The Hackers Brief from Cyber Wyoming is sponsored by First Federal Bank & Trust. Be aware of the latest scams in Sheridan, Wyoming and the rest of the nation.
First American Title Insurance Company
A Wyoming citizen reported learning of a possible data breach by First American Title Company that exposed tens of millions of documents that contained sensitive personal information, including tax records, SSNs and drivers license images. The citizen, a customer of First American Title Insurance, found out via a lawsuit filed by the State of New York, not from the title company. The vulnerability was first introduced in May 2014 by a software update at the corporate level, so please understand that local Wyoming employees were most likely unaware of the breach. Experts recommend placing a credit freeze on your accounts at the three different credit agencies: Equifax, Experian and TransUnion. This can be completed online.
“Microsoft” Scam Alert
A scammer claiming to be from Microsoft is calling Wyoming citizens telling them that a large sum ($6,000) was accepted on your card but is not yet processed by your credit card company. As the scammer speaks with you, he remotely enters your PC. The Wyoming citizen stated that entering his computer was forced and not with the citizen’s permission. To combat the fraudulent charge, the citizen was to ‘tell no one,’ within 3 hours buy $6,000 of gift cards, and put gift cards on the credit card so that the credit card would be over the limit and deny the original fake charge. However, the Wyoming citizen was also told to scratch the backs off of the gift cards and relay the information to the fake Microsoft representative in order to correct the charges. The Wyoming citizen eventually had to unplug his PC from the internet and take it to a computer tech to get the fake Microsoft rep off his computer. Advice from CyberWyoming: Make sure your wireless router administrative password has been changed from the default. This is probably how the crook forced entry into the citizen’s PC. The Cyber-in-a-Box library program is releasing wireless router security instructions in August, and here is the link to the Wyoming CAN (Cybersecurity Action Network) website that has the video: https://wyocan.org/cyber-in-a-box/
Possible Impersonation Scam
A possible email impersonation scam was reported by a Wyoming citizen. The email says that they are an academic consultant, who wants to collaborate with you on a topic for an upcoming workshop, they have a deadline and they have a speech-distorting condition so only email or text them. When this specific person was researched, a real person who is not speech impaired came up and also a LinkedIn account that could possibly be fake.
Another PayPal Scam
A Wyoming citizen reported another PayPal scam and this one even has a footer that says “How do I know this is not a fake email?” They are getting brazen! And when you click on the ‘how to defend yourself against phishing and spoof emails’ link, it goes to the URL starting with epl.paypal-communications.com, which has been confirmed by the PayPal community as a scam. The scam appears to attempt to steal your PayPal log-in information by saying your account has been limited because of unusual credit card ‘changes — yes they probably meant ‘charges.’ The email is spoofed as firstname.lastname@example.org, but is really from pajero-targetkitajumye-wabiarjossgucbmm2rasakitasaji.com.
MS-ISAC Patch Now Alert
The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Microsoft products and the Adobe Bridge product. If you use these products, make sure your software updated.
Scambusters.org Change Your Router Password on your Home Network Alert
A new study by internet security firm F-Secure showed that many people fail to change the default passwords that come with the smart devices in their homes. Scammers have discovered how to hack into DVRs and security cameras and take over a home network, for instance. In addition, many people don’t know that there is an administrative user ID and default password beyond your wifi password. If you want to access your home router, here’s a video by the CyberWyoming Alliance on how to start: https://youtu.be/HcpNq8MRDzI. Then, find the instructions only from the legitimate manufacturer website.
Other ways to report a scam:
• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker/us/reportscam
• File a complaint with the Federal Trade Commission at ftc.gov/complaint
• Report your scam to the FBI at https://www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration.
• Online at https://complaints.donotcall.gov/complaint/complaintcheck.aspx or call 1-888-382-1222, option 3
• Office of the Inspector General: www.oig.ssa.gov