Phishing for Paychecks:
A Cybersecurity Business Counselor reported a phishing attempt targeting their daughter’s company, which manages HR for 80 restaurant franchises. Three fraudulent emails, posing as legitimate employees, requested direct deposit updates. Suspicion arose when one email was unusually well-written for the employee. The company caught the scam and now asks if they should notify the bank or the FBI. They've already improved security by requiring employees to update deposit info only through a secure payroll portal. CyberWyoming Note: Ensure all direct deposit updates are made through a secure, authenticated portal, and train staff to verify any unusual communication, especially requests involving sensitive financial information.
Dial and Dash:
A Wyoming citizen was visiting her mother when her mother received a call from someone claiming to be from Medicaid. Her mother had trouble understanding the caller and said, "Just a minute, my daughter is here, and you can talk to her." When she handed the phone to her daughter, the caller immediately hung up. CyberWyoming Note: Government impersonation scams are common. Medicaid will never call you unexpectedly. Scammers dislike it when you involve someone else, as it often exposes their fraud. If you live alone, consider having a cyber buddy—a friend or family member you consult before sharing personal information or sending money.
Spotting the Red Flags in Job Scams:
A Laramie resident received a scam text claiming to be from "Rachel" at Experis Recruiting & Staffing Company, offering remote job opportunities with the U.S. Office of Personnel Management (OPM). The message promised high daily earnings ($40 to $1000) and emphasized ease of work from home with daily payments. The text included a suspicious link, making it a likely scam. CyberWyoming Note: Beware of unsolicited job offers promising big bucks with little effort—especially if they come with a suspicious link. Always check job opportunities through official channels and keep your personal info under lock and key!
Alert From Blue Federal Credit Union:
Please be advised that Blue FCU Digital will be temporarily unavailable due to scheduled maintenance from 7:30 PM on Tuesday, October 1st to 10:00 AM on Wednesday, October 2nd. During this time, you will not be able to access online or mobile banking services. Regular access will resume after 10:00 AM on October 2nd. We appreciate your understanding and apologize for any inconvenience. If you have any questions, please contact Blue FCU at 1-800-368-9328.
PartnerLeak Con That Claims to Expose Cheaters:
The PartnerLeak scam site targets individuals by claiming to offer evidence of a cheating partner. The scam emails promise access to a partner’s stolen data, including social media activity and personal files, through a site that redirects from a misleading link. Registered on August 1, 2024, the site pretends to provide anonymous, AI-powered insights into a partner's behavior but requires payment for full access. Although cryptocurrency payment options appear inactive, credit card transactions may still be functional. Despite the site's claims, there is no evidence linking it to data breaches from reputable sites like The Knot. Victims should avoid engaging with these emails, not reply, and be cautious of unsolicited attachments. – Brought to you by Malwarebytes
malwarebytes.com/blog/news/2024/09/partnerleak-scam-site-promises-victims-full-access-to-cheating-partners-stolen-data
How Hackers Slip Past Your MFA Defenses:
Multifactor authentication (MFA) isn't infallible. Hackers can bypass MFA through various methods: Malware like Meduza Stealer can extract data from browsers and MFA apps, compromising authentication tokens. Attackers also use spyware to capture MFA codes from emails and SMS. Keyloggers record keystrokes, including MFA codes, while cookie theft via malware such as Emotet provides unauthorized access. SIM swapping allows hackers to receive authentication codes sent via SMS. Social engineering techniques, like phishing and MFA fatigue attacks, trick users into approving fraudulent logins. To stay secure, only approve expected MFA notifications, use authenticator apps instead of SMS for MFA, monitor account activity for unauthorized changes, and be cautious of phishing attempts. Keep your systems and security software updated, use strong and unique passwords, and secure your devices with passwords or biometrics. – Brought to you by Forbes
forbes.com/sites/alexvakulov/2024/09/05/how-hackers-bypass-mfa-and-what-you-can-do-about-it/
MS-ISAC and CISA Patch Now Alert:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome. If you use this product, make sure the software (or firmware) is updated.
Data Breaches in the News:
T-Mobile VM logs, David's Bridal, Sibanye-Stillwater, Ally Bank, Mt. Carmel Behavioral Healthcare, Express Employment Professionals, Fireworks Software, Temu, Fortinet, Access Sports Medicine, Total Tools, Harvey Nichols, Wells Fargo Clearing Services, Dell Technologies (Employee Data), Deloitte Internal Communications, Slack, Star Health Insurance, and Change Healthcare. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Other ways to report a scam:
- Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
- Wyoming Attorney General’s Office, Consumer Protection
- File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
- Get steps to help at www.IdentityTheft.gov
- Report your scam to the FBI at www.ic3.gov/complaint
- Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
- Office of the Inspector General: oig.ssa.gov
- If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
- AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
- IRS: report email scams impersonating the IRS to phishing@irs.gov
- Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
- Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register