Hacker’s brief

(Graphic: Richard Patterson, Flickr)
(Graphic: Richard Patterson, Flickr)

This week’s Hacker’s Brief is provided by CyberWyoming Alliance, a 501c3 nonprofit affiliate of CyberWyoming. 

Unusual Sign On Activity Business Alert: A Sheridan company reported an email spoofed as their own mail administrator claiming that ‘unusual sign-in activity’ was occurring for an employee. However, the link did not lead them to their Microsoft account but instead to https://main.d2ifct1tuplnsi.amplifyapp.com/index.html#REDACTED.

Banking Survey Alert: An email claiming you can “Recieve Your Exclusive Reward for Banking Survey” (yes it receive was misspelled) was reported by a Laramie citizen. The email’s subject line was “Preview – surprise f0r Bank 0f America Users” (yes, they used zeroes instead of O’s) from noreply@hubspot.com. Oddly, the email blind copied in the recipient and the ‘to’ email address was donalldtruump00123@gmail.com. CyberWyoming Note: One of the ways scammers try to gain legitimacy is to spoof celebrities.

Roundup Fake Email Alert: An email was reported by a Laramie citizen with the subject line of “ATTN Victim ID: 00107 Please Respond Last Day to Submit Claim [DATE,TIME]” from contact@nodoka.co. The email had a very real looking picture with text asking if the recipient had been exposed to Roundup and diagnosed with lymphoma, thus possibly being eligible for financial compensation. While there may be real lawsuits, reputable companies notify you via mail, not email.

FedEx Scam: If you get an email from someone pretending to be FedEx saying that you have an email containing personally identifiable information that was sent to you, don’t open it. If the email is from ffreoa@exelis.com you can be sure it is a scam. FedEx mails things the old-fashioned way, they aren’t known for delivering confidential information via email. Reported by a Wyoming citizen.

-- Advertisement – Story Continues Below --

Rosetta Stone Impersonator: If you get an email claiming to be a Rosetta Stone third party marketing team trying to sell you a Rosetta Stone demo, this is a scam. The emailer’s contact.36@knit-knop.net Reported by a Wyoming citizen.

Fake Email Opt-in Business Tool: If you receive an email from Janet Wilson at janet.wilson@virtualreach.tech offering you the ability to gather contact information of your target audience, don’t reply. The email asks you to include things like your target industry, target job title and target geography and in return she will let you know how much her service costs. This is fake, Janet just wants your money! Reported by a Laramie citizen.

Square Impersonation: A Laramie citizen reported an email claiming that you have a negative customer review from squrmailx01@aboutcontactmessagecustomhelp.com, but the email doesn’t specify any details such as the item or person the complaint was about. The subject of the email is “A customer left you negative feedback,” and the email contains a short fake review rating such as “So Poor.”

Microsoft Impersonation: A Boulder resident reported getting an email from support@trademarkengine.com asking them to review emails that Microsoft has quarantined. The email will include a message saying you must review messages in quarantine within 24 hours, however, the scammers are most likely attempting to get your email credentials.

-- Advertisement – Story Continues Below --

Dr. Jean Louis from Bien-Entre Pharma Inc Scam: If you receive an email from Dr. Jean Louis support@pfm-uk.com or from dr.jeanlouis@bienetrepharmain.com with the subject line of “Supply Proposal” to request that you represent your ‘country’ to sell antiviral herb products, it is a scam. Dr. Louis probably isn’t even a doctor and her claim to “real cool profits” isn’t real either. A Laramie citizen reported this scam.

MS-ISAC Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Adobe (Photoshop, Acrobat, Illustrator, Animate, Dreamweaver, & Magento), Google’s Chrome browser, and F5 BIG-IP and BIG-IQ products. If you use these products, make sure the software (or firmware) updated.

Data Breaches in the US News: COVID-19 testing service in Utah (Premier Diagnostics), Minnesota’s MultiCare Health Systems & Woodcreek Provider Service, Verkada surveillance systems, Truecaller’s Guardians application, American Airlines & United Airlines (among other internationally owned airlines) via SITA, Flagstar Bancorp (Michigan), Microsoft Exchange, Sengrid Email Marketing (Colorado) via SendGrid’s platform, Cochise Eye & Laser (Arizona), CompuCom (IT managed service provider owned by Office Depot/Office Max), Navajo Nation Hospital, CallX (telemarketing company that serves firms like Lendingtree & Liberty Mutual Insurance), Mariana Tek (fitness studio platform), Gab.com, Android VPN user credentials from SuperVPN, GeckoVPN and ChatVPN, T-Mobile, Covenant Healthcare (Michigan), Clubhouse (social media app), Harvard Eye Associates & Alicia Surgery Center (California), Kroger (pharmacies), Sutter Buttes Imaging Medical Group (California), Chatham County (N Carolina), Amazon & EBay (older information, but change your password), and Hoffman Construction (employee information).

Report scams to phishing@cyberwyoming.org.

Other ways to report a scam:
·       Better Business Bureau Scam Tracker
·       File a complaint with the Federal Trade Commission
·       Report your scam to the FBI
·       Report unwanted calls to the Federal Trade Commission’s Do Not Call Registration or call 1 (888) 382-1222, and select Option 3
·       Office of the Inspector General