Holy Impersonation Batman!

A Sheridan citizen reported an email impersonating Home Depot, but if you look closely the email is really from a real newsletter and podcast address at tut.com. The subject line is “Confirmation Needed” and the link transfers you to a French website. Note that this same email address also spammed the same Sheridan citizen claiming a “Final Notice” for a Christmas card company in Britain, a “surprise” for T-Mobile Customers, Sam’s Club, and/or CVS Pharmacy Stores, get your credit report from impersonating not one, but all three credit reporting agencies, and a “Last Reminder” for McAfee antivirus software. Note that the Christmas card company link showed up in at least 5 different emails that the Sheridan citizen received with different subject lines in each one. The last one was supposedly from Lowe’s and the subject line was “Seriously, We don’t normally do this.” But, obviously, the hackers DO normally do this. Don’t click on the link! Tut.com is a real podcaster’s website and we have notified him that his email has been compromised.

Unusual Login Text Scam:

A Big Horn citizen reported a text impersonating Amazon. The text said that her Amazon account had been locked because of an unusual login from Toronto and urged her to follow the link in the text to verify her identity. CyberWyoming Note: Never click on a link in a text or email. Instead, check your account by typing in the website address.

Cathryn Green is Sending Norton Invoices from Quickbooks and maybe a Plumber?

Who is Cathryn Green, what is she to Norton’s Safe Web plug-in software (which is NOT $431!), and why is she sending invoices from Quickbooks in which you have to reply to a plumbing services email address? Nothing adds up, so just delete! Subject line: “Invoice 1001 from Cathryn Green.” Reported by a Sheridan citizen who also notes that a similar email came from Rolando Tromp and Zachary Moon too! However, Zachary’s reply was a pest services company instead of a plumbing company. CyberWyoming Note: Here’s the real Norton Safe Web link: us.norton.com/feature/safe-web. This is a great example of a scammer using legitimate software like Quickbooks. Report any Quickbooks phishing scams to Quickbooks at: security.intuit.com/contact-us.

Local Church Impersonated:

Impersonating a company like Amazon is one thing, but when your local church is impersonated online and the scammer is asking for gift cards for something that sounds like a worthy cause, it strikes home. St. Mark’s in Cheyenne was recently the victim of this scam via two different Gmail addresses, reminding all church patrons to call the church before they donate anything through an email request. Reported by a Cheyenne citizen.

“I was always hostile to people” Email Scam:

If you receive an email from a dying German citizen claiming to be called Jurgen Lucas whose email address is for Rodwell Williamses at a Gmail address but also spoofed as Nicola Tunney, definitely read the email but don’t reply. The email is comical in that he asks for your help but says claims he was hostile towards people, stingy, and selfish, but now wants a trustworthy relationship with you to deposit his gold bars. Hmmm, ironic? Reported by a Sheridan citizen.

Western Union Refund:

Were you tricked into wiring money to a scammer via Western Union between 2004 and 2016? If you were and still haven't received a refund from the $586 million settlement the firm agreed, you still have time to file. The US Federal Trade Commission (FTC) has extended the deadline for claims, originally July 1, until the end of August. westernunionremissionphase2.com Brought to you by scambusters.org.

Take Small Steps to Secure Your Identity Online:

According to a 2021 study by NordPass, the average person has 100 passwords and associated accounts. This is a LOT to keep track of! Karen Sorady, VP for the MS-ISAC Member Engagement, recommends using multi factor authentication (MFA) where available. As an example, MFA requires 2 pieces of evidence that you are who you claim to be, so for instance, that code that your bank sends to your cell phone number is the second piece of information. The second tip Ms. Sorady provides is using a password manager, but making sure you also secure it with MFA. Make your password vault in the password manager super secure because that is your life in there! And, be sure to designate a digital inheritor in the password manager, in case of emergency. If you want to see demonstrations of popular password managers, contact us at info@cyberwyoming.org or check out PCMag’s 2022 review of password management software. Check out the full MS-ISAC article here: cisecurity.org/insights/newsletter/take-small-steps-to-secure-your-identity-online. For more tips to protect your online identity, save the date for It’s About Identity!, Wyoming’s Cybersecurity Conference combined with UW’s Blockchain Stampede on September 23 in Laramie. FREE and open to the public. Registration link at cyberwyoming.org/conference.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla’s Firefox browser, Apple, Cisco, and Drupal products. If you use these products, make sure the software (or firmware) is updated.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register