Hacker's Brief 07/12/21

July 12, 2021
Security
info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307.314.2188, PO Box 2332, Laramie, WY 82073

Wyo Nonprofits Scam Alert:

The Wyoming Nonprofit Network reported emails from impersonated Wyoming nonprofits with the subject line of “Please Review – Name of Nonprofit RFP,” asking you to review a proposal from the named nonprofit. The emails had a sense of urgency. However, these are fake. Do not click on the RFP link.

Microsoft Account Team Impersonation Alert:

A Laramie citizen reported an email from support@users.typeform.com impersonating the Microsoft Account Team. (Note that Typeform is a real website where users can build forms, however they are not associated with Microsoft.) The email says that they detected unusual activity to your Microsoft account, a sign in from Norway. The email even lists the IP address, however the link to the Verify Account button does not send you to Microsoft.

Individual Impersonated in Sheridan:

A Wyoming citizen was impersonated by salesma602@gmail.com saying that she had recently switched banks and would like to change her direct deposit to her new account. CyberWyoming Note: Every business in Wyoming needs to have a procedure to double check these types of emails to protect their business and their employees.

United Nations and Irrevocable Payment Order Scam:

A Casper citizen reported an email from Mr. Paul Claxton at rakesh@sphpl.com, a real company email that was compromised. The email was actually signed Mark Philip and the email asks for personal information to give you an ATM card with funds, but is really an attempt at identity theft. Another email address listed in the email is w.melvin001@hotmail.com.

Bitcoin Scam Alert:

A Laramie citizen reported a scam email from amosnathniel@gmail.com with the subject line of ORDER AHR2021AG. The email claimed that you made a bitcoin exchange transaction of $311.12 and listed a number to call with questions. CyberWyoming Note: Cryptocurrency scams target younger Millennials and GenZ’ers.

Wyoming Bankers' Association Impersonation Continues:

A Laramie citizen reported two new email addresses that sent emails using the Wyoming Banker’s Association name in the subject line. These came from Xander Morgan at xazswoendolaer1542@gmail.com and William Payton at paytonwilleam6868@gmail.com.

Amazon E-Gift Card:

A Sheridan citizen’s friend’s email was compromised and the hacker’s sent an email asking “May I ask you a favor, do you have an account with Amazon?” The Sheridan citizen responded to her friend saying she didn’t have an Amazon account, but then the correspondence became more suspect. The hacker asked the Sheridan citizen to buy her an Amazon e-Gift card for another friend’s birthday giving the reason that there was trouble with her credit card account that the bank was sorting out. The Sheridan citizen called her friend to see what was going on, found out the friend’s email had been compromised, and then reported this scam. CyberWyoming Note: When in doubt, call!

Beware of False Donations to Campaigns:

A Laramie citizen reported an email asking if she was a “Trumph” supporter and then, if so, clicking on a link to donate to support the cause. The email was from onlineguy888@gmail.com and the subject line was “Are you a Republican?”

Microsoft Voice Message Impersonation Scam:

A Casper citizen reported an email with perfect Microsoft branding saying that he received a voice note and to click on the button, styled as a voice message player, to retrieve the message. However, the button was disguised and is a link that does not go to Microsoft. The email was spoofed as the Casper citizens name and company but was actually from lasiomnx@maximusnix.com and the subject line was today’s date.

Tip from CyberWyoming to Beat the Scammer:

When you are online, purposely misspell your name on webforms that don’t contain important information. For instance, if your first name is Brian, change the name to Brain. That way, whenever you receive an email for Brain you will know that you can ignore it.

MS-ISAC Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Google’s Android operating system and Microsoft products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the US News:

Spreadshop, LinkedIn (scrape of data, not a data breach), Mint Mobile, Bank of Oak Ridge, CNA Financial Corporation, Morgan Stanley, Republican National Committee, Northwestern Memorial Healthcare, GETTR (new social media platform), PracticeFirst (medical practice management software), Pacific Market Research, Arthur J Gallagher (insurance brokerage firm), LimeVPN, UofL Health (Kentucky), AcadeME, Altus Group, Mercedes-Benz USA, Workforce West Virginia, Wolfe Eye Clinic (Iowa), City of Tulsa, PACS (medical imaging software), Maximus (Ohio Medicaid provider), Reproductive Biology Associates, MyEggBank, NYC’s Law Department, Wegmans, Carnival Corporation, Cake Box, Audi/Volkswagon, and CVS Health.

Change your password if you have an online account with any of these organizations.

Other ways to report a scam:

  • Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
  • Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
  • File a complaint with the Federal Trade Commission at ftccomplaintassistant.gov
  • Report your scam to the FBI at www.ic3.gov/complaint
  • Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
  • Office of the Inspector General: oig.ssa.gov
  • AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
  • IRS: report email scams impersonating the IRS to phishing@irs.gov
  • Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398