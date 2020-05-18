The Hackers Brief from Cyber Wyoming is sponsored by First Federal Bank & Trust.

Be aware of the latest scams in Sheridan, Wyoming and the rest of the nation.

The US Census Bureau is not Emailing the Average Resident about the 2020 Census BUT

For the 2020 Census counting, the government will mail you information, or deliver information to your door. Then, door to door counters will begin. The census schedule has been pushed back because of the coronavirus. There are no coronavirus questions on the 2020 Decennial Census. However, the US Census Bureau has started a small business and household pulse survey via email to track the changes to business during the pandemic. If you receive an email about this, go directly to the census.gov site to take the survey. Be aware of links that could be in scammer emails copying the actual US Census email. All communications from the Census Bureau regarding the Small Business and Household Pulse Surveys, including all emails and the link to the survey, will originate from a census.gov domain. (Information from a census official in the Dallas Regional Census Office)

Paycheck Protection Program Scam

Thanks to the Wyoming Nonprofit Network for reporting this scam that affects businesses and organizations. The scam involves a malicious PDF downloaded from Dropbox. The subject line is IRS GOV sent you “COVID-19 PPP LOAN UPDATE.pdf.” The email tells you contact the IRS from disastercustomerfunding@sbaa-gov.com. Do not download the file or use the email address provided.

US Treasury Phone Call Scam

Thanks to the Wyoming Small Business Development Center for reporting this scam. The US Treasury is not calling you to tell you that your financial accounts are being depleted. Do not give callers your personal information. No federal government agency will ask you for your banking information or social security number over the phone. A list of US Department of Treasury scams can be found at this URL: https://home.treasury.gov/services/report-fraud-waste-and-abuse/report-scam-attempts

FTC and USPS Publish List of COVID Scams and Claims

The USPS has issued a public service announcement about COVID scams they are seeing in the mail including scams about stimulus checks, COVID cures, personal protection equipment, malicious websites and apps, phishing and extortion emails, robocalls and hoax calls, providers, and investments. https://www.uspis.gov/coronavirus/ For a list of companies that are making erroneous or misleading claims about COVID-19, the FTC has started a list at the following URL. Before you buy a COVID related product be sure to research whether the it is real. https://www.ftc.gov/news-events/press-releases/2020/04/ftc-sends-21-letters-warning-marketers-stop-making-unsupported?utm_source=govdelivery

MS-ISAC Patch Now Alert

MS-ISAC (Multi States Information Sharing and Analysis Center) has issued a patch now alert for Google Chrome and Mozilla Firefox browsers. If you use these web browsers, make sure the software updated.

DocuSign Phishing Campaign

A new phishing campaign that targets DocuSign users on Office 365 features COVID-19 as a lure to convince them to provide their user ID and password. The fake DocuSign login page looks very real and involves redirecting the link 3 times to make it harder to tell where you actually are on the web. (darkreading.com via the Cybersecurity Collaborative’s Morning Security Report)

Cisco Webex Phishing Attacks Alert

A highly convincing series of phishing attacks that use fake certificate error warnings with graphics and formatting that look like Cisco’s Webex product team (but aren’t) are making the rounds. Be extra vigilant if you receive an email with logos from Cisco Webex. Webex is a videoconferencing product. (bleepingcomputer.com)

Data Breaches in the News

ExecuPharm (Vermont company), Ascension Eastwood Clinic (Michigan), GoDaddy, Tesla, BJC Healthcare (Missouri), HomeChef, ChatBooks, Chronicle.com, MobiFriends, US Marshals (former and current prisoners), and Digital Ocean.

• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker/us/reportscam

• File a complaint with the Federal Trade Commission at ftc.gov/complaint

• Report your scam to the FBI at https://www.ic3.gov/complaint

• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration.

• Online at https://complaints.donotcall.gov/complaint/complaintcheck.aspx or call 1-888-382-1222, option 3

• Office of the Inspector General: www.oig.ssa.gov