Hacker's Brief 10/25/21

October 25, 2021
Security
info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307.314.2188, PO Box 2332, Laramie, WY 82073

Retraction:

In the 9/13 Hacker’s Brief, an email address was reported that was legitimate and not connected with a government stimulus checks scam.

Department of Tax Debt and Financial Settlement Services Scam:

A Big Horn citizen reported a phone call from Mary Fletcher claiming to be from the state’s Tax Debt and Financial Settlement Services Department (not a real department) to discuss a new tax debt compromise program that is open for enrollment through the American Rescue Plan. There is no such program. If you want to hear the call, check out getoutofdebt.org/165759/bs-biden-tax-relief-program-calls-hang-up.

It’s a Week for McAfee Scams!

A Sheridan citizen reported FOUR different McAfee email scams for license renewals and subscription continuations. McAfee only costs $20-$30 a year, so if you receive a renewal notice for $351.57 or $229.98 from michj606@gmail.com or valokamo249@gmail.com you can assume it is fake.

McAfee License Expired Scam:

This scam is from newstead@hawaii.edu spoofed as “Mcafee-Security” (note that McAfee should have a capitalized A) with the subject line of “Your License Has Expired.” CyberWyoming Note: We let our friends at CyberHawaii and the University of Hawaii know about this email address and it has been discontinued since 2012, so it was a full spoof.

McAfee Scam Struck Out:

If you receive an email with huge red letters saying “Your Account Has Been Striked Out Today!” notice the rest of the poor English in the message. The email’s subject line is “McAfee-Reminder; #697-CD79FLS/US**Update To Be Safe!**” and is from Notice@bellestorie.com spoofed as “Critical Notice”. CyberWyoming Note: the link redirects you to a very real looking McAfee website, but it is protectdevicesnow.com and not McAfee. Pay attention to those URLs!

Using Religion to Pull Your Heartstrings:

Whenever you receive an email that is heavy on religion, but isn’t from your personal church’s email address, be sure to question the motive. A Laramie citizen reported an email from Mrs. Maureen Greaves at tpeterkevin@gmail.com or mrs.maureengreaves@writeme.com whose greeting was “Dear Beloved in Christ” and signature line was “Thanks and remain blessed in the Lord. I remain yours sister in Christ. Mrs. Maureen Greaves Church Army evangelist).” (Note the typos – a sure sign that this isn’t real.) Mrs. Greaves cites an article about a murder in the UK and asks for help with distributing funds after the murder. CyberWyoming note: This is a great example of using a news event to look legitimate.

Reverend Father Clement Sandy Didn’t Leave You Money:

If you receive a very poorly worded email asking for your personal information to be the beneficiary of the late Clement Sandy, read it for grins. They mention Microsoft, the Catholic Church, and don’t realize that you address a priest as Father but a protestant minister as Reverend. The email’s subject line is “REPLY ME BACK” (yes, in all caps) and the email is from Reverend Sister Mary Thomas at sistermarythomas2079@gmail.com. Reported by a Sheridan citizen.

Dear Friend Greeting is a Good Clue It’s Fake:

A Laramie citizen reported an email from Monika Fernandez at crypto@chernomor-auto.ru or frenandemonica483@gmail.com saying that she was diagnosed with cancer and only has a few months to live. She needs help giving away her money and wants to give you 20% commission, but you have to furnish your private phone number.

Low Cost Health Plan Phone Scam:

A Laramie citizen reported a recorded call saying that the citizen’s low cost health plan offer would be revoked unless she pressed 5 to talk to a person. The other option the citizen reported was ‘to remove yourself from the call list press 8.’ CyberWyoming Note: Security experts do not recommend pressing a number for these types of calls. It signals that the number is active and could open you up to more calls.

Senior Friend Challenge:

It’s Cybersecurity Awareness Month & the CyberWyoming Alliance is issuing a Senior Friend Challenge. Call a senior friend that may be a little tech challenged and talk to them about some of the basic scam techniques like: phone number spoofing, government impersonation, lottery scams, the grandparent’s scam and tech support scams. Show your buddy how to sign up for the FTC’s do not call list at donotcall.gov/report.html or 1-888-382-1222, option 3. Your community will be safer because you had a 30 minute conversation with a friend.

Scambusters.org Sidewalk Alert:

Amazon’s Alexa devices including Echo speakers, Ring cameras, and Tile trackers have a new feature called Sidewalk. If your Wi-Fi goes out, then it will use your neighbor’s bandwidth to ensure the devices keep working – and vice versa. Some experts are calling this a privacy nightmare. You can turn off Sidewalk. For more information: amazon.com/Amazon-Sidewalk/b?ie=UTF8&node=21328123011

MS-ISAC Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Oracle (quarterly patches) and Google’s Chrome browser products. If you use these products, make sure the software (or firmware) is updated.

Other ways to report a scam:

  • Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
  • Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
  • File a complaint with the Federal Trade Commission at ftccomplaintassistant.gov
  • Report your scam to the FBI at www.ic3.gov/complaint
  • Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
  • Office of the Inspector General: oig.ssa.gov
  • AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
  • IRS: report email scams impersonating the IRS to phishing@irs.gov
  • Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
  • Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register