Microsoft Teams Trickery:

A Wyoming business reported an email impersonating Microsoft Teams containing a link to a fake log-in site that attempts to steal Microsoft credentials. The email, with the subject “. [All Staff-1]", contains a Microsoft Teams graphic and claims that teammates are trying to reach the recipient in the Teams application. The content of this email reads "Hi (name), Your teammates are trying to reach you in Microsoft Teams. Hi team, Just so we are all on the same page all staff are required to send...". CyberWyoming Note: Individuals should proceed with caution and refrain from clicking on any suspicious links in emails, even if the company appears legitimate, to avoid becoming victims of phishing attacks.

The 'Next of Kin' Conundrum:

The Laramie citizen received a suspicious email from someone claiming to be Mr. Fazlı Khisrow, purportedly working at a prime bank in Turkey. The email suggests a proposal to make the recipient the next of kin to a late customer, Mr. Heath Liam, who supposedly died in the March 11th, 2011 earthquake disaster in Japan. The sender, who used a Gmail address with an different name than the signature line, proposes a partnership and requests the recipient to contact them for further details. CyberWyoming Note: This type of email is characteristic of a common scam, often involving attempts to defraud individuals through deceitful schemes. Avoid responding, refrain from sharing personal information, and report such messages as phishing attempts to phishing@cyberwyoming.org.

Blue Federal Credit Union Promise:

With the new year, Blue FCU wants to remind you to always be on alert for scams and bad actors. Blue Federal Credit Union will never contact you to request sensitive personal information, including:

• Your Online Banking Username or Password
• Your Blue Card number
• Personal Identification Number (PIN)
• Online Banking Passcodes

If you ever suspect fraud, call Blue FCU at: 1-800-368-9328, visit their website at bluefcu.com/security-center, or come into the nearest branch.

2023 Year in Review:

In 2023, cyber-attacks witnessed significant evolution due to advancements in technology and increased connectivity. The top 10 notable hacks include:

1. MOVEit Mass Attack:
   Extorted $75-100 million, impacting 2,667 organizations and 84 million individuals.
2. Cisco IOS XE Attacks:
   Compromised 42,000 devices via zero-day vulnerability, a significant edge attack.
3. US Government Hacked via Microsoft 365:
   Cyber espionage compromised US agencies; China-linked threat actors stole 60,000 emails.
4. Citrix Bleed Attack:
   Massive data breach due to critical Citrix vulnerability affecting millions.
5. Okta’s Customer Support Data Breach:
   Exposed Okta customer information, impacting cybersecurity vendors.
6. Western Digital Cyber Attack:
   Targeted My Book Live devices, remotely wiping data and disrupting operations.
7. MGM Resorts Breach:
   Exposed data of 142 million guests, involving an English-Russian alliance and RaaS groups.
8. Royal Ransomware Attack Over the City of Dallas:
   Disrupted Dallas operations, exposing data of 30,000 individuals.
9. GoAnywhere Attacks:
   Exploited zero-day vulnerability, impacting NationsBenefits and others.
10. 3CX Software Supply Chain Attack:
    SolarWinds-like attack by North Korea on 3CX, affecting 600,000 organizations.

– Brought to you by Cyber Security News

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Atlassian (Confluence Server and Data Center) and Google Chrome. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Hadoop (Apache & Flink), Halara, Liquipedia, Lush, and GEICO. Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register