The Hackers Brief from Cyber Wyoming is sponsored by First Federal Bank & Trust. Be aware of the latest scams in Sheridan, Wyoming and the rest of the nation.
Office 365 Fake Email Alert
A Sheridan citizen reported a fake email from Office365 that asks you to download or play an attached audio message. The email had the correct branding and is well written, but it comes from email@example.com, has another email address of firstname.lastname@example.org, and the subject line is “Audio available on [DATE].” CyberWyoming Note: The real cvwindsor.com is a luxury penthouse website and has nothing to do with Office365 or Microsoft.
CyberWyoming Alert – Amazon Ring Neighbors App
If you use the popular video doorbell, Ring, and also use the Ring Neighbor’s app, be sure to change your app password. The app was found to expose locations and home addresses of users who posted to it. https://techcrunch.com/2021/01/14/ring-neighbors-exposed-locations-addresses/
Time to change your Facebook, Instagram and LinkedIn passwords. A Chinese firm found over 200 million Facebook, Instagram and LinkedIn passwords from around the world. In addition, if you were a Parler user, do not reuse that password anywhere else. Before Parler went dark, security researches collected user data.
CyberWyoming Alert – T-Mobile
If you use T-Mobile, your phone number and call records may have been stolen. Watch this story at T-Mobile if you are a customer and make sure that the data breach doesn’t become more complex. https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/
FTC COVID-19 Clinical Trial
Some clinical trials are real for COVID-19, but there are fake ones out there too. Here’s how to tell. Real clinical trials do not ask you to pay to be in them, ask for your social security number, or financial information. To confirm if it is legitimate, make sure the trial is listed at https://clinicaltrials.gov/. If you want to volunteer for a trial, sign up here https://www.coronaviruspreventionnetwork.org/ (National Institute of Allergy and Infectious Diseases at the National Institute of Health.)
FTC Scam Alert about the COVID-19 Vaccine
If you are called and asked to pay to be put on a list for the COVID-19, are told you can pay to get the vaccine earlier, or asked for your Social Security number/bank account number/credit card number then it is a scam. Ignore any vaccine offers that ask for money or personal information. Contact your county public health office to get the correct information.
FTC Overpayment of Utility Bill Fake Call
If you receive a recorded call saying you paid too much on a utility bill, it is fake. Do not give them your personal information.
FTC Car Wrap Scam Alert
Marlboro or Purell are not offering to send you a check to put their brand names on your car.
MS-ISAC Patch Now Alert
The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Microsoft products (including a vulnerability found with the computer lock screen function), Mozilla Firefox, Siemens JT2Go, Solid Edge, and Teamcenter Visualization (used for 3D model viewing), and Adobe Photoshop. If you use these products, make sure the software (or firmware) updated.
Data Breaches in the News
Amazon Ring Neighbors App, proprietary information (like source code) from companies like Microsoft, Cisco, SolarWinds, and FireEye are beginning to show up on the internet from the SolarWinds cyber attack, Capcom (gaming company), Mimecast via Microsoft 365 mailboxes, Salaat First app via the supply chain Predicio, Ubiquiti, OmniTRAX (US railroad operator) and its parent company Broe Group, Facebook, Instagram, LinkedIn, Parler, United Nations Environmental Program (employee records), NameSouth (US based auto parts distributor – breach affects employee records), Juspay (payment services provider that Amazon uses), Apex (NY clinical lab), City of Cornelia Georgia, GetSchooled, Door Controls USA, T-Mobile, GenRx Pharmacy (Scottsdale, AZ), Treasure Valley Community College (Oregon), NZBGeek, and Whirlpool (employee data).
If a company that you work with is on this list, be sure to change your password to their online accounts.
Please report scams you may experience to email@example.com to alert your friends and neighbors.
Other ways to report a scam:
• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker/us/reportscam
• File a complaint with the Federal Trade Commission at ftc.gov/complaint
• Report your scam to the FBI at https://www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration.
• Online at https://complaints.donotcall.gov/complaint/complaintcheck.aspx or call 1-888-382-1222, option 3
• Office of the Inspector General: www.oig.ssa.gov