A Confirmation of Your Suspicion:
A Big Horn resident received multiple scam emails with order confirmations from dubious sources that didn't include any actual company names. One email, supposedly from "Rosenthal Ader Orlando," had a suspicious PDF attachment and thanked the recipient for selecting a product related to sustainability. Another email, claimed to be from “Queenie Delagarza”, also included a suspicious PDF attachment and falsely confirmed a renewal for a Protection and Maintenance Plan. The resident humorously noted that these emails don't specify what was actually purchased or renewed. CyberWyoming Note: To stay safe, don’t open attachments or click links from unknown senders. Verify any order confirmations or renewal notices directly with the company through official channels, and always be cautious of unsolicited communications requesting personal or payment information.
Don’t Get Caught in the Political Survey Trap!
A Laramie resident reported receiving multiple scam texts disguised as political surveys. The first message came from a Washington, DC area code (202) and claimed urgent fundraising needs related to the 2024 election, urging recipients to verify their profiles through a suspicious link. The second message, from a Portland, Oregon area code (971), purportedly from candidate Trump, requested participation in a survey and included a different suspicious link. Both messages ultimately directed recipients to donate money to a political party before completing the survey. Despite blocking the numbers and trying to opt out by texting "stop," the messages continued to be sent. CyberWyoming Note: Be cautious of survey scams, especially those asking for donations or personal information. Always verify the legitimacy of any political or fundraising requests and avoid clicking on suspicious links. With elections approaching, ensure you're donating through official and secure channels to protect yourself from fraud.
Banks Fail to Protect 85-Year-Old from a $1.4M Scam:
An 85-year-old widow, Annette Manes, lost $1.4 million to scammers over 279 days, with major banks like JPMorgan Chase, Bank of America, and Wells Fargo failing to intervene. The scammers, posing as bank and government officials, convinced Manes to withdraw large sums and open new accounts, exploiting her trust. Despite her frequent and suspicious transactions, the banks did not alert law enforcement. The scam only came to light when her son was contacted by adult protective services. This incident highlights how convincing half-truths and deceptive schemes can be, illustrating the urgent need for better safeguards. The FBI reports a 255% increase in crimes targeting the elderly over the past year.
– Brought to you by The Daily Hodl dailyhodl.com/2024/08/24/scammer-drains-1400000-from-elderly-widow-as-jpmorgan-chase-bank-of-america-wells-fargo-and-other-financial-giants-sit-and-watch-report/
How PWAs Are Swiping Your Banking Info:
Hackers are exploiting Progressive Web Apps (PWAs) to steal banking credentials from iOS and Android users. These PWAs mimic legitimate banking apps and bypass standard security measures by avoiding app store (ex. Google Play Store) restrictions and deceptive prompts. The attacks often use phishing tactics such as fake messages about app updates or malicious ads on social media. These ads can direct users to bogus app store pages where they download a fake banking app. Once installed, these PWAs look like real banking apps and steal user credentials. To avoid falling victim, never click on links from texts or emails to update apps. Instead, go directly to the Apple Store or Google Play to search for and update your apps. – Brought to you by BleepingComputer bleepingcomputer.com/news/security/hackers-steal-banking-creds-from-ios-android-users-via-pwa-apps/
How to Shield Your Child from Identity Theft:
Mark Beare describes his experience with identity theft affecting his 9-year-old daughter, whose sensitive health data was stolen in a ransomware attack on a medical company. Despite not using email or engaging with phishing attempts, her personal information, including Social Security Number and medical records, were compromised. This incident underscores the vulnerability of even the youngest individuals to identity theft.
To protect children from identity theft, Beare recommends:
- Freeze their credit reports with all major bureaus.
- Use fake data for non-essential sign-ups.
- Tighten privacy settings on apps and digital platforms.
- Secure digital assets like domain names and email accounts.
- Keep devices updated and use security software.
- Educate children about digital safety and strong passwords.
- Set up identity monitoring to detect and address potential breaches.
– Brought to you by MalwareBytes https://www.malwarebytes.com/blog/personal/2024/08/my-child-had-her-data-stolen-heres-how-to-protect-your-kids-from-identity-theft
CyberWyoming Note: Placing a credit freeze on your child’s account isn’t always easy. One Wyomingite parent reported being required to get a court document saying she was the child’s legal guardian after mailing in copies of her child’s social security card, birth certificate, and school transcript to one credit reporting agency. The WyoCAN (Cybersecurity Action Network) volunteer committee discussed the problem at length and thought that credit reporting agencies should be required to automatically enact a freeze on any new SSNs issued to children, allowing the freeze to be removed when the child is of age to start a bank account and get a State ID. If you agree, write to your federal representatives.
MS-ISAC and CISA Patch Now Alert:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome and SolarWinds Web Help Desk (WHD). If you use any of these products, make sure the software (or firmware) is updated.
Data Breaches in the News:
National Public Data, Snowflake, VeriSource Services, TD Bank, Summit National Bank, Park n' Fly, Exotel, Patelco Credit Union, Keystone Pacific Property Management, DICK's Sporting Goods, and Young Consulting. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Other ways to report a scam:
- Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
- Wyoming Attorney General’s Office, Consumer Protection
- File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
- Get steps to help at www.IdentityTheft.gov
- Report your scam to the FBI at www.ic3.gov/complaint
- Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
- Office of the Inspector General: oig.ssa.gov
- If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
- AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
- IRS: report email scams impersonating the IRS to phishing@irs.gov
- Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
- Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register