Hacker’s brief

Information for this week’s Hacker’s Brief is provided by CyberWyoming Alliance, a 501c3 nonprofit affiliate of CyberWyoming. 

Office 365 Scam: A Boulder citizen reported getting an email asking them to approve their new password on office 365. This was strange because the citizen had no recollection of changing their password. The email is from admin@businessmediationservices.com and states that the user’s login credentials will expire in 24 hours. The sender goes on to inform citizens that to prevent login problems the user needs to click the ‘approve current password’ link. This link is not provided by Microsoft and should be regarded as dangerous.

Medicare Card Scam with a Twist: A Casper citizen reported a Medicare phone scam from a live person with an accent. The caller had an answer for every concern the citizen had and was very sharp. The caller had the citizen’s name and address and repeatedly tried to verify the information, even asking for her social security number towards the end. The caller kept insisting that this was not a scam and that the Casper citizen needed the new plastic Medicare card. The citizen said the caller id number was (307) 333-8725. CyberWyoming Note: A similar phone scam was reported in Sheridan and Powell, but to receive a new brown and gold Medicare card. Be aware, it may morph again.

Happy Buyer Scam: An unhappy Gillette citizen received a “Dear Buyer” email impersonating Alpha International on Amazon that claims your iPhone 12 Pro purchase will be debited on your account. The email is not well written, with missed capitalizations and no branding, however, the Gillette citizen thought the subject line was ironic in that it was “Happy___Buyer___” from granvillemcekroy@gmail.com.

Social Security Phone Scam: A Laramie citizen reported a new social security number phone scam. The recorded call claims your social security has been compromised and urges you to press 1 to be connected to an officer. The reported phone number was (215) 579-1200, however this number belongs to a real salon and spa that is being spoofed. CyberWyoming Note: Spoofed numbers are common. Some Wyomingites have even reported receiving calls from their own number. The Social Security Administration does not make unsolicited calls.

-- Advertisement – Story Continues Below --

Google Business Listing Phone Scam: A return of the Google business listing phone scam has been reported by a Laramie citizen. The caller id listed (307) 207-9056 but the recorded message referenced (866) 267-2644. The same Laramie citizen reported the call a second time, but this time the recording said it was from Web Listing Pros. While Web Listings Pro is a real website, it appears to be for real estate listings and not for Google listings. Web Listings Inc. had 10 complaints listed on the Better Business Bureau (BBB) site. CyberWyoming note: If you have a Google account for business and want to make sure these types of calls are fake, it is best to sign in to your Google account and go to https://business.google.com/.

BBB Scam Tracker Alerts (Courtesy of the BBB): 1. The suspicious package scheme is when you receive a call, email, or text saying U.S. Customs and Border Patrol has intercepted a suspicious package addressed to you. You’re instructed to respond immediately, or a warrant will be issued for your arrest. When you reach out, you learn they seized the package because it contained drugs, weapons, cash, or other contraband. The “officer” asks for your personal information in order to “verify your identity,” but it’s just a ruse to steal your identity. 2. The sweepstakes scheme: In a version of this scam, you’re contacted by someone claiming to be associated with U.S. Customs and Border Protection. This time, they don’t threaten you with arrest. Instead, they claim to have intercepted a package containing a massive sweepstakes prize. To receive your winnings, you need to pay a huge fee for special shipping labels.

MS-ISAC Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS- ISAC) has published a patch now (update your software) alert for Microsoft’s JET Database engine (used in MS Access and MS Visual Basic) products. If you use these products, make sure the software or firmware is updated.

To alert friends and neighbors, report scams to phishing@cyberwyoming.org.

Other ways to report a scam:
·       Better Business Bureau Scam Tracker
·       File a complaint with the Federal Trade Commission
·       Report your scam to the FBI
·       Report unwanted calls to the Federal Trade Commission’s Do Not Call Registration or call 1 (888) 382-1222, and select Option 3
·       Office of the Inspector General