‍Hacker’s Brief 7/6/2020

‍

Identity Theft Alert in Wyoming:

A former employee (and student) of Northwest College who now lives in SE Wyoming and is gainfully employed received a letter from the Wyoming Department of Workforce Services saying his unemployment claim was denied. He also got a debit card in the forwarded mail to his new address in SE Wyoming.  He has not worked for or attended Northwest College in 10 years and did not apply for unemployment.  The Wyoming citizen has put a lock on his credit, but does not know where this data fraud may have come from.

Car Warranty Phone Scam:

Thanks to a Lovell citizen for reporting this scam.  The citizen reported that once a week for the past couple of months he has been getting a ‘your car warranty has expired’ recorded call.  The call comes from a local Lovell or Wyoming number and the number varies.  This  citizen decided to press 1 to talk to the live person and asked the representative “What is the name of your company and what city are you calling from?”  The fake customer service rep just hung up.  One point to our Wyoming citizen!

Cryptocurrency Scammers Using COVID:

Scambusters.org reported four different COVID cryptocurrency scams.  The first one is phishing email that pretends to be rom one of the big cryptocurrency exchanges and says there is a coronavirus alert they need to log-in to get the information on, but the link takes you to a fake log-in and they steal your credentials and drain your cryptocurrency account.  The second one is a scam asking from charities, the CDC, or the WHO asking for cryptocurrency donations to fight the pandemic.  The third is where scammers claiming to have medical supplies and devices are sometimes asking for cryptocurrency.  The last one is a scare tactic where scammers claim to have COVID, know where you live, and will infect your family if you don’t pay them their cryptocurrency extortion demands.

Personalized Bitcoin Scam:

Scammers are targeting worldwide bitcoin users with a realistic and extensive campaign.  First the victim receives a text message using the name of a recognized media outlet that contains a URL that demonstrates that the scammers already have your personal data (like your phone number, name and email address).   If you click on the link it has what looks like a new cryptocurrency investment platform with names and companies that you know.  Media brands and celebrities names were hijacked by fraudsters. The website looks very realistic and is operating under different names like Crypto Cash, Bitcoin Rejoin, Bitcoin Supreme, and Banking on Blockchain. (securityaffairs.co)

Twitter Business Accounts Breached:

If you use Twitter for your business, but sure to change your password.  The breach affected businesses that use Twitter’s advertising and analytics platforms.

FBI Alert about Business Email Compromise (BEC) during COVID:

Scammers posing as existing clients of a company have researched the senior executives and message them posing as known suppliers saying invoices should be paid to a different account.  CyberWyoming recommends always calling your vendors to confirm any financial account changes.

MS-ISAC Patch Now Alert:

The Multi-States Information Sharing and Analysis Center (MS-ISAC) has issued a patch now (update your software) alert for Netgear products.  Netgear makes network attached storage devices, routers, switches, cable modems, DSL modems and webcams.  The update is called a ‘firmware’ update.  These devices do not normally update on their own, so check out the Netgear website, enter your model number, download the user manual, and determine how to do the firmware update.

Data Breaches in the News:

LG Electronics, Xerox, LimeRoad (e-commerce fashion site based in India), DarkThrone, Efun, Fluek, Footters, HomeChef, JamesDelivery, KitchHike, KreditPlus, Minted, Playwings, Revelo, Tokopedia, Yotepresto, Zoosk, Maine Information & Analysis Center, and Twitter Business Accounts. 

Other ways to report a scam:

• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker/us/reportscam
• File a complaint with the Federal Trade Commission at ftc.gov/complaint
• Report your scam to the FBI at https://www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration.  Online at https://complaints.donotcall.gov/complaint/complaintcheck.aspx or call 1-888-382-1222, option 3
• Office of the Inspector General:  https://oig.ssa.gov/
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS:  report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398