Z-Site Scams:
A Casper citizen who collects a specific type of figurines saw a Facebook advertisement for a website that had discounted products. After entering her debit card and ordering some products, she wondered about the validity of the site, which started with a Z. She looked it up and the consumer reviews often said that they never received their goods or, if they did, they were not well made. When she looked up the payment system with the help of CyberWyoming Alliance, we found that it was a Chinese site and didn't offer English translation. Even if the Z site was legitimate, the figurines were probably knockoffs. The citizen decided to call her bank and cancel the transaction. CyberWyoming Note: We always recommend using credit cards, not debit cards, when making online transactions. You usually have more time to dispute the charge if you run into this type of situation. Talk to your bank rep about the protections on your debit and credit cards.
EIonPower SaverWatt Scam:
A Nevada citizen encountered an email with the subject “Introducing Stop Watt: Save Energy and Reduce Your Bill”. This email was from EIonPower SaverWatt, with a completely random and unrelated email address. The email was centered around the benefits of Elon Musk’s ESaverWatt product. After a little research, it appears that the entire product as well as the email is a scam. CyberWyoming note: Be cautious of unsolicited emails with unusual or unrelated content, especially from unknown sources. Research products and offers independently before engaging with them to avoid falling victim to scams.
Hackers are looking at your car:
Think about this: Your car is just a computer on wheels. So, with the right electronics and software techniques, a hacker can intercept or block your key fob signal, infiltrate your car’s software, and even remotely control your vehicle.
“The right tools are expensive, right?” If only! Anyone can find them priced cheaply online — and watch a few videos to learn how to use them. Here’s how they get you.
- Compromised car apps: Does your car have a smartphone app that allows you to unlock and start it remotely? If hackers can break in or exploit a bug in the software, they can take over your entire vehicle.
- Advice: Change the default password and keep the app updated.
- Onboard diagnostics hacks: Every newer car has an onboard diagnostics port. Anyone can buy exploit kits that utilize this port to replicate keys and program new ones to use them for stealing vehicles.
- Advice: Always go to a reputable mechanic. A physical steering wheel lock can give you extra peace of mind.
- Telematics exploits: Telematics describes the connected system that remotely monitors your vehicle’s behavior — its location, speed, mileage, tire pressure, fuel use, braking and engine/battery status. Hackers can intercept your connection to track and even control your vehicle remotely.
- Advice: Before you buy a car with built-in telematics, talk with your dealer about the cybersecurity measures they’re employing on connected vehicles. If you already have a connected car, keep its onboard software up to date. (That may require visiting the dealership more than you want to.)
- Your key fob is at risk, too
Relay hacks and keyless jamming are two ways someone can take over your fob. The good news is there are a few simple ways to block these attacks.
- Buy a signal-blocking case that can hold your keys, like a shielded RFID-blocking pouch.
- Free solution: When not in use, store your key fob in the refrigerator or freezer. The multiple layers of metal will block the signal.
- Storing your key fob in the microwave also blocks these incoming signals. Just don’t turn it on!
- Wrap your fob in foil. Yep, it works. You could also make a foil-lined box to put your keys in if you’re in a crafting mood. – Brought to you by The Current Tech News
CyberWyoming Note: The Wyoming ISSA Chapter (Information Systems Security Association) has a guest speaker discussing car hacks on Nov 8th at 1:30 p.m. If you would like an invitation to the virtual meeting to learn more, contact us at info@cyberwyoming.org.
MS-ISAC and CISA Patch Now Alert:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Apple products, Mozilla’s Firefox ESR 115.4 and Firefox 119, and ChromeOS. If you use these products, make sure the software (or firmware) is updated.
Data Breaches in the News:
ServiceNow, Hello Alfred, Ace Hardware, and Westat
Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.
Other ways to report a scam:
- Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
- Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
- File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
- Report your scam to the FBI at www.ic3.gov/complaint
- Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
- Office of the Inspector General: oig.ssa.gov
- AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
- IRS: report email scams impersonating the IRS to phishing@irs.gov
- Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
- Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register