The Hackers Brief from Cyber Wyoming is sponsored by First Federal Bank & Trust. Be aware of the latest scams in Sheridan, Wyoming and the rest of the nation.
Audio voice note scam
A Laramie company reported a scam from a German (de) country code with a subject line of “Audio Voice Note Received on Thu, October 20, 2022” with an attachment that looks to be an audio voice message. Don’t open the message.
McAfee impersonation scam
A Sheridan citizen reported a scam from a tut.com email address spoofed as “||McAfee.Security||” with the subject line of “Be watchful : Your device has been infected with (54) Viruses.” Don’t click on the link!
Invoice paid scam impersonating Geek Squad
If you receive an email with an invoice from Geek Squad, claiming you have purchased “Geek Squad 360 Antivirus for Computer and Macbooks” for “$349.99” don’t open the attachment. The subject line is “Purchase Confirmation 12-21-14” and the email is from a Gmail address spoofed as “Invoice_56846”. Reported by a Sheridan citizen.
Powell citizen offers advice
Anytime someone registers a new domain name for a website they will receive in their mailbox one or two different letters stating they have to renew their website or they will lose it. It comes with some crazy dollar amounts and it is 100% a scam they look extremely official. Also, anything received by a snail-mail to renew a website domain is a scam.
‘Truth, trust, and honest’ requested from scammer
If you receive an email with the subject line of “HELLO FROM FATIMA KAMARA” with a .jp country code email address asking you to reply to a yahoo.com email address, just delete it. Even though Fatima says she wants someone that she can confide in and help her accessing her late father’s funds, her faulty grammar is a dead giveaway. “But what I need from you is Truth, Trust, And Honest.” Reported by a Laramie citizen.
What is a social media account takeover?
“My account has been hacked. Please ignore a friend request.” It may be of little comfort but if you’ve ever sent or received a message like that on, say Facebook or Instagram, you’re actually among millions of users hit every year by social media account hackers. It’s one of the fastest growing and most alarming Internet crimes, with security experts estimating that somewhere between 20 and 40 percent of all social network accounts have been compromised at some point. In the first three months of this year alone, the number of hacked accounts reported to the Internet Theft Resource Center (ITRC) easily beat the figure for the whole of 2021, which was itself a sharp increase on the prior year. Brought to you by scambusters.org.
How to avoid social media takeover
Important actions you can take to protect yourself from a social media account takeover include the following. Brought to you by scambusters.org.
• If you receive a friend request from someone you’re already linked to, it’s almost certainly a hacking scam, so don’t click on the “accept” button. And let your friend know.
• If the request comes from someone you know but who you’re not following, again don’t click to accept. Contact the person independently and check that they did send the request. And be extra cautious about accepting friend requests from people you don’t know - they’re nearly always scams.
• Always use a strong and unique password for each social media account and use a second pass code or other type of multi-factor authentication (MFA) such as those sent via text messages. Learn more about two-factor authentication from our earlier issue: https://scambusters.org/passwordsecurity2.html. And never share your password or code with anyone.
• If you learn of a data breach affecting your social media account, change your password immediately.
• Don’t download third party apps promoted on your social media account. They can be used to hack your account.
What to do if your social media account has been hacked
You want to regain control of your account as soon as possible. If the hacker hasn’t changed your password and you still have access to the account, change it yourself immediately. And implement MFA (multi-factor authentication – where you get a text to verify it is really you.) If you’re locked out, you need to contact the network provider, ex Facebook. Different sites have different ways of dealing with it. Search on the phrase “My ------- account has been hacked” (insert the media network name in place of the dashes) and look for results that are actually from the network company. It’s also important to let your friends know, via email or a message service, to put them on the alert. Which brings us back to where we started: “My account has been hacked. Please ignore a friend request.” Brought to you by scambusters.org.
MS-ISAC and CISA patch now alert
The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Aruba EdgeConnect Enterprise Orchestrator, Oracle, and Mozilla (Firefox and Firefox ESR) products. If you use these products, make sure the software (or firmware) is updated.
Please report scams you may experience to email@example.com to alert your friends and neighbors.
Other ways to report a scam:
• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker/us/reportscam
• File a complaint with the Federal Trade Commission at ftc.gov/complaint
• Report your scam to the FBI at https://www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration.
• Online at https://complaints.donotcall.gov/complaint/complaintcheck.aspx or call 1-888-382-1222, option 3
• Office of the Inspector General: www.oig.ssa.gov
The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.