Our upcoming podcast is focused on the information that a thief can gather from your Out of Office Reply. One of the biggest targets with this information tends to be admin assistants, secretaries, or interns. The scammer learns that the boss is gone to a conference and then uses the information learned to pretend to be the boss and extract a financial reward. So, a couple of questions for this morning. 1. How much information do you think is in an out-of-office reply? 2. How do you think that information would be used against you? 3. Do you use an out-of-office reply?

I was recently sent a newsletter from CIRA about Cyber safety for the whole family. I thought, "Okay, I'll bite. What kind of toolkit are you putting together for us to 'help make cyber safety a top priority this back-to-school season?" It turns out their toolkit is a joke. A collection of poorly put-together mazes and word searches with a couple of terms, but it teaches absolutely nothing. The whole goal of the toolkit is to promote the CIRA Canadian Shield App. The Canadian Shield App is free, and it "uses a SmartVPN® that protects you from malware, viruses, and phishing websites by blocking access to known malicious domains. It also provides DNS privacy by keeping your DNS requests in Canada. This app works by changing your phone's DNS settings to run your requests through CIRA's Canadian server network." So let's break this down. 1. We have an app that we are getting children to install on their phones. 2. We have terms of use, as you can see from the screenshot, that both collect and share web browsing data of those children. 3. There is no way to delete your data once it goes to their servers. 4. All of this runs through SmartVPN® This is where I am stuck. As far as I can tell, SmartVPN® is owned by Draytek, a Chinese company. I need to verify that somehow, but if we put this all together. CIRA is using schools and teachers to get children to install their app to protect them, while also collecting their browsing habits and sharing that with third parties, potentially overseas. I have a problem with that....

Most business owners don’t realize these aren’t the same thing—and knowing the difference could save your company. 👉 Which of these do you worry about most?

Most of the time we focus on the hack or scam or theft and forget that there is a bigger picture here. We have to see the attack as a process and not a simple event. There are preplanned, well thought out, processes. The earlier we can pick up on the process, the quicker we can thwart the attack.

What type of social engineering attack do you think is the HARDEST to spot?