info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307-314-2188, PO Box 2332, Laramie, WY 82073

Direct Deposit Deception:

A Jackson citizen reported a phishing attempt where scammers impersonated an employee via a masked email address, requesting to change direct deposit information. The email used the employee’s name and credentials but was sent from a fake address. The Citizen almost fell for the scam, but because they use a Professional Employer Organization (PEO) for payroll, they were instructed to direct the request to the PEO’s website, which prevented the scam from succeeding. The scam was detected when the real employee saw the email and confirmed she did not send it. CyberWyoming Note: This incident highlights the risks of email address masking and suggests removing sensitive schedule information from public websites to avoid aiding such scams. Always verify requests to change direct deposit information by contacting the employee directly through trusted channels, like a known phone number or in person, before making any updates.

Best Buy Employment Scam:

A Laramie resident received an employment scam text from an unknown number. The message, purportedly from "Amelia at Best Buy Services USA," offered remote online part-time/full-time jobs involving e-commerce data updates and item visibility enhancement. It promised free training with commissions of $30-$80, flexible hours, no location restrictions, and pay rates of $80-$400 per hour. Recipients were instructed to contact a person in charge via RCS by texting a provided number. CyberWyoming Note: Beware of unsolicited job offers that sound too good to be true, especially those promising high pay for minimal work. Always verify the legitimacy of such offers by contacting the company directly through their official website or customer service number. Never share personal information or engage with suspicious contacts without proper verification.

Doubtful Dilemma:

A Laramie citizen received an email that appears to be a scam attempt. The sender claims that their email was hacked, and they were directed to speak to someone posing as a commissioner in Washington DC. The scammer allegedly demanded payment via Walmart gift cards to resolve the issue. The sender is seeking assistance as the scammer has their personal information. The email raises suspicion due to its odd subject line and the fact that it came from a Gmail account despite claiming a Google hack. It's likely a phishing attempt to elicit a response or further engagement from the recipient. CyberWyoming Note: To safeguard against such phishing attempts, individuals should never provide personal information or payment details over the phone or email, especially in response to unsolicited requests. It's essential to verify the identity of the caller or sender through official channels and enable two-factor authentication for email and online accounts to add an extra layer of security.

Malware via Fake Error Messages:

A recent malware campaign tricks users with fake error messages from Google Chrome, Word, and OneDrive. Attackers use compromised websites and emails to show convincing error alerts. Users are told to run PowerShell commands to fix issues, but instead, these commands install malware like DarkGate and Matanbuchus. Despite needing user interaction, these methods effectively deceive users and bypass detection by Windows, aiming to infect many systems. Users should be cautious of error messages, especially those that appear unexpectedly or prompt them to take immediate action. Refrain from copying and running PowerShell commands provided in error messages or pop-ups, especially if they are related to fixing software issues. – Brought to you by Bleeping Computer
bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/

Navigating the Social Media Maze:

Social media platforms like Facebook, Instagram, and TikTok are widely used, both personally and by businesses for marketing. To ensure responsible usage, companies should incorporate guidelines into their Acceptable Use Policy or a separate Social Media Policy. These policies should mandate that employee posts represent the company professionally, securely, and ethically, while avoiding the sharing of sensitive company data. Business owners should clearly define prohibited data and penalties for policy violations. Policies should apply to both employees and contractors, covering various social media platforms and their usage during and after work hours. Employees should be required to understand platform Terms of Use and potential policy violations. Utilizing resources like the NCSS Social Media Policy template can aid in crafting effective guidelines, with regular communication being crucial for policy enforcement and adherence.
– Brought to you by The National Cybersecurity Society

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Apple products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Pinnacle Bank, HealthEquity, Squirrel (A mortgage broking and investment firm), Ezynetic, Neiman Marcus, Ashley Madison, Edelson Lechtzin LLP, Peco Foods Inc, Compex Legal Services Inc, Allcare Medical Management Inc, Taj Hotels, and Gemini (Cryptocurrency exchange).
Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

  • File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
  • Get steps to help at www.IdentityTheft.gov
  • Report your scam to the FBI at www.ic3.gov/complaint
  • Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
  • Office of the Inspector General: oig.ssa.gov
  • If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
  • AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
  • IRS: report email scams impersonating the IRS to phishing@irs.gov
  • Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
  • Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register

Other Blogs