Weekly Cyber Security Brief - May 19
May 18, 2023
: A Laramie citizen received an email, supposedly from their own company, with three attached documents. The citizen knew their company had not sent any documents and was suspicious since the “from” email address was incomplete. It is likely that one or more of the attached documents contain malware.
1 in 7 transactions on Facebook Marketplace are a scam: The FTC says the vast majority of online transaction scams happen on Facebook Marketplace and on its sister site Instagram. Most of the scams involve payment with non-traceable currency: cryptocurrency, gift cards, cash, cash wiring systems. The most frequent scams involve fake listings, fake accounts, and phishing (clicking a link in the ad which takes you to a fake website where they steal your credentials). Facebook is aware of the issue and provides some advice, but, with over 1 billion people using Marketplace, it’s a buyer-beware arena https://www.facebook.com/help/1713241952104830/?helpref=breadcrumb CyberWyoming note: If an ad seems too good to be true, then ignore it. If someone insists you pay with non-traceable currency, find another seller. – Brought to you by Scambusters
Meta (Facebook) owes you money: It’s not a joke – if you were a user of Facebook before December 22, 2022, you get to share in the settlement over the data collection by Cambridge Analytica. Learn more and how to claim here: https://facebookuserprivacysettlement.com/. BUT BEWARE! Scammers will almost certainly jump in on this opportunity. They may try to charge fees to make your claim (it's free) or simply try to get your compensation by impersonating you. Work via the link above and you should be able to stay safe. – Brought to you by Scambusters
What does your car know about you? Newer vehicles come with apps that allow you to lock and start your car remotely, as well as notify emergency services if you’re in a crash. However, have you ever wondered what personal information your vehicle is storing about you? With your VIN, you can find out. https://vehicleprivacyreport.com/ - Brought to you by The Current Tech News
Confirm your suspicions about that website before you click: If someone gives you a link, and you’re worried it might be a scam or load malware onto your computer, you can check the link at https://www.virustotal.com/gui/home/url. - Brought to you by The Current Tech News
Malicious unsubscribe link: You may receive an unwanted email with a link to unsubscribe. But the link may go to a hacker who now knows your email account is active. Be careful clicking on unsubscribe links – you may want to use the Virus Total link above to verify.
Hackers are using fake LinkedIn profiles to steal your information: Hackers are creating fake profiles using stolen pictures and content. Then they send you a connection request. Once you connect to them, they will send you infected files, hoping you will click on them. In another type of scam, they pose as recruiters with an enticing job opportunity, and, once you give them your personal information and resume, they steal your identity. CyberWyoming note: Beware of LinkedIn requests from people you do not know, regardless of how many connections they have (lots of people fall for these fake profiles, which boosts their connection numbers). – Brought to you by LinkedIn
Emails from MetaMask or PayPal may be phishing scams: Emails from fake MetaMask accounts state that your cryptocurrency wallet is blocked. The phony PayPal message says that company A cancelled your payment to company B and provides a phone number to call…except that’s a scam. These emails are designed to frighten you and get you to act with urgency. CyberWyoming note: Slow down, take some breaths, and think about the email you have received. Do you have an account with the company? Don’t click on any links, respond to the email, or dial a number in the email. Always look up the phone number of the company and call them directly. – Brought to you by the Federal Trade Association (FTC)
USPS trick: Ignore any text message you receive saying the United States Postal Service can't deliver a package because your address is incomplete. For instance, it may say they don't have your house number. Victims are told to call a toll-free number where they're asked to pay a $3 fee to update records, using a credit card. USPS doesn't operate this way and the crooks not only get your $3 but also your credit card number. Brought to you by Scambusters
MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome, Aruba products, Mozilla products. If you use these products, make sure the software (or firmware) is updated.
Data Breaches in the News: PharMerica, Credit Control, Discord, USDOT, Toyota. Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to [email protected] to alert your friends and neighbors.
Other ways to report a scam:
• Better Business Bureau Scam Tracker: http://www.bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or [email protected]
• File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/
• Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: https://oig.ssa.gov/
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to [email protected]
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit http://www.aarp.org/fraudsupport to learn more about the free program and register.