Ontario IPC issues guidance on police use of facial recognition and mug shots

European Parliament passes landmark AI Act on March 13

UK AI regulation bill receives second reading

AI Notetakers – the risks and benefits

UN adopts AI resolution which focuses on safety

Ontario school boards sue makers of Facebook, Instagram, Snapchat and TikTok

Tennessee Elvis Act, replication of voices” by AI

Australian government proposes to implement AI changes

Podcast -Ontario IPC discusses facial recognition

Draft American Privacy Act introduced


A Near Attack

August 15, 2023 - Adzo Baku, Analyst

A few weeks into a new role, Jane received an interesting email supposedly from her “colleague” Stacy.  Stacy welcomed Jane to the team and asked for some time in her day. There was, of course, a smart attempt to cover up any tracks – a clause about Stacy entering a meeting and was only available to communicate via email.

As Jane pondered over the content of the email, other red flags became apparent.  Although she in fact had a co-worker called Stacy, the email was sent from a sketchy address and was missing the signature usual for emails emanating from the office.

With each passing day, scammers develop ingenious ways to attack unsuspecting victims. Publicly accessible information from organizations’ websites and internet activity is unfortunately employed as a springboard for a malicious attack. The Canadian Centre for Cyber Security outlines different ways by which phishing could occur. These include:

  1. Spear phising: A personalized attack which may contain specific details about a victim (as happened with Jane).
  2. Whailing: A personalized attack that targets a big “phish” such as the Chief Executive Officer because of their possible access to sensitive information.
  3. SMiShing: An attack using SMS (texts) where a scammer impersonates someone known by the victim or poses as the provider of a service used.
  4. Quishing: An attack involving Quick Response (QR) codes that re-directs victims to malicious websites when scanned.
  5. Vishing: “Voice phishing” which involves defrauding people through voice calls, enticing them through means which appear legitimate, to divulge sensitive information.

Phishing attacks typically result in identity theft, fraud, and the transmission of computer viruses. There have also been ransomware incidents where files have been encrypted, organizational data stolen and significant ransom payments demanded. In the case of Jane, she deleted the email and never responded to the sender’s request. This protected her account from being compromised and the entire organization from a potential security breach.

The onus is on organizations and individuals to protect personal information and personal health information (where applicable). Employees are generally advised, in the case of suspicious phone calls, not to divulge any personal or sensitive organizational information and to end the call immediately. They are also cautioned not to open any suspected phishing emails, but if do, they should:

  • Not click any links or download any attachments in the attached email.
  • Not respond to the sender.
  • Swiftly report in accordance with their organization’s standard operational practices.
  • Delete immediately!

In the unfortunate event that a person falls victim to an attack, immediate steps to be taken include scanning devices for viruses and other malware, changing affected passwords, enabling multi-factor authentication across their devices and informing co-workers to contain the breach and prevent future attacks. Privacy awareness training and cybersecurity training are a good starting point in the fight against phishing attacks.

Categories: BlogTags: , ,

Back to Blog