Serving the Big Horn Basin for over 100 years
Hacker’s Brief 8/21/2023
Can you buy some gift cards? A Douglas citizen reported receiving an email from a co-worker supposedly asking for a favor. The citizen responded and the second request asked him to purchase gift cards for every member of their staff. The citizen responded “This is a scam.” The scammer responded, “So you mean you don’t think I'm generous to that extent?” CyberWyoming note: All joking aside, these kinds of business spoofing emails are very effective. Any time someone asks you for gift cards or cryptocurrency, regardless of whether you know them or not, be suspicious and verify separately.
Everything Starts with Phishing: According to the US Secret Service Agent Derek Booth at the Cyber Cheyenne 2023 on August 17, “everything starts with phishing.” Educate yourself, your family, and your co-workers on common phishing tactics and verifying out of source (for example, calling when you get an email), because scams will be harder to spot as Artificial Intelligence becomes more of the norm for writing and composition.
Email Forwarding Rules: A great tip from the Cyber Cheyenne 2023 conference on August 17 was to routinely (CyberWyoming suggests monthly or quarterly) check your email forwarding rules. It is a common trick for email accounts to be hacked and a forwarding rule set so the attacker can get a copy of every email you receive, including your two factor verification codes. To check forwarding rules in Gmail: https://support.google.com/mail/answer/10957?hl=en or in MS Office: https://support.microsoft.com/en-us/office/use-rules-to-automatically-forward-messages-45aa9664-4911-4f96-9663-ece42816d746.
Amazon Order Review: A great tip from the Cyber Cheyenne 2023 conference on August 17 was to routinely check your Amazon orders and mailing addresses to ensure your account hasn’t been hacked. If you don’t recognize a mailing address or order, immediately change your Amazon password and report the suspicious activity to Amazon at https://www.amazon.com/hz/cs/help?nodeId=GPXKBLY3LY4ZNG5H.
Natural Disaster Season Is Here and So Are Scammers: During natural disaster season, dubious contractors and outright scammers descend on affected communities, offering quick, cheap fixes. While some reputable contractors solicit door-to-door, many knockers are running scams. Here’s what you can do:
• As convenient and compelling as the situation may seem, avoid reactively agreeing to repair work at your doorstep; rather, proactively seek out contractors that you can research.
• Get written estimates and compare bids from multiple contractors before starting any work.
• Ask contractors for references — and check them.
• Pay no more than a third of the total cost prior to the work beginning — and then only when materials arrive. - Brought to you by AARP Fraud Network
Fake job offers: With more opportunities to work remotely, it’s common to find and interview for jobs from the comfort of your home. But scammers are finding ways to take advantage — including using instant messaging apps like Telegram Messenger for recruitment and interviews. Let’s say someone saying they’re a recruiter for a well-known company reaches out about a customer service position. They say Telegram Messenger is the only way they communicate, so you jump on the app to chat. After you text and answer some personal questions, you get the job — and a check to set up your home office. Unfortunately not only is there no job, but those questions also you answered might put you at risk for identity theft. And the check is a fake, too. If you deposit it, the bank will take the money back as soon as they realize it was a fake check. – Brought to you by the Federal Trade Commission (FTC)
MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Adobe products, Chrome. If you use these products, make sure the software (or firmware) is updated.
Data Breaches in the News: LinkedIn (ransomware of individual accounts), Colorado Department of Health Care Policy & Financing (HCPF), Colorado Department of Higher Education, Mondee (travel), Burger King.
Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.
Other ways to report a scam:
• Better Business Bureau Scam Tracker: http://www.bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
o Email ag.consumer@wyo.gov
o Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints
• File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/
• Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: https://oig.ssa.gov/
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit http://www.aarp.org/fraudsupport to learn more about the free program and register.