Hacker’s brief

Information for this week’s Hacker’s Brief is provided by CyberWyoming Alliance, a 501c3 nonprofit affiliate of CyberWyoming. 

Did You Receive My Email? If you receive a short email from anyone that you don’t know saying “did you receive my email” it is usually a scammer trying to see if the email address is valid. Just ignore it. A Laramie citizen reported such an email from Mr. Naak Regis at hikmetersek2017@gmail.com and another one from Mr. Chusak Jaidee at johnswith011@gmail.com.

Chase Account Disabled Email: A Casper citizen reported a very well written and branded email impersonating Chase saying that Chase Bank had been temporarily disabled until you verify your account. The URL to click to verify says chase.com/restore, which looks real, but when you click on it actually goes to https://zcu.io/MzJn. The email subject line was “your CHASE Card has been disabled on [date]” and was from kkosuffjguvewqcql@semblifransiska.onmicrosoft.com.

Amazon Impersonation Calls Reported By Multiple Wyomingites: Wyomingites are seeing a recent rise in recorded calls impersonating Amazon to confirm high-dollar orders. Don’t press 1 to talk to a person. Hang up and check your Amazon account directly. If there isn’t an order in your order details online, then you know it was fake.

Attention Dear is a Dead Giveaway: A Sheridan citizen reported an email whose greeting was “Attention dear.” The email was from John Negorponte at johndimitrinegroponte@gmail.com with the subject line of “attention dear, your urgent reply is need as soon as possible.” The email asks you to contact Jack Lew Best via jacklewbest@gmail.com to collect money deposited and arrange for a UPS delivery, but the catch is first you have to provide a lot of personal information. CyberWyoming Note: if you see an odd greeting in the email like “attention dear” don’t read any further.

-- Advertisement – Story Continues Below --

Antony Blinken Is Not Giving You Money: If you receive an email impersonating the U.S. Secretary of State and mentioning the FBI, CIA, and ‘other security agencies’ telling you that you have debt rescheduling and outstanding compensation payments due from the UN and the World Bank, you can laugh out loud because the scammers pulled out all the acronyms on this one! The email is an attempt at identity theft and asks for your personal information. The subject line is “Greetings from US Department of State” and from two suspicious email addresses: officefilee660@gmail.com and stateembassygovernment@citromail.hu. Reported by a Sheridan citizen.

USTech Support Email Scam: A very real-looking email impersonating USTech Support and encouraging you to call 224 236 3410 to avoid a reoccurring payment. There were no links in this email. CyberWyoming Note: The real USTech Support number starts with area code 801 and the Better Business Bureau rates the real USTech Support as 4.63/5 stars.

McAfee or McCensor365 or James Bond Email Scam: A Sheridan citizen sent a very funny invoice from George at jamesbonde209@gmail.com or helpdesk@mcafeesolutions.org, claiming to be a software renewal for McCensor365 Power for $331.99. CyberWyoming Note: from the Gmail address, we think this scammer likes James Bond movies and there is no product called McCensor.

PayPal Email Alert: An email from “Thank You” with the subject line of “Your Order Has Been Placed !!!!!!” impersonating PayPal was reported by a Wyomingite. The email asks you to acknowledge the shipping on an order for a Walmart gift card for $989.99. CyberWyoming Note: PayPal is one of the top 5 companies impersonated in Wyoming. Don’t trust branding.

Senior Chum Challenge: It’s Cybersecurity Awareness Month and the CyberWyoming Alliance is issuing a Senior Chum Challenge. Call a friend of yours that is a senior and may be a little tech challenged. Talk to them about some of the basic scam techniques like: phone number spoofing, government impersonation (Social Security, Medicare, and the IRS won’t make unsolicited calls, messages, or emails), lottery scams, the grandparent’s scam, and tech support scams. Show your buddy how to sign up for the FTC’s do not call list at https://www.donotcall.gov/report.html or 1-888-382-1222, option 3. Your community will be safer because you had a 30-minute conversation with a friend.

-- Advertisement – Story Continues Below --

New Amazon Gift Process Convenient, But: There’s always a downside to convenience when it comes to security. In this case, Amazon’s new gift process that allows Prime subscribers to send gifts using only an email address or phone number (no address required) is very convenient. But, it is ripe for abuse by scammers, stalkers, and online harassment because there is an option to provide a gift receipt, which provides the address of the recipient of the gift. So, think stalker here. A stalker may only have a phone number or email address at first, but by sending a $10 gift from Amazon they can now access the recipient’s address. Reported by a Cheyenne citizen.

MS-ISAC Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Google’s Chrome browser and Apache’s HTTP Server products. If you use these products, make sure the software (or firmware) is updated.

Please report scams to alert your friends and neighbors.

Other ways to report a scam:

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by scam or fraud, called ReST. Visit aarp.org/fraudsupport to learn more about the free program and register.