Tips, tricks and scam alerts

CyberWyoming, Hacker’s Brief 3/7/2025

Fake Lists and Real Trouble: A business in Laramie reported receiving a scam email with the subject "Goshen County Chamber of Commerce Member List" from a Gmail address. The email claimed to verify the recipient’s interest in obtaining a distribution/member list of 1000+ contacts from the Goshen County Chamber of Commerce. It asked the recipient to reply for more details and cost information, signed by "Gary Benton – Business Executive." CyberWyoming Note: A "Gary Benton" does not appear to work for the Goshen County Chamber of Commerce, as confirmed on their official website, Goshen County's Chamber has an official name of GoGoshen!, and we contacted them to confirm this was a scam. Avoid responding to unsolicited emails, especially from generic addresses like Gmail. Instead, contact the Chamber directly using official contact information to verify any offers. This same scam impersonating local Chambers has been spotted throughout the state.

Meta Trademark Violation?: A Laramie business received a suspicious message on Facebook from an unknown account claiming to be from Meta. The message stated that the company's Facebook page was scheduled for permanent removal due to a trademark violation. It offered the option to submit a complaint for review before the removal, while warning that if no complaint was submitted, the decision would be final. The message also included a link for submitting the complaint. Don’t click on the link!CyberWyoming Note: This message is a scam attempting to trick recipients into clicking on a malicious link by using scare tactics, such as threatening to interfere with the business's operations. It creates a false sense of urgency, making it seem as though there is no time to think things through or verify the legitimacy of the message. By doing so, it pressures the recipient into acting quickly without considering the risks or consequences.

3 Million Personal Records Exposed in DISA Breach: (DISA Global Solutions is a US based firm that conducts employee background checks and drug screening tests.) DISA Global Solutions has exposed the personal information of over 3.3 million people, including Social Security numbers, credit card details, and government IDs. DISA confirmed the breach occurred on February 9, 2024, but wasn't discovered until two months later. The breach affected 3,332,750 individuals, and DISA is offering identity theft protection. The cause of the attack and the full scope of the leaked data are still unclear. Authorities and DISA are investigating the incident. – Brought to you by NewsWeek

https://www.newsweek.com/disa-global-solutions-hack-3-million-americans-2035774

AARP Alert: Beware of Social Security Scam Calls: Scammers often impersonate the Social Security Administration (SSA) to steal money and personal information. In 2024, victims reported over $577 million lost to government impostor scams. Fraudsters may contact you unexpectedly by phone, text, or email, claiming your Social Security account is suspended, you need to complete a form, or your bank account is at risk. Remember, SSA rarely reaches out unexpectedly, never threatens or demands immediate action, and does not request payment via gift cards or cryptocurrency. If you receive a suspicious message, do not engage. Instead, call SSA directly at 800-772-1213. For secure communication, set up a My SSA Account at ssa.gov/myaccount. If you shared your Social Security number, file a police report and visit IdentityTheft.gov for protection steps. – Brought to you by AARP Fraud Network

https://www.aarp.org/money/scams-fraud/text-alerts.html

AI Scam Targeting Gmail Accounts: A sophisticated AI-driven phishing attack targeting Gmail users has been confirmed, posing a serious threat to account security. Hackers use deepfake AI voices and spoofed Google caller IDs to trick victims into revealing login credentials, even bypassing two-factor authentication (2FA). A recent near-victim, Zach Latta, described it as the most convincing attack he had ever seen. Google advises users to stay vigilant, avoid unsolicited support calls, and use security tools like the Advanced Protection Program and passkeys for enhanced protection. While Google has taken action against the scammers, all 2.5 billion Gmail users are urged to remain cautious. – Brought to you by Forbes

https://www.forbes.com/sites/daveywinder/2025/02/01/gmail-security-warning-for-25-billion-users-ai-hack-confirmed/

One Password to Rule Them All?: Reusing passwords across websites is risky, with over 70% of people doing it despite experts warning against it. If a hacker gets your username and password from one site, they can try it on others, gaining access to multiple accounts. Changing passwords slightly isn’t secure either, as predictable patterns can be easily cracked. Using multi-factor authentication (MFA) and password managers enhances security. MFA adds an extra verification step, while password managers store unique, complex passwords. For strong passwords, aim for at least 20 characters and use phrases. Always report hacks—scammers are professionals, and nothing is 100% secure, but these steps reduce the risk.

– Brought to you by Secure The Village & HuffPost

https://www.huffpost.com/entry/password-security-tips_l_67ad0a41e4b0239406dee6f0

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for VMware ESXi. If you use this product, make sure the software (or firmware) is updated.

Data Breaches in the News: AllTrust, Restorix, Legacy Professionals, Via Credit Union, and Transak USA. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

Better Business Bureau Scam Tracker: www.bbb.org/scamtracker
Wyoming Attorney General’s Office, Consumer Protection
- Email ag.consumer@wyo.gov
- Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints
File a complaint with the Federal Trade Commission at www.ftc.gov/complaint
Get steps to help at www.IdentityTheft.gov
Report your scam to the FBI at www.ic3.gov
Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
Office of the Inspector General: https://oig.ssa.gov/scam-awareness/report-the-scam/
If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
IRS: report email scams impersonating the IRS to phishing@irs.gov or https://www.irs.gov/privacy-disclosure/report-phishing
Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1-800-856-4398

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visitwww.aarp.org/fraudsupport to learn more about the free program and register.

Tags