‍

PayPal Scam Awareness:

A resident of Laramie received a suspicious email from a Gmail address (of random letters) with an attachment from someone posing as "PayPal." Although this citizen rightfully refused to open it, in the preview, it appeared to be a bill stating, "you’ve sent a payment of $420.50 USD to Coinbase Inc." The email stated, "Thank you for your order Verify follow Your order is going astonishing." CyberWyoming Note: Verify sender details and refrain from opening attachments or clicking links if the source seems dubious. In instances like these, confirming the legitimacy of unexpected bills or payment requests can help prevent potential cyber threats and safeguard your personal information.

Bypassing Biometrics:

Security researchers at Blackwing Intelligence identified vulnerabilities in widely-used laptop fingerprint sensors from Dell, Lenovo, and Microsoft, allowing bypass of Windows Hello fingerprint authentication. These flaws could enable unauthorized access through complex attacks. Microsoft's push for password-less authentication faces risks due to these security gaps. The researchers urge device manufacturers to ensure Secure Device Connection Protocol (SDCP) is enabled and to conduct expert audits on fingerprint sensor implementations. Blackwing Intelligence is also exploring attacks on sensor firmware and assessing fingerprint sensor security on various platforms. – Brought to you by The Verge

Hackers are increasingly targeting small businesses:

Secure the Village (https://securethevillage.org/) is warning that small organizations are being threatened by cybercrime. Here’s an example:

Hackers are increasingly hiding within services such as Slack and Trello to deploy malware: A new analysis unpacks a wide array of malware abusing legitimate internet services and what defenders should do to stop it. … Criminal hackers have always abused legitimate web services such as Gmail and Facebook to do their bidding, but increasingly they are finding new ways of blending into popular applications to avoid detection and find unsuspecting victims.

FTC Warning about Business Coach Scams:

If you are a small business owner and are considering a business coaching program, consider these tips.

• Be wary of promises that you’ll make quick money. No one can guarantee you’ll make lots of money with little to no risk. Anyone who does is a scammer.
• Take your time and talk to someone you trust. Scammers will pressure you to get involved now or “risk losing out.” Get a second opinion about the business offer or coaching program from someone who has your best interests in mind.
• Read success stories and testimonials with skepticism. They might not be true or typical. Glowing stories of success could be fake or misleading, and positive online reviews may have come from made-up profiles

– Brought to you by the Federal Trade Commission (FTC)

There’s a warrant out because you skipped jury duty:

People are being targeted by phone call, email, and messaging scams threatening them with prosecution for failing to comply with jury service. In the communications, recipients are pressured to provide confidential data, potentially leading to identity theft and fraud. The scammers threaten recipients with fines and jail time if they do not comply. These communications are fraudulent and are not connected with the federal or state courts. Persons receiving such a telephone call or email should not provide the requested information and should immediately notify the Clerk’s office in their area.

• Courts do not require anyone to provide any sensitive information in a telephone call or email.
• Most contact between a court and a prospective juror will be through the U.S. mail, and any phone or email contact by real court officials will not include requests for any sensitive information.
• Jury duty is a vital civic responsibility and should be taken seriously by all citizens. However, it is a crime for anyone to falsely represent themselves as a federal court official.

– Brought to you by the U.S. Courts

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Fortinet FortiSIEM, Google Chrome, Adobe products, Microsoft products, WordPress’s Elementor Plug-in, and Mozilla products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

MOVEit, Kronos, Microsoft, Welltok, and General Electric.

Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection 307-777-6397, 800-438-5799 or ag.consumer@wyo.gov
• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register