Email with the subject “Estimate to Bid”:
A Laramie citizen reported receiving an email supposedly from Estimating Solutions, LLC, offering their services to estimate energy-related jobs. The email is well-written, and there are no links to click or phone number to call. However, the email address is from a Gmail address, and a quick online search shows that emails from Estimating Solutions, LLC (located in Tennessee) use the email address estimatingsolutions.net, not Gmail. CyberWyoming note: this took about three minutes to verify that it is not a legitimate offer. Always verify first!
Email with the subject “Auto Renewal Subscription Plan invoice #8967”:
A Colorado citizen reported receiving an email that simply said, “Hello user.” As mentioned last week, scams will often start with emails or texts with “hi,” “hello,” or “hello user.” Never respond. If it’s legitimate, the sender will resend with more information or notify you another way.
Pet threat:
If you're a pet owner, beware of crooks claiming to be from your county or city animal service department claiming you owe them money from a past due fine. It's just the latest version of a longstanding scam in which crooks pretend to be from local courts or police to demand supposedly overdue payments. Brought to you by scambusters.org.
Reddit Data Breach:
Reddit was the victim of a spear phishing attack which targeted employees logging into what they thought was the company network (see blog.knowbe4.com/reddit-spear-phishing-attack-data-breach for more information). Very soon after the attack, the employee who fell for the phishing scam alerted their security department which was able to limit the damage. CyberWyoming note: data breaches are often the result of employees falling for increasingly sophisticated phishing scams. Do your employees know how to spot these phishing scams, and do they know how to alert your security team quickly if they’ve been a victim? Join Wyoming’s Cybersecurity Competition for Small Business to learn to create a secure company culture.
Mail theft and check fraud are on the rise, according to the U.S. Postal Service:
In some cases, organized groups of thieves are robbing postal carriers, and in other cases they are stealing mail from post office boxes with a sticky object tied to a string which pulls up the mail. The post office suggests depositing mail as close to the pickup time as possible or bringing it inside the post office to mail. They also suggest not leaving outgoing mail in your mailbox for an extended period, especially overnight. More tips can be found at aarp.org/money/scams-fraud/info-2022/tips-to-avoid-mail-fraud.html. Brought to you by AARP.
Snapchat blackmailers are targeting children:
The main aim of the scammers is to trick youngsters into sending explicit photos of themselves and then to blackmail them by posting them online. Since Snapchat photos are supposed to disappear in seconds, users may think themselves safe from extortion, but scammers simply take screenshots of the photos for use later. The best defense is to train everyone, even children, to never send compromising photos and/or texts to anyone online. There are several other Snapchat scams that target vulnerable young people – see ScamBusters.org for more information.
It's that time of year for tax scams:
tax scams are proliferating where your tax refunds are stolen and fake messages from the IRS are sent. They are also using “vishing” (the use of phone calls and voicemails). See ScamBusters.org for more information.
MS-ISAC and CISA Patch Now Alert:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for VMWare (Carbon Black App Control), Google Chrome, IBM Aspera Faspex, Clam Antivirus, FortiWeb, FortiNAC. If you use these products, make sure the software (or firmware) is updated.
Data Breach in the News:
Cutout.pro, a web-based AI image editing tool. CyberWyoming note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.
Other ways to report a scam:
- Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
- Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
- File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
- Report your scam to the FBI at www.ic3.gov/complaint
- Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
- Office of the Inspector General: oig.ssa.gov
- AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
- IRS: report email scams impersonating the IRS to phishing@irs.gov
- Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
- Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register