info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307-314-2188, PO Box 2332, Laramie, WY 82073

Winner, Winner, Phishing Dinner:

A citizen reported receiving a scam email claiming to be from "Tractor Supply" with the subject "Order Confirmation - Yeti Crossroads Backpack 電郵". The email, sent from an address ending in "@srilankaforex.com," falsely informed the recipient that they had won a Yeti Crossroads Backpack and might need to pay a delivery fee. The message was formatted as a linked image, prompting recipients to click on it, with the unsubscribe link also leading to the same scam. CyberWyoming Note: Remember that if an offer seems too good to be true, it probably is. Avoid clicking on links or images in unsolicited emails, and verify any claims by contacting the company directly through official channels.

McAfee Invoice Imposter:

A Laramie citizen received a suspicious email from a Gmail address labeled“Kimberly” with a last name and numbers but in the text it was signed with a different name "Shayna." It claimed to confirm an order with a fake invoice number and included a PDF attachment that seemed to be a fake McAfee invoice. CyberWyoming Note: Be cautious of unexpected emails from unknown senders, particularly those with attachments or links. Verify the sender's identity before opening attachments, and avoid clicking on suspicious links to protect your device from potential malware.

Fake Lockout Warnings from 'Microsoft':

A Wyoming citizen reported receiving a scam text message from an unknown number impersonating Microsoft. The message claimed, "MS Office: Your 2FA session expires today. See below to re-authenticate now and avoid lockout," followed by a suspicious link ending with microsoft2fa.anvil.app. When the link was checked on checkphish.bolster.ai (a site that detects and monitors phishing and scam sites), it was revealed that the site was designed to steal login credentials and potentially install malware. CyberWyoming Note: Always verify the authenticity of unexpected messages claiming to be from trusted sources, and never click on suspicious links; instead, visit official websites directly to check your account status.

Digital Order ID Deception:

A resident of Wyoming reported receiving an email with the subject "Purchase Confirmation [Random Numbers]." The email claimed to be from Matson Deyo and expressed gratitude for their continued support. It stated that the recipient's order had been personalized and provided an e-Digital Order ID. The email included a suspicious PDF attachment with a title consisting of random numbers and letters. CyberWyoming Note: Always be wary of emails you aren't expecting, especially if they contain attachments or ask for personal information, as they might be trying to trick you into revealing sensitive data or infecting your device with malware.

Padlocks and Ploys:

A scam email with the subject "PSP All Padlocks Invoice # 430541" was reported. It appeared to be from "Aileene" at "bookkeeper@allpadlocks," resembling a legitimate email address. However, the content included a suspicious link under the guise of tracking information for an invoice (#430541), supposedly from "Philadelphia Security Products." The email urged recipients to open an attached file. However, caution is advised as the attachment could contain malware or phishing attempts. CyberWyoming Note: Stay sharp against invoice scams by scrutinizing unexpected emails, avoiding opening attachments, and verifying the legitimacy of sender addresses before taking any action.

Fictitious PayPal Payment:

A Wyoming resident reported receiving a scam email allegedly from PayPal with the subject "Order Placed". The sender's email address, "needbased[random numbers]@gmail.com", and the sender's name, "Denise Mills", appeared suspicious as they were not associated with PayPal. The email falsely claimed that a payment of $579.00 was made to "Keystone Armory, Inc." and provided a phone number for inquiries. Remarkably, the recipient doesn't even have a PayPal account, making the email particularly dubious. CyberWyoming Note: Remain vigilant against phishing attempts by carefully assessing unexpected emails for signs of fraudulence, such as unfamiliar sender information or suspicious content.

Combat Elder Financial Exploitation:

Every June 15, World Elder Abuse Awareness Day highlights elder abuse, including financial exploitation by both known perpetrators and scams. Recently, scams have become more prevalent, with 80% of reported cases involving scams, according to FinCEN. Steps to Protect Against Scams:

  • Use strong, unique passwords and enable multi factor authentication.
  • Avoid clicking on links in unsolicited emails or texts; instead, verify through official websites or apps.
  • Use a VPN when on public Wi-Fi, or prefer cell service.
  • Keep your device’s OS and antivirus software up to date.
  • Monitor your credit and consider a credit freeze.

– Brought to you by AARP aarp.org/money/scams-fraud/sms-text-alerts/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) or advisory alert for 5 different industrial control systems including the brands of Advantec ADAM, Atelmo Atemio and goTenna; Cisco IOS and IOS XE; FoxIt PDF Reader; Mozilla’s Firefox, Firefox ESR, and Thunderbird products; and Google’s Chrome Browser. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Casino Fandango, Constar Financial Services, and Empereon Marketing. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

  • File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
  • Get steps to help at www.IdentityTheft.gov
  • Report your scam to the FBI at www.ic3.gov/complaint
  • Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
  • Office of the Inspector General: oig.ssa.gov
  • If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
  • AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
  • IRS: report email scams impersonating the IRS to phishing@irs.gov
  • Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
  • Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register

Other Blogs