Tips and Tricks from CyberWyoming, August 15, 2022

Hacker’s Brief 8/15/2022
Package Delivery Notice Scam:  A Sheridan citizen reported an email with the subject line of “Delivery” from a tut.comemail address spoofed as DHL. The email simply said “[Name redacted], Your package delivery Notification ID#34632900-371” and it was a link to a, probably fake, Christmas card company in the UK.  CyberWyoming Note:  The real Tut.com staff have been notified and they are checking into the situation.
Mail Fraud Reported in Casper:  A Casper citizen reported a letter (snail mail) from Masaki Sanos claiming to work for a bank in China who thinks you are the beneficiary of a $28 million account because the deceased account owner has a similar name.  The letter was postmarked Royal Mail and asked for an application via email to an AOL account. CyberWyoming Note: If you receive a letter like this, take it to your local post office and ask to report mail fraud.
Banking Details Are Confidential:  A Laramie citizen reported an email from Mark Casady who claims to be an attorney needing someone to be a beneficiary of a $2.5 million account so he can get his cut and you can get yours.  Pretty sure this shifty work would mean disbarment in any country!  The email’s subject line was “Dear Friend,” and the email came from a Gmail address that looked like it belonged to a person named “Judith.”
Gas Gift Cards: The high price of gasoline has sparked a scam campaign on social media and via email telling people they've won a $500 fuel card. All they have to pay, the message says, is a $2 processing charge. But, as soon as they provide payment information, the scammers use it to drain accounts and max out credit cards.  Brought to you by scambusters.org.
Inflation Scam Alert by Scambusters.org:  Watch for these seven common scams: 1. Fake coupons and giveaways, 2. Gas gift and discount cards, 3. Debt relief, 4. Government grants, 5. Online shopping bargains, 6. Work from home schemes, and 7. Credit card tricksters. The bigger the apparent bargain or benefit, the more likely it could be a scam. Don't let crooks add to your inflation woes!
Property taxes: In keeping with this week's main scam topic, watch out for email and snail mail notifications that you may be eligible for a reduction in your property taxes. They appear to come from your state or county government, complete with logos, but they're really just a phishing scam aiming to harvest personal information. Go to your county's websites and look there for any genuine relief programs. Brought to you by scambusters.org.
Dirty dozen: Every year, the IRS publishes a list of the most common tax scams, which it calls the "dirty dozen." Even though the main tax season has passed, the final payment extension deadline is still a couple of months away. The latest list has only just been published. More info here: https://www.irs.gov/newsroom/dirty-dozen  Brought to you by scambusters.org.
MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Cisco’s Adaptive Security Appliance Software, Cisco’s Firepower Threat Defense Software, Palo Alto’s PAN-OS, vmWare’s VRealize Operations, Adobe Commerce, Adobe Acrobat, Adobe Reader, Adobe Illustrator, Adobe FrameMaker, Adobe Premiere Elements, Exim (mail transfer agent), and Microsoft products.  If you use these products, make sure the software (or firmware) is updated.   
Data Breaches in the News:  Klaviyo (email marketing firm primarily used by the cryptocurrency industry), Platform Q (marketing data for the generic drug Zarex), Twilio, Solana’s blockchain platform impacted Phantom and Slope hot wallets, Twitter (not a data breach, but definitely change your password), Goodman Campbell Brain & Spine (Indiana), QuestionPro, Aetna, JusTalk, First Choice Community Healthcare (Albuquerque), Nomad (cryptocurrency service), Avamere Health Services LLC (IT services for healthcare companies), OneTouchPoint (printing and mailing services for health insurers), federal courts record system (currently being investigated by the Department of Justice), St. Luke’s Health System (Idaho), City of Detroit retirees, Audius (blockchain music platform), Entrust, Oklahoma City Housing Authority, City of Newport Rhode Island (employee info), Williams Company (construction firm in Florida – insider breach), InTouchPOS, MenuDrive, Harbortouch, Neopets, Robolox, Premint (NFT platform), Colorado Springs Utilities, Virginia Commonwealth University Health System, Associated Eye care Partners (Montana), Mangatoon (comic reading platform), and American Marriage Ministries.
If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies:  TransUnion, Experian, and Equifax.
Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.
Other ways to report a scam:
● Better Business Bureau Scam Tracker:www.bbb.org/scamtracker/us/reportscam
● Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
● File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/
● Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint
● Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
● Office of the Inspector General:  https://oig.ssa.gov/
● AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
● IRS: report email scams impersonating the IRS to phishing@irs.gov
● Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.