My email got hacked:

A Wyoming citizen received an email asking for “a little favor” from her California friend’s actual email address. Instead of emailing her friend back, the Wyoming citizen texted her and asked about the email. The CA friend said her email was hacked and the “little favor” message had gone to many of her contacts. CyberWyoming provides the following advice if your email gets hacked:

• Change your email password immediately to something you’ve never used before.
• Check your email forwarding rules as hackers will often set them up in case you change your password. With a forwarding rule, they will receive all your emails.
• If the hacked email is used for banking or financial accounts, call your financial institutions to put an alert on all your accounts.

Please fill out this survey:

A Laramie business received an email, asking them to fill out a two-question survey for American Express…except the business doesn’t have an account with American Express. Clicking on the survey in the email would take the citizen to a phishing site not affiliated with American Express. CyberWyoming note: Some companies use third-party marketers to gather information and conduct surveys, but many of these surveys are ways for scammers to get your personal information. It’s best just to delete the email.

Using the Better Business Bureau (BBB) to find disreputable companies:

A Casper citizen called CyberWyoming about a car renewal warranty letter he received in the mail four times. It was for a Toyota Landcruiser, which the citizen has never owned. The letters are supposedly from CarShield, which is a legitimate company BUT CarShield has a D rating from the Better Business Bureau. We told the citizen to take the letter to the post office because the company could be guilty of mail fraud. Other options that we gave him were to report it to the FTC and the BBB. We encourage people to use bbb.org/search whenever they want to research a company as it has great data.

For a change, some good news:

Big kudos this week to the F.B.I. and their international partners. They brought down a botnet used in cybercrime that had infected 700,000 computers in the past year and that may have been responsible for up to 30% of cybercrime. “This is the most significant technological and financial operation ever led by the Department of Justice against a botnet,” said Martin Estrada, the U.S. attorney for the Southern District of California. CyberWyoming note: This is why reporting scams, fraud, and malware is so important – the authorities must be notified so they can respond to cybercrime. – Brought to you by Secure the Village

Deepfakes are getting real:

The deepfake scam has finally arrived on social media. Fake videos of celebrities hawking phony services have begun to gain some traction on major social media platforms like Facebook, TikTok and YouTube. Last week, NBC News viewed more than 50 videos posted to those sites that featured computermanipulated images and audio of well-known people, all of which appeared to have been created to scam viewers out of money. Almost all of the videos centered on Elon Musk, with manipulated videos of several news and television personalities — including CBS News anchor Gayle King, former Fox News host Tucker Carlson and HBO host Bill Maher — falsely claiming Musk had invented a technologically advanced investment platform. – Brought to you by NBC News. CyberWyoming note: With AI, it is easy and quick to make a deepfake video, so it’s important we all learn how to spot them. MIT has set up a website to help us learn the subtle clues that will tell you a video is a fake detectfakes.media.mit.edu/ and Dr. Gregory White, a member of the WyoCAN (Cybersecurity Action Network) committee created a series of short videos about deepfakes that can be accessed here: library.wyo.gov/services/wyoming-residents/wyoming-can/.

Flash drives from the government:

The school district in Tucson, Arizona, was recently hit with a wave of ransomware demands after scammers invaded their networks and stole confidential information. How did the scammers get in? They mailed flash drives to the school, supposedly from the Department of Education, with instructions to get back-to-school information from the drive. As soon as the flash drive was plugged in, the scammers were in the network. Brought to you by CyberWyoming Member, DigiTekS, an IT consulting firm in Wyoming, and they think CPAs will be targeted next. CyberWyoming note: Never plug an unknown flash drive into your computer. They used to be handed out at conferences, but, after scammers started using them, legitimate use of flash drives is rare. If someone wants to give you some files, suggest they use a cloud service instead.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Cisco BroadWorks and Xtended Services, Chrome. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

LogicMonitor, Prime Therapeutics + Magellan Rx Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register