Serving the Big Horn Basin for over 100 years
Hacker’s Brief 3/1/2024
Hang Up & Verify: A citizen received a suspicious call appearing to be from their boss, indicated by the correctly displayed name and phone number. However, upon answering, they were prompted to press a number to speak to the caller, which raised suspicions. After confirming with their boss, who denied making the call, it became evident that this was likely a scam attempt. Notably, the boss had used her phone at three airports the day before, but had not connected her phone to Wi-Fi. CyberWyoming Note: Exercise caution when receiving unexpected calls, especially if they appear to be from familiar contacts but prompt you to take unusual actions, such as pressing a specific number to speak to the caller. Always verify the legitimacy of the call by contacting the supposed caller through a separate communication channel, like text or email, to confirm their identity and inquire about the call.
Text Trap: Debit Card on Lockdown A Wyoming citizen reported receiving a text message supposedly from "banking.alert.services" with the domain name "@verifi.com". The message claimed to be a security alert stating that their debit card account was locked and provided a phone number to call for 24/7 services. However, the provided phone number is likely a scam. CyberWyoming Note: This text message is a typical phishing attempt aimed at tricking recipients into revealing personal information or sensitive banking details over the phone. Recipients are advised to avoid engaging with the message and to report it as a phishing attempt to their bank or relevant authorities.
Wyze Camera Privacy Concerns: Wyze home cameras have once again exhibited a security flaw, where users were able to briefly view thumbnails of cameras belonging to other customers. This issue occurred due to overload and data corruption after an AWS outage, despite AWS not reporting an outage during that time. Wyze initially identified 14 instances of the problem but later revealed that around 13,000 users were affected. The company attributed the issue to a recently integrated third-party caching client library and stated that they have implemented additional verification measures to prevent similar incidents in the future.
CyberWyoming Note: The fact that such incidents have occurred repeatedly raises further questions about the adequacy of Wyze's security measures and their ability to protect customer data effectively. https://www.malwarebytes.com/blog/news/2024/02/wyze-cameras-show-the-wrong-feeds-to-customers-again?utm_source=iterable&utm_medium=email&utm_campaign=b2c_pro_oth_20240226_februaryweeklynewsletter_v4_170864216638&utm_content=wyze_camera
Tax Season’s Cyber Survival Tactics: Tax season brings not only financial obligations but also increased risks of cybercrime. As identity theft and tax-related scams surge, it's crucial to protect yourself and your sensitive information. Here are some essential security measures to navigate tax season with confidence:
· File Early: Beat cybercriminals to the punch by filing your taxes as soon as possible. Early filing reduces the window of opportunity for scammers to file fraudulent returns in your name and intercept your refund.
· Use an IP PIN: Obtain an Identity Protection PIN (IP PIN) from the IRS to safeguard your online tax data. This unique six-digit number adds an extra layer of security, preventing unauthorized tax filings using your Social Security number.
· Enable MFA: Strengthen your account security with multi-factor authentication (MFA) wherever available. MFA adds an additional authentication step beyond passwords, significantly reducing the risk of unauthorized access to your accounts.
· Stay Vigilant: Beware of phishing attempts impersonating the IRS, especially during tax season. The IRS does not initiate contact via email, text, or social media. Exercise caution and verify the legitimacy of any communication purportedly from the IRS.
The IRS primarily communicates through postal mail, avoiding digital messages or calls, so be cautious of unsolicited requests for sensitive information or urgent actions, which could signal scams. When vetting tax preparers, research their cybersecurity practices and utilize secure file exchange methods. It's essential to backup tax documents electronically and maintain physical copies to safeguard against data loss. If you suspect a scam, report it promptly to relevant authorities such as the IRS, Treasury Inspector General, or FTC.
– Brought to you by the National Cybersecurity Alliance
Hackers Harness ChatGPT: Microsoft and OpenAI reveal hackers are leveraging ChatGPT to enhance cyberattacks. Nation-backed groups are utilizing large language models for research, scripting, and phishing. Strontium, linked to Russian military intelligence, uses LLMs to understand satellite communication protocols. Other groups like Thallium, Curium, and Chinese state-affiliated hackers also employ LLMs for various malicious activities. While no significant attacks have been detected, Microsoft and OpenAI are actively shutting down associated accounts. Microsoft is developing AI defenses like Security Copilot to counter evolving threats.
– Brought to you by The Verge https://www.theverge.com/2024/2/14/24072706/microsoft-openai-cyberattack-tools-ai-chatgpt
MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome. If you use this product, make sure the software (or firmware) is updated.
Data Breaches in the News:
U-Haul, Quik Pawn Shop, Sony (Insomniac Games), medQ, Cencora, and GitHub.
Note: If you have an account with one of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.
Please report scams you may experience to [email protected] to alert your friends and neighbors.
Other ways to report a scam: · Better Business Bureau Scam Tracker: http://www.bbb.org/scamtracker/us/reportscam
· Wyoming Attorney General’s Office, Consumer Protection o Email [email protected]
o Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints · File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/ · Get steps to help at https://www.identitytheft.gov/#/Info-Lost-or-Stolen · Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint
· Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3 · Office of the Inspector General: https://oig.ssa.gov/
· AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360 · IRS: report email scams impersonating the IRS to [email protected]
· Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit http://www.aarp.org/fraudsupport to learn more about the free program and register