Tips, tricks and scam alerts

Donation Deception: A resident of Wyoming reported receiving a suspicious email from the address "tanveerali.petro@[random letters].com.pk," purportedly representing the Kuhne Foundation. The subject line, "Kuhne Foundation (3,500,000.00€ Donation)," claimed the recipient had been selected for a €3,500,000 grant. It instructed them to contact CEO Mr. Klaus Michael Kuhne for claims. CyberWyoming Note: Stay cautious of unsolicited emails promising large sums of money, especially if they contain grammatical errors or request personal information, as they are likely phishing attempts aimed at stealing sensitive data. 

Phishy PayPal Crypto Invoice: A Jackson citizen received a scam email posing as a PayPal order confirmation with the subject "Your Order Confirmation [Random Numbers]." The email contained a suspicious PDF attachment resembling a fake invoice statement. It falsely claimed that a payment for an invoice had been successfully processed for the purchase of Bitcoin/crypto on Coinbase, and stated that the cryptocurrency was now in the recipient's Coinbase wallet. CyberWyoming Note: If you receive an unexpected email claiming to be from PayPal or Coinbase with a suspicious attachment, do not open the attachment or click on any links. Instead, log in directly to your PayPal or Coinbase account through the official website to verify any transaction claims. Always contact customer service through their official contact information for any concerns. 

 
Don't Get Boxed In: A Laramie citizen received a scam text message pretending to be from USPS. The message, which was flagged as potential spam, stated that a parcel was on hold due to insufficient address information and requested a valid delivery address to avoid returning the package. The message included a URL and wished the recipient an exceptional day from the USPS team. CyberWyoming Note: Be cautious of unsolicited messages claiming to be from delivery services impersonating USPS. Avoid clicking on links in such messages and never provide personal information. If you are expecting a package, verify its status directly through the official USPS website or by contacting their customer service. 

 
“Glacier” Text Trap: A resident of Wyoming reported receiving a spam text message to their cell phone from an unknown sender with the address starting with “ninlucky@ymt”. The message claimed that $420.45 had been charged to their card on May 5th, instructing them to “Clik”a link [random letters].tecnobrisa.com to stop the transaction. The message, purportedly from "Glacier," contained bad grammar and was clearly an attempt to deceive the recipient into clicking on a potentially harmful link to address a non-existent issue with their card. CyberWyoming Note: Be cautious of unsolicited messages with poor grammar or spelling errors, especially if they contain urgent requests or suspicious links, as they are often indicative of phishing attempts aimed at stealing personal information or spreading malware. If you receive a suspicious text, refrain from clicking any links, delete the message, block the sender, and report the scam. 

Phishing 2.0: Threat actors are utilizing AI tools to enhance phishing attacks, enabling them to craft convincing campaigns that surpass previous levels of complexity. Zscaler's report highlights a 393% surge in phishing attacks targeting the finance and insurance sector, indicating a growing threat to digital financial platforms. Moreover, there's a rise in phishing kits aimed at bypassing multi-factor authentication, suggesting a trend toward sophisticated techniques like adversary-in-the-middle attacks. AI's potential in reshaping the cyberthreat landscape is significant, allowing attackers to deceive even the most vigilant users with precision.  

– Brought to you by CyberheistNews & KnowBe4  https://blog.knowbe4.com/ai-assisted-phishing-attacks-rise 

Mac Under Surveillance: A new version of the LightSpy malware is now targeting Mac computers, expanding from Android and iOS to macOS since January 2024. This spyware can secretly access contacts, messages, GPS data, photos, videos, and even activate the microphone and camera. It mainly affects older macOS versions like 10.13.3, while the latest macOS 14 remains safe. It's crucial to keep your operating system updated as updates include security patches that protect against such threats. Ensure all business devices run the latest macOS and stay alert for any unusual activity, contacting IT support if anything seems suspicious. This advice applies universally: keep all devices updated to stay safe from cyber threats.   

– Brought to you by K2 Technologies & The Hacker News 

https://thehackernews.com/2024/06/lightspy-spywares-macos-variant-found.html 

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for OpenSSH. If you use any of these products, make sure the software (or firmware) is updated. 

Data Breaches in the News:  

TeamViewer, Evolve Bank, Neiman Marcus, Geisinger, Ticketmaster, Ingo Money, Agropur, Infosys McCamish Systems (IMS), Human Technology Inc., Traderie: Roblox Trading Platform, Landmark Admin, Prudential Insurance, and Roll20. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax. 

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors. 

Other ways to report a scam: 

• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker/us/reportscam 

• Wyoming Attorney General’s Office, Consumer Protection 

  • Email ag.consumer@wyo.gov 

  • Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints 

• File a complaint with the Federal Trade Commission at www.ftc.gov/complaint 

• Get steps to help at www.IdentityTheft.gov  

• Report your scam to the FBI at www.ic3.gov  

• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3 

• Office of the Inspector General:  https://oig.ssa.gov/ 

• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271. 

• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360 

• IRS: report email scams impersonating the IRS to phishing@irs.gov 

• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398 

• Report computer or network vulnerabilities to US-CERT: 1-888-282-0870 or www.us-cert.gov. Forward phishing emails or websites to phishing-report@us-cert.gov. 

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.