Serving the Big Horn Basin for over 100 years

Cyber Security Weekly Briefing

Brief 1/16/2023

Service Notification Scam: If you receive an email from 'Service Notification' at a tut.com email address with the subject line of "[Redacted Name], Track your package ID#29194773" be sure not to click on the link. Reported by a Sheridan citizen.

You have won $500 gift card: If you receive an email from 'American Airlines' at tut.com email address with the subject line of "[Redacted Name], believe it or not! You have won $500 gift card" be sure not to click on the link. Reported by a Sheridan citizen.

You have won a Keurig-Coffee-Maker!! If you receive an email from 'Package Pending' at tut.com email address with the subject line of "Delivery Status Notification: [Redacted Name], You have won an Keurig-Coffee-Maker!!" be sure not to click on the link. Reported by a Sheridan citizen.

CyberWyoming Note: We have notified the administrator of the tut.com legitimate website.

Spoofed unsubscribe link: A Laramie citizen reported receiving an email with the subject 'Status: Waiting at the distribution center' which contained a picture of an error code along with a link to unsubscribe. The link in the phrase "To be removed from our list Click Here" went to a server in Russia. Be careful clicking on unsubscribe links – hover over them and see if it looks legitimate. CyberWyoming Note: What is hovering? Place your mouse over the link but don't click. Your browser will show the true URL. In Chrome, it is show in the lower left part of your screen.

First Federal Bank And Trust: an email was received impersonating First Federal Bank And Trust announcing that "we noticed you recently accessed your account(s) from a device we are unfamiliar with," and said the account had been locked. The email further instructed the user to verify their identity by clicking a link "visiting here." The Laramie citizen who reported this noticed that not only was the link not to the bank, but the citizen did not have an account with this bank. Be careful clicking on links to unlock your bank account – hover over the link and see if it looks legitimate.

A review of the top 2022 scams: AARP has compiled a round-up of the most prevalent scams in 2022, including identity fraud, imposter scams, and on-line shopping scams. Check it out at https://aarp.info/fwnnwy and be the most scam savvy on the block!

Malicious Code in Microsoft Excel: After Microsoft introduced more protection Microsoft Office from malicious code introduced via add-ins, hackers found a new way to exploit through XLL files in Microsoft Excel. Before the XLL file can be run and infect a system, Microsoft will display a security message warning the user there is no digital signature available. Users must make sure to click "Leave this add-in disabled."

FTC Alert – Fake Geek Squad Renewal: Email and text scams continue to be reported to the FTC saying about the Geek Squad scams that Wyomingites have been reporting for the past 5 months. The FTC reminds you not to call the number in the email or on the fake invoice, don't give anyone you don't know remote access to your computer, and don't open attachments. If you see a scam, report it to the FTC at ReportFraud.ftc.gov.

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Microsoft, Adobe (Acrobat, 2020, InDesign, Reader), Google's Chrome browser, Google Android, and Juniper network products. If you use these products, make sure the software (or firmware) is updated.   

Data Breaches in the News: San Francisco Transit Police, Telegram, Social Marketplace Trust & Use (Facebook user ids compromised), Bay Bridge Administrators (BBA) insurance, Kansas-based Captify Health, Consulate Health Care, Tarrant County (Texas), Air France and KLM mileage accounts, Check-fil-A, Maternal and Family Health Services, Five Guys, Slack and Github, Cricketsocial.com, Twitter, CircleCL, Deezer, Wabtec, Lake Charles Memorial Hospital, BTC.com, Sargent & Lundy utility, Twitter, Cincinnati State, Xfinity, LastPass, Ecco, BetMGM, FBI, JFK Airport, McGraw Hill, DraftKings, Medicare, Social Blade, and Gemini Crypto.

If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to [email protected] to alert your friends and neighbors.

Other ways to report a scam:

● Better Business Bureau Scam Tracker: http://www.bbb.org/scamtracker/us/reportscam

● Wyoming Attorney General's Office, Consumer Protection 307-777-6397, 800-438-5799 or [email protected]

● File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/ 

● Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint 

● Reported unwanted calls to the Federal Trade Commission's Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3

● Office of the Inspector General:  https://oig.ssa.gov/

● AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360

● IRS: report email scams impersonating the IRS to [email protected]

● Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit http://www.aarp.org/fraudsupport to learn more about the free program and register.