How often do you think about your cybersecurity? For the average person, probably not that much. We have experts to worry about that stuff, right? Well, it's not that simple.

And, you know, maybe some people are more susceptible to be like, hey, this could be me. You know, maybe they're less skeptical.

There are so many ways you can find yourself vulnerable online, and the criminals are only getting more sophisticated. Hundreds of millions of dollars were stolen from us last year, according to the Canadian Anti-Fraud Centre, and that's just what we know about. So while you might think you're clever enough to spot the dangers, the evidence shows more of us than ever are getting caught out, and we need to develop better techniques to stay safe. Now, how many of you remember Mr Miyagi's iconic advice when teaching the Karate Kid about self-defense? Wax on, wax off.

Don't forget to breathe Very important Wax on. Wax off, wax on.

It's all in the muscle memory. Well, this week, on what's Up With the Internet, we have our own cyber-sensei to offer some expert advice. It's all brought to you by CIRA, the Canadian Internet Registration Authority, which is building a trusted internet for Canadians, and I'm your host, takara Small. But first let's hear from someone who did get hacked. Our own Daniel-san, christine Scheiffer, is the host of two really popular podcasts she presents and that's why we Drink as well as another really fun show called Beach Too Sandy, water Too Wet. But a few months ago, christine's TikTok account got taken over by a hacker who was demanding a ransom.

So I was, and still am, one of those people that, when it comes to TikTok, I go through phases. I'm not like a devoted follower. Every now and then I'll kind of bounce in and out and I'll go through phases where I watch. And I was going through one of these kind of dry spells of not really opening the app. And during that time I found out that somebody had been spending weeks trying to get into my account, which I, you know, should have probably noticed. I was getting a few alerts every now and then, know like change your password. But some of them looked like spam, so I kind of ignored them.

And then one day I thought to myself oh, why don't I open TikTok and see what's going on in there? And lo and behold, I no longer had access to my account. And it turns out somebody had been trying to hack it all the way over in Iraq for like two or three weeks and they finally convinced TikTok that they were me. I don't know how they did that. Nobody ever revealed to me what this guy was showing to prove that he was the real Christine Schieffer. But he had my account and he changed everything on it, changed the passwords, changed the phone number and at first it was a little funny because I thought, oh well, you know, I'm sure this will get situated and figured out. But after a few days of this and him being very active on my account with my name still on it, it was no longer as funny and quirky as I had first thought and it suddenly became very invasive. What do you think?

their motivation was it's so funny you say that because at first I thought, oh, this is just some I don't know kid or 20 something getting online and seeing if he could hack an account. And I quickly realized because I so I worked as a private investigator for a while, like, incidentally, probably 10 years ago, and so I thought, oh, you know what, I'm going to be a sleuth, I'm going to find this guy I know and I thought, well, this is going to be such a cool origin story, superhero origin story. So it's like New Year's Eve and I'm in a Holiday Inn Express with my husband and baby and I'm like online till two in the morning trying to track this guy down, baby. And I'm like online till two in the morning trying to track this guy down. And I did so for what it's worth. I did find him. And then it quickly hit me. It dawned upon me like now, what you know, like I know who this guy is, that doesn't help me in any way. What am I going to do? Tell, uh, cincinnati police that a guy in Baghdad has my account. You know, nobody really cares that much.

So I got the guy's account and I was able to actually contact him directly through WhatsApp, which maybe is not the most advised route, if anyone is listening to this maybe. Maybe not the advisable path, but I was feeling very brazen and so I reached out to him on WhatsApp and he sort of portrayed himself as this kind of super villain and it still makes me laugh a little bit because I know better Like he wasn't that smart. He just kind of took advantage of the fact that I was never on my account, but he said I make $10,000 a month selling people's TikTok accounts. You can have it back for $850. So he's basically trying to hold it ransom, I suppose, make some money off of it, um, which, by the way, I'm like who's gonna pay $850 for my TikTok account? I don't think anybody cares that much, um, but yeah, I think that's what he was trying to do make some money. I'm guessing you didn't pay?

that I sure didn't, you know it's so funny.

Everybody always says oh so you paid him. And I'm like no hell, no, you know, I just because I knew if I pay him, what is he gonna do? He's not gonna give my account back like I'm just gonna venmo this guy 850 that I don't have laying around, um, which I don't care. I mean, you know I it just was never gonna go that way. I just knew that that was not the route to go. And, by the way, he never sold to anyone else either, as far as I can tell. So it's not like he made any money off of it from anyone else, as far as I can tell. But yeah, mustafa and I were frenemies at first and now I think we're just solid enemies. But yeah, I think he was trying to turn a profit.

Okay. So how did you get it back then in the end?

Oh boy, you know it's funny. Before this call I started kind of going back through the story in my head and thinking like what was? Because it just seemed like such a hurricane of trying every possible avenue. And you know, I reached out to my manager and agent, who are in New York and LA, and I said hey, can do you guys have contacts? You know, I reached out to my manager and agent, who are in New York and LA, and I said hey, can do you guys have contacts? You know, as we all know, tiktok is kind of like a shadowy, like secretive place as far as reaching them or understanding their algorithm and the inside workings. And so I was getting nowhere with TikTok support and you know I've heard that that's pretty common, um, and so I asked my manager and agent and of course I'm very fortunate to have people like that who can try and step in but they got rebuffed too. So at this point I'm thinking, well, okay, if my manager and agent can't get ahold of anyone at TikTok, I don't know how I'm going to figure it out.

And it really was just very kind of a trial and error over and over again until I finally logged into one of my podcast accounts and messaged TikTok and I. Maybe it's because it felt like a fluke, maybe it's because I got someone on the right day, maybe it's, uh, just what I said, but I basically told them listen, this guy is uh sending inappropriate stuff to random fans of mine over private message. He's threatening to sell my account to the highest bidder. He's yada, yada, yada. And somebody just finally said send over proof of your identity. And I had to send over my driver's license and home address and all this information, um, via email to tiktok. And, uh, one day it just kind of reappeared. They said what email do you want to use to associate? And I, I had to make a new gmail account and there they came back to me, um, and then then I got a really threatening message from uh mustafa, who was like he, I will always be here and I will get it back. He's really trying to lead into this like villain. You know character, I think. But you know I came out victorious.

I feel bad because I'm like when people ask, I'm like I don't even know if I have great advice. It was just trying over and over until somebody listened. You know, has he tried to hack you again? That is a great question. I actually don't think so. I haven't received any. I will say, though, as far as advice goes, I am ashamed to say I did not have two-factor authentication on, or authentication on excuse me um, and so he was more easily able to uh get in. But now that I have that kind of double, double security, it's uh, it's kind of like a vault, because I know that, because he turned it on and so I couldn't get back into my account. So, you know, if you, if you are wondering, you know, maybe turn that bad boy on, that really uh kind of helps, uh stop people in their tracks if they're trying to break in I wonder how much of a toll did this take on you?

because this isn't just, you know, a social media account that you use for fun. This is also part of your professional life. This is part of your identity that you use for work that's yeah, that's a great point.

And I think that didn't occur to me until a little bit later. Because, again, at first I thought, well, I rarely use TikTok, you know it's not the end of the world, I didn't have that many followers. I did have that blue checkmark, which is probably why I was targeted that much anyway. But, like you said, a couple of days in I realized, oh wait, this guy's essentially impersonating me and he has a blue checkmark to prove it. So it's sort of like you know, they hand out those checkmarks to make sure your account is representing you and you know you're not getting spammed or you know you're not getting duplicate accounts made about you or people impersonating you. And then somehow he managed to do just that.

So you know the people I was closest with, I told them, and so if he sent strange like my, my podcast co-host received some strange aggressive messages, for, for no apparent reason, a couple people messaged him and said like hey, why are you reposting these weird things? And then he would go on these long aggressive rants at them and I don't really know what the point of all the like anger was, or just the like rude posts, um, but yeah, I really did feel like somebody had just kind of pulled the rug out from under me and I had to do some damage control afterward and explain to people. You know, um, that was not me. And a few people actually thought I unfollowed them intentionally and I said I swear to God, I unfollowed my own mother.

Okay, not, I didn't, but Mustafa did. So it's not me, I swear. But yeah, I had to do a little damage control and you know I'm fortunate because it could have been worse. He could have posted. You know really'm fortunate because it could have been worse, he could have posted, you know, really bad content, but it was mostly just like religious stuff and things like. Again, I couldn't understand the language, but it just it just felt very.

it felt very violating, I guess maybe is the best word. Yeah, it sounds stressful. I am wondering did you lose any money or was there any financial consequences or low back because of that?

Yeah, that's a great question. You know, I am very, very fortunate to say I don't think so. I have done in the past. I've done a few kind of promo type things, but only only a couple on TikTok. So that wasn't really fortunately.

You know my main source of content, but yeah, I wouldn't say money, I wouldn't say I necessarily lost money, but I will say I lost many, many, many hours of my life because it just the number of hours of going back and forth with these representatives, giving them phone calls, emailing, trying to do damage control by, you know, creating a new account and saying hey, everybody follow me here and trying to sort of reroute where people were finding me. So it was many hours, I guess, of my life that were felt totally wasted. But I fortunately, you know, and I know some people who make their bread and butter on TikTok and that would have been, you know, a much more damaging experience. But I was fortunately able to kind of laugh it off in the end a little bit and say, wow, what a bizarre couple months that was. But yeah, fortunately, you know, I didn't lose a big chunk of income or anything like that.

Has that moment in time, that situation, has it changed how you engage with the internet at all?

Yeah, so I started to feel a little more guarded, I guess. And turning on that two-factor authentication, I didn't realize, I guess, at the time how important that was, um, even just for your average account, average Joe account that doesn't have any followers or, you know, because it's invasive either way. Even if I had 10 followers, you know, and they were, they had my name and were posting under my name, that would have been so invasive and still damaging personally, maybe not career wise. But yeah, it's kind of made me more guarded because I don't know how, I seriously don't know how this guy picked my account, I mean, from the way he made it sound. He made it sound like he had, you know, this entire underground operation.

I kind of doubt that, just because he just didn't really give the vibe of like a real supervillain. But you know, he found it somehow and he got in and pretended to be me, and so it kind of opened my eyes that you don't need to be some ultra famous, you know successful person to need to protect yourself online, which, saying it out loud, probably sounds pretty dumb. But you know, I feel like I'd always kind of lived in this sort of ignorant bliss of well, what I do online doesn't matter that much. You know who cares if someone hacks it. But uh, yeah, in the end, um, I've, I've gotten more guarded oh wait, why did you even go public with this?

because there are people that are hacked and they will not tell a soul well, first of all, I have like zero self, uh, filtering.

I I have like such an open book that I usually just tell people what's going on. Most of the time I'm not very, I like to be like I'm an introvert, but I'm also very open about things. And so when this happened, you know, and my podcast, which is a lot of you know, a lot of a lot of it boils down to, you know, things that make us drink, this week it's called and that's why we drink. And so that week I said guess why I drink? You know, this guy came in and the number of people really who wrote in and related to that was astonishing and I was so surprised how often this happens and people just don't you know, talk about it, like you said. But the main reason I did talk about it is because I could actually still access the account via Face ID when and Mustafa did not know this, and so I waited this is the most unhinged part of this whole story probably I waited until it was 3am or 2.30am in Baghdad and then I posted a video on the account and I said listen, this guy's probably sleeping.

Please go follow him. He's hacked my account. Please go follow me somewhere else. Uh, and I linked my new you know, the new account I had created, and so I had all these people like shift over to this new account. Um, and of course, this infuriated him when he woke up and he immediately deleted it. But uh, you, I also like to look at everything as a story. At the end, you know, I'm like at least you have a good story out of it.

So I tried to use it for hashtag content I suppose. But yeah, I mean people were so relating to it that I just kind of kept telling the story and surprised how many people kind of have been in a similar boat.

Well, thank you for sharing your story. I have so many tips in my arsenal now. You can't see me. I'm knocking on wood. I'm hoping it never happens. I do now have so many tips in my arsenal, including maybe junior detectives to your more experienced one.

Yeah, just you know. If anyone needs me to go find their Carmen San Diego, their evil Carmen San Diego, out there, who's hacked in, let me. If anyone needs me to go find their Carmen Sandiego, their evil Carmen Sandiego, out there, who's hacked in, let me know. I'm happy to do it. I do have fun with that kind of online sleuthing, but thank you for letting me come on and talk your ear off.

And that was Christine Scheiffer from the podcast, and that's why we drink sharing her story of being hacked with us. And, as we all know, the stories can get so much worse than that. We surveyed CIRA members for this series and our responses showed that 61% of our members had been the victim of a hack or an online scam. Phishing scams were the most common, but other responses included a PlayStation account getting hacked and losing $800. Another one of our members replied to a clever phishing email when they were tired and didn't spot the clues, which is a classic case.

There's usually a human element. Criminals rely on our vulnerabilities and exploit our emotions so that our decision making is just a little bit off. All it takes is one click and we can find ourselves in big trouble. All of this sounds pretty stressful too, so we need some practical advice on our digital defense, and who better to ask than the team at Get Cyber Safe Canada? At Get Cyber Safe Canada, hi Takara, christine Menard manages the Get Cyber Safe Public Awareness Campaign. How common, how prevalent are these types of cyber security incidents?

Yeah, so you say it's like a basic question, but unfortunately it's really hard to know how prevalent they are because they often don't get reported. So we do have statistics that come from the Canadian Anti-Fraud Centre. So statistics for 2023, let's see here 62,000 fraud reports involving over $554 million in reported losses. However, they estimate that that's only about 5% to 10% of the real problem, because they think that only 5% to 10% of victims actually report the fraud to them. So that's very much an understatement of the problem. So I think we can say it is very prevalent.

Yes, so okay, so there's only a small percentage of people who are actually, you know, coming forward with the fact that they're victims of this type of crime. Do we know at all, though, how many Canadians a year fall victim to cybercrime?

So well. Get Cyber Safe. Get Cyber Safe is the campaign that I worked for, and we recently polled Canadians on this topic and, in fact, 78% of Canadians said that they had never been a victim of an online scam where they lost money or data 78% but that does mean that 22% did at some point lose data or money in an online scam. We asked this question globally, so it wasn't in the past year, it was just at any point in their online lives had they lost money or data, and it was 22% of Canadians reported that they had.

And what forms do these types of scams typically take? I know most people maybe are familiar with email scams. Those are the ones that people probably come into contact the most, but there are many different types, right.

That's right. So in our GetCyberSafe polling, we found that about 9% of those cases were phishing and another 5% were ID theft. But if you look at the bigger Canadian Age Fraud Centre statistics, they have a list of the 10 most common frauds for 2023. And they characterize them both by how many reports there were and then what the losses were. So the fraud with the most victims was identity fraud, with about 11,000 victims, but the one that cost the most to Canadians were investment scams, at $309 million lost in 2023.

Can we break that down? What is an investment scam?

An investment scam, and this is really the area of expertise for the Canadian Anti-Fraud Centre. But the investment scams are when somebody is offering you this great investment opportunity and it turns out to be fraudulent and you're not actually investing your money in that specific thing or there's something behind it that makes it so that it's fraudulent and it's a scam and you're not going to make any money off it. Maybe it sounded like a get rich quick opportunity, but it was in fact not that at all.

I can only imagine at this point in time I mean, there are a lot of people who are looking to make extra money side hustles right. Who might fall for that? Because they're like.

I would love to boost my overall income and it seems like a dream, yeah, and you hear of other people you know making money on the stock market or making money in Bitcoin and you think, hey, I can be like them. And then maybe you see something online, maybe an AI generated video that's saying, hey, you can to make money with this investment opportunity and it turns out to be a complete scam.

You know, it's the perfect segue into my next question, which is what role does AI play when it comes to these type of challenges?

That's a great. Next question because, yeah, in that specific example, we have seen reports of um like cyber criminals using ai, specifically ai using like deep fake technology. And that's when they use like machine learning, like algorithms, in order to like manipulate a video. So they make a video of a person that looks very real but it's completely fabricated. So, especially in the investment scams, this is something that's known to be happening where celebrities are endorsing a certain product or a certain investment. It looks very legitimate. People easily I can't, like they can't easily determine if it's real or not, and that's how they get caught up in it. That's just one of the ways that cyber criminals are using AI.

And you know I mean speaking of AI and, obviously, the kind of leaps we've made technologically I'm wondering how vulnerable and how safe everything is in our digital age, because I mean, I'm just thinking right now, everything, whether it's banking, whether it's conversing with colleagues in our workplace, it's all moving online at a very fast pace and so you know, as everything kind of pivots, that space is there. I don't know where everything is digital. Is there any safe spaces? Is there anything people can do to protect themselves?

Absolutely. You know, some scams are very easy to spot. Some scams are not so easy to spot, but there's absolutely ways that you can stay informed and learn about the different signs of a scam or a fraud or a phishing message or a cyber crime like. There's definitely ways that you can keep on top of these things, um, and there's definitely a lot of wealth, a wealth of information out there that you can um go and and consult. I would, of course, recommend that people follow get cyber safe, um on social media and check out the get cyber safe website. Get cyber safe is the government of canada's campaign and really tries to make it simple and actionable tips that canadians can take and yes, there's a lot of scams out there, but there are also a lot of methods and easy tools that canadians can implement and when they implement these tools, they're much less likely to fall for a scam.

And you know, it's really interesting because I recently was reading about a young woman in her 20s who fell victim to a scam and lost a significant amount of money and it made me think about that. There's this perception that only elderly people fall for these types of crimes or scams, when really everyone, any age, could fall for it could crimes or scams, when really everyone, any age, could fall for it could end up a victim that's very true.

I was mentioning, um that we had that polling data on who, on the people that had um, lost money or lost their data to a cyber crime, and we didn't actually see any differences by age, like that wasn't a factor in terms of who had become a victim and who had not. It wasn't, it wasn't really the case. So I think it's just maybe people are more susceptible if they're, you know, looking for an opportunity to make money or you know everybody wants you know to, to be lucky or to have luck on their side, and and you know, maybe some people are more susceptible to be like, hey, this could be me, you know, maybe they're less skeptical.

Um, but we really didn't see age as a differentiator between who is is um victimized and who is not you know, one of the cyber security issues we've been examining throughout the series is how convenience and security can sometimes be at odds with each other, especially in this day and age, where we're used to accessing, watching, reading whatever we want within a second of clicking a button. You know it's very tiresome, but is this something that we, you know, just need to get used to? The fact that having some type of security can sometimes be at odds with immediate access and convenience yeah, it does feel like cyber security.

Uh, is that extra step? And we do often talk about the different layers in cyber security, and every time that you are doing something more and more sensitive online, maybe you want to add another layer of protection. So you talked about, uh, you know, streaming a show and likely the app that you're using to stream that show has a password. Um, but you also are, and so that you know, streaming a show online, there's no cyber risks there. So you know that's one layer of protection. You should be okay.

But of course, that app also probably has, maybe your financial information information, your your credit card information in it and you might want to add another layer of protection.

And so in this case, that next layer is often multi-factor authentication and that's using more than one way to authenticate you. So you use your password, so more than one way to authenticate you, so you use your password, so that's one way to authenticate you. Then you add another layer, that second layer of security, and that's often like a text that's sent to your phone, or a text or an email code that's sent to your email account. And yeah, it might be seen as inconvenient to take that extra step, but once you have these factors in place and you are using them regularly, it becomes kind of routine and then you get the hang of it, certainly like things like a fingerprint or a face scan. Now, like, the systems have gotten so much better and now it's a lot quicker to get that second factor authenticated, so you know it's an extra step. It does take an a little bit of extra time, but in terms of protecting your financial information it's so important and what can you tell us about sextortion?

so in the case of sextortion, what we mean by sex sextortion is in youth, and it's particularly young. Men are tricked into believing that they're talking to a girl online. So they're on Instagram, they're on Snapchat and they think, you know, they've been direct messaged and they think they're talking to a young girl. So they chat for a certain amount of time maybe days, maybe hours. Apparently, in some cases it's been as little as 20 minutes and then the sex-torture that is posing as the young woman convinces the victim to exchange sexual content. So maybe they'll even start that exchange off by sharing a sexual photo first, and then the victim will then, in turn, share an intimate image of themselves back. So then, immediately after receiving the sexual content, the sex daughter will start making demands. Often, if it's a girl, they'll ask for more sexual photos and videos, and if it's a boy, they'll almost always demand money instead. And then they start intimidating them.

You know the young person will often feel embarrassed. They just want the problem to go away. They will often end up complying and sending money. The amounts of money this is surprising have really ranged from as little as $9 to $7,500. So like it can be a wide range, and they'll ask for it either by gift cards, through paypal, even a direct email transfer, so that's kind of how um, that what's extortion looks like.

So, then, need help. Now what that website will do is you can go on there and you can either. There's a couple of different ways to interact with that website. Either there's instructions on how to regain control of your photos, but there's also an opportunity for you to fill out a form and submit your information, and then the authorities on your behalf will go and get those images back for you. So there's also a good idea to, of course, report this to the local law enforcement as well. It's just such a troubling, troubling crime, and I think we really need more people to know that this happens and to like to come forward and not be embarrassed and seek help in this particular case.

Well, thank you, christine, for breaking all of this down. Is there anything you want to tell our listeners? You want to share with them? Any tips? If they're thinking, wow, this is a lot of information, or maybe I know someone who's a victim, what should I tell them?

victim. What should I tell them? Well, I I think the first thing I would say is that there is a lot of things that you can proactively do to help keep yourself safe, and they're gonna sound like you've heard them a lot before and they sound too simple, but really they will go a long way and um, one of the first ones is just making sure that you have security software installed on your devices, like that antivirus software. We've been talking about this for years, but it will absolutely protect you, and I would also include in that. I have this myself, the Sierra Canadian Shield, and I have an app on my phone that, especially when I'm using public Wi-Fi or Wi wi-fi that is not my own it will help block threats. It's a great service. It's free for canadians, um, so that's definitely should be part of um canadians um cyber security, uh, um, like plans and cyber security, the, the methods that they take to protect themselves.

Another one that is not very thrilling is updates and updating your devices and, like you know, you think oh, you know, the new um operating system came up, came out. I need to update my device. It's not a very thrilling thing to do, but those updates are patches and they will protect you from the latest cyber threats. So you know, don't sleep on updates. Actually, do sleep on updates, because oftentimes you can do those updates while you sleep. So enabling automatic updates it sounds so simple it really does make a difference. It will really absolutely protect you from vulnerabilities. Same thing with backing up your data. That's another thing where it's just kind of like, if you set it up with backing up your data, that's another thing where it's just kind of like, if you set it up to back up your data automatically, you're just saving yourself a world of a word, world of hurt later on. Um, not enough people are backing up the data and and this will protect you from all kinds of threats, like Like, if you download malware, if you download ransomware, or if you spill a bottle of water on your laptop and it ends up frying, then you're a backup. You'll be up and running again because you'll have everything saved in your backup. And like a cup of coffee, a cup of water, it can happen to anybody but ransomware with terrifying. But that backup will make all the difference between ransomware being a really terrible thing that happens to you and ransomware being something that you can recover from.

Finally, we talk about strong and unique passwords unique like different password for every single platform and that's really something it just will save you from credential stuffing, from people getting hold of your credentials and trying to use them in all your different accounts in order to get access to them. So it's really important to keep all your passwords unique, but it is impossible to keep all your passwords unique, but it is impossible to keep track of so many different passwords. So we really do encourage the use of password managers, and that's one way that cybersecurity has changed a lot. Since I've been working on the Get Cyber Safe campaign, we never used to recommend password managers, and then now that's something that we absolutely recommend, and password managers will allow you to keep track of all those unique passwords. It'll notify you if you've duplicated a password. It'll notify you if a password if like one of your accounts has been involved in a cyber breach. They are fantastic. It's an extra layer of security. Absolutely that's something that all Canadians can do to protect themselves.

Well, thank you so much for all of those tips and I am excited to maybe put some of those that I don't use into effect. Wonderful, thank you so much. And that was Christine Menard from Get Cyber Safe Canada. You can find some really helpful tips and information at getcybersafegcca. We'll also put that link in the description of the episode, as well as some other helpful websites Christine mentioned.

Now the other big conversation around our personal cybersecurity is how much of our data is held and traded by companies online. There's this old saying if the product is free, that means you're the product. Our survey found that 60% of our members didn't trust private organizations with their data and 39% were only somewhat trusting. So it's clearly an issue many of you are concerned about. Our data is valuable. It's not just criminals who want to sell it. Pretty much every website and app does too, but we've all had a conversation with people who shrug their shoulders and ask well, who cares? Shoshana Wadinski is a Canadian tech journalist who's covered big privacy stories for Gizmodo and Adweek. She's joined us to answer that question.

I have had that exact conversation with so many people infinite people because the truth is you know, even if you don't think you have anything to hide, chances are you something might slip. So like here's an example Because of my awful cybersecurity practices and, even worse, like app privacy practices, I turn on tracking for everything. I click on every targeted app. I do not care. But then you know one time. But then you know one time I noticed that I was investigating kind of an app because I was using a. This is back before I had health insurance. I was using an app that offered coupons for certain prescriptions and then I noticed I did a little bit of digging into this app, because that's what I do and I found that my prescriptions were being shared with a certain number of like ad companies yeah, oh, my gosh, yeah Pharmaceutical manufacturers.

Later on that the company behind this app was sued by the federal trade commission and like told hey, maybe stop doing that. But that lawsuit took about three years from the time of publication. But at the same time, you know, you know, you know it's just like, okay, I have nothing to hide, but then it's just like oh, the kind of possibilities are endless. Because if you really think about, like, what is the one thing? Like what's something that, like, you're not embarrassed about, so to speak, but what's something that, like you, probably wouldn't say on a first date, like chances are, an advertiser already knows that about you.

Yeah, and I imagine that for some people, you know, disclosing personal information like that is a choice. You know, that's something that they choose to share. I can only imagine, even like non-medical things, like if if, for instance, you know there are women who are the victims of sexual assault, or there are men who have, you know, experienced abuse and they're taking medication, or or seeing someone to discuss that, um, that that's information that they should have to share if they want exactly like.

There was actually a similar case, uh, where, uh, tinder you know the app tinder, the swipey, swipey, matchy matchy app uh had partnered with a app called Noonlight that said, like hey, if your app isn't, if, like, if your date's not going that great, you can tap this button on the Noonlight app and it'll immediately like, contact a like trusted representative. Your location will be shared. We'll make sure that you get out of that, okay, which is great. Like that is a legitimately great service. We'll make sure that you get out of that, okay, which is great. Like that is a legitimately great service.

However, because I love poking around inside apps, I also found out that some, some of that information was also being shared with advertisers. And I'm like, and I'm like oh, okay, like again, do you have nothing to hide? No, but do you want? Like on a first date, would you want to say yeah, I'm scared of being sexually assaulted? Probably not. It's like when you think about the people who say they have nothing to hide, it's just yeah, but is there anything that, like, you feel uncomfortable about? If somebody knew about you?

So it's just it's. I think like the most interesting thing is yes, it's probably not something that many people disclose, because we're always taught to blame the victim. You know like oh, you've been hacked, well, what did you do?

what did you do?

why weren't you smart enough to see this coming? So how do you change the conversation then, so that people feel like it's okay to share this information?

because I feel like the more people talk about how they were tricked, the easier it is for other people to learn from their mistakes right exactly situation uh that, that obviously I do not have an easy answer for that, but I will tell you, uh, and all of your listeners who are sitting here right now. Uh, I am a person whose job is not to be tricked by these sorts of things. And I have been tricked. So and I am talking about it publicly with a smile on my face because I don't I don't mind admitting that I, that I was goofy once in a while, you know.

OK, so hopefully we're all feeling a little better equipped to handle all those cyber threats coming our way. Remember, two-factor authentication is the new wax on wax off. Next week we're going to look at why so many big Canadian institutions and corporations are being attacked.

You have the cyber criminals who hack to make money out of their hack, who hack to make money out of their hack, but also there are other people who hack for what I would call an information advantage.

If you want to reach out to us with any of your own stories, you can find me at Takara Small, on Twitter, instagram and pretty much anywhere on social media. You can email the show at podcast@cira. ca. We'd also love it if you could leave us a rating and a review on Spotify and Apple podcasts. And if you have any questions or want to learn more about cybersecurity in Canada, you can visit CIRA. ca/ cybersecurity. Thanks for listening and we'll see you again next week.