Hacker’s brief

Information for this week’s Hacker’s Brief is provided by CyberWyoming Alliance, a 501c3 nonprofit affiliate of CyberWyoming. 

New IMF Employee Impersonation: A Sheridan citizen reported an email that was well written stating that as the new Director of Finance, Dr. Bernard Lauwers, found a  document approving over $3 million. The email asks for your personally identifiable information, including your social security number. The email was from dhlcourier741@gmail.com and lauwersb881@gmail.com with the subject line of Payment File No. #11083234. CyberWyoming Note: Never give out your personal information unless you are absolutely sure of the source.

Your Mom Isn’t Being Sued: A Sheridan citizen reported a phone call from a private number, a legitimate sounding law firm, and a very eloquent speaker saying that they needed him to get a hold of his Mom because she was being sued.

PayPal Invoice Alert: If you receive an email from butavrely@gmail.com with the subject line of “INVOICE” with PayPal branding saying you purchased bitcoin for over $1,000, then it is fake. Look for the incorrect capitalization and grammar and don’t call the phone number. This scam was reported by a Wyoming citizen.

New Device Login Alert: If you receive an email from info@friendsofkokohead.org impersonating BB&T (Branch Banking & Trust Company) that alerts you that someone has logged in from a new device or browser and urges you to click on the link to enable your two-step verification process, know it was a scam. The BB&T bank does not own the domain friendsofkokohead.org. This scam was reported by a Laramie citizen. CyberWyoming Note: FriendsofKokoHead.org is a real organization raising funds for an elementary school. They have been notified that their info@email account has been compromised.

Non-specific Order Confirmation Email: If you receive an email from newsletter@infoemailmart.com with very little information but including a blue button with your user name asking you to ‘click here’ to confirm your order, know it is a scam. Reported by a Wyoming citizen.

-- Advertisement – Story Continues Below --

Government Stimulus Checks Scam: If you receive an email from lalitazad@gmail.com or lalit.azad@gmail.com saying you have an unclaimed stimulus check with a link to see if you are eligible, please know that the IRS does not email you. This same scammer was also reported with a scam for 2021 tax debt relief. Reported by a Canadian citizen.

Fake IRS Loophole Scam: If you receive an email from lalitazad@sparchavien.com about an IRS loophole to grow your retirement savings and invest in gold, it is a scam. Reported by a Canadian citizen.

Fake Microsoft Payment Notification Scam: If you receive an email, phone call, or text supposedly from Microsoft’s call center support team, be very wary. It starts with an initial fake invoice with an option to call and cancel it. Then, the ‘support center team’ emails you a Word doc locked inside a password protected zipped file that is to be filled out to cancel the payment. But the zip file hides the fact that the Word document is malicious.

New COVID Phishing Email: A company’s human resources office is impersonated and the scammers say that HR is requiring employees to fill out a COVID vaccination status form. The link to the ‘form’ is in the email and it takes the employee to a hijacked web page that impersonates the company or a trusted brand to try to steal the employee’s user ID and password. (Note that some of the attacks have come from hijacked real company external accounts, so be sure to train your employees to verify that the email is real before they enter their user information.)

Wi-Fi Router, Range Extender, and USB Network Adapter Alert: According to Tom’s Guide, if you have a Wi-Fi Router, Wi-Fi Range Extender, or Wi-Fi USB network adapter that is older than 2015, then you may want to get a newer model as there could be a flaw in it that allows for a remote takeover. For a list of affected devices check out the Tom’s Guide article. CyberWyoming Note: be sure to update your home wireless router even if it is newer than 2015.

-- Advertisement – Story Continues Below --

Gift Card Scam Alert: A friendly reminder from Scambuster’s that if someone asks you to pay via a gift card, it is almost certainly a scam.

MS-ISAC Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Google’s Android operating system, Microsoft’s MSHML (which affects Internet Explorer and many Windows Server versions), and Mozilla’s Firefox and Thunderbird products. If you use these products, make sure the software (or firmware) is updated.

Please report scams to alert your friends and neighbors.

Other ways to report a scam:

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by scam or fraud, called ReST. Visit aarp.org/fraudsupport to learn more about the free program and register.