Norton Impersonation:

A Big Horn citizen reported a fake invoice for Norton’s antivirus software from Kevin Lif at a Gmail address with the subject line of “Thank you for doing order with us!” Remember that Norton’s software retails for around $40-$60 and isn’t $399.99 and real invoices wouldn’t be coming from a Gmail address.

Second Norton Impersonation:

A Sheridan citizen reported a fake receipt claiming she had upgraded NotrPro+ from trial to premium. The email came from Quickbooks but the reply-to was to a wuupr.com email address, which did not come up with a legitimate website when CyberWyoming researched this report. The subject line is “Invoice HJGJ-7673 from David A. Koeller” and the greeting is Dear Custome (without the r). Don’t call the number or open the attachment.

Employers - Beware of the Paycheck Direct Deposit Scam:

A Cheyenne business leader reported an email with the subject line of “QUICK ONE” from an iCloud account impersonating an employee with an attached direct deposit change form to have her paycheck deposited into a new checking account. CyberWyoming Note: If it involves money or user credentials, always verify out of channel. Make a policy to call and verify.

Business Opportunity:

An email from the valid domain of drivethrustuff.com but with a reply-to Gmail address was sent to a Sheridan citizen with the subject line of “From the Desktop of Christian Garcia BOA (Priority …” (note the missing parentheses). Mr. Garcia claims to be a senior staff person with the BOA Bank of New York and wants to discuss a business opportunity with you. Don’t reply. Just delete.

Order Receipts Don’t Usually Come from a Gmail Address:

A Sheridan citizen reported an email from a Gmail address spoofed as “Order receipt” with the subject line of “Receipt”. The email had an attached PDF claiming to be from Geek Squad with an auto-renewal of the 360 Power Protection for $372.90. Don’t call the number. This is fake.

Stargazer warning:

If you're one of the millions of people in awe of the images being returned by the new James Web Telescope (JWT), keep your eyes peeled for a phishing attempt that uses copies of JWT images embedded with malware. It comes with what seems to be a Microsoft Word attachment that contains a download link for the picture. Once downloaded, it installs malware that enables a hacker to access your computer. If you want to see genuine images, NASA has posted them on a Flickr social media photo site: flickr.com/photos/nasawebbtelescope/albums Brought to you by scambusters.org.

Nigerian Price or Russian Billionaire – It’s all the same scam:

A close ally to Vladimir Putin, Viktor Zubkov the 36th Prime Minister of Russia is being impersonated taking advantage of current events. Even though the email asks you for help with economic sanctions and promises to make you rich, it is still the same old scam and isn’t real. Brought to you by KnowBe4’s CyberHeist News.

FCC Warns of Post-Hurricane Scams:

With the devastation of Hurricane Ian on TV each night, remember that fraudsters often take advantage of current events and may contact you via phone, email, or text. Never commit money or reveal personal information via an unsolicited text, email or phone call. Check out the charitable organization on CharityWatch.org or CharityNavigator.org without checking out the cause or charity.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Cisco, Microsoft, FortiOS, FortiProxy, FortiSwitchManager, Google’s Chrome browser, and Adobe (ColdFusion, Acrobat Reader, Commerce, and Dimension) products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Drone & airspace monitoring devices by DJI, Church of Jesus Christ of Latter Day Saints, Celsius (cryptocurrency exchange), Toyota, CSI Laboratories (Georgia cancer testing laboratory), Ro, Family Medical Center Services (Amarillo & Canyon Texas), City of Tucson, Ferrari, Las Angeles Unified School District, Physician’s Business Office (West Virginia), American Airlines, Uber, New York Racing Association, Empress EMS (New York ambulance service), OakBend Medical Center, and U-Haul (includes drivers’ licenses).

If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register