Quick to Call, Quick to Scam!:

A Laramie resident reported receiving a scam call from a 520 (Arizona) number. The caller claimed to be from QuickBooks support, stating that the recipient was using an outdated version of QuickBooks Desktop, which would no longer be supported after a specific date. The caller urged the recipient to upgrade by calling a Louisiana-based number to avoid service interruptions. However, the reporter confirmed that they had never used QuickBooks Desktop, realizing it was a scam. Further research showed that the phone number was associated with a Robocaller Warning. CyberWyoming Note: Beware of scams that create a false sense of urgency, like claiming you must act quickly to avoid service interruptions. Always verify the source before responding to unsolicited calls, especially those asking for personal information or payments. In this case, QuickBooks users should contact official support directly through their website or trusted channels, not via numbers provided in suspicious calls. Don't rush—scammers rely on urgency to trick you.

Watch Out for Fake W2 Requests!:

A citizen reported receiving a suspicious scam email with the subject line "IMPORTANT W2 INFORMATION REQUIRED." It claims to be from a company, asking the recipient to verify their personal information (address, social security number, and date of birth) by logging into an employee portal before a specified deadline. The email includes a PDF attachment and urges the recipient to contact the email ending in @boosfs.com for help. The recipient did not click on the attachment and promptly reported the email, suspecting it to be a scam. CyberWyoming Note: Be vigilant as end-of-year scams are starting early; never click on suspicious links or attachments in unsolicited emails and verify any requests for personal information directly through official channels.

How USDA Outsmarted Phishers:

The U.S. Department of Agriculture (USDA) used Fast IDentity Online (FIDO) technology to create a secure way for employees to access systems without relying on passwords, which are vulnerable to phishing attacks. This was especially important for seasonal workers and those in special environments who couldn't use traditional ID cards. By using centralized technology like Microsoft Entra ID, USDA added FIDO to key systems like Windows login, VPN, and Single Sign-On (SSO). This approach helped them quickly improve security and meet the needs of different workers. USDA’s experience shows how other organizations can improve security by using FIDO and making small, steady improvements. – Brought to you by CISA
cisa.gov/resources-tools/resources/phishing-resistant-multi-factor-authentication-mfa-success-story-usdas-fast-identity-online-fido

Critical Kia Flaws Allowed Remote Car Theft via License Plate:

Security researchers discovered essential vulnerabilities of Kia's dealer portal that allowed hackers to remotely control and steal vehicles made after 2013 using just a license plate number. The flaws exposed sensitive owner information and allowed remote access to vehicle functions, such as unlocking, starting, or locating cars. Hackers could also silently add themselves as authorized users without alerting the owner. The issue was fixed, and there is no evidence of malicious exploitation. Similar flaws were found in 2022, affecting millions of vehicles from other major car brands. – Brought to you by Secure The Village & Bleepingcomputer.com
bleepingcomputer.com/news/security/kia-dealer-portal-flaw-could-let-attackers-hack-millions-of-cars/

McAfee Impersonation Scams and How to Fight Them:

Scammers send fake antivirus invoice PDFs via email, creating urgency to trick victims. When victims call the number on the invoice, they are misled into installing software that gives scammers access to their computer. The scammers then claim an incorrect refund was processed and instruct the victim to withdraw cash and convert it to Bitcoin, which they steal.
What to Do

1. Delete Suspicious Emails: Don’t engage with them.
2. Stay Calm: Avoid rushed decisions.
3. Verify Contacts: Use official numbers for any concerns.
4. Protect Info: Real companies won’t ask for sensitive info through unsolicited messages.
5. Consult Others: Talk to trusted people or contact your bank.
6. Avoid Bitcoin Requests: Legitimate companies don’t ask for Bitcoin payments.

– Brought to you by Secure The Village & ZDNET
zdnet.com/article/did-you-get-a-fake-mcafee-or-norton-invoice-how-the-scam-works-and-what-not-to-do/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Palo Alto PAN-OS and Apple products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Centennial Bank, Polaris Wireless, LCPtracker, Inc., and Forney ISD. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register