Earthquake Inheritance Hoax:

A Laramie citizen received an inheritance scam email from someone claiming to be Barrister John Bales, offering a share of $132.5 million left behind by a deceased Japanese American investor due to the 2011 earthquake in Japan. The email suggests a business arrangement due to the recipient sharing the same last name as the deceased, aiming to exploit their curiosity and greed. The scammer requests confidentiality and urges the recipient to contact them to claim the funds before they are confiscated by the bank. The recipient flagged it as a phishing attempt exploiting a recent news event. CyberWyoming Note: Never respond to unsolicited emails promising unexpected financial gains, especially if they request personal information or financial transactions, as they are likely phishing scams aiming to exploit your trust and vulnerability.

Hitching a Ride on Caution:

A scam targeted a Wyoming senior with four phone calls impersonating U-Haul in one morning. Despite the senior being a previous customer, the calls raised suspicion due to the callers having outdated address information. CyberWyoming Note: This serves as a reminder to stay cautious even in familiar situations, as scammers may attempt to exploit past relationships or details.

New Scam Alert: Malware Disguised as Security App:

Fraudsters are using a new tactic to spread malware through a fake security app, posing as an official McAfee Security product.

Here's how it works:

1. The Initial Text Message: They send you a text message that says a large financial transaction has just occurred using your bank account. It instructs you to call a phone number if you have not authorized the transaction. However, the transaction never occurred, and the cybercriminals are trying to scare you into acting impulsively.
   ‍
2. The Phone Call: If you dial the provided number, you’ll connect with a fraudster who will guide you to download a security app. This app masquerades as an official McAfee Security product. However, its true purpose is to take control of your device.
   ‍
3. The Trap: Once you install the app, the cybercriminal gains access to your data and takes complete control over your device. They can then install additional malware and access your personal information. To protect yourself, only download apps from trusted sources like official app stores, verify suspicious messages directly with the institution, and avoid giving out personal information impulsively.
   
   – Brought to you by NASA Federal Credit Union

Western Wits and Russian Rogues:

Cybersecurity experts fear that ransomware attacks will intensify as young Western hackers collaborate with Russian counterparts. Recent high-profile attacks on institutions like hospitals, tech companies, and major Las Vegas hotels have highlighted the growing threat of ransomware, where hackers encrypt crucial files and demand payment for their release. The emergence of groups like Scattered Spider, composed of skilled hackers from the U.S., U.K., and Canada, collaborating with Russian ransomware gangs, presents a concerning trend. These hackers employ sophisticated techniques like social engineering to breach networks, causing significant disruptions and financial losses for their victims. The lucrative nature of ransomware attacks, coupled with the partnership between Western and Russian hackers, poses a formidable challenge for cybersecurity professionals. – Brought to you by CBS News

cbsnews.com/news/cybersecurity-investigators-worry-ransomware-attacks-may-worsen-as-young-hackers-in-us-work-with-russians-60-minutes-transcript/

Phish Fry:

Law enforcement authorities across 19 countries collaborated to dismantle LabHost, an online platform facilitating phishing attacks by providing kits to cybercriminals. Established in 2021, LabHost enabled hackers to create fake websites to deceive individuals into disclosing sensitive information like email addresses, passwords, and bank details. The Metropolitan Police in the UK spearheaded the operation, resulting in the arrest of 37 suspects and the seizure of incriminating evidence. Europol coordinated the international effort, with support from agencies like the US Secret Service and FBI. LabHost had amassed a significant user base, with 2,000 registered members paying a monthly subscription fee of $249 each. The platform offered customizable illicit services, including a campaign management tool called LabRat, allowing criminals to orchestrate phishing attacks and evade security measures. – Brought to you by CNN Business edition.cnn.com/2024/04/18/tech/labhost-cybercrime-phishing-arrests/index.html

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for GitHub Enterprise Server (GHES), Google Chrome, and Fortinet FortiSIEM. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Check Point Software Technologies, The Internet Archive, WebTPA Employer Services, and MediSecure.

Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register