Tips, tricks and scam alerts

IRS Refund or Red Flag?: A Wyoming resident received a suspicious email regarding an IRS refund confirmation. The email included an attachment with the same title, and Gmail flagged it as potentially risky. The recipient noted that they weren't expecting a refund, which raised their suspicion about the email's authenticity. CyberWyoming Note: Always verify unexpected emails claiming to be from official entities like the IRS, especially if they include unsolicited attachments, to avoid falling victim to phishing scams. You can also report email scams impersonating the IRS to phishing@irs.gov to help stop fraud and protect others from falling victim. 

Email Enigma: A Cody citizen received two suspicious emails with similar subject lines "Confirmation Receipt" with clss and mcplk at the end. One email was from "Surprise Reward" with the email address "contact_support.dvy@news.[RandomLetters].co.uk," while the other was from "Prime®" with the email address "contact_support.glt@news.[RandomLetters].com." CyberWyoming Note: Always verify the sender's identity, avoid clicking suspicious links or opening attachments, and watch out for red flags like unusual subject lines or requests for personal information. 

Water Wars: Russian hackers targeted water systems in the US, Poland, and France, possibly escalating Moscow's attacks on adversaries' infrastructure. The group, known as Sandworm, is linked to cyber assaults on Ukrainian providers and global malware outbreaks. They're connected to pro-Russia hacktivist groups like the Cyber Army of Russia Reborn (CARR), which claimed attacks on Texan and Polish water facilities. The hackers' videos led to FBI investigations. They also targeted a French hydroelectric station, showing a reckless approach. US water utilities face increasing cybersecurity threats, prompting calls for better defenses from federal authorities. – Brought to you by Newsweek  

https://www.newsweek.com/russia-water-hackers-cybersecurity-1891611  

Top Dating Apps: From Data-Hungry to Privacy-Prioritized 

Navigating the dating scene is akin to traversing a data minefield, with apps ranging from data-hungry behemoths to privacy-conscious companions. As love seekers weigh the convenience against the cost of personal data, here's a breakdown of popular dating apps, ranked based on their data collection practices and transparency.  

Top 3 Most Data-Hungry Apps 

1. Grindr: Leading the pack with 23 data points collected and 2 tracked, Grindr caters predominantly to the LGBTQ community, boasting unmatched accessibility while raking in user data for various purposes. 

2. Bumble: Following closely with 22 data points collected and 4 tracked, Bumble empowers women to take the first step in the dating game, yet its appetite for user data remains voracious. 

3. Badoo: With 21 data points collected and 7 tracked, Badoo offers straightforward swiping and matching, but its data collection practices leave little to the imagination, underscoring the high price of digital romance. 

Top 3 Least Data-Hungry Apps 

1. Hinge: Rounding out the list, Hinge strikes a balance with 14 collected data points, of which only 2 are tracked, making it an attractive option for those valuing privacy in their quest for love. 

2. Match: With 15 data points collected and 1 tracked, Match focuses on serious relationships without overwhelming users with excessive data collection practices. 

3. Tinder: A juggernaut in the dating sphere, Tinder collects 16 data points while refraining from tracking user data, positioning itself as a relatively privacy-conscious option.  

– Brought to you by Cybernews  

A Cold Front in Cyberspace: Cybersecurity and Infrastructure Security Agency (CISA) confirmed that Russia-linked hackers breached federal agencies' correspondence with Microsoft. In response, CISA issued an emergency directive, urging affected agencies to analyze the breach's cybersecurity impact. The hackers, known as Midnight Blizzard, attempted to access Microsoft's systems using information from corporate email systems. Microsoft reported an increase in specific types of attacks by Midnight Blizzard, including password sprays (a type of attack where a they attempt the same password on many accounts before moving on to another one and repeating the process. This is effective because many users use simple, predictable passwords, such as "password123."). Both CISA and Microsoft are working to mitigate the breach's impact. – Brought to you by The Hill https://thehill.com/policy/technology/4589382-cisa-confirms-russian-linked-hacker-correspondence-between-federal-agencies-microsoft/ 

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Android OS, Google Chrome, and Mozilla PDF.js . If you use any of these products, make sure the software (or firmware) is updated. 

Data Breaches in the News: Dell, BerryDunn, and AT&T. 

Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax. 

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors. 

Other ways to report a scam: 

• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker/us/reportscam 

• Wyoming Attorney General’s Office, Consumer Protection 

  • Email ag.consumer@wyo.gov 

  • Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints 

• File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/  

• Get steps to help at https://www.identitytheft.gov/#/Info-Lost-or-Stolen  

• Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint  

• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3 

• Office of the Inspector General:  https://oig.ssa.gov/ 

• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360 

• IRS: report email scams impersonating the IRS to phishing@irs.gov 

• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398 

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.