September 12, 2024 • 41 mins
How quickly can your digital footprint be upended by a single cybersecurity breach? Christine Schiefer, co-host of the "And That's Why We Drink" podcast sits down with us to talk all about her harrowing (and at times hilarious) hacking story. Christine Ménard from the Communications Security Establishment, joins the conversation to talk about the practical and proactive steps we can take to keep ourselves safe online.
Later on in the episode, we recap data from CIRA members about their cybersecurity experiences and talk to tech journalist Shoshana Wodinsky for a closer look at the impacts of how much of our data is held and traded by companies and online platforms.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Takara Small (00:03):
How often do you think about your cybersecurity?
For the average person,probably not that much.
We have experts to worry aboutthat stuff, right?
Well, it's not that simple.
Christine Ménard (00:17):
And, you know, maybe some people are more
susceptible to be like, hey,this could be me.
You know, maybe they're lessskeptical.
Takara Small (00:22):
There are so many ways you can find yourself
vulnerable online, and thecriminals are only getting more
sophisticated.
Hundreds of millions of dollarswere stolen from us last year,
according to the CanadianAnti-Fraud Centre, and that's
just what we know about.
So while you might think you'reclever enough to spot the
dangers, the evidence shows moreof us than ever are getting
(00:45):
caught out, and we need todevelop better techniques to
stay safe.
Now, how many of you rememberMr Miyagi's iconic advice when
teaching the Karate Kid aboutself-defense?
Wax on, wax off.
Shoshana Wodinsky (00:59):
Don't forget to breathe Very important Wax on
.
Wax off, wax on.
Takara Small (01:08):
It's all in the muscle memory.
Well, this week, on what's UpWith the Internet, we have our
own cyber-sensei to offer someexpert advice.
It's all brought to you by CIRA, the Canadian Internet
Registration Authority, which isbuilding a trusted internet for
Canadians, and I'm your host,takara Small.
But first let's hear fromsomeone who did get hacked.
(01:32):
Our own Daniel-san, christineScheiffer, is the host of two
really popular podcasts shepresents and that's why we Drink
as well as another really funshow called Beach Too Sandy,
water Too Wet.
But a few months ago,christine's TikTok account got
taken over by a hacker who wasdemanding a ransom.
Christine Schiefer (01:54):
So I was, and still am, one of those
people that, when it comes toTikTok, I go through phases.
I'm not like a devoted follower.
Every now and then I'll kind ofbounce in and out and I'll go
through phases where I watch.
And I was going through one ofthese kind of dry spells of not
really opening the app.
And during that time I foundout that somebody had been
(02:17):
spending weeks trying to getinto my account, which I, you
know, should have probablynoticed.
I was getting a few alertsevery now and then, know like
change your password.
But some of them looked likespam, so I kind of ignored them.
And then one day I thought tomyself oh, why don't I open
TikTok and see what's going onin there?
And lo and behold, I no longerhad access to my account.
(02:39):
And it turns out somebody hadbeen trying to hack it all the
way over in Iraq for like two orthree weeks and they finally
convinced TikTok that they wereme.
I don't know how they did that.
Nobody ever revealed to me whatthis guy was showing to prove
that he was the real ChristineSchieffer.
But he had my account and hechanged everything on it,
(03:02):
changed the passwords, changedthe phone number and at first it
was a little funny because Ithought, oh well, you know, I'm
sure this will get situated andfigured out.
But after a few days of thisand him being very active on my
account with my name still on it, it was no longer as funny and
quirky as I had first thoughtand it suddenly became very
invasive.
What do you think?
(03:23):
their motivation was it's sofunny you say that because at
first I thought, oh, this isjust some I don't know kid or 20
something getting online andseeing if he could hack an
account.
And I quickly realized becauseI so I worked as a private
investigator for a while, like,incidentally, probably 10 years
(03:45):
ago, and so I thought, oh, youknow what, I'm going to be a
sleuth, I'm going to find thisguy I know and I thought, well,
this is going to be such a coolorigin story, superhero origin
story.
So it's like New Year's Eve andI'm in a Holiday Inn Express
with my husband and baby and I'mlike online till two in the
morning trying to track this guydown, baby.
And I'm like online till two inthe morning trying to track
(04:06):
this guy down.
And I did so for what it'sworth.
I did find him.
And then it quickly hit me.
It dawned upon me like now,what you know, like I know who
this guy is, that doesn't helpme in any way.
What am I going to do?
Tell, uh, cincinnati policethat a guy in Baghdad has my
account.
You know, nobody really caresthat much.
So I got the guy's account and Iwas able to actually contact
(04:26):
him directly through WhatsApp,which maybe is not the most
advised route, if anyone islistening to this maybe.
Maybe not the advisable path,but I was feeling very brazen
and so I reached out to him onWhatsApp and he sort of
portrayed himself as this kindof super villain and it still
(04:48):
makes me laugh a little bitbecause I know better Like he
wasn't that smart.
He just kind of took advantageof the fact that I was never on
my account, but he said I make$10,000 a month selling people's
TikTok accounts.
You can have it back for $850.
So he's basically trying tohold it ransom, I suppose, make
some money off of it, um, which,by the way, I'm like who's
(05:10):
gonna pay $850 for my TikTokaccount?
I don't think anybody caresthat much, um, but yeah, I think
that's what he was trying to domake some money.
I'm guessing you didn't pay?
Takara Small (05:21):
that I sure didn't , you know it's so funny.
Christine Schiefer (05:23):
Everybody always says oh so you paid him.
And I'm like no hell, no, youknow, I just because I knew if I
pay him, what is he gonna do?
He's not gonna give my accountback like I'm just gonna venmo
this guy 850 that I don't havelaying around, um, which I don't
care.
I mean, you know I it just wasnever gonna go that way.
I just knew that that was notthe route to go.
(05:44):
And, by the way, he never soldto anyone else either, as far as
I can tell.
So it's not like he made anymoney off of it from anyone else
, as far as I can tell.
But yeah, mustafa and I werefrenemies at first and now I
think we're just solid enemies.
But yeah, I think he was tryingto turn a profit.
Takara Small (06:05):
Okay.
So how did you get it back thenin the end?
Christine Schiefer (06:08):
Oh boy, you know it's funny.
Before this call I started kindof going back through the story
in my head and thinking likewhat was?
Because it just seemed likesuch a hurricane of trying every
possible avenue.
And you know, I reached out tomy manager and agent, who are in
New York and LA, and I said hey, can do you guys have contacts?
You know, I reached out to mymanager and agent, who are in
New York and LA, and I said hey,can do you guys have contacts?
You know, as we all know,tiktok is kind of like a shadowy
(06:30):
, like secretive place as far asreaching them or understanding
their algorithm and the insideworkings.
And so I was getting nowherewith TikTok support and you know
I've heard that that's prettycommon, um, and so I asked my
manager and agent and of courseI'm very fortunate to have
people like that who can try andstep in but they got rebuffed
(06:50):
too.
So at this point I'm thinking,well, okay, if my manager and
agent can't get ahold of anyoneat TikTok, I don't know how I'm
going to figure it out.
And it really was just very kindof a trial and error over and
over again until I finallylogged into one of my podcast
accounts and messaged TikTok andI.
Maybe it's because it felt likea fluke, maybe it's because I
(07:12):
got someone on the right day,maybe it's, uh, just what I said
, but I basically told themlisten, this guy is uh sending
inappropriate stuff to randomfans of mine over private
message.
He's threatening to sell myaccount to the highest bidder.
He's yada, yada, yada.
(07:32):
And somebody just finally saidsend over proof of your identity
.
And I had to send over mydriver's license and home
address and all this information, um, via email to tiktok.
And, uh, one day it just kindof reappeared.
They said what email do youwant to use to associate?
(07:54):
And I, I had to make a newgmail account and there they
came back to me, um, and thenthen I got a really threatening
message from uh mustafa, who waslike he, I will always be here
and I will get it back.
He's really trying to lead intothis like villain.
You know character, I think.
But you know I came outvictorious.
(08:18):
I feel bad because I'm like whenpeople ask, I'm like I don't
even know if I have great advice.
It was just trying over andover until somebody listened.
You know, has he tried to hackyou again?
That is a great question.
I actually don't think so.
I haven't received any.
I will say, though, as far asadvice goes, I am ashamed to say
(08:38):
I did not have two-factorauthentication on, or
authentication on excuse me um,and so he was more easily able
to uh get in.
But now that I have that kindof double, double security, it's
uh, it's kind of like a vault,because I know that, because he
turned it on and so I couldn'tget back into my account.
So, you know, if you, if youare wondering, you know, maybe
(09:00):
turn that bad boy on, thatreally uh kind of helps, uh stop
people in their tracks ifthey're trying to break in I
wonder how much of a toll didthis take on you?
Takara Small (09:10):
because this isn't just, you know, a social media
account that you use for fun.
This is also part of yourprofessional life.
This is part of your identitythat you use for work that's
yeah, that's a great point.
Christine Schiefer (09:22):
And I think that didn't occur to me until a
little bit later.
Because, again, at first Ithought, well, I rarely use
TikTok, you know it's not theend of the world, I didn't have
that many followers.
I did have that blue checkmark,which is probably why I was
targeted that much anyway.
(09:45):
But, like you said, a couple ofdays in I realized, oh wait,
this guy's essentiallyimpersonating me and he has a
blue checkmark to prove it.
So it's sort of like you know,they hand out those checkmarks
to make sure your account isrepresenting you and you know
you're not getting spammed oryou know you're not getting
duplicate accounts made aboutyou or people impersonating you.
And then somehow he managed todo just that.
So you know the people I wasclosest with, I told them, and
(10:09):
so if he sent strange like my,my podcast co-host received some
strange aggressive messages,for, for no apparent reason, a
couple people messaged him andsaid like hey, why are you
reposting these weird things?
And then he would go on theselong aggressive rants at them
and I don't really know what thepoint of all the like anger was
(10:33):
, or just the like rude posts,um, but yeah, I really did feel
like somebody had just kind ofpulled the rug out from under me
and I had to do some damagecontrol afterward and explain to
people.
You know, um, that was not me.
And a few people actuallythought I unfollowed them
intentionally and I said I swearto God, I unfollowed my own
(10:53):
mother.
Okay, not, I didn't, but Mustafadid.
So it's not me, I swear.
But yeah, I had to do a littledamage control and you know I'm
fortunate because it could havebeen worse.
He could have posted.
You know really'm fortunatebecause it could have been worse
, he could have posted, you know, really bad content, but it was
mostly just like religiousstuff and things like.
Again, I couldn't understandthe language, but it just it
(11:17):
just felt very.
Takara Small (11:17):
it felt very violating, I guess maybe is the
best word.
Yeah, it sounds stressful.
I am wondering did you lose anymoney or was there any
financial consequences or lowback because of that?
Christine Schiefer (11:31):
Yeah, that's a great question.
You know, I am very, veryfortunate to say I don't think
so.
I have done in the past.
I've done a few kind of promotype things, but only only a
couple on TikTok.
So that wasn't reallyfortunately.
You know my main source ofcontent, but yeah, I wouldn't
(11:54):
say money, I wouldn't say Inecessarily lost money, but I
will say I lost many, many, manyhours of my life because it
just the number of hours ofgoing back and forth with these
representatives, giving themphone calls, emailing, trying to
do damage control by, you know,creating a new account and
saying hey, everybody follow mehere and trying to sort of
(12:19):
reroute where people werefinding me.
So it was many hours, I guess,of my life that were felt
totally wasted.
But I fortunately, you know,and I know some people who make
their bread and butter on TikTokand that would have been, you
know, a much more damagingexperience.
But I was fortunately able tokind of laugh it off in the end
a little bit and say, wow, whata bizarre couple months that was
(12:42):
.
But yeah, fortunately, you know, I didn't lose a big chunk of
income or anything like that.
Takara Small (12:49):
Has that moment in time, that situation, has it
changed how you engage with theinternet at all?
Christine Schiefer (12:56):
Yeah, so I started to feel a little more
guarded, I guess.
And turning on that two-factorauthentication, I didn't realize
, I guess, at the time howimportant that was, um, even
just for your average account,average Joe account that doesn't
have any followers or, you know, because it's invasive either
(13:17):
way.
Even if I had 10 followers, youknow, and they were, they had
my name and were posting undermy name, that would have been so
invasive and still damagingpersonally, maybe not career
wise.
But yeah, it's kind of made memore guarded because I don't
know how, I seriously don't knowhow this guy picked my account,
I mean, from the way he made itsound.
(13:37):
He made it sound like he had,you know, this entire
underground operation.
I kind of doubt that, justbecause he just didn't really
give the vibe of like a realsupervillain.
But you know, he found itsomehow and he got in and
pretended to be me, and so itkind of opened my eyes that you
(13:58):
don't need to be some ultrafamous, you know successful
person to need to protectyourself online, which, saying
it out loud, probably soundspretty dumb.
But you know, I feel like I'dalways kind of lived in this
sort of ignorant bliss of well,what I do online doesn't matter
that much.
You know who cares if someonehacks it.
But uh, yeah, in the end, um,I've, I've gotten more guarded
(14:20):
oh wait, why did you even gopublic with this?
Takara Small (14:22):
because there are people that are hacked and they
will not tell a soul well, firstof all, I have like zero self,
uh, filtering.
Christine Schiefer (14:32):
I I have like such an open book that I
usually just tell people what'sgoing on.
Most of the time I'm not very,I like to be like I'm an
introvert, but I'm also veryopen about things.
And so when this happened, youknow, and my podcast, which is a
lot of you know, a lot of a lotof it boils down to, you know,
(14:55):
things that make us drink, thisweek it's called and that's why
we drink.
And so that week I said guesswhy I drink?
You know, this guy came in andthe number of people really who
wrote in and related to that wasastonishing and I was so
surprised how often this happensand people just don't you know,
talk about it, like you said.
But the main reason I did talkabout it is because I could
(15:16):
actually still access theaccount via Face ID when and
Mustafa did not know this, andso I waited this is the most
unhinged part of this wholestory probably I waited until it
was 3am or 2.30am in Baghdadand then I posted a video on the
account and I said listen, thisguy's probably sleeping.
(15:38):
Please go follow him.
He's hacked my account.
Please go follow me somewhereelse.
Uh, and I linked my new youknow, the new account I had
created, and so I had all thesepeople like shift over to this
new account.
Um, and of course, thisinfuriated him when he woke up
and he immediately deleted it.
But uh, you, I also like tolook at everything as a story.
At the end, you know, I'm likeat least you have a good story
(16:00):
out of it.
So I tried to use it for hashtagcontent I suppose.
But yeah, I mean people were sorelating to it that I just kind
of kept telling the story andsurprised how many people kind
of have been in a similar boat.
Takara Small (16:13):
Well, thank you for sharing your story.
I have so many tips in myarsenal now.
You can't see me.
I'm knocking on wood.
I'm hoping it never happens.
I do now have so many tips inmy arsenal, including maybe
junior detectives to your moreexperienced one.
Christine Schiefer (16:31):
Yeah, just you know.
If anyone needs me to go findtheir Carmen San Diego, their
evil Carmen San Diego, out there, who's hacked in, let me.
If anyone needs me to go findtheir Carmen Sandiego, their
evil Carmen Sandiego, out there,who's hacked in, let me know.
I'm happy to do it.
I do have fun with that kind ofonline sleuthing, but thank you
for letting me come on and talkyour ear off.
Takara Small (16:47):
And that was Christine Scheiffer from the
podcast, and that's why we drinksharing her story of being
hacked with us.
And, as we all know, thestories can get so much worse
than that.
We surveyed CIRA members forthis series and our responses
showed that 61% of our membershad been the victim of a hack or
an online scam.
(17:08):
Phishing scams were the mostcommon, but other responses
included a PlayStation accountgetting hacked and losing $800.
Another one of our membersreplied to a clever phishing
email when they were tired anddidn't spot the clues, which is
a classic case.
There's usually a human element.
(17:29):
Criminals rely on ourvulnerabilities and exploit our
emotions so that our decisionmaking is just a little bit off.
All it takes is one click andwe can find ourselves in big
trouble.
All of this sounds prettystressful too, so we need some
practical advice on our digitaldefense, and who better to ask
(17:49):
than the team at Get Cyber SafeCanada?
At Get Cyber Safe Canada, hiTakara, christine Menard manages
the Get Cyber Safe PublicAwareness Campaign.
How common, how prevalent arethese types of cyber security
incidents?
Christine Ménard (18:10):
Yeah, so you say it's like a basic question,
but unfortunately it's reallyhard to know how prevalent they
are because they often don't getreported.
So we do have statistics thatcome from the Canadian
Anti-Fraud Centre.
So statistics for 2023, let'ssee here 62,000 fraud reports
involving over $554 million inreported losses.
(18:35):
However, they estimate thatthat's only about 5% to 10% of
the real problem, because theythink that only 5% to 10% of
victims actually report thefraud to them.
So that's very much anunderstatement of the problem.
So I think we can say it isvery prevalent.
Takara Small (18:53):
Yes, so okay, so there's only a small percentage
of people who are actually, youknow, coming forward with the
fact that they're victims ofthis type of crime.
Do we know at all, though, howmany Canadians a year fall
victim to cybercrime?
Christine Ménard (19:10):
So well.
Get Cyber Safe.
Get Cyber Safe is the campaignthat I worked for, and we
recently polled Canadians onthis topic and, in fact, 78% of
Canadians said that they hadnever been a victim of an online
scam where they lost money ordata 78% but that does mean that
22% did at some point lose dataor money in an online scam.
(19:35):
We asked this question globally, so it wasn't in the past year,
it was just at any point intheir online lives had they lost
money or data, and it was 22%of Canadians reported that they
had.
Takara Small (19:46):
And what forms do these types of scams typically
take?
I know most people maybe arefamiliar with email scams.
Those are the ones that peopleprobably come into contact the
most, but there are manydifferent types, right.
Christine Ménard (20:00):
That's right.
So in our GetCyberSafe polling,we found that about 9% of those
cases were phishing and another5% were ID theft.
But if you look at the biggerCanadian Age Fraud Centre
statistics, they have a list ofthe 10 most common frauds for
(20:20):
2023.
And they characterize them bothby how many reports there were
and then what the losses were.
So the fraud with the mostvictims was identity fraud, with
about 11,000 victims, but theone that cost the most to
Canadians were investment scams,at $309 million lost in 2023.
Takara Small (20:44):
Can we break that down?
What is an investment scam?
Christine Ménard (20:48):
An investment scam, and this is really the
area of expertise for theCanadian Anti-Fraud Centre.
But the investment scams arewhen somebody is offering you
this great investmentopportunity and it turns out to
be fraudulent and you're notactually investing your money in
that specific thing or there'ssomething behind it that makes
(21:10):
it so that it's fraudulent andit's a scam and you're not going
to make any money off it.
Maybe it sounded like a getrich quick opportunity, but it
was in fact not that at all.
Takara Small (21:19):
I can only imagine at this point in time I mean,
there are a lot of people whoare looking to make extra money
side hustles right.
Who might fall for that?
Because they're like.
Christine Ménard (21:30):
I would love to boost my overall income and
it seems like a dream, yeah, andyou hear of other people you
know making money on the stockmarket or making money in
Bitcoin and you think, hey, Ican be like them.
And then maybe you seesomething online, maybe an AI
generated video that's saying,hey, you can to make money with
(21:53):
this investment opportunity andit turns out to be a complete
scam.
Takara Small (21:58):
You know, it's the perfect segue into my next
question, which is what roledoes AI play when it comes to
these type of challenges?
Christine Ménard (22:08):
That's a great .
Next question because, yeah, inthat specific example, we have
seen reports of um like cybercriminals using ai, specifically
ai using like deep faketechnology.
And that's when they use likemachine learning, like
algorithms, in order to likemanipulate a video.
(22:31):
So they make a video of aperson that looks very real but
it's completely fabricated.
So, especially in theinvestment scams, this is
something that's known to behappening where celebrities are
endorsing a certain product or acertain investment.
It looks very legitimate.
People easily I can't, likethey can't easily determine if
(22:53):
it's real or not, and that's howthey get caught up in it.
That's just one of the waysthat cyber criminals are using
AI.
Takara Small (23:01):
And you know I mean speaking of AI and,
obviously, the kind of leapswe've made technologically I'm
wondering how vulnerable and howsafe everything is in our
digital age, because I mean, I'mjust thinking right now,
everything, whether it's banking, whether it's conversing with
colleagues in our workplace,it's all moving online at a very
(23:23):
fast pace and so you know, aseverything kind of pivots, that
space is there.
I don't know where everythingis digital.
Is there any safe spaces?
Is there anything people can doto protect themselves?
Christine Ménard (23:38):
Absolutely.
You know, some scams are veryeasy to spot.
Some scams are not so easy tospot, but there's absolutely
ways that you can stay informedand learn about the different
signs of a scam or a fraud or aphishing message or a cyber
crime like.
There's definitely ways thatyou can keep on top of these
things, um, and there'sdefinitely a lot of wealth, a
(24:00):
wealth of information out therethat you can um go and and
consult.
I would, of course, recommendthat people follow get cyber
safe, um on social media andcheck out the get cyber safe
website.
Get cyber safe is thegovernment of canada's campaign
and really tries to make itsimple and actionable tips that
canadians can take and yes,there's a lot of scams out there
(24:22):
, but there are also a lot ofmethods and easy tools that
canadians can implement and whenthey implement these tools,
they're much less likely to fallfor a scam.
Takara Small (24:34):
And you know, it's really interesting because I
recently was reading about ayoung woman in her 20s who fell
victim to a scam and lost asignificant amount of money and
it made me think about that.
There's this perception thatonly elderly people fall for
these types of crimes or scams,when really everyone, any age,
(24:54):
could fall for it could crimesor scams, when really everyone,
any age, could fall for it couldend up a victim that's very
true.
Christine Ménard (25:00):
I was mentioning, um that we had that
polling data on who, on thepeople that had um, lost money
or lost their data to a cybercrime, and we didn't actually
see any differences by age, likethat wasn't a factor in terms
of who had become a victim andwho had not.
It wasn't, it wasn't really thecase.
So I think it's just maybepeople are more susceptible if
(25:23):
they're, you know, looking foran opportunity to make money or
you know everybody wants youknow to, to be lucky or to have
luck on their side, and and youknow, maybe some people are more
susceptible to be like, hey,this could be me, you know,
maybe they're less skeptical.
Takara Small (25:39):
Um, but we really didn't see age as a
differentiator between who is isum victimized and who is not
you know, one of the cybersecurity issues we've been
examining throughout the seriesis how convenience and security
can sometimes be at odds witheach other, especially in this
day and age, where we're used toaccessing, watching, reading
(26:02):
whatever we want within a secondof clicking a button.
You know it's very tiresome,but is this something that we,
you know, just need to get usedto?
The fact that having some typeof security can sometimes be at
odds with immediate access andconvenience yeah, it does feel
like cyber security.
Christine Ménard (26:22):
Uh, is that extra step?
And we do often talk about thedifferent layers in cyber
security, and every time thatyou are doing something more and
more sensitive online, maybeyou want to add another layer of
protection.
So you talked about, uh, youknow, streaming a show and
likely the app that you're usingto stream that show has a
(26:45):
password.
Um, but you also are, and sothat you know, streaming a show
online, there's no cyber risksthere.
So you know that's one layer ofprotection.
You should be okay.
But of course, that app alsoprobably has, maybe your
financial informationinformation, your your credit
card information in it and youmight want to add another layer
(27:06):
of protection.
And so in this case, that nextlayer is often multi-factor
authentication and that's usingmore than one way to
authenticate you.
So you use your password, somore than one way to
authenticate you, so you useyour password, so that's one way
to authenticate you.
Then you add another layer,that second layer of security,
and that's often like a textthat's sent to your phone, or a
(27:26):
text or an email code that'ssent to your email account.
And yeah, it might be seen asinconvenient to take that extra
step, but once you have thesefactors in place and you are
using them regularly, it becomeskind of routine and then you
get the hang of it, certainlylike things like a fingerprint
(27:49):
or a face scan.
Now, like, the systems havegotten so much better and now
it's a lot quicker to get thatsecond factor authenticated, so
you know it's an extra step.
It does take an a little bit ofextra time, but in terms of
protecting your financialinformation it's so important
and what can you tell us aboutsextortion?
(28:10):
so in the case of sextortion,what we mean by sex sextortion
is in youth, and it'sparticularly young.
Men are tricked into believingthat they're talking to a girl
online.
So they're on Instagram,they're on Snapchat and they
think, you know, they've beendirect messaged and they think
they're talking to a young girl.
So they chat for a certainamount of time maybe days, maybe
(28:33):
hours.
Apparently, in some cases it'sbeen as little as 20 minutes and
then the sex-torture that isposing as the young woman
convinces the victim to exchangesexual content.
So maybe they'll even startthat exchange off by sharing a
sexual photo first, and then thevictim will then, in turn,
(28:57):
share an intimate image ofthemselves back.
So then, immediately afterreceiving the sexual content,
the sex daughter will startmaking demands.
Often, if it's a girl, they'llask for more sexual photos and
videos, and if it's a boy,they'll almost always demand
money instead.
And then they startintimidating them.
(29:20):
You know the young person willoften feel embarrassed.
They just want the problem togo away.
They will often end upcomplying and sending money.
The amounts of money this issurprising have really ranged
(29:47):
from as little as $9 to $7,500.
So like it can be a wide range,and they'll ask for it either
by gift cards, through paypal,even a direct email transfer, so
that's kind of how um, thatwhat's extortion looks like.
So, then, need help.
Now what that website will dois you can go on there and you
(30:08):
can either.
There's a couple of differentways to interact with that
website.
Either there's instructions onhow to regain control of your
photos, but there's also anopportunity for you to fill out
a form and submit yourinformation, and then the
authorities on your behalf willgo and get those images back for
(30:29):
you.
So there's also a good idea to,of course, report this to the
local law enforcement as well.
It's just such a troubling,troubling crime, and I think we
really need more people to knowthat this happens and to like to
come forward and not beembarrassed and seek help in
(30:51):
this particular case.
Takara Small (30:54):
Well, thank you, christine, for breaking all of
this down.
Is there anything you want totell our listeners?
You want to share with them?
Any tips?
If they're thinking, wow, thisis a lot of information, or
maybe I know someone who's avictim, what should I tell them?
Christine Ménard (31:16):
victim.
What should I tell them?
Well, I I think the first thingI would say is that there is a
lot of things that you canproactively do to help keep
yourself safe, and they're gonnasound like you've heard them a
lot before and they sound toosimple, but really they will go
a long way and um, one of thefirst ones is just making sure
that you have security softwareinstalled on your devices, like
that antivirus software.
We've been talking about thisfor years, but it will
(31:37):
absolutely protect you, and Iwould also include in that.
I have this myself, the SierraCanadian Shield, and I have an
app on my phone that, especiallywhen I'm using public Wi-Fi or
Wi wi-fi that is not my own itwill help block threats.
It's a great service.
It's free for canadians, um, sothat's definitely should be
(32:00):
part of um canadians um cybersecurity, uh, um, like plans and
cyber security, the, themethods that they take to
protect themselves.
Another one that is not verythrilling is updates and
updating your devices and, likeyou know, you think oh, you know
(32:21):
, the new um operating systemcame up, came out.
I need to update my device.
It's not a very thrilling thingto do, but those updates are
patches and they will protectyou from the latest cyber
threats.
So you know, don't sleep onupdates.
Actually, do sleep on updates,because oftentimes you can do
those updates while you sleep.
So enabling automatic updatesit sounds so simple it really
(32:44):
does make a difference.
It will really absolutelyprotect you from vulnerabilities
.
Same thing with backing up yourdata.
That's another thing where it'sjust kind of like, if you set
it up with backing up your data,that's another thing where it's
just kind of like, if you setit up to back up your data
automatically, you're justsaving yourself a world of a
word, world of hurt later on.
Um, not enough people arebacking up the data and and this
(33:07):
will protect you from all kindsof threats, like Like, if you
download malware, if youdownload ransomware, or if you
spill a bottle of water on yourlaptop and it ends up frying,
then you're a backup.
You'll be up and running againbecause you'll have everything
saved in your backup.
And like a cup of coffee, a cupof water, it can happen to
(33:28):
anybody but ransomware withterrifying.
But that backup will make allthe difference between
ransomware being a reallyterrible thing that happens to
you and ransomware beingsomething that you can recover
from.
Finally, we talk about strongand unique passwords unique like
(33:51):
different password for everysingle platform and that's
really something it just willsave you from credential
stuffing, from people gettinghold of your credentials and
trying to use them in all yourdifferent accounts in order to
get access to them.
So it's really important tokeep all your passwords unique,
but it is impossible to keep allyour passwords unique, but it
(34:12):
is impossible to keep track ofso many different passwords.
So we really do encourage theuse of password managers, and
that's one way thatcybersecurity has changed a lot.
Since I've been working on theGet Cyber Safe campaign, we
never used to recommend passwordmanagers, and then now that's
something that we absolutelyrecommend, and password managers
will allow you to keep track ofall those unique passwords.
(34:34):
It'll notify you if you'veduplicated a password.
It'll notify you if a passwordif like one of your accounts has
been involved in a cyber breach.
They are fantastic.
It's an extra layer of security.
Absolutely that's somethingthat all Canadians can do to
protect themselves.
Takara Small (34:52):
Well, thank you so much for all of those tips and
I am excited to maybe put someof those that I don't use into
effect.
Wonderful, thank you so much.
And that was Christine Menardfrom Get Cyber Safe Canada.
You can find some reallyhelpful tips and information at
getcybersafegcca.
(35:12):
We'll also put that link in thedescription of the episode, as
well as some other helpfulwebsites Christine mentioned.
Now the other big conversationaround our personal
cybersecurity is how much of ourdata is held and traded by
companies online.
There's this old saying if theproduct is free, that means
(35:34):
you're the product.
Our survey found that 60% ofour members didn't trust private
organizations with their dataand 39% were only somewhat
trusting.
So it's clearly an issue manyof you are concerned about.
Our data is valuable.
It's not just criminals whowant to sell it.
(35:55):
Pretty much every website andapp does too, but we've all had
a conversation with people whoshrug their shoulders and ask
well, who cares?
Shoshana Wadinski is a Canadiantech journalist who's covered
big privacy stories for Gizmodoand Adweek.
She's joined us to answer thatquestion.
Shoshana Wodinsky (36:17):
I have had that exact conversation with so
many people infinite peoplebecause the truth is you know,
even if you don't think you haveanything to hide, chances are
you something might slip.
So like here's an exampleBecause of my awful
cybersecurity practices and,even worse, like app privacy
(36:40):
practices, I turn on trackingfor everything.
I click on every targeted app.
I do not care.
But then you know one time.
But then you know one time Inoticed that I was investigating
(37:00):
kind of an app because I wasusing a.
This is back before I hadhealth insurance.
I was using an app that offeredcoupons for certain
prescriptions and then I noticedI did a little bit of digging
into this app, because that'swhat I do and I found that my
prescriptions were being sharedwith a certain number of like ad
companies yeah, oh, my gosh,yeah Pharmaceutical
manufacturers.
Later on that the company behindthis app was sued by the
(37:23):
federal trade commission andlike told hey, maybe stop doing
that.
But that lawsuit took aboutthree years from the time of
publication.
But at the same time, you know,you know, you know it's just
like, okay, I have nothing tohide, but then it's just like oh
, the kind of possibilities areendless.
Because if you really thinkabout, like, what is the one
thing?
Like what's something that,like, you're not embarrassed
(37:45):
about, so to speak, but what'ssomething that, like you,
probably wouldn't say on a firstdate, like chances are, an
advertiser already knows thatabout you.
Takara Small (37:54):
Yeah, and I imagine that for some people,
you know, disclosing personalinformation like that is a
choice.
You know, that's something thatthey choose to share.
I can only imagine, even likenon-medical things, like if if,
for instance, you know there arewomen who are the victims of
sexual assault, or there are menwho have, you know, experienced
abuse and they're takingmedication, or or seeing someone
(38:16):
to discuss that, um, thatthat's information that they
should have to share if theywant exactly like.
Shoshana Wodinsky (38:22):
There was actually a similar case, uh,
where, uh, tinder you know theapp tinder, the swipey, swipey,
matchy matchy app uh hadpartnered with a app called
Noonlight that said, like hey,if your app isn't, if, like, if
your date's not going that great, you can tap this button on the
Noonlight app and it'llimmediately like, contact a like
(38:44):
trusted representative.
Your location will be shared.
We'll make sure that you getout of that, okay, which is
great.
Like that is a legitimatelygreat service.
We'll make sure that you getout of that, okay, which is
great.
Like that is a legitimatelygreat service.
However, because I love pokingaround inside apps, I also found
out that some, some of thatinformation was also being
shared with advertisers.
And I'm like, and I'm like oh,okay, like again, do you have
(39:12):
nothing to hide?
No, but do you want?
Like on a first date, would youwant to say yeah, I'm scared of
being sexually assaulted?
Probably not.
It's like when you think aboutthe people who say they have
nothing to hide, it's just yeah,but is there anything that,
like, you feel uncomfortableabout?
If somebody knew about you?
Takara Small (39:28):
So it's just it's.
I think like the mostinteresting thing is yes, it's
probably not something that manypeople disclose, because we're
always taught to blame thevictim.
You know like oh, you've beenhacked, well, what did you do?
Shoshana Wodinsky (39:40):
what did you do?
Takara Small (39:41):
why weren't you smart enough to see this coming?
So how do you change theconversation then, so that
people feel like it's okay toshare this information?
Shoshana Wodinsky (39:50):
because I feel like the more people talk
about how they were tricked, theeasier it is for other people
to learn from their mistakesright exactly situation uh that,
that obviously I do not have aneasy answer for that, but I
will tell you, uh, and all ofyour listeners who are sitting
here right now.
Uh, I am a person whose job isnot to be tricked by these sorts
(40:13):
of things.
And I have been tricked.
So and I am talking about itpublicly with a smile on my face
because I don't I don't mindadmitting that I, that I was
goofy once in a while, you know.
Takara Small (40:27):
OK, so hopefully we're all feeling a little
better equipped to handle allthose cyber threats coming our
way.
Remember, two-factorauthentication is the new wax on
wax off.
Next week we're going to lookat why so many big Canadian
institutions and corporationsare being attacked.
Sami Khoury (40:45):
You have the cyber criminals who hack to make money
out of their hack, who hack tomake money out of their hack,
but also there are other peoplewho hack for what I would call
an information advantage.
Takara Small (40:58):
If you want to reach out to us with any of your
own stories, you can find me atTakara Small, on Twitter,
instagram and pretty muchanywhere on social media.
You can email the show atpodcast@cira.
ca.
We'd also love it if you couldleave us a rating and a review
on Spotify and Apple podcasts.
And if you have any questionsor want to learn more about
(41:19):
cybersecurity in Canada, you canvisit CIRA.
ca/ cybersecurity.
Thanks for listening and we'llsee you again next week.
How often do you think about your cybersecurity?
For the average person,probably not that much.
We have experts to worry aboutthat stuff, right?
Well, it's not that simple.
Christine Ménard (00:17):
And, you know, maybe some people are more
susceptible to be like, hey,this could be me.
You know, maybe they're lessskeptical.
Takara Small (00:22):
There are so many ways you can find yourself
vulnerable online, and thecriminals are only getting more
sophisticated.
Hundreds of millions of dollarswere stolen from us last year,
according to the CanadianAnti-Fraud Centre, and that's
just what we know about.
So while you might think you'reclever enough to spot the
dangers, the evidence shows moreof us than ever are getting
(00:45):
caught out, and we need todevelop better techniques to
stay safe.
Now, how many of you rememberMr Miyagi's iconic advice when
teaching the Karate Kid aboutself-defense?
Wax on, wax off.
Shoshana Wodinsky (00:59):
Don't forget to breathe Very important Wax on
.
Wax off, wax on.
Takara Small (01:08):
It's all in the muscle memory.
Well, this week, on what's UpWith the Internet, we have our
own cyber-sensei to offer someexpert advice.
It's all brought to you by CIRA, the Canadian Internet
Registration Authority, which isbuilding a trusted internet for
Canadians, and I'm your host,takara Small.
But first let's hear fromsomeone who did get hacked.
(01:32):
Our own Daniel-san, christineScheiffer, is the host of two
really popular podcasts shepresents and that's why we Drink
as well as another really funshow called Beach Too Sandy,
water Too Wet.
But a few months ago,christine's TikTok account got
taken over by a hacker who wasdemanding a ransom.
Christine Schiefer (01:54):
So I was, and still am, one of those
people that, when it comes toTikTok, I go through phases.
I'm not like a devoted follower.
Every now and then I'll kind ofbounce in and out and I'll go
through phases where I watch.
And I was going through one ofthese kind of dry spells of not
really opening the app.
And during that time I foundout that somebody had been
(02:17):
spending weeks trying to getinto my account, which I, you
know, should have probablynoticed.
I was getting a few alertsevery now and then, know like
change your password.
But some of them looked likespam, so I kind of ignored them.
And then one day I thought tomyself oh, why don't I open
TikTok and see what's going onin there?
And lo and behold, I no longerhad access to my account.
(02:39):
And it turns out somebody hadbeen trying to hack it all the
way over in Iraq for like two orthree weeks and they finally
convinced TikTok that they wereme.
I don't know how they did that.
Nobody ever revealed to me whatthis guy was showing to prove
that he was the real ChristineSchieffer.
But he had my account and hechanged everything on it,
(03:02):
changed the passwords, changedthe phone number and at first it
was a little funny because Ithought, oh well, you know, I'm
sure this will get situated andfigured out.
But after a few days of thisand him being very active on my
account with my name still on it, it was no longer as funny and
quirky as I had first thoughtand it suddenly became very
invasive.
What do you think?
(03:23):
their motivation was it's sofunny you say that because at
first I thought, oh, this isjust some I don't know kid or 20
something getting online andseeing if he could hack an
account.
And I quickly realized becauseI so I worked as a private
investigator for a while, like,incidentally, probably 10 years
(03:45):
ago, and so I thought, oh, youknow what, I'm going to be a
sleuth, I'm going to find thisguy I know and I thought, well,
this is going to be such a coolorigin story, superhero origin
story.
So it's like New Year's Eve andI'm in a Holiday Inn Express
with my husband and baby and I'mlike online till two in the
morning trying to track this guydown, baby.
And I'm like online till two inthe morning trying to track
(04:06):
this guy down.
And I did so for what it'sworth.
I did find him.
And then it quickly hit me.
It dawned upon me like now,what you know, like I know who
this guy is, that doesn't helpme in any way.
What am I going to do?
Tell, uh, cincinnati policethat a guy in Baghdad has my
account.
You know, nobody really caresthat much.
So I got the guy's account and Iwas able to actually contact
(04:26):
him directly through WhatsApp,which maybe is not the most
advised route, if anyone islistening to this maybe.
Maybe not the advisable path,but I was feeling very brazen
and so I reached out to him onWhatsApp and he sort of
portrayed himself as this kindof super villain and it still
(04:48):
makes me laugh a little bitbecause I know better Like he
wasn't that smart.
He just kind of took advantageof the fact that I was never on
my account, but he said I make$10,000 a month selling people's
TikTok accounts.
You can have it back for $850.
So he's basically trying tohold it ransom, I suppose, make
some money off of it, um, which,by the way, I'm like who's
(05:10):
gonna pay $850 for my TikTokaccount?
I don't think anybody caresthat much, um, but yeah, I think
that's what he was trying to domake some money.
I'm guessing you didn't pay?
Takara Small (05:21):
that I sure didn't , you know it's so funny.
Christine Schiefer (05:23):
Everybody always says oh so you paid him.
And I'm like no hell, no, youknow, I just because I knew if I
pay him, what is he gonna do?
He's not gonna give my accountback like I'm just gonna venmo
this guy 850 that I don't havelaying around, um, which I don't
care.
I mean, you know I it just wasnever gonna go that way.
I just knew that that was notthe route to go.
(05:44):
And, by the way, he never soldto anyone else either, as far as
I can tell.
So it's not like he made anymoney off of it from anyone else
, as far as I can tell.
But yeah, mustafa and I werefrenemies at first and now I
think we're just solid enemies.
But yeah, I think he was tryingto turn a profit.
Takara Small (06:05):
Okay.
So how did you get it back thenin the end?
Christine Schiefer (06:08):
Oh boy, you know it's funny.
Before this call I started kindof going back through the story
in my head and thinking likewhat was?
Because it just seemed likesuch a hurricane of trying every
possible avenue.
And you know, I reached out tomy manager and agent, who are in
New York and LA, and I said hey, can do you guys have contacts?
You know, I reached out to mymanager and agent, who are in
New York and LA, and I said hey,can do you guys have contacts?
You know, as we all know,tiktok is kind of like a shadowy
(06:30):
, like secretive place as far asreaching them or understanding
their algorithm and the insideworkings.
And so I was getting nowherewith TikTok support and you know
I've heard that that's prettycommon, um, and so I asked my
manager and agent and of courseI'm very fortunate to have
people like that who can try andstep in but they got rebuffed
(06:50):
too.
So at this point I'm thinking,well, okay, if my manager and
agent can't get ahold of anyoneat TikTok, I don't know how I'm
going to figure it out.
And it really was just very kindof a trial and error over and
over again until I finallylogged into one of my podcast
accounts and messaged TikTok andI.
Maybe it's because it felt likea fluke, maybe it's because I
(07:12):
got someone on the right day,maybe it's, uh, just what I said
, but I basically told themlisten, this guy is uh sending
inappropriate stuff to randomfans of mine over private
message.
He's threatening to sell myaccount to the highest bidder.
He's yada, yada, yada.
(07:32):
And somebody just finally saidsend over proof of your identity
.
And I had to send over mydriver's license and home
address and all this information, um, via email to tiktok.
And, uh, one day it just kindof reappeared.
They said what email do youwant to use to associate?
(07:54):
And I, I had to make a newgmail account and there they
came back to me, um, and thenthen I got a really threatening
message from uh mustafa, who waslike he, I will always be here
and I will get it back.
He's really trying to lead intothis like villain.
You know character, I think.
But you know I came outvictorious.
(08:18):
I feel bad because I'm like whenpeople ask, I'm like I don't
even know if I have great advice.
It was just trying over andover until somebody listened.
You know, has he tried to hackyou again?
That is a great question.
I actually don't think so.
I haven't received any.
I will say, though, as far asadvice goes, I am ashamed to say
(08:38):
I did not have two-factorauthentication on, or
authentication on excuse me um,and so he was more easily able
to uh get in.
But now that I have that kindof double, double security, it's
uh, it's kind of like a vault,because I know that, because he
turned it on and so I couldn'tget back into my account.
So, you know, if you, if youare wondering, you know, maybe
(09:00):
turn that bad boy on, thatreally uh kind of helps, uh stop
people in their tracks ifthey're trying to break in I
wonder how much of a toll didthis take on you?
Takara Small (09:10):
because this isn't just, you know, a social media
account that you use for fun.
This is also part of yourprofessional life.
This is part of your identitythat you use for work that's
yeah, that's a great point.
Christine Schiefer (09:22):
And I think that didn't occur to me until a
little bit later.
Because, again, at first Ithought, well, I rarely use
TikTok, you know it's not theend of the world, I didn't have
that many followers.
I did have that blue checkmark,which is probably why I was
targeted that much anyway.
(09:45):
But, like you said, a couple ofdays in I realized, oh wait,
this guy's essentiallyimpersonating me and he has a
blue checkmark to prove it.
So it's sort of like you know,they hand out those checkmarks
to make sure your account isrepresenting you and you know
you're not getting spammed oryou know you're not getting
duplicate accounts made aboutyou or people impersonating you.
And then somehow he managed todo just that.
So you know the people I wasclosest with, I told them, and
(10:09):
so if he sent strange like my,my podcast co-host received some
strange aggressive messages,for, for no apparent reason, a
couple people messaged him andsaid like hey, why are you
reposting these weird things?
And then he would go on theselong aggressive rants at them
and I don't really know what thepoint of all the like anger was
(10:33):
, or just the like rude posts,um, but yeah, I really did feel
like somebody had just kind ofpulled the rug out from under me
and I had to do some damagecontrol afterward and explain to
people.
You know, um, that was not me.
And a few people actuallythought I unfollowed them
intentionally and I said I swearto God, I unfollowed my own
(10:53):
mother.
Okay, not, I didn't, but Mustafadid.
So it's not me, I swear.
But yeah, I had to do a littledamage control and you know I'm
fortunate because it could havebeen worse.
He could have posted.
You know really'm fortunatebecause it could have been worse
, he could have posted, you know, really bad content, but it was
mostly just like religiousstuff and things like.
Again, I couldn't understandthe language, but it just it
(11:17):
just felt very.
Takara Small (11:17):
it felt very violating, I guess maybe is the
best word.
Yeah, it sounds stressful.
I am wondering did you lose anymoney or was there any
financial consequences or lowback because of that?
Christine Schiefer (11:31):
Yeah, that's a great question.
You know, I am very, veryfortunate to say I don't think
so.
I have done in the past.
I've done a few kind of promotype things, but only only a
couple on TikTok.
So that wasn't reallyfortunately.
You know my main source ofcontent, but yeah, I wouldn't
(11:54):
say money, I wouldn't say Inecessarily lost money, but I
will say I lost many, many, manyhours of my life because it
just the number of hours ofgoing back and forth with these
representatives, giving themphone calls, emailing, trying to
do damage control by, you know,creating a new account and
saying hey, everybody follow mehere and trying to sort of
(12:19):
reroute where people werefinding me.
So it was many hours, I guess,of my life that were felt
totally wasted.
But I fortunately, you know,and I know some people who make
their bread and butter on TikTokand that would have been, you
know, a much more damagingexperience.
But I was fortunately able tokind of laugh it off in the end
a little bit and say, wow, whata bizarre couple months that was
(12:42):
.
But yeah, fortunately, you know, I didn't lose a big chunk of
income or anything like that.
Takara Small (12:49):
Has that moment in time, that situation, has it
changed how you engage with theinternet at all?
Christine Schiefer (12:56):
Yeah, so I started to feel a little more
guarded, I guess.
And turning on that two-factorauthentication, I didn't realize
, I guess, at the time howimportant that was, um, even
just for your average account,average Joe account that doesn't
have any followers or, you know, because it's invasive either
(13:17):
way.
Even if I had 10 followers, youknow, and they were, they had
my name and were posting undermy name, that would have been so
invasive and still damagingpersonally, maybe not career
wise.
But yeah, it's kind of made memore guarded because I don't
know how, I seriously don't knowhow this guy picked my account,
I mean, from the way he made itsound.
(13:37):
He made it sound like he had,you know, this entire
underground operation.
I kind of doubt that, justbecause he just didn't really
give the vibe of like a realsupervillain.
But you know, he found itsomehow and he got in and
pretended to be me, and so itkind of opened my eyes that you
(13:58):
don't need to be some ultrafamous, you know successful
person to need to protectyourself online, which, saying
it out loud, probably soundspretty dumb.
But you know, I feel like I'dalways kind of lived in this
sort of ignorant bliss of well,what I do online doesn't matter
that much.
You know who cares if someonehacks it.
But uh, yeah, in the end, um,I've, I've gotten more guarded
(14:20):
oh wait, why did you even gopublic with this?
Takara Small (14:22):
because there are people that are hacked and they
will not tell a soul well, firstof all, I have like zero self,
uh, filtering.
Christine Schiefer (14:32):
I I have like such an open book that I
usually just tell people what'sgoing on.
Most of the time I'm not very,I like to be like I'm an
introvert, but I'm also veryopen about things.
And so when this happened, youknow, and my podcast, which is a
lot of you know, a lot of a lotof it boils down to, you know,
(14:55):
things that make us drink, thisweek it's called and that's why
we drink.
And so that week I said guesswhy I drink?
You know, this guy came in andthe number of people really who
wrote in and related to that wasastonishing and I was so
surprised how often this happensand people just don't you know,
talk about it, like you said.
But the main reason I did talkabout it is because I could
(15:16):
actually still access theaccount via Face ID when and
Mustafa did not know this, andso I waited this is the most
unhinged part of this wholestory probably I waited until it
was 3am or 2.30am in Baghdadand then I posted a video on the
account and I said listen, thisguy's probably sleeping.
(15:38):
Please go follow him.
He's hacked my account.
Please go follow me somewhereelse.
Uh, and I linked my new youknow, the new account I had
created, and so I had all thesepeople like shift over to this
new account.
Um, and of course, thisinfuriated him when he woke up
and he immediately deleted it.
But uh, you, I also like tolook at everything as a story.
At the end, you know, I'm likeat least you have a good story
(16:00):
out of it.
So I tried to use it for hashtagcontent I suppose.
But yeah, I mean people were sorelating to it that I just kind
of kept telling the story andsurprised how many people kind
of have been in a similar boat.
Takara Small (16:13):
Well, thank you for sharing your story.
I have so many tips in myarsenal now.
You can't see me.
I'm knocking on wood.
I'm hoping it never happens.
I do now have so many tips inmy arsenal, including maybe
junior detectives to your moreexperienced one.
Christine Schiefer (16:31):
Yeah, just you know.
If anyone needs me to go findtheir Carmen San Diego, their
evil Carmen San Diego, out there, who's hacked in, let me.
If anyone needs me to go findtheir Carmen Sandiego, their
evil Carmen Sandiego, out there,who's hacked in, let me know.
I'm happy to do it.
I do have fun with that kind ofonline sleuthing, but thank you
for letting me come on and talkyour ear off.
Takara Small (16:47):
And that was Christine Scheiffer from the
podcast, and that's why we drinksharing her story of being
hacked with us.
And, as we all know, thestories can get so much worse
than that.
We surveyed CIRA members forthis series and our responses
showed that 61% of our membershad been the victim of a hack or
an online scam.
(17:08):
Phishing scams were the mostcommon, but other responses
included a PlayStation accountgetting hacked and losing $800.
Another one of our membersreplied to a clever phishing
email when they were tired anddidn't spot the clues, which is
a classic case.
There's usually a human element.
(17:29):
Criminals rely on ourvulnerabilities and exploit our
emotions so that our decisionmaking is just a little bit off.
All it takes is one click andwe can find ourselves in big
trouble.
All of this sounds prettystressful too, so we need some
practical advice on our digitaldefense, and who better to ask
(17:49):
than the team at Get Cyber SafeCanada?
At Get Cyber Safe Canada, hiTakara, christine Menard manages
the Get Cyber Safe PublicAwareness Campaign.
How common, how prevalent arethese types of cyber security
incidents?
Christine Ménard (18:10):
Yeah, so you say it's like a basic question,
but unfortunately it's reallyhard to know how prevalent they
are because they often don't getreported.
So we do have statistics thatcome from the Canadian
Anti-Fraud Centre.
So statistics for 2023, let'ssee here 62,000 fraud reports
involving over $554 million inreported losses.
(18:35):
However, they estimate thatthat's only about 5% to 10% of
the real problem, because theythink that only 5% to 10% of
victims actually report thefraud to them.
So that's very much anunderstatement of the problem.
So I think we can say it isvery prevalent.
Takara Small (18:53):
Yes, so okay, so there's only a small percentage
of people who are actually, youknow, coming forward with the
fact that they're victims ofthis type of crime.
Do we know at all, though, howmany Canadians a year fall
victim to cybercrime?
Christine Ménard (19:10):
So well.
Get Cyber Safe.
Get Cyber Safe is the campaignthat I worked for, and we
recently polled Canadians onthis topic and, in fact, 78% of
Canadians said that they hadnever been a victim of an online
scam where they lost money ordata 78% but that does mean that
22% did at some point lose dataor money in an online scam.
(19:35):
We asked this question globally, so it wasn't in the past year,
it was just at any point intheir online lives had they lost
money or data, and it was 22%of Canadians reported that they
had.
Takara Small (19:46):
And what forms do these types of scams typically
take?
I know most people maybe arefamiliar with email scams.
Those are the ones that peopleprobably come into contact the
most, but there are manydifferent types, right.
Christine Ménard (20:00):
That's right.
So in our GetCyberSafe polling,we found that about 9% of those
cases were phishing and another5% were ID theft.
But if you look at the biggerCanadian Age Fraud Centre
statistics, they have a list ofthe 10 most common frauds for
(20:20):
2023.
And they characterize them bothby how many reports there were
and then what the losses were.
So the fraud with the mostvictims was identity fraud, with
about 11,000 victims, but theone that cost the most to
Canadians were investment scams,at $309 million lost in 2023.
Takara Small (20:44):
Can we break that down?
What is an investment scam?
Christine Ménard (20:48):
An investment scam, and this is really the
area of expertise for theCanadian Anti-Fraud Centre.
But the investment scams arewhen somebody is offering you
this great investmentopportunity and it turns out to
be fraudulent and you're notactually investing your money in
that specific thing or there'ssomething behind it that makes
(21:10):
it so that it's fraudulent andit's a scam and you're not going
to make any money off it.
Maybe it sounded like a getrich quick opportunity, but it
was in fact not that at all.
Takara Small (21:19):
I can only imagine at this point in time I mean,
there are a lot of people whoare looking to make extra money
side hustles right.
Who might fall for that?
Because they're like.
Christine Ménard (21:30):
I would love to boost my overall income and
it seems like a dream, yeah, andyou hear of other people you
know making money on the stockmarket or making money in
Bitcoin and you think, hey, Ican be like them.
And then maybe you seesomething online, maybe an AI
generated video that's saying,hey, you can to make money with
(21:53):
this investment opportunity andit turns out to be a complete
scam.
Takara Small (21:58):
You know, it's the perfect segue into my next
question, which is what roledoes AI play when it comes to
these type of challenges?
Christine Ménard (22:08):
That's a great .
Next question because, yeah, inthat specific example, we have
seen reports of um like cybercriminals using ai, specifically
ai using like deep faketechnology.
And that's when they use likemachine learning, like
algorithms, in order to likemanipulate a video.
(22:31):
So they make a video of aperson that looks very real but
it's completely fabricated.
So, especially in theinvestment scams, this is
something that's known to behappening where celebrities are
endorsing a certain product or acertain investment.
It looks very legitimate.
People easily I can't, likethey can't easily determine if
(22:53):
it's real or not, and that's howthey get caught up in it.
That's just one of the waysthat cyber criminals are using
AI.
Takara Small (23:01):
And you know I mean speaking of AI and,
obviously, the kind of leapswe've made technologically I'm
wondering how vulnerable and howsafe everything is in our
digital age, because I mean, I'mjust thinking right now,
everything, whether it's banking, whether it's conversing with
colleagues in our workplace,it's all moving online at a very
(23:23):
fast pace and so you know, aseverything kind of pivots, that
space is there.
I don't know where everythingis digital.
Is there any safe spaces?
Is there anything people can doto protect themselves?
Christine Ménard (23:38):
Absolutely.
You know, some scams are veryeasy to spot.
Some scams are not so easy tospot, but there's absolutely
ways that you can stay informedand learn about the different
signs of a scam or a fraud or aphishing message or a cyber
crime like.
There's definitely ways thatyou can keep on top of these
things, um, and there'sdefinitely a lot of wealth, a
(24:00):
wealth of information out therethat you can um go and and
consult.
I would, of course, recommendthat people follow get cyber
safe, um on social media andcheck out the get cyber safe
website.
Get cyber safe is thegovernment of canada's campaign
and really tries to make itsimple and actionable tips that
canadians can take and yes,there's a lot of scams out there
(24:22):
, but there are also a lot ofmethods and easy tools that
canadians can implement and whenthey implement these tools,
they're much less likely to fallfor a scam.
Takara Small (24:34):
And you know, it's really interesting because I
recently was reading about ayoung woman in her 20s who fell
victim to a scam and lost asignificant amount of money and
it made me think about that.
There's this perception thatonly elderly people fall for
these types of crimes or scams,when really everyone, any age,
(24:54):
could fall for it could crimesor scams, when really everyone,
any age, could fall for it couldend up a victim that's very
true.
Christine Ménard (25:00):
I was mentioning, um that we had that
polling data on who, on thepeople that had um, lost money
or lost their data to a cybercrime, and we didn't actually
see any differences by age, likethat wasn't a factor in terms
of who had become a victim andwho had not.
It wasn't, it wasn't really thecase.
So I think it's just maybepeople are more susceptible if
(25:23):
they're, you know, looking foran opportunity to make money or
you know everybody wants youknow to, to be lucky or to have
luck on their side, and and youknow, maybe some people are more
susceptible to be like, hey,this could be me, you know,
maybe they're less skeptical.
Takara Small (25:39):
Um, but we really didn't see age as a
differentiator between who is isum victimized and who is not
you know, one of the cybersecurity issues we've been
examining throughout the seriesis how convenience and security
can sometimes be at odds witheach other, especially in this
day and age, where we're used toaccessing, watching, reading
(26:02):
whatever we want within a secondof clicking a button.
You know it's very tiresome,but is this something that we,
you know, just need to get usedto?
The fact that having some typeof security can sometimes be at
odds with immediate access andconvenience yeah, it does feel
like cyber security.
Christine Ménard (26:22):
Uh, is that extra step?
And we do often talk about thedifferent layers in cyber
security, and every time thatyou are doing something more and
more sensitive online, maybeyou want to add another layer of
protection.
So you talked about, uh, youknow, streaming a show and
likely the app that you're usingto stream that show has a
(26:45):
password.
Um, but you also are, and sothat you know, streaming a show
online, there's no cyber risksthere.
So you know that's one layer ofprotection.
You should be okay.
But of course, that app alsoprobably has, maybe your
financial informationinformation, your your credit
card information in it and youmight want to add another layer
(27:06):
of protection.
And so in this case, that nextlayer is often multi-factor
authentication and that's usingmore than one way to
authenticate you.
So you use your password, somore than one way to
authenticate you, so you useyour password, so that's one way
to authenticate you.
Then you add another layer,that second layer of security,
and that's often like a textthat's sent to your phone, or a
(27:26):
text or an email code that'ssent to your email account.
And yeah, it might be seen asinconvenient to take that extra
step, but once you have thesefactors in place and you are
using them regularly, it becomeskind of routine and then you
get the hang of it, certainlylike things like a fingerprint
(27:49):
or a face scan.
Now, like, the systems havegotten so much better and now
it's a lot quicker to get thatsecond factor authenticated, so
you know it's an extra step.
It does take an a little bit ofextra time, but in terms of
protecting your financialinformation it's so important
and what can you tell us aboutsextortion?
(28:10):
so in the case of sextortion,what we mean by sex sextortion
is in youth, and it'sparticularly young.
Men are tricked into believingthat they're talking to a girl
online.
So they're on Instagram,they're on Snapchat and they
think, you know, they've beendirect messaged and they think
they're talking to a young girl.
So they chat for a certainamount of time maybe days, maybe
(28:33):
hours.
Apparently, in some cases it'sbeen as little as 20 minutes and
then the sex-torture that isposing as the young woman
convinces the victim to exchangesexual content.
So maybe they'll even startthat exchange off by sharing a
sexual photo first, and then thevictim will then, in turn,
(28:57):
share an intimate image ofthemselves back.
So then, immediately afterreceiving the sexual content,
the sex daughter will startmaking demands.
Often, if it's a girl, they'llask for more sexual photos and
videos, and if it's a boy,they'll almost always demand
money instead.
And then they startintimidating them.
(29:20):
You know the young person willoften feel embarrassed.
They just want the problem togo away.
They will often end upcomplying and sending money.
The amounts of money this issurprising have really ranged
(29:47):
from as little as $9 to $7,500.
So like it can be a wide range,and they'll ask for it either
by gift cards, through paypal,even a direct email transfer, so
that's kind of how um, thatwhat's extortion looks like.
So, then, need help.
Now what that website will dois you can go on there and you
(30:08):
can either.
There's a couple of differentways to interact with that
website.
Either there's instructions onhow to regain control of your
photos, but there's also anopportunity for you to fill out
a form and submit yourinformation, and then the
authorities on your behalf willgo and get those images back for
(30:29):
you.
So there's also a good idea to,of course, report this to the
local law enforcement as well.
It's just such a troubling,troubling crime, and I think we
really need more people to knowthat this happens and to like to
come forward and not beembarrassed and seek help in
(30:51):
this particular case.
Takara Small (30:54):
Well, thank you, christine, for breaking all of
this down.
Is there anything you want totell our listeners?
You want to share with them?
Any tips?
If they're thinking, wow, thisis a lot of information, or
maybe I know someone who's avictim, what should I tell them?
Christine Ménard (31:16):
victim.
What should I tell them?
Well, I I think the first thingI would say is that there is a
lot of things that you canproactively do to help keep
yourself safe, and they're gonnasound like you've heard them a
lot before and they sound toosimple, but really they will go
a long way and um, one of thefirst ones is just making sure
that you have security softwareinstalled on your devices, like
that antivirus software.
We've been talking about thisfor years, but it will
(31:37):
absolutely protect you, and Iwould also include in that.
I have this myself, the SierraCanadian Shield, and I have an
app on my phone that, especiallywhen I'm using public Wi-Fi or
Wi wi-fi that is not my own itwill help block threats.
It's a great service.
It's free for canadians, um, sothat's definitely should be
(32:00):
part of um canadians um cybersecurity, uh, um, like plans and
cyber security, the, themethods that they take to
protect themselves.
Another one that is not verythrilling is updates and
updating your devices and, likeyou know, you think oh, you know
(32:21):
, the new um operating systemcame up, came out.
I need to update my device.
It's not a very thrilling thingto do, but those updates are
patches and they will protectyou from the latest cyber
threats.
So you know, don't sleep onupdates.
Actually, do sleep on updates,because oftentimes you can do
those updates while you sleep.
So enabling automatic updatesit sounds so simple it really
(32:44):
does make a difference.
It will really absolutelyprotect you from vulnerabilities
.
Same thing with backing up yourdata.
That's another thing where it'sjust kind of like, if you set
it up with backing up your data,that's another thing where it's
just kind of like, if you setit up to back up your data
automatically, you're justsaving yourself a world of a
word, world of hurt later on.
Um, not enough people arebacking up the data and and this
(33:07):
will protect you from all kindsof threats, like Like, if you
download malware, if youdownload ransomware, or if you
spill a bottle of water on yourlaptop and it ends up frying,
then you're a backup.
You'll be up and running againbecause you'll have everything
saved in your backup.
And like a cup of coffee, a cupof water, it can happen to
(33:28):
anybody but ransomware withterrifying.
But that backup will make allthe difference between
ransomware being a reallyterrible thing that happens to
you and ransomware beingsomething that you can recover
from.
Finally, we talk about strongand unique passwords unique like
(33:51):
different password for everysingle platform and that's
really something it just willsave you from credential
stuffing, from people gettinghold of your credentials and
trying to use them in all yourdifferent accounts in order to
get access to them.
So it's really important tokeep all your passwords unique,
but it is impossible to keep allyour passwords unique, but it
(34:12):
is impossible to keep track ofso many different passwords.
So we really do encourage theuse of password managers, and
that's one way thatcybersecurity has changed a lot.
Since I've been working on theGet Cyber Safe campaign, we
never used to recommend passwordmanagers, and then now that's
something that we absolutelyrecommend, and password managers
will allow you to keep track ofall those unique passwords.
(34:34):
It'll notify you if you'veduplicated a password.
It'll notify you if a passwordif like one of your accounts has
been involved in a cyber breach.
They are fantastic.
It's an extra layer of security.
Absolutely that's somethingthat all Canadians can do to
protect themselves.
Takara Small (34:52):
Well, thank you so much for all of those tips and
I am excited to maybe put someof those that I don't use into
effect.
Wonderful, thank you so much.
And that was Christine Menardfrom Get Cyber Safe Canada.
You can find some reallyhelpful tips and information at
getcybersafegcca.
(35:12):
We'll also put that link in thedescription of the episode, as
well as some other helpfulwebsites Christine mentioned.
Now the other big conversationaround our personal
cybersecurity is how much of ourdata is held and traded by
companies online.
There's this old saying if theproduct is free, that means
(35:34):
you're the product.
Our survey found that 60% ofour members didn't trust private
organizations with their dataand 39% were only somewhat
trusting.
So it's clearly an issue manyof you are concerned about.
Our data is valuable.
It's not just criminals whowant to sell it.
(35:55):
Pretty much every website andapp does too, but we've all had
a conversation with people whoshrug their shoulders and ask
well, who cares?
Shoshana Wadinski is a Canadiantech journalist who's covered
big privacy stories for Gizmodoand Adweek.
She's joined us to answer thatquestion.
Shoshana Wodinsky (36:17):
I have had that exact conversation with so
many people infinite peoplebecause the truth is you know,
even if you don't think you haveanything to hide, chances are
you something might slip.
So like here's an exampleBecause of my awful
cybersecurity practices and,even worse, like app privacy
(36:40):
practices, I turn on trackingfor everything.
I click on every targeted app.
I do not care.
But then you know one time.
But then you know one time Inoticed that I was investigating
(37:00):
kind of an app because I wasusing a.
This is back before I hadhealth insurance.
I was using an app that offeredcoupons for certain
prescriptions and then I noticedI did a little bit of digging
into this app, because that'swhat I do and I found that my
prescriptions were being sharedwith a certain number of like ad
companies yeah, oh, my gosh,yeah Pharmaceutical
manufacturers.
Later on that the company behindthis app was sued by the
(37:23):
federal trade commission andlike told hey, maybe stop doing
that.
But that lawsuit took aboutthree years from the time of
publication.
But at the same time, you know,you know, you know it's just
like, okay, I have nothing tohide, but then it's just like oh
, the kind of possibilities areendless.
Because if you really thinkabout, like, what is the one
thing?
Like what's something that,like, you're not embarrassed
(37:45):
about, so to speak, but what'ssomething that, like you,
probably wouldn't say on a firstdate, like chances are, an
advertiser already knows thatabout you.
Takara Small (37:54):
Yeah, and I imagine that for some people,
you know, disclosing personalinformation like that is a
choice.
You know, that's something thatthey choose to share.
I can only imagine, even likenon-medical things, like if if,
for instance, you know there arewomen who are the victims of
sexual assault, or there are menwho have, you know, experienced
abuse and they're takingmedication, or or seeing someone
(38:16):
to discuss that, um, thatthat's information that they
should have to share if theywant exactly like.
Shoshana Wodinsky (38:22):
There was actually a similar case, uh,
where, uh, tinder you know theapp tinder, the swipey, swipey,
matchy matchy app uh hadpartnered with a app called
Noonlight that said, like hey,if your app isn't, if, like, if
your date's not going that great, you can tap this button on the
Noonlight app and it'llimmediately like, contact a like
(38:44):
trusted representative.
Your location will be shared.
We'll make sure that you getout of that, okay, which is
great.
Like that is a legitimatelygreat service.
We'll make sure that you getout of that, okay, which is
great.
Like that is a legitimatelygreat service.
However, because I love pokingaround inside apps, I also found
out that some, some of thatinformation was also being
shared with advertisers.
And I'm like, and I'm like oh,okay, like again, do you have
(39:12):
nothing to hide?
No, but do you want?
Like on a first date, would youwant to say yeah, I'm scared of
being sexually assaulted?
Probably not.
It's like when you think aboutthe people who say they have
nothing to hide, it's just yeah,but is there anything that,
like, you feel uncomfortableabout?
If somebody knew about you?
Takara Small (39:28):
So it's just it's.
I think like the mostinteresting thing is yes, it's
probably not something that manypeople disclose, because we're
always taught to blame thevictim.
You know like oh, you've beenhacked, well, what did you do?
Shoshana Wodinsky (39:40):
what did you do?
Takara Small (39:41):
why weren't you smart enough to see this coming?
So how do you change theconversation then, so that
people feel like it's okay toshare this information?
Shoshana Wodinsky (39:50):
because I feel like the more people talk
about how they were tricked, theeasier it is for other people
to learn from their mistakesright exactly situation uh that,
that obviously I do not have aneasy answer for that, but I
will tell you, uh, and all ofyour listeners who are sitting
here right now.
Uh, I am a person whose job isnot to be tricked by these sorts
(40:13):
of things.
And I have been tricked.
So and I am talking about itpublicly with a smile on my face
because I don't I don't mindadmitting that I, that I was
goofy once in a while, you know.
Takara Small (40:27):
OK, so hopefully we're all feeling a little
better equipped to handle allthose cyber threats coming our
way.
Remember, two-factorauthentication is the new wax on
wax off.
Next week we're going to lookat why so many big Canadian
institutions and corporationsare being attacked.
Sami Khoury (40:45):
You have the cyber criminals who hack to make money
out of their hack, who hack tomake money out of their hack,
but also there are other peoplewho hack for what I would call
an information advantage.
Takara Small (40:58):
If you want to reach out to us with any of your
own stories, you can find me atTakara Small, on Twitter,
instagram and pretty muchanywhere on social media.
You can email the show atpodcast@cira.
ca.
We'd also love it if you couldleave us a rating and a review
on Spotify and Apple podcasts.
And if you have any questionsor want to learn more about
(41:19):
cybersecurity in Canada, you canvisit CIRA.
ca/ cybersecurity.
Thanks for listening and we'llsee you again next week.
Popular Podcasts
Bookmarked by Reese's Book Club
Welcome to Bookmarked by Reese’s Book Club — the podcast where great stories, bold women, and irresistible conversations collide! Hosted by award-winning journalist Danielle Robay, each week new episodes balance thoughtful literary insight with the fervor of buzzy book trends, pop culture and more. Bookmarked brings together celebrities, tastemakers, influencers and authors from Reese's Book Club and beyond to share stories that transcend the page. Pull up a chair. You’re not just listening — you’re part of the conversation.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com