Email Entrapment:
A Wyoming resident received a suspicious email purportedly from an administrative account with the sender's address ending in ‘at spilota dot com’. The subject line read "[Their business email domain] Authentication". The email claimed that the recipient's email account had only 2% of its 50GB quota left and urged them to switch to a new server immediately to avoid their email being locked within 24 hours. The email contained two buttons labeled "USE OLD VERSION" and "USE NEW VERSION”. Due to the email's poor grammar and urgent tone, it is likely a phishing scam attempting to trick recipients into revealing sensitive information or installing malware. CyberWyoming Note: Always verify sender addresses, scrutinize content for grammar errors, and refrain from clicking suspicious links or buttons.
Office Imposters:
A Cheyenne business reported an employee impersonation scam targeting the company via email. The scammers impersonated a trusted employee, requesting a change in their designated bank for salary payments. This attempt was identified as a scam, emphasizing the increasing sophistication of spammers and phishers. CyberWyoming Note: All Wyoming employees are urged to remain vigilant for suspicious emails, particularly those related to financial matters, and to scrutinize email extensions. Reach out directly if any doubts arise and be cautious, remembering the evolving tactics of cybercriminals.
SIM Swiss Cheese Security:
A scam shared in a recent Cybersecurity News of the Week highlights a deeply personal incident involving a colleague and underscores the pervasive cybersecurity challenges faced by individuals, small businesses, and nonprofits. The incident involved a SIM-swap attack facilitated by lax controls by Spectrum, leading to the takeover of the victim's phone. Subsequently, cybercriminals exploited weaknesses in Bank of America's SMS-based multi-factor authentication (MFA) to steal money. The report advocates for stronger MFA (multi-factor authentication) measures, such as authenticators from Google and Microsoft, and suggests holding banks responsible for losses unless they offer more robust MFA options. Additionally, it calls for regulatory action to address vulnerabilities in phone carrier systems and urges carriers to implement safeguards like customer PINs to prevent SIM-swap attacks. nbclosangeles.com/investigations/phone-sim-swapping-scam/3388687/ CyberWyoming Note: If you haven’t placed 2 Factor Authentication on your phone carrier account, please do so. SIM swapping is when cyber criminals research you, call your cell phone company impersonating you, and say that your phone broke and you have a new SIM card. This gives them access to all the accounts on your phone, including 2FA codes you have texted to you.
Windows 10's Last Stand:
Microsoft has revealed what will happen to Windows 10 when it stops getting updates in October 2025. They're offering a way for businesses to keep getting security updates, but it starts at $61 per device for the first year and doubles every year for three years. Without these updates, your computer might become vulnerable to cyber threats. Another option is to switch to Windows 11, which comes with free security updates and enhanced features. – Brought to you by EvnTec, Evanston, WY www.evntec.com
AI Defense Agents Combat Rising Threats:
KnowBe4's latest innovation, AIDA (Artificial Intelligence Defense Agents), marks a significant advancement in cybersecurity defense against evolving threats, such as AI-driven voice cloning used in vishing (voice scams) campaigns. With cyberattacks leveraging compromised credentials on the rise, organizations face a growing challenge in safeguarding against credential harvesting attacks by Initial Access Brokers (IAB).
Combatting Credential Compromise:
- CrowdStrike's 2024 Global Threat Report reveals a 20% increase in compromised credentials postings on the dark web.
- Credential harvesting attacks exploit users' lack of attention, highlighting the need for enhanced security awareness training.
- New-school security training empowers employees to recognize and mitigate credential phishing attempts.
It is suggested that organizations must prioritize proactive defense measures to mitigate the growing threat landscape, combining AI-driven technology with user-based intelligence. The future of phishing defense lies in leveraging AI and crowdsourced knowledge to stay ahead of evolving cyber threats. – Brought to you by CyberheistNews blog.knowbe4.com/cyberheistnews-vol-14-12-heads-up-i-am-announcing-aida-artificial-intelligence-defense-agents
MS-ISAC and CISA Patch Now Alert:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome. If you use this product, make sure the software (or firmware) is updated.
Data Breaches in the News:
Docker Hub
Note: If you have an account with this company, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.
Other ways to report a scam:
- Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
- Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
- File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
- Report your scam to the FBI at www.ic3.gov/complaint
- Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
- Office of the Inspector General: oig.ssa.gov
- AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
- IRS: report email scams impersonating the IRS to phishing@irs.gov
- Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
- Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register