Phishing with PayPal:

A Wyoming citizen encountered a very convincing PayPal invoice email with the same email address as the legitimate PayPal company, prompting them to verify their account directly with PayPal. Upon inspecting the email's original source (looking behind the scenes in the email), it reveals a suspicious address with “Miller441+SRS=rq9lc=JL=paypal.com=service” at the beginning. The email, bearing typical PayPal branding and the subject “Invoice from Order Successful. Reach us at +1 888 646 O688 if this was not you. (W5FD97)”, claims an invoice of $350.00 USD and instructs the recipient to contact a provided number if the transaction is unrecognized. Despite its convincing appearance, the unusual source raises red flags, indicating a potential phishing attempt. Cybersecurity Note: Exercise caution with unexpected financial communications, especially those urging immediate action, and verify the authenticity of sender addresses to mitigate phishing risks.

Auto Security Services.txt Raises Suspicion:

A Wyoming resident received a suspicious email from a Gmail address with the file named "Auto Security Services.txt." The “To” list was very long, not hidden or blind copied, and seemed to be alphabetized, indicating that this could be a copy and paste from a breached list of email addresses. Expressing concern about the document's content, the sender refrained from opening it, even in Gmail's preview mode. The email was identified as spam by Google. CyberWyoming Note: Remember to take a cautious approach when dealing with potentially harmful or phishing-related communications, especially when accompanied by unfamiliar file attachments.

Pump up Your Defenses:

Gas station attacks involving skimmers cost over $1 billion annually, according to the FBI. Criminals install skimmers on gas pumps, making them appear like regular credit card readers. Once installed, the skimmer reads credit card information, allowing criminals to steal money or make online purchases. To spot a skimmer, consumers are advised to check for signs such as a loose or improperly fitting credit card reader, oversized or damaged readers, and inconsistencies compared to neighboring pumps.

To protect against skimming, consumers can:

• Inspect the card reader for signs of tampering.
• Preferably pay inside with an attendant.
• Use credit instead of debit cards.
• Use chip or contact-free methods like Apple Pay.
• Avoid entering the PIN or do so discreetly.
• Choose pumps closer to the building, as they are often monitored.
• Set notifications for card purchases over a certain amount.
• Report any suspected gas station scams to financial institutions promptly.

Be vigilant, trust your instincts, and report suspicious activity to local law enforcement. – Brought to you by the Florida Sheriffs Association & Reader’s Digest

How iOS 17.3 Shields Your Device:

Apple's iOS 17.3 introduces a powerful "Stolen Device Protection" feature, enhancing iPhone security against theft. Activating this feature adds extra authentication layers, introducing delays for sensitive actions like password changes. It requires biometric authentication for certain tasks, preventing unauthorized access in case of theft. While operating outside familiar locations, users can configure Significant Locations settings for recognition. Additionally, users are advised to bolster security by lengthening passcodes, securing sensitive photos, enabling app-level authentication, and activating the Find My feature for remote tracking and disabling in emergencies.

– Brought to you by the NYT Wirecutter

Utility Scam Alert:

Colder months see a rise in criminals posing as utility companies, preying on those relying on services for warmth.

• How scams operate: Be cautious of unexpected visits or calls offering energy audits or demanding immediate payment.
• What to be aware of: Legitimate utilities don't solicit personal info via email or phone. Never pay bills with gift cards or through bitcoin ATMs.
• What to do: If in doubt, contact your utility company through trusted channels, not web searches. Report scams to the company, law enforcement, and the Federal Trade Commission at 877-382-4357. Stay vigilant, stay safe.

– Brought to you by AARP Fraud Network

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome. If you use this product, make sure the software (or firmware) is updated.

Data Breaches in the News:

AnyDesk, Hewlett Packard Enterprise (HPE), Verizon Communications (For Employees), and Spoutible.

Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register