Skip to main content

Tips, trick and scam alerts

News Letter Journal - Staff Photo - Create Article
By
CyberWyoming, Hacker’s Brief 3/22/2024

Divorce, Taxes, and Deception: A Wyoming accounting firm received an email impersonating a client, notably, with an email address almost identical to the correct one, differing by just one letter. The email claims to be from someone seeking professional assistance with their 2023 tax returns, stating it's their first year filing as single after a divorce and requesting an extension. They inquire about the firm's services and fee structure, mentioning that email communication is preferred. This email also contained poor punctuation and capitalization which made it especially suspicious. CyberWyoming Note: Tax related fraud is prevalent this time of year, not just for taxpayers but also for tax professionals. Always double-check the sender's email address for any discrepancies or slight variations from known contacts and verify the request by calling the individual.

Michelin's Recipe for Fake Job Offers: A Laramie resident received a scam text from an unknown number, purportedly from someone named "Emily Johnson" representing "Michelin Restaurants," offering a work-from-home opportunity with no experience required and free training. Due to the text's poor grammar, punctuation, and unrelated nature to the recipient's background, it was immediately recognized as an obvious employment scam. The resident refrained from responding and reported the scam promptly. Oddly enough they were watching "Hell's Kitchen" with Gordon Ramsay the night before where they talked about 5-star Michelin restaurants. The next morning, they got this text. They felt their phone might have been listening to their conversation! CyberWyoming Note: Remain cautious of unsolicited job offers, especially those received via text from unknown senders, and avoid providing personal information or engaging further without verifying the legitimacy of the opportunity through official channels to mitigate the risk of falling victim to employment scams.

Taxing Times: During this tax season, a Laramie senior received a call promising reimbursement for taxes. Recognizing the call as a scam because the IRS does not make unsolicited calls, the senior promptly reported it to the police department. CyberWyoming Note: This incident underscores the importance of being aware of common scam tactics, especially during times of heightened vulnerability such as tax season.

The Terrifying A.I. Scam That Uses Your Loved One’s Voice:

A couple in Brooklyn experienced a frightening scam involving the voice of their loved ones. Robin received a call from her supposed mother-in-law, Mona, whose voice sounded distressed. Mona and her husband, Bob, were allegedly held hostage, with Bob's voice confirming the situation. Panicked, Robin woke her husband, Steve, who, in law enforcement, took control of the call. The supposed kidnapper demanded money via Venmo, using threats to coerce compliance. Eventually, after transferring funds, the couple confirmed the safety of their family members, realizing they had fallen victim to an AI-driven scam. Advances in AI technology have made voice cloning increasingly convincing, enabling scammers to manipulate emotions and exploit vulnerabilities. The ease of creating convincing fake voices has raised concerns among experts and lawmakers, with growing calls for regulation. Victims of such scams often endure emotional trauma and financial loss, highlighting the urgent need for effective measures to combat this evolving threat.  Despite their ordeal, the Brooklyn couple managed to reclaim their lost funds and now advocate for increased awareness and preparedness among their community. Implementing an extended-family password system, they aim to thwart future attempts. However, the prevalence and sophistication of these scams suggest a need for broader societal responses and regulatory actions to safeguard against such deceptive practices.   – Brought to you by The New Yorker  https://www.newyorker.com/science/annals-of-artificial-intelligence/the-terrifying-ai-scam-that-uses-your-loved-ones-voice

CyberWyoming Note: If you are the victim of a scam, anyone of any age can attend the AARP ReST support groups at www.aarp.org/fraudsupport.

Info-stealers can steal cookies for permanent access to your Google account: Hackers have developed a method to gain unauthorized access to Google accounts by stealing and extending the lifespan of authentication cookies, rendering multi-factor authentication ineffective. Despite Google's routine defense upgrades, the exploitation persists in various information stealers. Users can safeguard their accounts by regularly reviewing signed-in devices, promptly signing out of suspicious sessions, and resetting passwords. To counteract this abuse, Google could accelerate the planned end of tracking cookies. Additionally, users are advised to employ security measures such as two-factor authentication, clearing cookies routinely, and remaining vigilant against information stealers.

Steps for regular review and management of signed-in devices:

  • Review Devices:
    • Regularly check the list of devices signed in to your Google Account.
    • Navigate to your Google Account settings, select "Security," and then choose "Manage all devices" on the "Your devices" panel.
    • Review and assess the details of signed-in devices and sessions.
  • Remediate Compromised Accounts:
    • If you suspect your Google account has been compromised:
      • Sign out of all browsers to invalidate current session tokens.
      • Reset your password promptly to generate new tokens.
      • Sign back in to ensure unauthorized access is halted.

https://www.malwarebytes.com/blog/news/2024/01/info-stealers-can-steal-cookies-for-permanent-access-to-your-google-account 

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla products. If you use this product, make sure the software (or firmware) is updated.

Data Breaches in the News:

Viber Messaging App, Fujitsu, Apex Legends, and Pokémon.

Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.

 

--- Online Subscribers: Please click here to log in to read this story and access all content.

Not an Online Subscriber? Click here for a one-week subscription for only $1!.