Fake CarShield Ad Free Quote:
A Laramie resident reported an email from a very long, numbered email address from the UK spoofed as CarShield Instant Quote offering winter protection for your car through a vehicle service plan. The subject line was 3 Simple steps can save you thousands (note the odd capitalization). The link to get your free quote leads to an unsecure (http not https) website completely different than the sender’s email address. The same resident also reported another email to get a Fortiva Credit Card with the subject line of See if you qualify for a $1,000 credit limit today and a space heater with the subject line of Claim Your Heat Space Heater with a 50% Discount, the resident noted that it had the same email address and unsecure link. CyberWyoming Note: Be wary of any unsolicited emails.
Fortiva or Aspire – same add, different name:
A Laramie resident reported a suspicious email from rci-timeshare.com offering a credit card. The exact same ad had been used for a Fortiva Credit Card scam and the link goes to the same place.
Unmasking Grinches:
During the holiday season, scammers often exploit our generosity by impersonating well-known charities, making it important to recognize the signs of a charity scam.
Look out for these red flags:
- Unexpected thank-you messages for donations you didn't make.
- Pushy, aggressive, or vague communication from the charity.
- Inability to provide basic information about the charity's mission and work when asked.
- Requests for donations via gift cards or money transfer apps like Zelle, PayPal, or Venmo (legitimate charities typically accept credit cards or checks).
- Suspicious website URLs that resemble legitimate charities but have subtle differences.
- Websites lacking the "https://" or padlock symbol, indicating an insecure connection.
- Requests for personal information like Social Security numbers or bank account details (legitimate charities don't make such requests).
To avoid holiday charity scams, take these precautions:
- Don't rush into donating; ask questions and inquire about how your donation will be used. If answers are lacking, it's likely a scam.
- Research the charity on reputable directories like GuideStar or Charity Navigator. You can search for nonprofits aligned with your interests, such as "veterans" or "animal welfare."
- Use a credit card for online donations to maximize protection against scams; be wary if they insist on gift cards or money transfer apps.
– Brought to you by Cybercrime Support Network
Phishing in Plain Sight:
BEC 3.0's Dropbox Deception Targeting Microsoft: A rapidly expanding Business Email Compromise (BEC) campaign is employing a sophisticated approach by utilizing legitimate websites, particularly Dropbox, to pilfer Microsoft SharePoint credentials. Dubbed BEC 3.0, this strategy sidesteps traditional security measures like Natural Language Processing (NLP) and URL scanning by sending emails masquerading as Dropbox notifications, prompting users to download files. Upon clicking the provided link, recipients are directed to a convincingly branded Dropbox page, which seamlessly transitions to a counterfeit Microsoft OneDrive interface. Unwary victims are then redirected to a deceptive Microsoft SharePoint login page, outside of Dropbox's domain, coaxing them into divulging their login details. This method, leveraging cloud services and mimicking communications from trusted platforms, poses a considerable challenge for detection by both security systems and end users. To combat these threats, organizations are advised to educate employees about common tactics, encouraging caution with emails from unknown sources or containing unexpected links. Furthermore, implementing robust security solutions encompassing document scanning, AI defenses, and thorough URL protection is crucial to mitigate the escalating frequency and sophistication of BEC 3.0 campaigns, which have led to substantial financial losses for businesses globally.
The Stealthy Threat of Crypto-Jacking:
Crypto-jacking refers to the unauthorized use of a computer's processing power by injected code to mine cryptocurrencies. This exploitation can significantly slow down or overheat the system. The practice has seen a substantial increase, driven by the rising value of cryptocurrencies like bitcoin. Industry reports, such as Symantec's 2018 Internet Security Threat Report, documented an 8500 percent surge in crypto-jacking attacks at the close of 2017, with numbers reaching 140 million attacks by 2022. To protect against crypto-jacking, several measures can be taken:
- Use browser extensions designed to automatically block JavaScript miners.
- Employ a robust antivirus program capable of detecting insecure websites and preventing potential malicious activity.
- Regularly update software to install necessary security patches, which helps safeguard against vulnerabilities that could be exploited for crypto-jacking purposes.
– Brought to you by National Cybersecurity Society
MS-ISAC and CISA Patch Now Alert:
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Apple products, Apache Struts 2, Atlassian products, Microsoft products, and the Backup Migration Plugin for WordPress. If you use these products, make sure the software (or firmware) is updated.
Data Breaches in the News:
Aldo, Android Barcode Scanner App, LivaNova PLC, and Americold.
Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.
Other ways to report a scam:
- Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
- Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
- File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
- Report your scam to the FBI at www.ic3.gov/complaint
- Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
- Office of the Inspector General: oig.ssa.gov
- AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
- IRS: report email scams impersonating the IRS to phishing@irs.gov
- Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
- Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register