Hacker’s Brief 9/11/2024

How to Spot the Fake Power Plays: A Laramie resident received a scam email from "Sophia" at an address ending in @chengduelife.com. The email, titled "Manufacture of Energy Storage Power Supply," offers energy storage products and services for markets in Africa and the Middle East. It claims to provide high-quality power supplies with a 10-year warranty and invites the recipient to collaborate on procurement. The email includes a website, multiple email addresses, and contact details, but the unsolicited nature and details suggest it may be a scam. CyberWyoming Note: Watch out for unsolicited emails offering too-good-to-be-true deals on energy storage solutions. If "Sophia" from a seemingly random company wants to make you an instant partner, it’s probably a scam. Stick to known suppliers and avoid clicking on mysterious links.

Mastercard Misdirection: A citizen reported receiving a scam email with the subject "Your_MastercardInvitation_(R) ''Has ARRIVED''!!". The sender was "MilestoneMastercard_®", but the email address was suspiciously unrelated: "Robbie[RandomNumbers]Peters@areinerphotography.com". The email appeared to be a legitimate advertisement for obtaining a Milestone Mastercard, but it was actually a screenshot of a real ad that linked to a suspicious website. CyberWyoming Note: Be wary of unsolicited emails, especially those with mismatched sender addresses and generic content. Avoid clicking on any links or images from unknown sources and verify the legitimacy of the sender through official channels before taking any action.

 

Cthulhu’s Mac Attack: Cthulhu Stealer is new malware targeting Mac users by pretending to be legitimate software and then stealing passwords and cryptocurrency data. It costs $500 a month, less than the similar Atomic Stealer. Unlike Atomic, Cthulhu doesn’t have regular updates and lacks a control panel. The malware has faced issues with its own partners, who accused it of fraud and had it banned from a cybercrime site. To stay safe, Mac users should use built-in security tools, keep their software updated, and download from trusted sources. – Brought to you by SC Media https://www.scmagazine.com/news/cthulhu-stealer-malware-scams-macos-users-and-its-own-affiliates 

 

What is Crypto-Jacking? Do you have a computer that is slowing down or overheating? Ever wondered if it could be infected with malware? This degradation in performance could be caused by crypto-jacking. Crypto-jacking is when injected code compromises a computer’s processor and uses that processor to mine cryptocurrency either surreptitiously or by design. Industry experts have seen a rise in this practice — among both criminal and legitimate enterprises — due to the price of bitcoin and other digital currencies. According to the 2018 Internet Security Threat Report by Symantec, there was an 8500 percent surge in crypto-jacking attacks in the final quarter of 2017. As of 2022, the number of crypto-jacking attacks has reached 140 million. https://www.statista.com/statistics/1377860/worldwide-annual-number-cryptojacking/ 

 You can protect your business computer resources by ensuring:

• Your browser uses an extension to automatically block JavaScript miners,
• Use a strong antivirus that detects unsecure websites and blocks anything it sees as malicious,
• Keeping your software up-to-date. Install all updates when prompted -- this will help protect your computer from crypto-jacking

– Brought to you by The National Cybersecurity Society

 

Romance or Robbery: The FBI warns of fraudulent verification schemes targeting users of online dating platforms, leading to costly recurring subscription charges. Fraudsters establish romantic rapports, then direct victims to a fake verification website to supposedly ensure safety. Victims unwittingly provide personal and financial information, leading to unauthorized charges and potential identity theft. To protect against such scams, the FBI advises users to remain cautious, report suspicious activity, and avoid sharing personal or financial details online.

– Brought to you by BleepingComputer  

https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-verification-schemes-targeting-dating-app-users/ 

 

Shein's Mystery Box Email Scam: If you receive an email claiming to offer a "Shein mystery box," be cautious and do not open it. Cybersecurity researchers have identified it as a phishing scam aiming to steal personal information. The email impersonates Shein, a popular online shopping platform, and promises a redeemable mystery box. However, clicking on the link redirects users to a fake website where they are prompted to share personal details. Red flags include the sender's suspicious email address, lack of branding or logos, and an obvious difference in the website URL. With phishing emails becoming increasingly common, it's essential to approach unexpected emails with skepticism and avoid taking immediate action. – Brought to you by TechRadar

https://www.techradar.com/pro/security/if-you-receive-a-shein-mystery-box-do-not-open-it 

 

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Veeam Products, SonicWall SonicOS Management Access and SSLVPN, and Microsoft products. If you use these products, make sure the software (or firmware) is updated.

 

Data Breaches in the News:       

Centers for Medicare & Medicaid Services (CMS), Katz Nannis + Solomon, VeriSource Services, CBIZ Benefits & Insurance Services, ProPark Mobility, Tracelo, Microchip Technology, Avis Rent A Car, Red Nucleus, Adventist Health, Slim CD, and Welcome Health.

Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

 

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints
• File a complaint with the Federal Trade Commission at www.ftc.gov/complaint
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online athttps://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General:  https://oig.ssa.gov/scam-awareness/report-the-scam/
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov or https://www.irs.gov/privacy-disclosure/report-phishing
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1-800-856-4398

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.