Google Alert: For Businesses (and Citizens) that Use G-Suite:

Hackers can gain unauthorized access to Google accounts, bypassing multi-factor authentication by stealing authentication cookies and extending their lifespan, rendering password changes ineffective. Users are advised to review their signed-in devices, sign out from suspicious sessions, and, if compromised, invalidate current session tokens by signing out of all browsers, resetting the password, and signing back in. Administrators managing Google Accounts for organizations are provided specific steps to reset a user's sign-in cookies in the event of a compromise. For exact instructions, see the article by Malwarebytes: malwarebytes.com/blog/news/2024/01/info-stealers-can-steal-cookies-for-permanent-access-to-your-google-account

Faux Philanthropy:

A citizen received an email titled "DONATION-WIRE TRANSFER REQUEST" from someone claiming to be with a family wanting to donate to their organization. The email requested the recipient to provide Wire or ACH transfer information along with a Tax ID for purported tax purposes. The citizen recognized it as a scam and reported it, noting its fraudulent nature. The email displays characteristics commonly associated with phishing scams, such as unsolicited requests for personal and financial information, generic language, and an urgency to act quickly. CyberWyoming Note: It is crucial for individuals to exercise caution and verify the authenticity of such communications before sharing any sensitive information.

Beware of 50% Off Spectrum Scam Calls:

A Laramie citizen received a recorded call from an individual claiming to be from Spectrum. The message said that a 50% discount had been applied to their monthly bill and requested them to call back at a specified number to keep the offer active. The given call-back number was 866-866-1195 (different from the originating number), and the call was to be made between 8 a.m. to 5 p.m. Pacific Standard Time. This type of scam has been reported throughout the US, prompting various news sources to issue warnings to the public about fraudulent activity. CyberWyoming Note: Verify unsolicited calls from service providers by contacting them directly using official contact information, never share personal information over the phone, and use two-factor authentication.

Jonah Bank of Wyoming Fighting Fraud:

Jonah Bank of Wyoming has recently released a concise consumer protection document written in non-technical language, helping Wyomingites organize their accounts and the security protection on those accounts. Download it and get organized in the New Year. Check it out at: https://www.jonah.bank/sites/www.jonah.bank/files/jonahbankfightingfraud.pdf

A Note About Artificial Intelligence (AI) from CyberWyoming:

You have heard a lot of pros and cons in the media about AI, but just like any other tool, if used responsibly, it can be a huge time saver. At CyberWyoming, we evaluate each tool, research its privacy options, and decide as a group whether or not to use it. But, we can tell you that we LOVE it! It makes us faster and better at our jobs! From dictation tools to PowerPoint designs to marketing content generation, AI has been a huge help for our small organization and some of us are using it personally as well. If you want to learn more about AI, check out our board members discussing it on video here: youtu.be/ibQAJLa9uG8.

North Korea Was Responsible for Over $600M in Crypto Thefts Last Year: TRM Labs:

U.S. national security officials have raised concerns about North Korea’s use of stolen crypto to develop nuclear weapons. … North Korea-affiliated hackers were involved in a third of all crypto exploits and thefts last year, making off with some $600 million in funds, according to a report from TRM Labs. … The sum brings the Democratic People’s Republic of Korea’s (DPRK) total take from crypto projects to almost $3 billion over the past six years, the blockchain analytics firm said Friday. – Brought to you by Secure The Village Full articles for more information: trmlabs.com/post/north-korean-hackers-stole-600-million-in-crypto-in-2023, coindesk.com/policy/2024/01/05/north-korea-was-responsible-for-over-600m-in-crypto-thefts-last-year-trm-labs/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Microsoft products and Cisco Unity Connection. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

LoanDepot, Popup Builder WordPress plugin, and HMG Healthcare. Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register