Hacker's Brief 11/14/22

November 14, 2022
Security
info@cyberwyoming.org
www.wyocan.org
www.cyberwyoming.org/alliance
307-314-2188, PO Box 2332, Laramie, WY 82073

Wells Fargo Impersonation:

An email impersonating Wells Fargo with the subject line of “New Notification” from an acrevo.com email address spoofed as “Fraud Alert” was reported by a Laramie citizen. The email says that they have detected unusual activity on your ‘card card’ that may result in ‘closure of your account and card.’ Do not click on the link provided! CyberWyoming researched the link and it goes to a Russian server from the hosting provider VKontakte Ltd.

Random Text Saying “hi”:

A Laramie citizen reported a random text from a 972 number that just said “hi”. CyberWyoming Note: Scammers often use texts like this to see if your number is active and if you will engage with them. So, just delete and block the number.

Be Aware of Current Events Scams Regarding FTX:

With the current event of the cryptocurrency exchange FTX collapsing, be vigilant. Scammers often take advantage of current events. FTX customers could be doubly victimized with scammers saying they can get the victim’s money back. Do not believe unsolicited communicators. Always check with the Federal Trade Commission or the AARP Fraud Watch Network before giving out any personal information or money. Reminder brought to you by the University of Wyoming’s Center for Blockchain and Digital Innovation.

Online News Warning:

The Proofpoint Threat Research Team uncovered intermittent programming code injections for a media company that serves more than 250 major news outlets. If you are reading a news website and your browser asks you to update using a zipped file like Chrome.Update.zip, Chrome.Updater.zip, Firefox.Update.zip, etc. do not open the zipped file. It installs malicious files.

Typo Squatting Warning:

Typo squatting is when bad actors impersonate another company’s website address by changing one character. For instance, Google may be impersonated by using a capital ‘I’ (eye) in place of the small ‘l’ (ell). In many fonts, this looks exactly the same. Popular Android app stores like Google Play, APKCombo, and APKPure as well as download portals for PayPal, VidMate, Snapchat, and TikTok were among the victims. For the full list, check out: bleepingcomputer.com/news/security/typosquat-campaign-mimics-27-brands-to-push-windows-android-malware/

Venus Ransomware – Why You Should Care:

Venus ransomware is currently targeting publically exposed remote desktop services to encrypt Windows computers. If you have a Windows computer, make sure your Remote Desktop Protocol is turned off. CyberWyoming has a video that walks you through how: youtu.be/BXRm1WcrQaQ

Instagram verification:

Users of social media app Instagram are being targeted with a phishing email saying they've been approved for the site's blue badge verification program. Victims are supposed to click a link to complete the process by filling out a form. This requires all sorts of information including sign-on details. Instagram does not send out unsolicited messages like this, so don't click! Brought to you by scambusters.org.

Center for Internet Security Shop Smart and Stay Safe:

Cyber threat actors are aware of the fact that online shopping increases for the holidays. Remember not to use public Wi-Fi, make sure that payment sites start with HTTPS (not HTTP), don’t click on ads or email ads (especially if they look too good to be true), and pay with credit cards, not debit cards.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google’s Android operating system, Google’s Chrome browser, VMWare Workspace One (Assist 21 and 22), Citrix ADC, Citrix Gateway, Apple’s macOS Ventura, Apple’s iOS, Apple’s iPadOS, Cisco’s firewall products, and Microsoft products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Potential breach of Apprentice Information Systems affecting county offices across Arkansas, Continental Automotive Group, Kearney & Company (CPA firm), Somnia (an administrative services firm for anesthesiology practices in New York), AstraZeneca, an Amazon Prime Video Server (viewing data, subscription information), Experian’s identity verification tool, WakeMed Health & Hospitals (North Carolina), US Bank (California), Multi-Color Corporation, Thomson Reuters, See Tickets (payment card details), Microsoft Azure Blob Storage, Meta Pixel (used by hospitals in the US), iDealwine, and Keystone Health (Pennsylvania).

If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

  • Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
  • Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
  • File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
  • Report your scam to the FBI at www.ic3.gov/complaint
  • Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
  • Office of the Inspector General: oig.ssa.gov
  • AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
  • IRS: report email scams impersonating the IRS to phishing@irs.gov
  • Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
  • Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register