Flooded By Suspicious DocuSign Emails:
A Wyoming resident reports being flooded with emails, urging them to sign an unspecified document. The messages, appearing to come from DocuSign, provide no details about the document's content or the identity of the sender requesting the signature. The only instruction is to click a button to sign. The resident claims to receive this vague email two to three times a day, raising concerns about potential phishing or spam attempts. CyberWyoming Note: Avoid clicking any links or buttons in suspicious emails; instead, log directly into your DocuSign account or contact their support to verify any legitimate requests. If you're unsure about a link, hover over it to check its destination, or use Checkphish.ai to see where it leads. Enable two-factor authentication on accounts where possible to add an extra layer of security.
Beware of Holiday Scams:
A Wyoming resident recently received an email offering "50% off heaters," themed around the coming winter and encouraging people to buy a heater to stay warm. The email even claims that this is "Elon Musk’s favorite heater." However, on closer inspection, the email contains spelling errors, and the purchase button does not lead to a valid website. CyberWyoming Note: With the holiday season approaching, residents are advised to be cautious of emails promoting sales, as they may be phishing attempts or scams. Watch out for emails with bold claims or huge discounts and avoid clicking suspicious links. Also, consider having a "cybersecurity buddy" you can consult about any suspicious emails.
FBI Issues Warning Hackers are Bypassing 2FA:
The FBI is warning the public that hackers are increasingly gaining access to users' email accounts across various hosting sites. This breach often begins when users click on fraudulent links, allowing hackers to infiltrate their accounts. Alarming reports indicate that these cybercriminals can even bypass two-factor authentication (2FA) by exploiting website cookies. The FBI advises users to regularly clear their browser cookies to help prevent unauthorized access. Despite this bypass tactic, the FBI still recommends enabling 2FA for added security.– Brought to you by Forbes
forbes.com/sites/zakdoffman/2024/11/03/fbi-warns-gmail-outlook-aol-yahoo-users-hackers-gain-access-to-accounts/
What is Quishing?:
A new type of fraud called "Quishing" is raising concerns. In this scheme, hackers embed malicious code into QR codes, leading unsuspecting users to harmful websites or triggering harmful downloads when scanned. This tactic often slips past standard cybersecurity training, making it particularly dangerous. Security experts urge caution when scanning QR codes, especially those from unknown or untrusted sources. – Brought to you by The Daily Hodl
dailyhodl.com/2024/11/03/trillion-dollar-banks-sound-alarm-as-sophisticated-new-fraud-technique-bypasses-security-measures-report/
Post Election Scams:
With the recent election over, cybersecurity experts are warning of a surge in scams and misinformation, often calling this period a "Super Bowl" for hackers. Secure The Village has already identified deepfake videos from foreign sources, like China and Russia, targeting states such as Pennsylvania and Georgia. These efforts aim to manipulate public perception and cause confusion. Phishing scams may also rise, often disguised as election updates or donation requests. Experts urge the public to stay cautious, especially with holiday scams likely to increase, and to verify sources to avoid falling victim. – Brought to you by Secure The Village & The Wall Street Journal
wsj.com/articles/the-presidential-election-could-be-a-super-bowl-for-hackers-f8cfd0b2
Have a Recovery Plan:
Backing up data is essential, but backups are only valuable if you can recover them. Many businesses routinely back up their data but lack a tested recovery plan. To ensure data can be restored when needed, regularly test your backup recovery process. It’s also wise to maintain multiple backup copies in different locations, so if one fails, others are available. Now is the perfect time to strengthen your backup and recovery systems to protect your data. – Brought to you by Forbes forbes.com/councils/forbesbusinesscouncil/2024/11/01/backups-alone-wont-save-you-the-importance-of-recovery-planning/
MS-ISAC and CISA Patch Now Alert:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Cisco Unified Industrial Wireless Software. If you use this product, make sure the software (or firmware) is updated.
Data Breaches in the News:
Serco, Schneider Electric, Interbank, OnePoint Patient Care, and Grupo Aeroportuario del Centro Norte. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Other ways to report a scam:
- Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
- Wyoming Attorney General’s Office, Consumer Protection
- File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
- Get steps to help at www.IdentityTheft.gov
- Report your scam to the FBI at www.ic3.gov/complaint
- Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
- Office of the Inspector General: oig.ssa.gov
- If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
- AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
- IRS: report email scams impersonating the IRS to phishing@irs.gov
- Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
- Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register