INTRODUCTION​

In May 2023, the Cl0p ransomware group started exploiting a newly discovered vulnerability in Progress Software’s MOVEit Transfer, a tool for enterprise file transfer. Although Progress swiftly released a fix, the impact was already significant. This extensive cyberattack by Cl0p targeted a wide range of sectors globally, affecting entities such as the public school system in New York City, a UK-based company providing HR and payroll services to clients like British Airways and the BBC, among others.

Over 2,000 organizations have reported being attacked, with data thefts affecting more than 62 million people

FALL OUT OF THE INCIDENT​

With such a large exposure, many people have begun to receive notices that their personal information was compromised as part of this breach. Many of the organizations that people entrust their data to, like accounting firms and wealth management companies, were affected by this breach. Companies affected by this breach have a legal obligation in Canada to report to their customers if they believe their customers have had their personal information breached.​

Companies that notify their customers of the breach often offer one to two years of credit monitoring and identity protection services at no cost. ​

Richter recommends that victims receiving these notices enroll in the free credit monitoring and identity protection services provided. ​

IMPLICATIONS

The diagram on the right illustrates how hackers use personal information to carry out attacks using your personal information. Credit monitoring and identity protection services can assist with identity theft and financial fraud implications; however, this protection is insufficient. ​

Hackers can still use your personal information to conduct blackmail and ransom operations. They can impersonate you online and wreak havoc on your social reputation. They can use it to mount very sophisticated phishing attacks.

SOLUTION​

Richter Guardian is a state-of-the-art service that leverages AI to protect your digital life. Our service gives exclusive access to commercial-grade protection unavailable in the consumer market. ​

By protecting your online presence, Richter Guardian will defend you from impersonations, inadvertent leakage of critical data and worse, any compromise to your digital safety. By protecting your devices, Richter Guardian will thwart sophisticated phishing and other technical attacks. You can rest assured that our seasoned cybersecurity professionals are there for you to address any of your cybersecurity concerns.

Read the full advisory

INTRODUCTION​

In an increasingly interconnected digital world, safeguarding personal and financial information has never been more crucial. Cybercriminals can exploit stolen identity information to commit financial fraud, gain unauthorized access to accounts, and engage in other criminal activities. In the context of identity theft – there is both synthetic identity theft and traditional identity theft. ​

Synthetic identity theft combines personally identifiable information (PII) to manufacture a person or entity for the use of illegal, nefarious activity. ​

Traditional identity theft involves stealing an individual’s existing personal data to impersonate them. ​

Alternatively, synthetic identity theft involves criminals obtaining small fragments of a real person’s identity to fabricate a completely new identity. The real elements of the fabricated individual adds a sense of legitimacy to the identity. ​

PREVENTING IDENTITY THEFT OF ALL KINDS​

​Protecting yourself from identity theft, fraud, and unauthorized access to your sensitive data is our responsibility. Below, we have compiled a comprehensive list of security measures and best practices to help you fortify your defenses against potential threats. ​

By following these guidelines, you can take proactive steps to enhance your security and financial well-being. From monitoring your credit report to secure document disposal, each suggestion in this list is designed to empower you with the knowledge and tools to protect your valuable information and minimize the risks associated with identity theft and fraud.​

1. Monitor Your Credit Report: Regularly monitor your credit report to detect any unauthorized activity. If you come across information unrelated to you, contact the creditor and inquire about the account or inquiry.
   
2. Limit What You Carry: Avoid carrying additional credit cards, birth certificates, SIN cards, or passports in your wallet or purse unless absolutely necessary. This precaution reduces the amount of information a potential thief could access if your wallet or purse gets lost.
3. Secure Your Mailbox: Consider installing a mailbox with a lock at your residence to minimize the risk of mail theft.
4. Securely Dispose: Never dispose of credit card receipts or personal information documents in a public trash container; use a shredder instead.
   
5. Secure Your Purse or Wallet: Never leave your purse or wallet unattended, whether at work or in places like churches, restaurants, fitness clubs, parties, or shopping carts. Also, avoid leaving your purse or wallet visible in your car, even if the vehicle is locked.
   
6. Limit Your Credit: Limit the number of credit cards you possess and cancel inactive accounts to simplify your financial security.
7. Be Careful of What you Disclose: Do not disclose your credit card, bank, or Social Insurance information over the phone, even if you initiated the call, unless you can confidently verify the call’s legitimacy
8. Secure Receipts: Securely store and shred credit, debit, and ATM card receipts before disposing of them.
9. Scrutinize Your Bills: Scrutinize your utility and subscription bills regularly to confirm the accuracy of the charges.
10. Do Not Write Down Your Passwords (except in a Password Vault): Memorize your passwords and personal identification numbers (PINs) to eliminate the need to write them down or use a password vault. Remain vigilant when entering your PIN to ensure no one is observing you.
11. Secure Your Information: Maintain a comprehensive list of all your credit and bank accounts in a secure location, such as a password vault. This will facilitate quick communication with issuers if your cards go missing, including providing account numbers, expiration dates, and customer service and fraud department contact numbers.
12. Shred Pre-approved Credit Offers: Before discarding pre-approved credit offers, credit card receipts, or phone bills, tear them into small pieces or cross-cut shred them to prevent potential identity theft. Thieves can use such offers to apply for credit cards in your name and redirect them to their address.
13. Keep Your Credit Information Accurate: According to consumer reporting legislation, if you believe any entry on your credit report is incorrect or incomplete, you can notify a major credit reporting bureau, which will verify the information at no charge. Remember that they typically do not accept disputes from third parties unless accompanied by a notarized power of attorney authorizing a licensed attorney or a family member to represent you or if the power of attorney is unlimited and irrevocable.

INTRODUCTION

Of the many digital traces we leave in daily life, location metadata may be the most revealing. Location tracking is common in many applications because it’s so useful – it can allow you to get directions from here to there, discover the closest restaurants near you, or tell you your local weather conditions. These perks, however, can come with large privacy risks.

Companies that you would never suspect needing so much of your data, are quietly collecting enormous amounts of data. For example, in 2020, an investigation was done on Tim Hortons, as the Tim Hortons app reportedly tracked an individual’s location more than 2,700 times in five months. Commissioners say Tim Hortons collected “vast amounts” of granular location data with the aim of delivering targeted advertising, to better promote its coffee and associated products, but that it never actually used the data for this purpose.  

Some of the apps on our phone sell or share location data about their users with companies that analyze the data and sell their insights. There are many ways location data can be used, and the market for this data is huge – the location data industry is an estimated $12 billion market. Collectors, aggregators, marketplaces, and location intelligence firms are potential buyers interested in your location data.  

WHAT IS BEING COLLECTED?

Some apps genuinely need your location to work properly, but others have different motives. Many collect location data for reasons unrelated to their main function, like targeted ads or selling it to data brokers.

Once an app collects your location data, you lose control over where it goes. It can be sold repeatedly—from data providers to aggregators that combine information from multiple sources. It could end up in the hands of a “location intelligence” firm that uses the raw data to analyze foot traffic for retail shopping areas and the demographics associated with its visitors.  

You might think, “I have nothing to hide.” But location data can reveal much more than you realize, such as:

• Where you get medical treatment and what kind
• If you visit a domestic abuse shelter
• Where you worship
• Where your kids play (if they have phones)
• When you’re on vacation and where you go
• Where you shop, eat, and bank
• Who you spend time with

Even though this data isn’t directly linked to your name, experts have shown that it’s easy to match location history with other data to identify people and their habits. In 2020, a religious publication used smartphone app data to infer the sexual orientation of a high-ranking Roman Catholic official. The publication claimed it obtained “commercially available” location data from an unnamed vendor and linked it to the priest’s phone, revealing visits to gay bars and private residences while using Grindr, a dating app popular with the LGBTQ+ community.  

Privacy advocates have long cautioned that advertisers gather location and personal data, which is then compiled and sold by data brokers. This information can be used to identify individuals and is not subject to regulations requiring clear consent from those being tracked.

WHAT CAN I DO TO LIMIT LOCATION TRACKING?

The quickest and easiest way to reduce tracking is to delete unnecessary apps. Both Android and Apple allow you to check which apps have access to your location and whether they track it only while in use or all the time. If you don’t use an app often, consider removing it.

Your location can be tracked through your phone, logged-in accounts, internet connection, and location services. To limit oversharing, take these steps:

• Only allow location access for apps that truly need it.
• Set location permissions to “While Using the App” instead of “Always.”
• Only share “Find My Phone” with trusted friends and family.
• Review third-party apps in location settings—you might be sharing more than you realize.

Despite these precautions, location tracking can’t be completely eliminated. It’s important to support companies that provide clear and transparent privacy policies.

INTRODUCTION​

​PetSmart, a pet retail giant in the United States, is alerting certain customers about password resets resulting from an ongoing credential stuffing attack attempting to breach existing accounts. The company released a statement on March 6 to let customers know about the credential stuffing attack. ​

As a precaution, PetSmart reset the passwords for any accounts logged in during the credential stuffing attack. Additionally, they reassured customers that there was no evidence of compromise to petsmart.com or any of their systems during the incident.​

WHAT IS CREDENTIAL STUFFING?​

​
A credential stuffing attack is a type of cyber-attack in which threat actors use previously acquired usernames and passwords, typically obtained from data breaches, to gain unauthorized access to user accounts on various online platforms. ​

Threat actors usually automate the process of trying these login credentials across multiple websites and services. Threat actors are cognizant of the fact that people commonly reuse passwords across various accounts, making them even more inclined to exploit this widespread behavior.

HOW TO PROTECT YOURSELF AGAINST CREDENTIAL STUFFING ATTACKS​

Although cyber breaches may be unavoidable, you can still prevent breached details from being used on other websites or services by taking the following precautions:

1. Use Unique Passwords For Each Account – Minimize the impact if one account is compromised.​
   ​
2. Enable Multi-Factor Authentication (MFA) – Implement MFA wherever possible to add an additional layer of security.​
   ​
3. Update Outdated Passwords – Change your passwords periodically, especially for critical accounts like email, banking, and social media.​
   ​
4. Limit Access – Only use trusted devices and networks to access sensitive accounts. Avoid logging in from public computers or unsecured Wi-Fi networks to access sensitive accounts. Ensure that you are not saving your credentials on a public computer.

HOW RICHTER GUARDIAN CAN HELP YOU​

• Our dark web monitoring platform can identify compromised credentials linked to your personal and work email addresses. We’ll also provide guidance on improving your password practices.
• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure. Connect with our cyber concierge to verify the legitimacy of a situation.

INTRODUCTION​

As technology rapidly advances, so do the threats to business security, underscoring the critical importance of regular software updates. Cyber-attacks are becoming increasingly sophisticated and widespread, posing significant risks to organizations of all sizes. To defend against these malicious threats, businesses must prioritize keeping their software up to date.​

Software updates not only introduce new features but also provide essential security patches to address potential vulnerabilities. Failing to update can leave individuals and businesses exposed to cyber breaches, data theft, and financial loss. Given the growing reliance on technology for daily operations, maintaining strong security measures is more important than ever.​

Regular software updates are a crucial line of defense against cyber threats, making it imperative for businesses to stay current to protect their data, customers, and reputation. ​

HOW CAN I CHECK IF MY SOFTWARE IS UP TO DATE?

You can check if your device’s software is up to date by going into the device’s settings and looking for the “software update” option. Here’s how to do it on different types of devices:

• On Apple devices (iPhone, iPad): Go to Settings > General > Software Update to see if any updates are available.
• On Android devices (like Samsung Galaxy): Go to Settings and tap on Software Update or System Update. The exact location may vary depending on the model, but it’s usually found in the main settings menu.
• On Windows devices: Go to Settings and find the Windows Update section. From there, click Check for updates to see if your system needs an update.
• On macOS (iMac, MacBook): From the Apple menu n the corner of your screen, choose System Settings. Click General in the sidebar of the window that opens, then click Software Update on the right.

Whenever possible, activate automatic updates to receive the latest patches immediately upon release.

HOW RICHTER GUARDIAN CAN HELP YOU

• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you need further guidance on updating your devices.

Introduction

In Early November, Apple released ‘NameDrop’ as part of the iOS 17.1 operating system update. NameDrop allows users to share saved contacts between other newer iPhones or Apple Watches within an inch of each other. While the prompt must be accepted to share contact information, several law enforcement agencies recommend parents to change this feature for children.  

Summary Of the Incident

The ‘NameDrop’ feature is similar to Apple’s AirDrop functionality. When NameDrop is enabled, two iPhone users can activate the feature by holding the top ends of their iPhones together. After that, the users can tap ‘Share’ or ‘Receive Only’. The NameDrop feature is automatically enabled once a user updates to iOS 17.1.  

While the feature itself is not a threat, law enforcement agencies are concerned that the feature puts children at a bigger risk with connecting to strangers. Children may not be completely aware when accepting a new ‘Share’ or ‘Receive Only’ prompt. Police recommend turning the feature off for children once they upgrade to iOS 17.1.  

Recommendations

1. Turn the ‘NameDrop’ Feature Off for Children – It is good practice to upgrade your iPhone devices to the latest operating system update. The latest operating system update will include ‘NameDrop’ and automatically enable the feature. To turn off the NameDrop feature, complete the following:
   Navigate to iPhone Settings > General > Airdrop > Bringing Devices Together > Off.

How Richter Guardian can help you

Richter Guardian can help you determine what settings and policies you should set on your children’s device to keep them safe.  

• Richter Guardian’s mobile and endpoint platform can help your children navigate the Internet safely.  

• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure about a situation and need assistance with disabling certain features on your devices.  

INTRODUCTION

A quick-response code (QR) is a type of barcode designed to store information in a way that digital devices can quickly read. Most modern smartphones come equipped with QR scanners, often integrated into the camera application, making scanning QR codes a breeze. The barcode is extremely versatile – it can be used as a shortcut to download applications, connect to wi-fi networks, open website links, and facilitate financial transactions. While QR codes serve many useful purposes, scammers have also found ways to exploit them.​

According to reports from the Better Business Bureau (BBB) and police departments across the country, scammers are using QR codes to trick people into visiting fake websites, fraudulent payment portals, or downloading harmful software. Often, these scams come through unsolicited messages or from QR codes posted in public places.

HOW CAN I GET SCAMMED WTIH QR CODES?

Hackers can manipulate QR codes to conduct malicious activities. Here are a few examples:​

1. Parking Meter Payments: Scammers have been placing fake QR codes on parking meters, making people think they can pay for parking through the code. These fake codes are easy to create and print. After using them, some victims return to find they’ve been fined or towed, increasing their financial losses.​
2. Phishing Scams: Scammers use QR codes to lead people to phishing websites that ask for personal information, which can lead to identity theft. These codes can come via email, text, or on public flyers, often disguised as legitimate requests to verify your identity or account.​
3. Fake Utility and Government Notices: Scammers often pose as utility companies or other government agencies, claiming there’s an unpaid bill that needs immediate attention. They ask for payment through a QR code, which takes victims to a convincing fake website. Business owners have also reported receiving letters with QR codes, asking them to complete fake filing requirements.​
4. False Sense of Security: Scammers sometimes use real QR codes to make their schemes more convincing. For example, they might link to a legitimate website or fake employee profiles, using official logos and details to trick victims into trusting them.

RECOMMENDATIONS

By staying alert and verifying sources, you can protect yourself from falling victim to QR code scams. We recommend the following tips to avoid QR code scams:​

1. Verify Before Scanning: If you receive a QR code from a friend or colleague, confirm with them that they actually meant to send it. Be cautious if the message feels out of character.​
2. Be Cautious of Shortened URLs: When you hover your camera over a QR code, check the link that appears. If it’s a shortened URL, you won’t know where it leads, so proceed only if you’re confident the source is trustworthy.​
3. Look for Tampering: Scammers might alter legitimate QR codes by placing stickers over them. Keep an eye out for signs of tampering, and ask the business to verify the code if you notice anything suspicious.

HOW RICHTER GUARDIAN CAN HELP YOU

• Our mobile protection platform includes a tool that pre-scans URLs and QR codes for potential threats, whether they’re received through SMS, email, or accessed on social media. ​
• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you need further guidance.

INTRODUCTION

In early November, the Federal Bureau of Investigation (FBI) issued a warning regarding the abuse of compromised email accounts from U.S. and foreign government entities. These compromised accounts are being exploited to execute fraudulent Emergency Data Requests (EDRs) aimed at U.S.-based service providers.  

WHAT IS AN EDR?

An EDR is a legal mechanism enabling U.S. law enforcement agencies to urgently request confidential data from service providers without a subpoena. Threat actors would take advantage of the procedure by using compromised government email addresses to submit fraudulent EDRs and obtain customer data.

For example, Verizon disclosed that it received over 127,000 law enforcement requests for customer data during the second half of 2023, with more than 36,000 classified as EDRs. The company reported fulfilling approximately 90% of these requests.

HOW DO THREAT ACTORS EXECUTE THESE SCHEMES?

Investigations into cybercrime forums reveal multiple methods used by threat actors to submit fraudulent EDRs. Some fake EDR vendors sell the capability to generate fake EDRs by targeting specific platforms, complete with counterfeit court documents. Other fake EDR vendors simply sell access to compromised government or law enforcement email accounts.

Key tactics used to compromise government or law enforcement email accounts include:

1. Phishing and malware campaigns targeting email users.

1. Purchase of stolen credentials from dark web marketplaces.

1. Exploitation of poor cyber practices among government employees.

‍

KEY LESSONS

The notice serves as a reminder of the dangers posed by the sophistication of scams threat actors can orchestrate once they have access to compromised credentials.  

To mitigate risks, organizations and individuals must prioritize cybersecurity hygiene:

1. Establish a procedure on handling sensitive emails to avoid getting phished; approach urgent emails or emails with attachments with caution.  

1. Employ unique and strong passwords for every account and use multi-factor authentication when possible. Data breaches happen often, and threat actors like to take the compromised credentials from these breaches to re-use on other websites.  

HOW CAN RICHTER GUARDIAN HELP YOU?

Richter Guardian can aid in improving your cyber hygiene so that you can lessen the risk of being compromised.

1. Consult our cyber concierge if you are in a situation you are unsure of. For example, receiving a suspicious email that requires your immediate attention – we can verify its legitimacy.  

1. We can walk you through best password management practices by walking you through 1Password, a password management tool.