Hacker’s Brief 9/6/2024
$1 Million Text: A Laramie citizen received a mass text from an Alaska-based number, area code 907, claiming they had won $1 million as part of a $20 million giveaway by a Powerball winner named "Cheng Saephan." The text included a graphic with lottery logos and stated that the citizen's number was randomly selected. To claim the prize, the recipient was instructed to send a code to a different phone number. CyberWyoming Note: The message, filled with red flags like spelling errors and unrealistic claims, is a clear scam attempting to trick individuals into providing personal information. Be wary of unsolicited messages claiming you’ve won a large sum of money, especially those asking for personal information or codes.
Scam Lane Ahead: A Laramie resident received a scam text from an unknown Canadian number claiming that "CA Toll Service" reported an unpaid vehicle invoice. The message threatened additional fees if the outstanding balance of $5.79 wasn’t paid through a suspicious link. CyberWyoming Note: Ignore unsolicited messages about unpaid invoices and avoid clicking on unfamiliar links; verify any claims directly through official channels.
Unsolicited Job Texts: A Laramie resident reported receiving a scam text from an unknown Florida-based number (386) claiming to be from "RemX Specialty Staffing & Recruiting Company." The message promised a high-paying remote job updating merchant data, enhancing online presence, and increasing bookings, with daily earnings between $40 and $1000, a $1550 weekly base salary, paid leave, and daily payments. It required only a smartphone or computer to start and included a suspicious WhatsApp link. CyberWyoming Note: Avoid engaging with unsolicited job offers via text or unfamiliar links, and verify any potential opportunities through official channels before providing personal information.
Grim Grifting: Scammers are targeting grieving Facebook users by creating fake funeral live streams to steal money and credit card details. They post fraudulent links pretending to offer live streams of funerals or solicit donations for the deceased's family. Clicking these links often leads to phishing sites that request credit card information under false pretenses, such as offering free access to movies. The scammers use stolen images and details to make their posts look legitimate. To avoid falling for these scams, users should be cautious of suspicious links and friend requests, report such comments to Facebook, and never provide credit card details unless absolutely sure of the recipient's authenticity. – Brought to you by Malwarebytes https://www.malwarebytes.com/blog/news/2024/08/fake-funeral-live-stream-scams-target-grieving-users-on-facebook
North Korea Hacking Chrome’s Hidden Flaw: In August 2024, North Korean hackers exploited a hidden flaw in Chrome and other browsers to steal cryptocurrency. They used fake websites and job offers to trick people into downloading malware, which gave them full access to the victims' computers and their crypto assets. Google fixed the flaw two days after it was discovered. Microsoft has reported the attack but hasn’t shared details on how many were affected. North Korean hackers target crypto to get around international sanctions and fund their government.
– Brought to you by TechCrunch
https://techcrunch.com/2024/08/30/north-korean-hackers-exploited-chrome-zero-day-to-steal-crypto/
Password Errors: Despite ongoing warnings from security experts, a significant number of individuals still engage in risky password practices, with many resorting to password reuse and even writing them down on paper. According to a report by password management firm Bitwarden, a quarter of respondents admitted to reusing passwords across 11-20 or more accounts. Additionally, a third incorporate easily obtainable personal information, such as birth dates and spouse names, into their passwords. Surprisingly, 33% write down their passwords on paper, and nearly half frequently reuse passwords across workplace platforms. However, the report also notes a positive trend, with increasing adoption of two-factor authentication (2FA) and a decline in password reuse among respondents.
– Brought to you by TechRadar
Breaking Down Cyber Threat Key Findings: Verizon released its 2024 Data Breach Investigations Report (DBIR), examining cybersecurity incidents and data breaches from November 1, 2022, to October 31, 2023. With over 30,500 incidents and 10,626 confirmed breaches across 94 countries, the report offers insights into global cyber threats. Key takeaways include a significant increase in vulnerability exploitation for initial access, with a 180% rise compared to the previous year. Human error remains a significant factor in breaches, with phishing emails being clicked within seconds. Pure extortion attacks are on the rise, signaling a shift from encryption ransomware. Generative artificial intelligence (GenAI) has yet to make a significant impact in cyberattacks. Threat actors continue to adapt to cyber defenses, necessitating vigilance and adaptation from cybersecurity professionals. – Brought to you by SC Media
https://www.scmagazine.com/news/verizons-2024-data-breach-investigations-report-5-key-takeaways
MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla products and Google Chrome. If you use these products, make sure the software (or firmware) is updated.
Data Breaches in the News:
Dick's Sporting Goods, Specialty Networks, USAA, CFCU, Strive HoldCo, CBIZ Benefits & Insurance Services, Blue Shield of California, Halliburton, and RSNA.
Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.
Other ways to report a scam:
Better Business Bureau Scam Tracker: www.bbb.org/scamtracker
Wyoming Attorney General’s Office, Consumer Protection
File a complaint with the Federal Trade Commission at www.ftc.gov/complaint
Get steps to help at www.IdentityTheft.gov
Report your scam to the FBI at www.ic3.gov
Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
Office of the Inspector General: https://oig.ssa.gov/scam-awareness/report-the-scam/
If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
IRS: report email scams impersonating the IRS to phishing@irs.gov or https://www.irs.gov/privacy-disclosure/report-phishing
Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1-800-856-4398
Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.