info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307-314-2188, PO Box 2332, Laramie, WY 82073

Government Impersonation Scam Alert!:

A Casper resident recently reported receiving a suspicious email claiming to be from the Evansville Police Department, sent by "Investigator Jesse M____" using the email address "investigatorm____@evansville-wy.gov." The email asked the recipient to review attached documents, directing them to a potentially harmful link labeled "Review Document." Upon CyberWyoming’s investigation, it was found that the domain "evansville-wy.gov" does not have a corresponding website. However, the resident mentioned having previously received legitimate emails from this domain, raising the possibility that a real email account had been compromised. The Town of Evansville was contacted and confirmed that this was a phishing attack and that they had already addressed the issue. While the domain “evansville-wy.gov” could potentially be legitimate, we were unable to confirm it with the Town, as they did not provide further information when we called. CyberWyoming Note: The email follows a common fraud pattern where cybercriminals impersonate official government agencies to establish credibility and deceive recipients. Residents should remain vigilant, verify any communications claiming to be from government agencies, and avoid clicking on suspicious links. To confirm the legitimacy of a message, contact the official entity directly, for instance, contacting the Town directly.

Dial and Dash:

A Wyoming citizen was visiting her mother when her mother received a call from someone claiming to be from Medicaid. Her mother had trouble understanding the caller and said, "Just a minute, my daughter is here, and you can talk to her." When she handed the phone to her daughter, the caller immediately hung up. CyberWyoming Note: Medicaid scams are common. Medicaid will never call you unexpectedly. Scammers dislike it when you involve someone else, as it often exposes their fraud. If you live alone, consider having a cyber buddy—a friend or family member you consult before sharing personal information or sending money. Also note, it is Medicare enrollment season and Medicare impersonation scams ALWAYS increase during this time of year.

How Hackers Slip Past Your MFA Defenses:

Multifactor authentication (MFA) isn't infallible. Hackers can bypass MFA through various methods: Malware like Meduza Stealer can extract data from browsers and MFA apps, compromising authentication tokens. Attackers also use spyware to capture MFA codes from emails and SMS. Keyloggers record keystrokes, including MFA codes, while cookie theft via malware such as Emotet provides unauthorized access. SIM swapping allows hackers to receive authentication codes sent via SMS. Social engineering techniques, like phishing and MFA fatigue attacks, trick users into approving fraudulent logins. To stay secure, only approve expected MFA notifications, use authenticator apps instead of SMS for MFA, monitor account activity for unauthorized changes, and be cautious of phishing attempts. Keep your systems and security software updated, use strong and unique passwords, and secure your devices with passwords or biometrics. – Brought to you by Forbes
forbes.com/sites/alexvakulov/2024/09/05/how-hackers-bypass-mfa-and-what-you-can-do-about-it/

AppleCare+ Scam:

Scammers are exploiting AppleCare+ Support searches by advertising fake services through Google ads and redirecting victims to fraudulent pages hosted on GitHub. (AppleCare+ is a purchased insurance policy that covers repair or replacement hardware service for your Apple products.) These fake sites, using Apple’s branding, connect users to scammers posing as Apple support agents who then attempt to extract money and personal information. The scam involves misleading Google ads and malicious GitHub repositories with templates that include auto-dial features to quickly connect victims with the scammers. Users are advised to be cautious with online support searches and to verify any support channels directly through official sources to avoid falling victim to these schemes. – Brought to you by Malwarebytes malwarebytes.com/blog/scams/2024/09/scammers-advertise-fake-applecare-service-via-github-repos

Australian Kids' Pics Caught in the AI Net:

Facebook has admitted to scraping public photos and data from Australian adult users' profiles to train its AI, a practice not subject to opt-out in Australia. Despite claims that accounts of minors are not scraped, public photos of children can be collected if shared. This issue reflects broader concerns about data privacy, as other platforms like X face similar scrutiny. Australia is considering a minimum age for social media to address these issues, while users are advised to manage their privacy settings carefully. – Brought to you by Malwarebytes
malwarebytes.com/blog/news/2024/09/facebook-scrapes-photos-of-kids-from-australian-user-profiles-to-train-its-ai

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) or advisory alert for Microsoft Edge (Chromium-based) and Fortinet FortiManager. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Cisco, Nidec, Arts HomeBase, RRCA Accounts Management, Inc., Omni Family Health, The Internet Archive, Wells Fargo, Transak, Johnson & Johnson Insurance, Varsity Brands Inc., Hot Topic, BronxWorks, and Centers for Medicare & Medicaid Services (“CMS”). Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

  • File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
  • Get steps to help at www.IdentityTheft.gov
  • Report your scam to the FBI at www.ic3.gov/complaint
  • Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
  • Office of the Inspector General: oig.ssa.gov
  • If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
  • AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
  • IRS: report email scams impersonating the IRS to phishing@irs.gov
  • Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
  • Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register

Other Blogs