Serving the Big Horn Basin for over 100 years

Cybersecurity weekly report 9/15/23

Brief 9/18/2023

Please pray for us…and click on this link: A Laramie citizen received a text message asking for prayers and to click on a link. CyberWyoming note: After researching the link, we found that it was for a political campaign. But it could have just as well been a scam. As the political season heats up, be careful with clicking on links in emails and texts, even if the link appears to be from a candidate you support. It’s best to look up the candidate’s website through your browser.

I can help you fix your website…if you have one: A Laramie citizen received an email, saying that their website looks great, but needs a few tweaks to get noticed. The citizen just needs to click on a link to find out all about the service. Except the citizen doesn’t have a website. An example of scammers casting a wide net to see if anyone takes the bait. CyberWyoming note: Just don’t click. If you’re tempted, look up the website through a browser search and navigate from there. The only exception is do not click on any of the “ad” links in the browsers as it’s likely the scammers are advertising fake sites to go with their phishing scams.

Speaking of websites, can I interest you in a new domain name? A Laramie business received an email, offering to sell a domain name that is similar to their company’s domain. The sender’s email address is sketchy. CyberWyoming note: If you’re interested in purchasing a domain name, we suggest using a legitimate domain management company such as Whois, GoDaddy, or NameCheap.

Fake renewal notices from SAM (System for Award Management): The federal government’s SAM database was breached several years ago, and Wyoming citizens are still receiving dubious renewal notices. SAM.gov reminds citizens that the SAM website is FREE to use and update, and you should never pay for that service. In addition, you can log into your SAM account to see if your registration is not complete (NEVER click on a link in an email to log in). Do not rely on emails from non .gov email accounts to tell you if your registration is due or incomplete. If in doubt, you can call their helpline at 866-606-8220, option #1. You can also report the scam by forwarding the email to the Federal Trade Commission, specifically its Unsolicited Consumer Emails (UCE) program at [email protected].

Have you changed your passwords? Secure the Village reports that many users of LastPass still have not changed their passwords after the 2022 breach. The passwords of those users are being used to scam people out of millions of dollars. CyberWyoming note: Check the breach section of the Hacker’s Brief each week to see which passwords you need to change. Using a password manager is highly recommended so that you can create unique and long passwords without having to memorize all of them. Most password managers will create strong passwords for you and change all your passwords at once!

When was the last time you restarted Chrome? You may have noticed that Chrome is almost always listed in our “patch now alert” as scammers and hackers are constantly looking for a way to exploit the world’s most used browser (63% of the market share). But did you know that you have to restart Chrome for your security updates to take effect? It turns out we don’t like to restart our browsers and re-log into all our accounts. However, this month you should bite the bullet and make sure your Chrome browser is updated to version 116 or higher as it supports quantum-resistant encryption. Why do we care about this? Because in a couple of years, cyber-attacks using quantum computing are going to get even better at hacking and breaching accounts, websites, email servers, so early intervention by browsers and companies is important. So do your part – make sure your Chrome browser is updated and restarted! – Brought to you by The Hacker News

Did your dating app match just ask you for money? You or your friends might be thinking about love. But not everyone is — some are just looking to get into your pockets. Romance scammers might contact you on social media or dating apps saying they want to get to know you. It’s true love, they say, but they live too far away to meet. Maybe because of work, or because they’re in the military. Then they start asking for money: it could be for a plane ticket, surgery, or something else urgent — or even to “help” you invest in cryptocurrency. So, how do you spot a romance scam? If an online love interest asks you for money, that’s a scam. Don’t send a reload, prepaid, or gift card; don’t wire money; and don’t send cryptocurrency to someone you met online. – Brought to you by the Federal Trade Commission (FTC)

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Apple products (Watch, iPad, Mac, iPhone, etc.), Microsoft products, Cisco, Chrome. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News: Save the Children, MGM Resorts, Associated Press Stylebook, Microsoft 365 accounts, Johnson & Johnson, Sabre, Just Kids Dental.

Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to [email protected] to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: http://www.bbb.org/scamtracker/us/reportscam

• Wyoming Attorney General’s Office, Consumer Protection

o Email [email protected]

o Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/

• Get steps to help at https://www.identitytheft.gov/#/Info-Lost-or-Stolen

• Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint

• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3

• Office of the Inspector General: https://oig.ssa.gov/

• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360

• IRS: report email scams impersonating the IRS to [email protected]

• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit http://www.aarp.org/fraudsupport to learn more about the free program and register.