Cyber Security Weekly Briefing 9-4-23
August 31, 2023
Need your assistance urgently: A Laramie citizen received an email asking for help with an urgent matter. No other explanation, just a request to answer the email. It’s a very basic phishing email, but one that could snare a lot of people who want to be helpful and caring. CyberWyoming note: Cyberpsychologist Dr. Erik Huffman’s research has shown that when reading an email, if the person isn’t known, the reader substitutes his or her own voice. Me, myself, and I are the most trustworthy person known to me, myself, and I. Thus, the limbic system is completely bypassed. This is why we recommend that people read their emails in a monster voice – perhaps a vampire or a growl – to keep your innate suspicion alive.
Is this email really from my boss? Two Wyoming citizens reported that scammers have hacked into business email accounts. The emails that were sent out from legitimate accounts asked workers and clients to buy gift cards, cryptocurrency, send checks to post office boxes, etc. CyberWyoming note: Even reading an email with a monster voice might not alert you that the email isn’t really from your boss or coworker or a client. We recommend that businesses add a unique line to the bottom of an email such as “verified by Maggie” or to the subject line such as “Hey!” Even more important is to add mandatory two-factor authentication to every email account to make it more difficult for a scammer to hack your email. And use the old fashioned way to verify when money is involved – talk to the requester.
Did someone steal my unemployment benefits? The Department of Labor warns that sometimes criminals use stolen personal information to illegally log into a person’s unemployment account and steal the unemployment benefit payments intended for the real claimant. This is known as “Claim Hijacking” or “Claim/Account Takeover.” Many people who experience unemployment identity fraud only find out when they get something in the mail, like a notice from a state unemployment agency or a state-issued 1099-G tax form reporting unemployment benefits that they never requested or received. People filing for unemployment may become aware of “Claim Hijacking” or “Claim/Account Takeover” when they unexpectedly stop receiving unemployment benefit payments and notice that the bank account or address information on their unemployment claim was changed without their knowledge. The Department of Labor has information on how to report unemployment identity fraud and how to manage your taxes and claims if you’ve been a victim: https://www.dol.gov/agencies/eta/UIIDtheft
CyberWyoming note: This happened to a Wyoming citizen when he got another state’s 1099 for unemployment income while he was gainfully employed in Wyoming the entire time.
Scams targeting grandparents: September 10 is Grandparents’ Day, and the Federal Communications Commission is warning that scams targeting grandparents are getting more sophisticated. Grandparents often have a hard time saying no to their grandchildren, which is something scam artists know all too well. Scammers who gain access to consumers' personal information – by mining social media or purchasing data from cyber thieves – can create storylines to prey on the fears of grandparents. The scammers call and impersonate a grandchild – or another close relative – in a crisis situation, asking for immediate financial assistance. Sometimes these callers change the caller ID to make an incoming call appear to be coming from a trusted source. Often the imposter claims to have been in an accident or arrested. The scammer may ask the grandparent “please don’t let mom and dad know,” and may hand the phone over to someone posing as a lawyer seeking immediate payment. Unfortunately, bad actors can now use artificial intelligence technology “to mimic voices, convincing people, often the elderly, that their loved ones are in distress,” according to a recent Washington Post article. The article reports that scammers can replicate a voice from just a short audio sample, then use AI tools to hold a conversation in that voice, which “speaks” whatever the imposter types. CyberWyoming note: It is important to have a family password that no one discusses on social media or with their friends, then just ask the caller “what’s the family password?” and when they don’t know, hang up.
MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for VMware Aria, Mozilla products, Chrome. If you use these products, make sure the software (or firmware) is updated.
Data Breaches in the News: Forever 21, Paramount, Mom’s Meals, Norton LifeLock, NetScout, TMX.
National Safety Council data leak impacts credentials of NASA, Tesla, Verizon, Department of Justice, and 2,000 other companies (that is NOT a typo). For more information, see https://cybernews.com/security/national-safety-council-data-leak/
Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to [email protected] to alert your friends and neighbors.
Other ways to report a scam:
• Better Business Bureau Scam Tracker: http://www.bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
o Email [email protected]
• File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/
• Get steps to help at https://www.identitytheft.gov/#/Info-Lost-or-Stolen
• Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: https://oig.ssa.gov/
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to [email protected]
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit http://www.aarp.org/fraudsupport to learn more about the free program and register.