Hacker’s Brief

Hacker's Brief
Hacker's Brief

Information provided by CyberWyoming Alliance, a 501c3 nonprofit affiliate of CyberWyoming. 

CyberWyoming has received many business-related scam reports over the past two weeks. Keep reporting Wyoming – citizen reports will be back next week.

Voice Messaging Scam Email: ­If you receive an email from Telecom Center (with the Microsoft logo) from noreply@gluewarehouse.com saying you have a new voice message, this is a scam. The subject line is “Telephone Message” and the scam was reported by a Boulder, Wyoming, company.

Business Email Takeover:­ Sometimes hackers get into a real email account and send malicious emails from it as was recently reported by a Cheyenne company. One of the vendors the company does business with had its email account compromised, so the email looked real because it came from a trusted source. When an email account is taken over, the hackers search the sent mail and look for wording to mimic the look and feel of an email. In this case, the hackers sent an email asking the recipient to download a document to a link with stolen Microsoft Office 365 credentials.If you weren’t expecting an email, CyberWyoming suggests calling before you click or hovering over the button or link to see where it actually goes.

Sharepoint Invoice Scam Email: Another Wyoming business owner reported receiving two emails from noreply@keepapp.net, which had been had been spoofed as her own company’s “Finance Department” with a subject line including a payment ID, saying that a Sharepoint Excel spreadsheet labeled Financial Reports and Cash Flow Statement had been shared with them and to please click to open the document. If this happens to you, do not click. It’s a scam.

Microsoft Password Expiring Notification Scam: Another Boulder citizen reported a general scam sent from admin@wikivet.net but spoofed as her own company’s IT department with the subject line including the date and marked as high importance. The only thing attached was a fake Microsoft logo, but it was followed up with an email from info@kartpay.com (also spoofed as her company with the Microsoft Logo) with fake password reset instructions for her Microsoft account. Then, it was followed up again with a password expiration notice the next day from easonj@seattleu.edu. And, then the hackers tried again with an email from HDSERVICE (junco@royaltown.ro). None of the links go to Microsoft.

Real looking PDF attachment scam email: A Wyoming business owner reported receiving two very real looking PDF document images, saying that “You’ve Received New Encrypted Document(s). Click the attachment to view.” The PDF icon was very realistic.  The first email was from luc.sentier@fillmed.com spoofed as “Doc ID: 960852” and the “MicrsÒft Team” had the subject line “Scanner From LBX9217502.” The link went to https://pattie19a8a.clickfunnels.com/fax. The second email was from chris.dixon@trchydraulics.com spoofed as “Doc ID: #824961” and the link went to https://egosselin.clickfunnels.com/adobefax.  This citizen also reported receiving a fake voicemail message attachment email from sudamerica@fpz.com spoofed as “Doc ID: 762910” with a similar subject line and from the “LogMeIn Team,” but the attachment did not go to their voice mail server or Google Sheets as claimed and instead directed the user to https://egosselin.clickfunnels.com/adobefax.

Bruce Banner (aka the Hulk) is Not Offering Digital Marketing Services: Sometimes scammers use fictional character names such as the case with a Laramie citizen who reported receiving an email from Bruce Banner at brucebanner718@yahoo.com offering digital marketing services from a non-specified marketing company. Don’t take the bait.

Scambusters.org Self-Employed & Business Scam Alerts:

  • The Pandemic Unemployment Assistance (PUA) program was set up to help the self-employed and gig workers by providing benefits if their work dried up. But because of the scale and urgency of the help, intended to be a form of unemployment benefit, some of the money has ended up in the wrong hands. Scammers have been using victims’ names and business details that have been stolen on the internet to claim up to $20,000 a time.
  • Some self-employed individuals and small firms have fallen into the grasp of high-interest lenders who, while operating inside the law, may bury some of their costly terms in the small print of contracts or fail to disclose them at all.
  • Victims are lured into paying for ads in brochures, programs and calendars, which either don’t exist or have only a tiny print run. The scammers may also falsely promise no competitors will be allowed in the same publication using high-pressure sales pitches.
  • Website owners who allow Google pay-per-click ads to be placed on their pages may receive threats from scammers that they will have them banned by Google. The crooks threaten to bombard the ads with clicks, which will make it look like the site owner is trying to defraud the web giant. If you receive this type of threat, you should contact Google immediately and make them aware you’re being targeted.
  • In a variation of a well-established scam, victims get an email telling them to schedule a delivery from Amazon Business. The message doesn’t specify what the supposed shipment is, but it contains a link that takes recipients to a fake Amazon page that steals their sign-on information.
  • Many new businesses want to protect their brand by registering a trademark with the US Patent and Trademark Office (USPTO). The organization reports a big rise on fake emails claiming to be from them and advising recipients to pay a large sum or face losing their trademark.

FTC Income Scam Alert: You should never have to pay to get a job. The FTC just announced actions against a company called 8 Figure Dream Lifestyle as an income scam.  Often these scams are disguised as legitimate business offers, coaching programs or investment opportunities.

MS-ISAC Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Google’s Android operating system, the on premises version of Microsoft Exchange Server, and Google’s chrome browser products.  If you use these products, make sure the software (or firmware) updated.

Please report scams you may If you want to report a phone, email, or text scam and let your friends and neighbors know about it, forward it, or send a description of the scam, to phishing@cyberwyoming.org.

Advice from CyberWyoming: Before you stress about a phone call, text, or email that you receive call the AARP Fraud Watch Network (any age welcome) Helpline at (877) 908-3360.

Other ways to report a scam:
·       Better Business Bureau Scam Tracker
·       File a complaint with the Federal Trade Commission
·       Report your scam to the FBI
·       Report unwanted calls to the Federal Trade Commission’s Do Not Call Registration or call 1 (888) 382-1222, and select Option 3
·       Office of the Inspector General