Phishy Business:

A Wyoming organization reported a new phishing attack method where hackers exploited a common mistake: accidentally including the wrong recipient in an email. They crafted a fake email thread about a grant between two co-workers, with the last reply mistakenly copying in "Fred." The email contained a malicious link, hoping either "Fred" or the co-workers would click on it, posing a security threat. CyberWyoming Note: Double-check email recipients and be wary of unexpected links, even in seemingly legitimate email threads, to avoid falling victim to phishing attacks.

Blind Attachments & Alphabetical Targets:

A Laramie resident received a suspicious email from an individual named "Gabriella" using a Gmail address. The email had no subject line and contained only an attachment with a blurry preview, making it impossible to discern its contents without clicking. What raised concern was the large number of recipients, well over 100, whose email addresses all started with the same letter. This pattern suggests that the scammers may be sending out these emails in alphabetical order. CyberWyoming Note: Always be cautious of emails from unfamiliar senders, especially those with generic or suspicious names. Never open attachments or click on links from unknown sources, as they could contain malware or lead to phishing scams.

Breach at Sisense: CISA Urges Vigilance Among CISOs:

CISA (U.S. Cybersecurity and Infrastructure Security Agency) is warning CISOs (Chief Information Security Officers) about a breach at Sisense, a company that provides business intelligence services. Sisense's products help companies monitor multiple online services in one place. The breach involved attackers gaining access to Sisense's systems, potentially compromising sensitive data of their customers. CISA advises Sisense customers to reset any credentials they shared with the company. Sisense is investigating the breach and has advised customers to take precautionary measures, such as changing passwords and resetting access tokens. The incident highlights the importance of safeguarding sensitive information and taking necessary security measures. krebsonsecurity.com/2024/04/why-cisa-is-warning-cisos-about-a-breach-at-sisense

Data Highway Robbery:

Automakers, including General Motors (G.M.), are sharing driving data with insurers, impacting consumers' car insurance rates. This practice, involving companies like LexisNexis, collects detailed driving habits, leading to surprise rate hikes for drivers. While some enroll in programs like OnStar Smart Driver willingly, others may be unknowingly included through dealership sign-ups. Such practices raise privacy concerns and prompt investigations by regulators like California's privacy regulator and Senator Edward Markey. Despite potential safety benefits, the lack of transparency in data collection methods leaves drivers feeling betrayed and seeking alternatives. – Brought to you by Secure The Village & The New York Times
‍nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html

The Tiny Chip That Packs a Punch:

Merchants who accept credit cards are encouraged to transition to EMV, also known as chip-enabled PIN technology, which was developed by Europay, MasterCard®, and Visa® to embed microprocessor chips in cards for storing and protecting cardholder data, thus becoming the global standard. Unlike traditional magnetic stripe cards that store permanent data making them vulnerable to fraud, EMV cards generate unique transaction codes for each payment, significantly reducing counterfeit fraud. Businesses without EMV-enabled systems may face liability for certain fraudulent transactions, so it's advisable to make the switch to EMV to mitigate risks and protect against potential financial losses. – Brought to you by The National Cybersecurity Society

Phony Airline Service Numbers:

Travelers are warned about a recurring scam involving fake airline customer service numbers on Google search results. Scammers pose as airline reps, convincing victims to pay for services, causing financial losses. Despite Google's efforts, the problem persists, requiring caution and verification of contact information. Here are some recommendations to prevent this:

• Don't trust top-highlighted Google phone numbers for airline customer service.
• Verify contact authenticity via accompanying web links.
• Include the airline's web address in your Google search.
• Use official airline channels for customer service.
• Exercise caution with airline live chat, as they may involve chatbots.
• Report scams to the Better Business Bureau or the Federal Trade Commission.

Correct Customer Service Contact Information for Major Airlines (for calls from the United States):

• Delta: 800-221-1212
• American Airlines: 800-433-7300
• Southwest: 800-435-9792
• United Airlines: 800-864-8331
• Alaska: 800-252-7522 (before flight) / 800-654-5669 (after flight)
• JetBlue: 800-538-2583

– Brought to you by The Washington Post

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla products, Ivanti Avalanche, Oracle products, and Google Chrome. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Many VPN Services (Cisco Secure Firewall VPN, Checkpoint VPN, Fortinet VPN, SonicWall VPN, RD Web Services, Mikrotik, Draytek, Ubiquiti) and Fortinet FortiClient EMS devices. Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register