Don't Let Scammers Deliver Trouble:

A Laramie resident received a scam text claiming a package couldn't be delivered due to incorrect address information, with a link to "update" details. The message falsely appeared to be from the "US Postal Team" but used a fake domain (.com instead of the legitimate .gov). Believing the message to be legitimate, they clicked the link, as they were expecting a package—though it was actually being shipped via FedEx. The link led to a form verifying the address and requesting a $.30 fee and credit card details. After providing the payment card information, the victim’s bank detected fraudulent activity and blocked the charges. However, new cards had to be issued. CyberWyoming Note: This scam was spotted by more than one Wyomingite and variations include a text impersonating US Customs, UPS, FedEx, and USPS. None of these agencies ask for credit card information to resolve an address issue.

Suspension Scam Season:

A Laramie citizen received a scam text claiming their Amazon account was suspended due to "IP abuse policy violations" involving blacklisted IPs. The message urged the recipient to verify their account information via a link to lift the restriction. The message was falsely signed by "Amzn Operations Team." CyberWyoming Note: During the holiday season, account suspension scams targeting shopping site users, like this fake Amazon notice, often increase. Avoid clicking unsolicited links; instead, verify issues directly on the official website or app. Stay cautious of urgent messages seeking personal information.

Tis the Season to Be Scam-Savvy:

The biggest online shopping day of the year brings significant risks, with over 12,000 holiday shopping victims and $73 million in scam losses reported by the FBI in 2022. To protect yourself and your loved ones, follow these tips:

• Use encryption: Look for "https://" and a padlock icon in the browser's URL bar.
• Verify businesses: Check if a company is accredited via the Better Business Bureau.
• Use a credit card: This is safer than a debit card for online purchases.
• Monitor your accounts: Check regularly for suspicious activity and alert your financial institution.
• Beware of phishing: Be cautious of unsolicited emails. Verify links by typing the URL manually.

Staying vigilant helps avoid becoming a victim of holiday shopping scams. – Brought to you by CISA

UniWyo Credit Union Scam Alert:

UniWyo Credit Union has issued a warning about spoofed calls from their number. They remind customers that UniWyo will never ask for sensitive information such as login credentials, full credit card numbers, or social security numbers. If you receive a suspicious call, do not share personal information. If you suspect you've given details to a scammer, contact the UniWyo fraud center immediately at (866) 486-4996. Additionally, UniWyo will never ask for your two-factor authentication code or password, and alerts will not contain links. Always contact UniWyo directly if unsure. For more security resources, visit USA.gov or the FTC. – Brought to you by the UniWyo Credit Union Fraud Center
‍uniwyo.com/Learn/Resources/Fraud-Center

T-Mobile Breached Again:

T-Mobile was targeted in a cyber-espionage attack by Chinese state-sponsored hackers known as "Salt Typhoon." The hackers accessed telecom systems used for government surveillance, stealing sensitive information like call records and private communications, particularly involving high-ranking U.S. officials. While T-Mobile says customer data wasn't significantly affected, the attack is part of a wider campaign that also impacted other telecoms like AT&T and Verizon. This breach highlights security risks in the telecommunications sector, which is critical for national security. T-Mobile is working with authorities to investigate and strengthen its cybersecurity. – Brought to you by Forbes. CyberWyoming Note: ALWAYS put MFA (multifactor authentication) on your phone carrier account to avoid account takeover. Remember that your phone gets text alerts for important financial sites and make sure that you secure it properly.
forbes.com/sites/larsdaniel/2024/11/16/t-mobile-hack-linked-to-chinese-state-sponsored-hackers/

Idaho Hacker's Ransom Run Ends:

Robert Purbeck, a 45-year-old man from Idaho, has been sentenced to 10 years in prison for hacking at least 19 U.S. organizations, stealing the personal data of over 132,000 individuals, and attempting multiple extortions. Between 2017 and 2019, he used darknet marketplaces to gain unauthorized access to servers, including a medical clinic and police department in Georgia, stealing sensitive information such as names, addresses, and social security numbers. He also extorted a Florida orthodontist, threatening to leak patient data unless paid. The FBI seized over 132,000 individuals' personal data during a raid in 2019. Purbeck pleaded guilty and will also serve three years of supervised release and pay over $1 million in restitution. – Brought to you by Bleeping Computer
bleepingcomputer.com/news/legal/hacker-gets-10-years-in-prison-for-extorting-us-healthcare-provider/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla products and Google Android OS. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

UniversalPegasus International, American Gypsum LLC, Chemonics International, Inc., OnePoint Patient Care, Datamaxx Applied Technologies, CloudPets, ESHA, Chemonics International, and HDFC Life. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register