An idea inspired by the

www.wyocan.org

info@cyberwyoming.org

www.cyberwyoming.org/alliance

307.314.2188, PO Box 2332, Laramie, WY 82073

Hacker’s Brief 1/18/2021

Office 365 Fake Email Alert: A Sheridan citizen reported a fake email from Office365 that asks you to download or play an attached audio message. The email had the correct branding and is well written, but it comes from info@cvwindsor.com, has another email address of danielg@junk-king.com, and the subject line is “Audio available on [DATE]”. CyberWyoming Note: The real cvwindsor.com is a luxury penthouse website and has nothing to do with Office365 or Microsoft.

CyberWyoming Alert – Amazon Ring Neighbors App: If you use the popular video doorbell, Ring, and also use the Ring Neighbor’s app, be sure to change your app password. The app was found to expose locations and home addresses of users who posted to it. https://techcrunch.com/2021/01/14/ring-neighbors-exposed-locations-addresses/

CyberWyoming Alert: Time to change your Facebook, Instagram and LinkedIn passwords. A Chinese firm found over 200 million Facebook, Instagram and LinkedIn passwords from around the world. In addition, if you were a Parler user, do not reuse that password anywhere else. Before Parler went dark, security researches collected user data.

CyberWyoming Alert – T-Mobile: If you use T-Mobile, your phone number and call records may have been stolen. Watch this story at T-Mobile if you are a customer and make sure that the data breach doesn’t become more complex. https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/

FTC COVID-19 Clinical Trial: Some clinical trials are real for COVID-19, but there are fake ones out there too. Here’s how to tell. Real clinical trials do not ask you to pay to be in them, ask for your social security number, or financial information. To confirm if it is legitimate, make sure the trial is listed at https://clinicaltrials.gov/. If you want to volunteer for a trial, sign up here https://www.coronaviruspreventionnetwork.org/ (National Institute of Allergy and Infectious Diseases at the National Institute of Health.)

FTC Scam Alert about the COVID-19 Vaccine: If you are called and asked to pay to be put on a list for the COVID-19, are told you can pay to get the vaccine earlier, or asked for your Social Security number/bank account number/credit card number then it is a scam. Ignore any vaccine offers that ask for money or personal information. Contact your county public health office to get the correct information.

FTC Overpayment of Utility Bill Fake Call: If you receive a recorded call saying you paid too much on a utility bill, it is fake. Do not give them your personal information.

FTC Car Wrap Scam Alert: Marlboro or Purell are not offering to send you a check to put their brand names on your car.

MS-ISAC Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) has published a patch now (update your software) alert for Microsoft products (including a vulnerability found with the computer lock screen function), Mozilla Firefox, Siemens JT2Go, Solid Edge, and Teamcenter Visualization (used for 3D model viewing), and Adobe Photoshop. If you use these products, make sure the software (or firmware) updated.

Data Breaches in the News: Amazon Ring Neighbors App, proprietary information (like source code) from companies like Microsoft, Cisco, SolarWinds, and FireEye are beginning to show up on the internet from the SolarWinds cyber attack, Capcom (gaming company), Mimecast via Microsoft 365 mailboxes, Salaat First app via the supply chain Predicio, Ubiquiti, OmniTRAX (US railroad operator) and its parent company Broe Group, Facebook, Instagram, LinkedIn, Parler, United Nations Environmental Program (employee records), NameSouth (US based auto parts distributor – breach affects employee records), Juspay (payment services provider that Amazon uses), Apex (NY clinical lab), City of Cornelia Georgia, GetSchooled, Door Controls USA, T-Mobile, GenRx Pharmacy (Scottsdale, AZ), Treasure Valley Community College (Oregon), NZBGeek, and Whirlpool (employee data).

If a company that you work with is on this list, be sure to change your password to their online accounts.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

· Better Business Bureau Scam Tracker: www.bbb.org/scamtracker/us/reportscam

· File a complaint with the Federal Trade Commission at https://reportfraud.ftc.gov/#/

· Report your scam to the FBI at https://www.ic3.gov/Home/FileComplaint

· Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3

· Office of the Inspector General: https://oig.ssa.gov/

· AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360

· IRS: report email scams impersonating the IRS to phishing@irs.gov

· Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398