Hacker's Brief 03/29/21

March 29, 2021
Security
info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307.314.2188, PO Box 2332, Laramie, WY 82073

DHL Express Impersonation Scam:

A Sheridan citizen reported an email impersonating DHL Express claiming that a package delivery containing $8 million dollars is owed to you, but you must pay a $100 insurance fee first. The email comes from John Butler at johnbutler@docomonet.jp and the subject line is “Urgent Attn: Hon: Beneficiary,”. The email also asks you to provide your full name, address, cellphone, copy of id, and the nearest airport to you, which will most likely be used to steal your identity.

Password Expiration Scam Email:

A Casper citizen reported an email with a lot of URL links and random words from cesar@g3dt.com. The email references your own company domain and your email address and says your password is expiring. The subject line is “[username], issue with your email-217.”

Email Inbox Folder Filling Up Scam:

A Laramie citizen reported a very real looking email spoofing her company’s email cloud provider saying that her inbox’s cloud storage was almost full and that 5 messages had malfunctioned. The subject line was “[Company name] user-cloud log. This email says that it was sent from your domain, a trusted source, but if you actually look at the sender it is from auth.go98947@web-mail.com.

Aisha al Qaddhafi wants you to retrieve 27.4 million dollars for her:

An email from Mrs. Qaddhafi is quite the interesting read. The email is from kenharriet10@gmail.com and the subject reads “HELLO DEAREST.” The email details the death of Mrs. Qaddhafi’s father the former president of Libya, Colonel Muammar Al-Qaddafi, and her current sadness over his death. She then goes on to ask for your help in retrieving 27.4 million dollars from a bank in Milan, Italy that refused to give it her and in return she will reward you a whopping 50%! She is most likely after your money and personally identifiable information. Reported by a Laramie citizen.

Social Media Package for your Business Scam:

A Laramie business reported an email frim piku7777@hotmail.com from Piku Singh with a subject line of “Full Service Social Media Package For Your Business.” The scammer offers promotion through Facebook, LinkedIn, Instagram, Twitter, Blogging, and general social media marketing. Google flagged the email as dangerous. CyberWyoming Note: It is best to go local with these types of services if you need them. Contact your local chamber of commerce, the Wyoming Women’s Business Center or the Wyoming Small Business Development Center for referrals.

Miss Nadia is a Scammer:

If you receive an email from Miss Nadia who is contacting you due to the urgency of her situation, which she explains has to do with her “late father fund”, remember that these are truly fishing expeditions. Don’t respond to random people contacting you via email. Reported by a Laramie citizen, the email came from adrian@dr-ph.com and the reply address is nadiaso231@gmail.com with the subject line of “urgent.”

Why it was important to update Microsoft Exchange:

A Chinese government backed hacking group was targeting small and medium sized businesses that use Microsoft Exchange via a sophisticated attack. So far, at least 60,000 victims have been identified. Here’s the article to read more about it. livemint.com/companies/news/hackers-breach-thousands-of-microsoft-customers-around-the-world-11615086559003.html

Newsletter@technteck.com at it again:

If you receive an email from payment-report@sam'sclub.com with a real looking button that says [your name] – CLICK HERE, don’t click. This email address is being spoofed by our old friend newsletter@technteck.com, which has more than 15 reports. Reported by a Wyoming citizen.

Change your password:

If you have a United Airlines or American Airlines frequent flyer account, be sure to change your password. A data breach that targeted frequent flyer accounts was reported on March 8. Other international airlines were also affected. Here is the link to read more: heimdalsecurity.com/blog/outspread-sita-security-breach-exposes-more-airlines

Scambusters.org Drug Enforcement Agency Alert:

Scammers are posing as fake DEA agents saying a car was rented in your name and that drugs were found in it. They ratchet up the fear saying that if you don’t pay an immediate fine, you will be arrested. Just ignore it.

Scambusters.org Spam Unsubscribe Button Advice:

Some scammers use the unsubscribe link on a spam email to determine if you are ‘there’ and reading their spam. In addition, unsubscribe links can be programmed to do anything, like download malicious software. A good rule of thumb: if the email comes from an organization that is known to you and you already subscribed to their service, then it is probably safe to unsubscribe.

MS-ISAC Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Adobe ColdFusion, Cisco Jabber (instant messaging), and Mozilla Firefox & Thunderbird products. If you use these products, make sure the software (or firmware) updated.

Other ways to report a scam: