Email with the subject “Medicare Covering 8 At-Home Covid Tests”:

A Nevada citizen received an email for free Covid tests for people on Medicare. If you click the link, they will ask for personal details such as your Medicare information and possibly credit card number for shipping. This is a scam that started in 2022 with phone calls and has now moved to emails. See consumer.ftc.gov/consumer-alerts/2022/08/free-covid-test-scam-targets-people-medicare. CyberWyoming note: Always check the email address first. The email address of the sender starts with jyudtfgjfiruythjnre9tuhrjtorietior.

Emails with subjects “You have won <various prizes>”:

A Nevada citizen reported receiving emails impersonating Ace Hardware, Kohl’s, and Lowe’s to join their loyalty programs for free. There are links to join, and you’ll be asked to enter your credit card to pay for the shipping for your “free” prize. (CyberWyoming note: Loyalty programs are always free! The email addresses are from domains like theinsaneturtle.com which is a giant red flag DANGER. This citizen received these near identical phishing attempts from different email addresses within four days, which probably means his email address was sold, possibly on the Dark Web. AARP has a fraud watch program with steps to take to prevent identity theft with your stolen personal information – see below.)

AARP Fraud Watch Network:

If you are an AARP member (they currently have a sale – membership is $9 a year), you can sign up to receive alerts from their fraud watch network. They provide steps to prevent identity theft with your stolen personal information, and they will send you text messages about current scams and what to watch for. If you have been targeted by scams or fraud, they have a free helpline for anyone of any age (always listed at the bottom of this weekly brief) that will provide support, guidance, and next steps.

Always, always, ALWAYS log out of the ATM:

ABC News in Chicago is reporting a new ATM scam. The scammers place glue in the card slot, then wait for someone to use the ATM. When the victim cannot insert their card, the scammer helpfully suggests tapping the card instead. The scammer watches carefully to note the PIN number because they will need that too. When the victim leaves, if they have not logged out of the ATM, the scammer walks up, selects to withdraw cash, and enters the PIN. CyberWyoming note: Always shield the keypad when entering a PIN number, make sure you log out of the ATM, and, if the slot is blocked, don’t use the ATM – if the bank is open, go inside and report it or go to another ATM.

A disgruntled employee with sensitive data can seriously hurt or destroy your business:

A small nonprofit that worked with animal rescue had a bad parting with a disgruntled employee. That employee, before they left, stole the funder list. The ex-employee sent an email to the funders stating the President of the nonprofit (with whom they had butted heads) was mishandling funds. The President immediately tried to do damage control, but, because funders didn't know who to believe, the nonprofit (which had been in business for over 20 years) lost funding and had to close. This is a good example that businesses must protect sensitive data and make sure that only those that need access to the information get access to the information. Wyoming's state statute 6-3-901 states that your name plus one other piece of identifying information (such as an address, phone number, social security number, etc.) is the definition of Personally Identifiable Information. It is everyone's responsibility to protect that. Brought to you by National Cybersecurity Society, a Gula Tech Foundation grantee. CyberWyoming note: We are currently running a program to provide one-on-one, on-the-job training for Wyoming small business on how to manage your cybersecurity as a part of the CyberWyoming competition. See cyberwyoming.org/competition/ for more details.

Beware of copy and paste requests on Facebook:

If you see a request to copy-and-paste a post rather than share, it’s possible the original poster is harvesting information as your identity is exposed when you paste. Requests for comments such as “Amen if you agree“ will do the same thing. It’s an elaborate scheme; for more information see scambusters.org/copyandpaste.html. Brought to you by ScamBusters.org

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Fortinet products, Google Chrome, Google Android OS. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Denver Public Schools (all employees, and data stolen includes fingerprints), AWS Kubernetes clusters, GunAuction.com, Chick-fil-A. CyberWyoming note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register