A Quick Review:

A Newcastle citizen reported receiving an email with the subject “A Quick Review” and an attached invoice and packing list. The attachment contains malware. The link in the email is to a server in Argentina, but the company that is being spoofed is a medical services company in Portugal. CyberWyoming note: Don’t click on links or open attachments unless you are certain who sent them and why.

Cash in Magazines:

You get a phone call from someone claiming to be from Apple or Microsoft, and they say there’s fraud on your account. They want you to put cash inside a magazine and send via FedEx or UPS to clear your account. Just hang up. - Brought to you by The Current Tech News

Led astray by Google Maps:

A man looking to change his flight called the number he found in Google Maps. It led him right to a scammer. That’s right — the listings for multiple airlines at New York’s John F. Kennedy and LaGuardia airports were swapped for fakes. Go directly to your airline’s website to find the number you need to call. - Brought to you by The Current Tech News

Veterans targeted for benefits scam:

Now that veterans and servicemembers exposed to toxic substances get expanded benefits and health care through the PACT Act, dishonest businesses and scammers are trying to get a cut. You may have seen the commercials on TV or social media about veterans’ health conditions possibly caused by exposure to burn pits, Agent Orange, and other toxic substances. The ads offer so-called help to file a claim. The catch? They’ll charge you a fee, or a percentage of the benefits you get. What they won’t tell you is that you don’t have to pay to apply for any type of veterans’ benefits, or that free assistance is available. The VA or Veterans Service Organizations can help file a claim for free. – Brought to you by the Federal Trade Commission (FTC)

Pulling at your heart strings:

Scammers have been sending out personally addressed letters telling recipients they have hard evidence their partner is involved in an illicit relationship. And they say they'll send you the proof, including photos, if you send them money. Of course, they want you to pay with untraceable cryptocurrency. It’s a scam. CyberWyoming note: Scams often try to get their victims to ignore the reasoning part of their brains by using strong emotions like fear and jealousy. Take a deep breath and walk away from the letter, email, or text. You can call the AARP hotline anytime to talk through whether something is a scam or not BEFORE you act. – Brought to you by Scambusters

Facebook ads that are a trap:

You're browsing Facebook and see flashy ads for artificial intelligence (AI) tools from OpenAI, Midjourney, and Google. They claim there's a huge development, and all you have to do is click. Hackers are developing sophisticated ads and using verified profiles on Facebook to publish them so they get past the scam ad filter. And once you’ve clicked that link, malware is installed on your system. – Brought to you by The Current Tech News

Infected thumb drives:

Hackers are still using a trick that works - scattering infected thumb drives in public spaces, like parking lots or offices, to carry out their malicious activities. “I wouldn’t pick that up,” you might think, but they use enticing labels or logos like “Financial Records” or “Crypto Keys” to pique your curiosity and encourage you to plug it into your computer. If you plug it in, malware stored on the drive can infect your PC and give that hacker access to your files. – Brought to you by The Current Tech News

By criminals, for criminals:

An artificial intelligence tool promoted on underground forums shows how AI can help refine cybercrime operations. In one experiment, researchers instructed WormGPT to generate an email intended to pressure an unsuspecting account manager into paying a fraudulent invoice. “The results were unsettling. WormGPT produced an email that was not only remarkably persuasive but also strategically cunning, showcasing its potential for sophisticated phishing attacks.” – Brought to you by Secure the Village

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Ivanti Endpoint Manager Mobile, Apple products, Mozilla Thunderbird, Adobe ColdFusion, Google Chrome. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Rite Aid, VirusTotal. Latest MoveIt victims: Estée Lauder, Boise State University, Highmark Blue Cross Blue Shield, U.S. Department of Agriculture, North Idaho College, American Airlines, TJ Maxx, Marshalls.

Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register