This week’s Hacker’s Brief from CyberWyoming is sponsored by Campco Federal Credit Union.
Robocall from Fake Amazon Prime: The three Amazon scams that were reported by Wyoming citizens between April 12 – 26 have since evolved into phone call scams. Another Wyoming citizen reported that the exact text in the email was left in a message on his answering machine. The email scams have malicious attachments, and all three mentioned Amazon Prime Membership benefits.
Apple ID Purchase Notice: A Wyoming citizen reported a fake Apple notice saying her Apple ID had just been used to purchase Pokemon Go from the App Store, and if she did not make the purchase she should download a document. The document is called ‘Receipt-Pokemon.dot’ and is a Word template format that can easily be used for malicious programming code. Do not download or open the document. The sender’s email was disguised as an Apple Notice but was not from Apple.
Medical Mask & Gloves Phishing Scam: This email is from firstname.lastname@example.org and is poorly written. It begins with a generic greeting of “Dear friend” and is from someone named Boris. The scam offers to sell you face masks, gloves, and cotton balls if you contact Boris. Ironically, Boris sent this to the email@example.com email’s address.
Hackers Pose as Zoom to Steal Microsoft Credentials: Zoom users are being targeted with fake notification emails that contain malicious links. The notification says that you have missed a scheduled meeting and asks you to visit the link for more details and a recording of the meeting. When users click on the link, they are taken to a fake Microsoft login page that looks very legitimate. https://www.infosecurity-magazine.com/news/attackers-pose-as-zoom/
Coronavirus Insurance Scam: Fake insurance agents using high-pressure telesales tactics are trying to convince victims that there is coronavirus insurance. If you get a call offering this protection, it is almost certainly fake. Call the Wyoming Department of Insurance if you get one of these calls to see if the agent is listed or check scambusters.org.
Data Breaches in the News: Zoosk (online dating site), Magellan Health, Giant Food Stores, Bam Construct (a construction company out of Missouri that is building emergency hospitals for coronavirus), Healthcare Resource Group, Ashtabula (Ohio) County Medical Center, Arkansas Workforce Services (Pandemic Unemployment Assistance), and Illinois Workforce Services (Pandemic Unemployment Assistance) are all reporting data breaches of various degrees. If this involves you, contact these companies to see if your information has been compromised.
MS-ISAC Adobe Acrobat and Microsoft Products Patch Now Alert: The Multi-State Information Sharing and Analysis Organization (MS-ISAC) issued a patch now (update for software) alert for Adobe Acrobat, Adobe Reader, and Microsoft products (Windows, Edge, Office, and more). If you use these products, please make sure that the software updated.
If you want to report a phone, email or text scam and let your friends and neighbors know about it, forward it, or send a description of the scam, to firstname.lastname@example.org.
Other ways to report a scam:
· Better Business Bureau Scam Tracker
· File a complaint with the Federal Trade Commission
· Report your scam to the FBI
· Report unwanted calls to the Federal Trade Commission’s Do Not Call Registration or call 1 (888) 382-1222, and select Option 3
· Office of the Inspector General
Information provided by CyberWyoming Alliance, a 501c3 nonprofit affiliate of CyberWyoming.