practices have not yet caught up. There is also concern that criminals could use tools like Mythos to make cybercrime faster, cheaper, and easier to carry out.
The second reason is business momentum. Every major AI announcement attracts investors and increases public interest. This often raises the perceived value of companies such as Anthropic, OpenAI, and Google. As a result, Mythos has become not only a security issue, but also a financial and market-driven story.
It is important to understand that Mythos is not an isolated development. Other companies, including OpenAI and Google, have already released AI models with similar cybersecurity-related capabilities, though generally at a lower level. What makes Mythos different is how quickly and efficiently it operates, as well as Anthropic’s openness in discussing both its potential benefits and its risks.
Mythos does not create entirely new types of cyber threats. Instead, it significantly lowers the level of skill, knowledge, and time needed for attackers to exploit existing weaknesses. These weaknesses exist in the everyday technology we all rely on, including phones, laptops, email systems, and banking or investment applications.
Cyberattacks that once required a team of highly skilled hackers may soon be possible for a single individual using AI tools. For individuals and families with significant financial assets, sensitive personal communications, or access to influential networks, this increases risk. The most common and serious threats remain personal email compromise, fraudulent wire transfers, and targeted account takeovers.
Make sure all important accounts, such as banking, email, and investment platforms, use strong, unique passwords, and enable multi-factor authentication wherever it is available. In addition, use credit monitoring services to help detect fraud, unauthorized accounts, or identity misuse as early as possible.
AI can now generate very realistic phishing emails, texts, and phone messages. If something seems unusual or urgent, verify it through a separate and trusted method before taking action.
Organizations that manage your assets should be reviewing and strengthening their cybersecurity controls, including how sensitive data is protected and how fraud risks are managed.
Richter Family Office supports high‑net‑worth families and executives by integrating cybersecurity and risk considerations into wealth management, governance, and operational oversight.
Richter Guardian is actively monitoring developments related to Mythos AI and other emerging cyber risks. We will continue to share updated guidance as the situation evolves.
Please contact us immediately if you notice unusual account activity, suspicious communications, or unexpected requests involving sensitive or financial information.
Email support@richterguardian.com, phone +1 844-908-3950 or book an appointment.
A recent article published by CBC news highlighted a concerning scam that involved the Bank of Montreal (BMO). The scam managed to exploit vulnerabilities associated with the two-factor authentication (2FA) system of the bank. This advisory aims to provide an overview of the issue, its implications, and recommendations.
The scam primarily targeted customers with lines of credit. Perpetrators pose as bank employees and use a combination of phishing techniques and flaws in the 2FA process to gain unauthorized access to customers’ accounts, subsequently making unauthorized transactions.
While 2FA is an essential security feature, it is not infallible. Richter Guardian clients should be proactive in understanding its limitations and continuously seek ways to enhance their security posture.
Table 1 – Levels of two-factor authentication that may be available to protect your bank account.
Authorized push payments involve an account holder granting permission to their bank or payment service to transfer funds directly from their account to another account. The payer usually triggers this transaction using services like online banking, phone banking, or peer-to-peer payment platforms.
Authorized push payment (APP) fraud, also known as bank transfer scams or authorised bank transfer fraud, occurs when a victim is tricked into authorizing a payment to an account controlled by a scammer.
Unlike unauthorized transactions where a fraudster gains access to someone’s account without permission, in APP fraud, the victim is deceived into willingly making the payment, often believing they are paying a legitimate entity or individual.
Authorized push payment fraud can happen in various ways.
We recommend the following measures to mitigate the risks of authorized push payment fraud.
To combat APP fraud, it’s essential for individuals and businesses to remain vigilant and verify the authenticity of requests for payments. We understand that It can be difficult to approach this alone.