Weekly cyber security brief for Feb. 13
February 9, 2023
Email with subject “TREAT URGENT”: A Laramie citizen report receiving an email which claims to be from Peter Hopkins, a senior engineer with ExxonMobile. He wants you to join with him in a business venture, but it’s really a phishing scam. Don’t respond. CyberWyoming note: Peter Hopkins is a busy guy! He’s also known for romance scams as a soldier deployed in Afghanistan and based in Houston, Texas.
Email with subject “[random numbers] for Paypal User”: A Laramie citizen reported receiving an email from “Paypal Support” that a payment for $474 was received for their account, and “Paypal must be called” to have it credited to the account. The phone number in the email does not belong to PayPal, and the email address is from post.xero.com. CyberWyoming note: This is a scam, and the first indication is the email address from which it was sent. The second indication is that PayPal always capitalizes both Ps, and, throughout this email, only the initial P is capitalized. Although scammers have gotten better at spelling, they still make mistakes.
Email with subject “[username], 560 is a poor credit score. What’s yours?”: A Laramie citizen reported receiving an email from a company “FreeScore360” with a link to “Get Your 3 Scores Now.” All links in the email, including to unsubscribe from the emails, are to a website in France. CyberWyoming note: CyberWyoming has reported this as a phishing site. Do not click on any of the links.
Impersonating a Supplier: A Cheyenne business reported an email with a fake invoice from deal.com impersonating a well-known supplier of theirs. The invoice requested a change in the Remit To address. While it isn't unusual for this Cheyenne business to get invoices from this supplier through deal.com, they called to be sure it was accurate. The Ohio supplier confirmed it was a scam. CyberWyoming note: Always verify out of channel.
Warrant Out for Your Arrest: A Casper medical clinic reported a scam targeting physicians. The scammer calls the doctor's work phone number saying there is a warrant out for the doctor's arrest. Because the doctor knows this is a case of mistaken identity, the scammer wants to confirm personal information like the driver's license number and social security number. This scam was also reported by Banner Health in Casper. The Casper Police Department has confirmed it is fake. If you are worried, hang up and call your local law enforcement agency's non-emergency number to confirm the information. CyberWyoming note: Government officials do not request social security numbers over the telephone.
Email with subject Purchase ZZEX for the item(s): A Laramie citizen reported another Geek Squad fake invoice but with a different subject line this time. The email address is from Russia, and the phone numbers in the attached invoice do not belong to Geek Squad.
You Have the Right to Your Eyeglass Prescription: The FTC noticed that some eye doctors aren’t following the Eyeglass Rule, which gives you the right to get your eyeglass prescription (whether you ask for it or not) at no extra charge. Eye doctors must keep a record of when they provide the prescription to you, so don’t be surprised if you are required to sign a form saying you received it. Check out this article by the FTC for your full rights when buying glasses or contacts: https://consumer.ftc.gov/articles/buying-prescription-glasses-or-contact-lenses-your-rights.
FTC Consumer Alert
Did your dating app match just ask you for money? With Valentine’s Day just around the corner, you or your friends might be thinking about love. But not everyone is — some are just looking to get into your pockets. Romance scammers might contact you on social media or dating apps saying they want to get to know you. It’s true love, they say, but they live too far away to meet. Maybe because of work, or because they’re in the military. Then they start asking for money: it could be for a plane ticket, surgery, or something else urgent — or even to “help” you invest in cryptocurrency. So, how do you spot a romance scam? If an online love interest asks you for money, that’s a scam. Period. Don’t send a reload, prepaid, or gift card; don’t wire money; and don’t send cryptocurrency to someone you met online.
Data Breaches in the News: Charter Communications, Google Fi (cell network provider), PeopleConnect (parent company of TruthFinder and Instant Checkmate), Sharp HealthCare, Money Lover, Weee! Grocery service. CyberWyoming note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for vBulletin, Google Chrome, Google Android OS, VMware ESXi, OpenSSL (versions 3.0.0, 2.2.2, and 1.0.2). If you use these products, make sure the software (or firmware) is updated.
Please report scams you may experience to [email protected] to alert your friends and neighbors.
Other ways to report a scam:
• Better Business Bureau Scam Tracker: http://www.bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or [email protected]
• File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/
• Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: https://oig.ssa.gov/
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to [email protected]
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit http://www.aarp.org/fraudsupport to learn more about the free program and register.