Hacker’s Brief

Faceless dude in hoodie hacking on laptop.

Since 2010, data breaches have exposed over 38 billion records, per cyber security firm Risk Based Security. That sounds like a lot – and it is.

In fact, today’s cyber criminals are crafty using spyware, adware, malware like ransomware, hacking, phishing, spoofing, pinging, port scanning, social engineering and other online theft tools, tricks and techniques to breach the computer systems of major corporations and everyday citizens and compromise data including the personal and financial information of thousands.

Cyber crimes happen right here in Gillette, said Gillette Police Department Lt. Brent Wasson, noting a spike in scams targeting seniors last year and the recent ransomware attack that shut down computer systems at CCH facilities for several days in September.

Here’s how to detect and protect yourself from some of today’s top trending cyber crimes and cyber criminals.

This Hacker’s Brief from CyberWyoming is sponsored by Campco Federal Credit Union.

By CyberWyoming Alliance, a subsidiary of CyberWyoming

Amazon Scams:  Multiple citizens throughout Wyoming have reported Amazon phishing emails with highly suspicious PDF attachments. The subject lines said “Important ALERT Update Payments Your Amazon Prime Membership Will be Canceled on [date]” or “Action Required Information for your Payment please update before 24 hours or your account will be permanently locked!!” The branding shows Amazon’s logo but the sender’s address is not from Amazon. Be vigilant about checking the sender’s address and do not open any attachments.

PayPal Scam: An imposter PayPal scam was reported by a Wyoming citizen.  The attachment is highly suspicious. The sender’s email address is not from PayPal. The subject line was “Support Account CaseID#________ – Update Report Notification# _______.” Be vigilant about checking the sender’s address and do not open any attachments.

Phishing Extortion Scam: Reported by a Casper citizen. A phishing extortion scam is when a bad actor tries to scare you by saying they have taken over your computer and they recorded you using your webcam. This particular scam says they have your password and they often list an old password of yours that can be found on the dark web, so it makes it look real. They demand bitcoin ransom and say they have installed malware and will release the recording to your contacts list. If you receive one of these, do not pay the ransom. Simply run an antivirus scan on your computer and then change your password (and make it a difficult one to hack).

McAfee Renewal Scam: Reported by a Laramie citizen. If you receive an email from McAfee saying your protection will soon expire, look at it closely. It could be a scam. The subject line of the fraudulent email is “We have been trying to reach you” and the sender is from “Anti-Virus Protection at ___.omg.___@smugsolid.net.” The links and buttons do not link back to McAfee and the email also mentions Superstar Internet Consultants out of Newcastle, Maine. There is no such company.

SBA (Small Business Administration) Data Breach: Reported by a Gillette business owner. If you received a letter from the SBA outlining a possible data breach, the letter is real. Identity theft protection services are being offered. The SBA’s Economic Injury Disaster Loan portal exposed 7,913 small business owners personally identifiable information on March 25. Via a form, if the user chose the back button they could see the previous business’s information. Small businesses that have applied for the Paycheck Protection Program are not affected.

Patch Now Advisory from MS-ISAC (multi states information sharing & analysis center): A patch now (update your software) advisory was sent out by MS-ISAC for the Google Chrome browser. Be sure that your browser has updated.

Fake Customer Complaint Phishing Campaign: A new phishing campaign that targets company employees with fake customer complaints has a Google Docs link to a malicious PDF that creates a backdoor to compromise the company’s network. The email subject line says “Customer complaint for [employee name],” claims to be from your company’s corporate attorney, and then says that the employee will be fined and have the amount deducted from their salary.

Fake COVID Test Kits Scam: Fake COVID test kits are being peddled door to door, with scammers playing on fear and uncertainty. While there have not been reports about this in Wyoming yet, please be aware that this is a scam.

Census Scam: Impostor census staff in person or via phone, text, or email may ask you for your Social Security Number or credit card information. The real U.S. Census Bureau will never ask you for either.

Data Breaches in the News: Facebook; Nintendo (online accounts using the Nintendo Network ID); email and addresses from the following organizations: National Institutes of Health, World Health Organization, and the Gates Foundation; Kinomap (makes Peloton exercise equipment software); shop.msu.edu (Michigan State – credit cards only), Small Business Administration – Economic Injury Disaster Loan Portal, Paay (credit card transactions for merchants), PrimoHoagies Franchising Inc, and Ambry Genetics testing laboratory.

If you want to report a phone, email or text scam and let your friends and neighbors know, forward it or send a description to phishing@cyberwyoming.org.

Other ways to report a scam:
·       Better Business Bureau Scam Tracker

·       File a complaint with the Federal Trade Commission

·       Report your scam to the FBI

·      Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration or call 1 (888) 382-1222, and select Option 3

·      Office of the Inspector General