Roku Racket:

A Cheyenne resident reported a scam email from a Gmail account with the subject "ZQYM." The email had an attachment and through the preview window, it appeared to be a fake invoice impersonating Roku and included the recipient's email address in the attachment. CyberWyoming Note: Always verify unexpected invoices by contacting the company directly through official channels and avoid opening attachments or clicking links in suspicious emails, especially from unfamiliar Gmail addresses.

Defective Product Scam:

A Wyoming resident received a scam message claiming to be from Amazon, stating that the goods they purchased were defective and instructing them to stop using the items immediately due to potential harm. The message urged the recipient to return the items, suggesting that continuing to use them could result in self-harm. CyberWyoming Note: Always verify suspicious messages directly with the company, in this case Amazon, through official channels before taking action.

Gold Kit or Gold Scam?:

A citizen reported receiving a scam email from the address TrumpTaxCredit [random numbers]@beakem[dot]com. The email's subject line read: "[Recipient's Name] Your 401K Won’t Survive Kamala’s Coup (Unless You Do THIS) JR," and it urged the recipient to "Claiim your F R E E Gold Information Kit!" The message included three suspicious attachments. CyberWyoming Note: Avoid opening attachments or clicking links in suspicious emails, especially with bad grammar. Verify the sender, watch for red flags, and never share personal info.

Malware Targets Employees Through Illegal Streaming Websites:

Microsoft reports that nearly 1 million business and home PCs were compromised in December after users visited illegal streaming sites. The malware, spread through malicious ads on pirated video sites, impacted both consumer and enterprise devices. The attack leveraged platforms like GitHub, Discord, and Dropbox, with GitHub quickly removing infected repositories. Citizens are urged to strengthen security awareness training, particularly emphasizing the dangers of visiting untrusted websites. The malware used a multi-stage process, exfiltrating data and deploying various payloads, including information stealers and remote monitoring programs. Microsoft recommends strong endpoint detection (antivirus software that monitors your computer continuously) and multifactor authentication.
– Brought to you by CSO
‍csoonline.com/article/3842391/almost-1-million-business-and-home-pcs-compromised-after-users-visited-illegal-streaming-sites-microsoft.html

FBI Warns of Language in Phishing Emails:

The FBI has issued a warning about scammers using more sophisticated methods, including exploiting disasters and mass casualty events like the New Orleans attack and LA wildfires. Phishing emails often feature urgent language such as "act fast" or "immediate action required," pressuring recipients to act without thinking. The FBI and CISA advise caution with emails that invoke urgency or emotion, especially as AI enhances the appearance of these messages. The key advice remains the same: don't click on unsolicited links, verify the sender's email address, and use two-factor authentication for added security.
– Brought to you by The National News Desk
‍thenationaldesk.com/news/americas-news-now/fbi-issues-new-warning-be-on-the-lookout-for-specific-language-in-emails-los-angeles-cisa-us-cyber-defense-agency-act-fast-phishing-emails-artificial-intelligence-message-two-factor-authentication

Don’t Let Scammers Cancel Your Vacation:

The Telekopye (a Russian malicious toolkit that was named for Telegram and kopye, spear in Russian) travel booking scam targets users on sites like Booking.com and Airbnb. The toolkit automates phishing attacks, impersonating legitimate hotel bookings. Victims receive urgent emails claiming issues with their reservations. The emails link to fake sites that look convincing, pre-populated with booking details, and include a chatbot to guide victims through providing their financial info. To avoid falling for this scam, users should verify the URL (website address), check for unusual language or payment requests, and always contact the platform directly. Taking precautions like enabling multifactor authentication and monitoring financial transactions can help protect against this fraud.
– Brought to you by Secure The Village & MUO
‍makeuseof.com/how-spot-telekopye-hotel-booking-scam/
‍For more information about Telekopye, visit the Hacker News here:
‍thehackernews.com/2023/08/new-telegram-bot-telekopye-powering.html

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome and Microsoft SharePoint. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Sharepoint, Premier Health, Tea app, Dell, and Crumbl cookie. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register