Billed as a podcast about “people, privacy, and access to information”, the intended audience appears to be the general public rather than FOI Professionals or other privacy experts.
Episode One: “Don’t get caught! Protect yourself against phishing”
The first episode is dedicated to the topic of “phishing scams and how you can protect yourself so you don’t take the bait”.
The introduction of the first episode provides an example of a typical phishing scam:
“[T]here was an incident not too long ago in Uxbridge, a town just north of Toronto, involving an elderly woman who went into a Shoppers Drug Mart to buy $3,000 worth of Google gift cards. She seemed a little scared, rather hesitant, all signs of a typical scam situation. In fact, gift cards are the preferred method of payment for many criminals because they can’t be easily traced. The cashier noticed something wasn’t quite right and started asking a few questions, and it turned out this customer had been targeted by criminals involved in the Canada Revenue Agency tax scam. Luckily, the employee convinced her not to make the purchase in this case, but unfortunately, not everyone can be so lucky. And these kinds of attacks are on the rise. Scams can be very convincing and their impact on victims devastating.”
Commissioner Kosseim then interviews Fred Carter, her Senior Policy & Technology Advisor, who describes various types of phishing scams, including “vishing”, “smishing” and “spear fishing”:
“So phishing is a type of email. It’s kind of like spam. Smishing is text messages. And vishing are voicemail messages, or sometimes we think of them as robocalls. Spear phishing is targeted phishing. It means it’s aimed at particular people.”
In an institutional setting, “spear fishing” is most relevant. As described by Mr. Carter:
“I think maybe even the worst example is spear phishing because you’re actually being targeted and you might be an executive in an organization that has the keys of the kingdom. You’re the big fish. And there might be some additional motivations that would motivate an attacker to target you for other reasons that might not just be about money. In any case, phishing is often the first step in a more serious series of crimes. Phishing enables it to happen. There’s lots of things that they can do that are not too good.”
With many of us working remotely, it has become easier than ever for scammers to impersonate senior staff through electronic messages, potentially leading to privacy breaches and criminal theft of personal information. Remember: an email or text directing you to disclose personal information may not be genuine, even if it appears to have come from your institution’s Head or other senior staff. And if their email has been hacked, emailing back for confirmation may be of no use. If in doubt, consider calling the colleague who sent you the message to confirm that it is legitimate.
Verifying Requestor Identity
In my view, this first episode also serves as a timely reminder for FOI professionals to review their policies around verifying the identity of the requestor when processing a request for personal information. For example, some institutions have required that personal information requests be submitted on-site, so that identification can be checked in-person. This type of policy may now be out-of-date during the pandemic, with a greater number of staff working from home, and a growing trend towards providing more services remotely and discouraging unnecessary visits and travel.
Although the new podcast appears to be directed to the general public rather than to FOI professionals, it may still serve as a good source of information for FOI professionals to share with their colleagues and other contacts. Personally, I am interested in how the podcast will cover “access to information”, and would enjoy hearing a more informal take from the Commissioner regarding Freedom Of Information in Ontario.
With the new FOI AssistTM software, Ontario’s provincial and municipal institutions can process and respond to Freedom Of Information requests quickly, easily, and in full compliance with applicable legislation and guidance. Read the release announcement.
To receive guidance and tips on processing FOI requests, as well as up-to-date information about the FOI Assist software, please follow the FOI Assist website. Simply enter your email address at the bottom of the page then click the follow button.