Wells Fargo Woes:

A resident received a phone call purportedly from Wells Fargo, which included outdated personal information such as an address from 20 years ago and an old phone number. Sensing something amiss, this person terminated the call and contacted the local Wells Fargo branch to verify its authenticity. CyberWyoming Note: This proactive approach, including establishing a case with the bank, demonstrates the importance of verifying unexpected communications, especially when personal information is involved.

“Phitness” Fraud:

A citizen received a phishing email supposedly from Planet Fitness, claiming to be from the specific Planet Fitness location in their town. The email's subject was "Your Document" and it was sent from "Planet Fitness [Citizen's Town and State]” with a completely unrelated random Gmail address. The email contained an attached PDF named "document.pdf", which seemed to be a fake Membership Freeze/Unfreeze form. The email asked the recipient to contact them if they had any questions and provided contact information for a supposed Planet Fitness location in their town. The email included the address, phone number, and email of the alleged Planet Fitness branch. It also contained an unsubscribe link. CyberWyoming Note: Be cautious of emails claiming to be from familiar businesses, especially if they request sensitive information or contain unexpected attachments. Always verify the sender's email address and contact the company directly through official channels if in doubt.

Boss Bait:

A citizen received multiple emails, thankfully caught by the spam folder, appearing to be from their boss, indicated by the correctly displayed name and career title. However, the email address was completely different other than the first few characters. These very suspicious emails stated: "Do you have a moment? I have a request. I'm in a conference meeting right now and only have access to mail. No calls, just reply to my email. [Boss's Name] [Boss's Title]" After confirming with their boss, who agreed that it was not them, it became evident that this was likely a scam attempt. CyberWyoming Note: Exercise caution when receiving an unexpected email, especially if they appear to be from familiar contacts and prompt you to take unusual actions, such as telling you not to call them. Always verify legitimacy through other communication channels.

Holy Shrimp!:

Facebook's transition from a platform driven by human interactions to one dominated by AI-generated content raises concerns. The platform's algorithm now promotes bizarre and nonsensical posts, rendering real user input irrelevant. These AI-generated posts are given prominence by Facebook's algorithm, inundating users' timelines with viral but fake content like shrimp Jesus statues and surreal scenes. Despite user dissatisfaction (or satisfaction if they like the odd generated pictures), Meta, Facebook's parent company, prioritizes profits over user concerns, relying on algorithms to drive engagement. Scam pages exploit AI-generated content to drive engagement and lure users to dubious links. While Meta's profits soar, the platform's decline in user satisfaction and reliance on AI pose challenges. The disconnect between user preferences and corporate priorities underscores the platform's uncertain future. Facebook's fate may not concern its leadership as long as profits rise. However, for users nostalgic for genuine interaction, the current state is disappointing. Whether Facebook can reverse its decline remains uncertain, highlighting the challenges of balancing profitability with user satisfaction in the age of AI-driven social media.
‍– Brought to you by CyberNews cybernews.com/editorial/shrimp-jesus-facebook-generative-ai/

Insights from KnowBe4's 2024 Security Culture Report:

KnowBe4's 2024 Security Culture Report, drawing insights from over 800,000 employees in 4,078 organizations across 18 industries, highlights the need for organizations to enhance their security culture. The report reveals that while the overall security culture score globally remains at 72, indicating a low to moderate level, smaller organizations tend to score higher. This is attributed to the ease of changing culture within smaller groups compared to larger ones. Large organizations face more challenges in modifying their security culture due to their size and complexity. Large organizations scored higher in the dimension of behaviors compared to smaller ones. This implies that while larger organizations may have better adherence to certain security practices, there's still a gap in understanding, knowledge, awareness, and responsibility regarding security issues globally. This underscores the urgent need for organizations to invest in strengthening their security culture, especially in industries heavily targeted by cybercriminals. CEO Stu Sjouwerman emphasizes the importance of prioritizing security culture as a business necessity, particularly in reducing human-based risks. The report also discusses the role of AI in cybersecurity and provides insights into security culture trends across different regions worldwide, emphasizing the need for continuous improvement and investment in security measures.
– Brought to you by KnowBe4 blog.knowbe4.com/knowbe4-security-culture-report-2024-new-research
‍CyberWyoming Note: Change your company’s security culture and order our free, no-think, security awareness training campaigns built specifically for small business needs and so anyone in your company can run the training. info@cyberwyoming.org

Apple Alert!:

Apple fans are facing a barrage of fake password reset requests in a targeted multi-factor authentication bombing campaign. Users are advised to be wary of support calls offering a fix. The attackers inundate victims with password reset requests, forcing them to clear numerous notifications before they can use their Apple devices. After clearing the alerts, victims may receive spoofed calls from scammers posing as Apple support, attempting to obtain personal information and a one-time reset code. The sophisticated nature of the attack suggests potential flaws in Apple's iForgot system, but the company has not addressed the issue yet. Users are urged to remain cautious and follow Apple's guidance to avoid falling prey to such scams.
– Brought to you by The Register theregister.com/2024/03/27/apple_passcode_attack/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for XZ Utils. If you use this product, make sure the software (or firmware) is updated.

Data Breaches in the News:

Hot Topic, Cisco, Munchables, AT&T, Activision, MarineMax, PandaBuy Prudential Insurance, and OWASP.
‍Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register