Scam Emails Targeting Inactive Accounts:

A citizen reported a scam involving an email about a Facebook account being suspended due to copyright infringements. The account, originally for the citizen's late father’s business, is maintained by the daughter for training purposes. As no posts had been made recently, she recognized the email as a scam attempting to gain access. CyberWyoming Note: Always be cautious of unsolicited emails claiming account issues, especially those asking for personal information or warning about suspensions. Verify such claims by directly logging into the platform through official channels and avoid clicking on any links or downloading attachments from suspicious messages.

Impersonation Hits Close to Home:

A citizen reported receiving two spam emails over the past two days, both impersonating their boss. Another intern at the business also received one. The citizen's email and the intern's are not publicly available and aren’t listed on social media, which raises the question of how the spammer obtained it. Given that the boss works as a government employee for a military contractor and that the sender’s email domain is from Poland, concerns have been raised about a potential Polish scammer impersonating a government worker to target the business. CyberWyoming Note: To protect against this type of scam, ensure that all employees are educated about phishing and impersonation tactics, and implement strong email authentication protocols. Additionally, employees should verify any unusual requests through alternate communication channels and avoid clicking on links or downloading attachments from suspicious emails.

Frankenstein Fraud:

Synthetic identity theft, also known as "Frankenstein fraud," involves criminals combining stolen personal data, such as Social Security numbers (SSNs), with fake or real information to create new identities. These identities are used to borrow money, with the real SSN owner often left responsible for the debt. This crime predominantly targets vulnerable groups like children, the elderly, and the homeless, who are less likely to monitor their credit. It caused $20 billion in losses in 2020. To protect against it, individuals should freeze their credit, regularly check reports, be cautious of phishing scams, and safeguard personal documents containing SSNs.
– Brought to you by CTV News cnet.com/personal-finance/frankenstein-fraud-how-synthetic-identity-theft-targets-the-most-vulnerable/

Malware Caught in the Act:

Malware infections on Windows computers can often go unnoticed, but there are several key signs that can help you identify if your system has been compromised.

The signs include:

• Increased resource consumption, suspicious network activity, disabled security software, browser hijacking, applications opening and closing automatically, unknown files or apps, unexpected webcam or microphone activity, and slow boot times.
• Malware can cause spikes in CPU and memory usage, slow down internet speeds, disable antivirus programs, alter browser settings, and install unknown apps or files.

If you notice any of these symptoms, investigate immediately by checking Task Manager, running malware scans, and reviewing system settings to remove the threat and protect your computer.
– Brought to you by Secure The Village & How To Geek - howtogeek.com/signs-your-windows-computer-has-malware/

Invites You Can't Trust:

A fast-spreading phishing campaign is using spoofed Google Calendar invites to steal user credentials and commit financial fraud. Attackers manipulate email sender headings to make the invites appear legitimate, often linking to Google Forms or Google Drawings to bypass security scans. The goal is to trick users into revealing personal information, which is then used for financial scams such as credit card fraud. With over 500 million Google Calendar users globally, the campaign targets a vast number of individuals. Google recommends enabling "known senders" to block these threats, while organizations can use advanced email security and employee training to defend against such attacks.
‍– Brought to you by Secure The Village & Dark Reading - darkreading.com/cyberattacks-data-breaches/phishers-spoof-google-calendar-invites-global-campaign

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Ivanti Avalanche, Fortinet Products, Adobe products, Microsoft products, and Rsync. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Gravy Analytics, STIIIZY, OneBlood, Inc, Mission Bancorp, Lorena ISD, ITC Investments, Inc., Avery Products Corporation, TruBridge, Inc., and HCF of Fairview, Inc. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register