Missed you all! Sending wishes for warmth and safety to all those in the south without power
Since yesterday a growing number of Canadians are reporting being locked out of their accounts for Canada Revenue’s online platform, with the message their email address has been removed. That is disturbing because that can be a preliminary safety measure in response to an information leak or attempted hack. More disturbing if it is issued with no further explanation and tax season is upon us. The CRA has said this is not a breach but is a security precaution “in the context of ongoing investigative work”and that those users locked out will receive a letter by regular mail to help them unlock their account. And unfortunately it seems there is no getting through on the phone lines 😞
Now, the CRA had a breach involving CERB payments fraud last August and did the same thing, shutting down online services, before announcing it. Precedent?
Spy pixels are tracking pixels or web beacons that hide in the content of an email, tiny image files that just blend right in. So when the recipient opens the email, the tracking pixel is automatically downloaded. Great for marketers and business to measure customer engagement but awful for privacy. Users can prevent them from triggering by not configuring browsers to prevent or not allow images to automatically upload.
I am not a marketer and I have a decidedly different view on privacy because I do security for a living. That said, I have had concerns about the use of trackers in emails for sometime, and it’s only getting worse. When I see “automatically downloads” I think of how attackers enable macros and malware, steganography tactics. Call me paranoid.