info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307-314-2188, PO Box 2332, Laramie, WY 82073

PayPal Invoice in Disguise:

A Laramie resident received a scam email from a Richard Hennessy with an unrelated Gmail address, titled "Your Purchase Confirmation YLW3FU5UZ81JG." The email content, oddly discussing the impact of the video game Grand Theft Auto III, was irrelevant to the subject line. It included a PDF attachment of a fake PayPal invoice. CyberWyoming Note: Always be wary of unexpected emails with unrelated content and suspicious attachments, especially when they involve impersonated brands or unfamiliar addresses.

Imposter Phishing for Your Digits:

A Laramie resident reported receiving two suspicious emails, both claiming to be from individuals they know, though the sender's Gmail addresses did not match the names. The emails, which were sent to the spam folder with the subjects "Time-Sensitive!!!" and "FOLLOW UP!!!", asked for the recipient's phone number, claiming the sender was in an executive meeting and needed urgent assistance. One email falsely appeared to come from the recipient's boss, while the other was from someone they had only emailed once before. These attempts may involve information obtained from a website or public records, exploiting what is known as "authority bias" in scams. CyberWyoming Note: Always verify unexpected requests for personal information by contacting the supposed sender directly through a trusted method, like calling their known phone number.

Part-Time Pay, Full-Time Fraud:

A Laramie resident received an employment scam text from an unknown number, claiming to be from "Alyssa at Robert Half in California." The message offered remote online part-time and full-time jobs managing shared devices for a scooter-sharing company. It promised free training, flexible hours (60-90 minutes daily, five days a week), and earnings of $100-$300 per day with a base salary of $900 every five days worked. Additionally, it mentioned paid annual leave. Recipients were instructed to contact the sender via WhatsApp at a suspicious website. CyberWyoming Note: Be cautious of unsolicited job offers via text messages, especially those promising high pay for minimal work. Verify the legitimacy of the sender by contacting the company directly through official channels and avoid clicking on suspicious links or providing personal information to unknown contacts.

New Tricks with Ads and Downloads:

Recent cybersecurity incidents reveal growing threats from malicious apps and deceptive tactics. A fake Google Authenticator app distributed via Google ads and GitHub tricked users into downloading malware. Meanwhile, the Scylla campaign affected both the Apple App Store and Google Play Store, where 89 malicious apps accumulated over 13 million downloads by exploiting ad systems. Additionally, over 107,000 Android apps were found stealing one-time passwords from SMS messages to commit identity fraud. These events underscore the risks of downloading apps from unofficial sources and the need for vigilance even on official app stores. malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator

Cutting Cards, Not Corners:

The FBI has issued a warning about a new scam where fraudsters pose as bank employees to trick victims into cutting up their bank cards and sending the remains, particularly the intact EMV chip, to the scammers. The fraudsters contact victims by phone, claiming there's been fraudulent activity on their account, and instruct them to cut up their card, but leave the chip intact. An accomplice is then sent to collect the chip, which, along with the victim’s PIN number, can be used to access their account. The scam has led to significant financial losses, as in the case of a Las Vegas woman who lost $9,000. The FBI advises the public to be cautious of unsolicited calls or texts from supposed bank representatives and to report any such incidents to their financial institution and the FBI's internet crime complaint center. – Brought to you by PCMag pcmag.com/news/fbi-beware-scammers-telling-you-to-cut-up-and-hand-over-bank-cards

What We Learned From The Change Healthcare Cyber Attack:

Following a cyberattack on Change Healthcare, a major health payment processing company, Energy and Commerce Republicans have delved into the aftermath, seeking solutions to mitigate disruptions to patient care and safeguard sensitive health data. The attack disrupted payment processing, potentially compromising millions of Americans' health information. Insights from hearings reveal critical gaps in security measures, such as the absence of multifactor authentication, underscoring the urgent need for industry-wide cybersecurity upgrades. Despite ransom payment, concerns persist over further data leaks, prompting calls for enhanced protection measures. UnitedHealth has provided support resources for affected parties, yet its handling of the breach faces scrutiny, with lawmakers advocating for improved crisis management and cybersecurity protocols. – Brought to you by Energy & Commerce energycommerce.house.gov/posts/what-we-learned-change-healthcare-cyber-attack

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla products, Google Android OS, and Google Chrome. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

HealthEquity, Resolian, Brownell Travel, Anthem, MNsure, WazirX, First Commonwealth Federal Credit Union, Rite Aid, Xfinity-Comcast, and McLaren Health Care. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

  • File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
  • Get steps to help at www.IdentityTheft.gov
  • Report your scam to the FBI at www.ic3.gov/complaint
  • Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
  • Office of the Inspector General: oig.ssa.gov
  • If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
  • AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
  • IRS: report email scams impersonating the IRS to phishing@irs.gov
  • Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
  • Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register

Other Blogs