You are eligible for an IRS ERC refund:

Actually, you probably aren’t eligible for the Employee Retention Credit, especially if you aren’t a business owner that had to shut down during COVID. The IRS has been warning the public about scams where you’re advised to file a tax claim for the credits. Even if the scammer is convinced that you are eligible, be very careful as the IRS has been watching for false claims and has been pursuing back taxes and penalties. It’s best not to respond to random emails about this credit and to talk to either the IRS or a tax accountant before you act. – Reported by a Laramie citizen and the IRS irs.gov/coronavirus/employee-retention-credit

Use this QR code to secure your email:

A Jackson citizen received an email supposedly from Microsoft saying that the citizen needs to use a QR code to secure their email. Except the email wasn’t from Microsoft and the QR code goes to a site that only shows an error message. CyberWyoming note: Always look at the sender’s email address before paying any attention to an email. And before clicking on a link in an email, look up the company online.

Google listing phone call:

A Jackson citizen received a Google Listing recorded call which she has received repeatedly over the past couple of weeks. In frustration, this citizen pressed the button to unsubscribe from the call and a real person came on the line. They insisted she pay them $300. When she said 'no' they hung up on her, probably moving on to someone more agreeable. CyberWyoming note: Pressing a number on these types of calls signals your phone number is active and could open you up to more scammers. However, a few Wyoming citizens have, out of anger and frustration, acted and pressed a number, asking lots of questions of the person who comes on the call, with the result of the scammer hanging up on them.

Reporting scams to the post office:

A Laramie citizen reported that she was at the post office where one of the counter agents was helping an older couple with a scam they were worried about. They asked the USPS agent what the real website address was and how the USPS would contact them. The agent confirmed that the real website was usps.com and anything coming from anywhere else was fraudulent. The counter agent said that the USPS doesn't send emails or texts or call you for delivery notifications or problems with your package. When the citizen got to the counter, the agent said it was the 6th report they had received that day.

What happens in Vegas doesn’t always stay in Vegas:

Last week there was a cyberattack on MGM and Caesars, causing chaos in Las Vegas. MGM, valued at $14 billion, fell victim to a social engineering attack due to an IT administrator's failure to follow basic security protocols. This breach affected various aspects, from slot machines to guest room keys, indicating poor network configuration. The incident underscores the importance of information security controls. Organizations should ensure IT personnel are well-trained and vigilant in enforcing strong password reset procedures. Network segmentation is crucial, akin to an ocean liner's compartments, preventing a breach in one area from flooding the entire system. Las Vegas casinos, including Excalibur and Aria, endured prolonged disruptions. Guests faced lengthy check-in lines, digital keys and meal charges were unavailable, and many slot machines malfunctioned. The cybercriminal group "Scattered Spider" used impersonation and malware via phone calls to hack MGM, demanding ransoms. MGM's response was criticized for its ineffectiveness and disregard for customer safety. Additionally, Caesars Entertainment paid a $15 million ransom following a separate cyberattack. These incidents emphasize the urgency for organizations to bolster their cybersecurity measures. – Brought to you by Secure The Village

Emails and text messages with the word “text” or “checking”:

A Colorado citizen reported receiving an email from the Geek Squad with the word “checking.” CyberWyoming note: The scammer is hoping that the citizen will respond to the email, thus initiating a dialogue and confirming the email address is active. Just delete.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla products, Google Chrome. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Maximus (Medicare contractor), T-Mobile, TransUnion, ORBCOMM (trucking fleet management), MGM Resorts. Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register