Serving the Big Horn Basin for over 100 years

Weekly Cyber Security Brief

Costco Scam

Hacker’s Brief 2/23/2024

Payroll Ploy: A Jackson citizen received a scam email purportedly from a former employee, requesting assistance in updating their direct deposit information before the next payday. The citizen speculates that the email may have originated from LinkedIn, as the employee has not worked for the company for two years but has not updated their LinkedIn account. The email used the former employee's full name in both the sender's email address and the message content. CyberWyoming Note: Always verify the authenticity of unexpected requests for sensitive information, especially regarding financial matters, by directly contacting the individual through trusted communication channels.

Costco Con: A Wyoming citizen reported receiving a scam email with the subject "Renew Your Costco-Membership For Continued Benefits" from the email address "CostcoExpiration ". The email, with the Costco logo, falsely claims that the recipient's membership has expired but offers a 90-day extension as part of a loyalty program. However, the entire message is a linked image that likely serves malicious purposes such as collecting location and device information, redirecting to fake websites, or downloading malware upon clicking. Despite offering options to unsubscribe, interacting with any part of the message is risky.

CyberWyoming Note: Be cautious of emails claiming urgent membership renewals or offers, especially if they contain suspicious email addresses or request interaction with embedded images. Always verify the legitimacy of emails from organizations by directly visiting their official websites or contacting them through trusted channels before taking any action.

Cybercrime Crackdown: Yes, reporting cybercrimes DOES make a difference. These cases demonstrate the global efforts to combat cybercrime and hold perpetrators accountable through legal actions.

• Warzone RAT Malware Operation:

o Two suspects, Daniel Meli and Prince Onyeoziri Odinakachi, were arrested.

o Meli charged in the US with computer intrusion and illegal sale of malware.

o Odinakachi was charged with computer intrusion.

• JFK Dispatch System Hacking Scheme:

o NYC cab drivers and Russian nationals hacked JFK's taxi dispatch system.

o Drivers sentenced to prison, ordered to pay restitution.

• Hive Ransomware Gang:

o US offers rewards for info on Hive ransomware operators.

o International efforts dismantled Hive, preventing millions in ransom payments.

• International Identity Theft Scheme:

o Tuong Quoc Ho sentenced for orchestrating $2M identity theft scheme.

• Singapore Crackdown on Money Mules:

o Singapore arrests 41 suspects involved in various scams.

o Suspects accused of facilitating criminal operations could face up to 10 years in prison.

These cases illustrate the tangible impact of reporting and pursuing legal actions against cyber criminals. Through collaborative efforts between law enforcement agencies and international cooperation, perpetrators are being identified, arrested, and held accountable for their actions. This not only serves to dismantle criminal operations but also sends a clear message that cybercrime will not be tolerated. By reporting cybercrimes, individuals play a crucial role in safeguarding digital environments and ensuring justice for victims.

– Brought to you by ImmuniWeb

https://www.immuniweb.com/blog/warzone-rat-malware-dismantled-in-an-international-police-op.html?utm_source=newsletter&utm_medium=email&utm_campaign=newsmail

AI vs. Hackers: AI is aiding U.S. intelligence in monitoring hackers who target critical infrastructure, with a focus on Chinese hackers attempting to infiltrate American ports and pipelines. According to Rob Joyce, the cybersecurity director at the National Security Agency (NSA), the use of artificial intelligence and machine learning is crucial for detecting subtle digital incursions that would otherwise be challenging to identify. Joyce emphasized the particular danger posed by Chinese hackers employing stealthy techniques on U.S. transportation networks, ports, and pipelines. These methods aim at societal disruption rather than financial motives or espionage. The hackers utilize tactics that evade detection by common security tools, making AI an essential tool for tracking and countering these threats. The discussion at a cybersecurity conference highlighted the evolving landscape of AI utilization by both hackers and law enforcement in the realm of cybersecurity.

– Brought to you by Secure The Village and WSJ

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla products and ConnectWise ScreenConnect. If you use this product, make sure the software (or firmware) is updated.

Data Breaches in the News:

Zenlayer, LoanDepot, Robert Half International Inc., Schneider Electric’s Resource Advisor, Wyze, Change Healthcare, and FixedFloat.

Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to [email protected] to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: http://www.bbb.org/scamtracker/us/reportscam

• Wyoming Attorney General’s Office, Consumer Protection

o Email [email protected]

o Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/

• Get steps to help at https://www.identitytheft.gov/#/Info-Lost-or-Stolen

• Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint

• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3

• Office of the Inspector General: https://oig.ssa.gov/

• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360

• IRS: report email scams impersonating the IRS to [email protected]

• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit http://www.aarp.org/fraudsupport to learn more about the free program and register.

 
 
Rendered 11/13/2024 06:12