In this issue:

• Threat of the week: Hang up on bank scams

• Don't bet on it: Fake online casinos

• Data breaches this week

• SPAM example of the week

Hang up on bank scams

A few years ago my husband received a phone call from someone claiming to be from our credit union fraud department. It was late at night, and I heard my husband talking so I went into the living room. I spoke to the person who kept saying that they needed to verify our information to be able to confirm the fraud. Finally I said that I am in cybersecurity, that I didn't see anything improper showing on our account, and that I'll call my credit union directly since I have the phone number memorized. The scammer hung up.

You too may get a call claiming there’s suspicious activity on your account. The caller sounds professional (like our scammer did) and claims to be from the fraud or security department. They will sometimes know your name and will ask you to “verify” details—like your account number, password, or even the one-time passcode (OTP) texted to your phone. They will say it's urgent in order to prevent more fraud from occurring.

Here’s the danger: banks send OTPs to protect you, not to be shared. If someone calls and asks for that code or your banking details, it’s always a scam. By handing it over, you’re giving criminals the keys to your account.

How do you stay safe? Simple: hang up. Then call your bank using the number on the back of your card—not the one the caller gives you. Remember to also be careful in searching for phone numbers online. Be positive you are on your financial institution's legitimate website.

Trust your instincts. If something feels off, it probably is. We could have lost all of our money that evening. It happens to many people every single day. Please don't let it happen to you or your family.

Don't bet on it: Fake online casinos

I stay at casino hotels when I go to conferences, but I never spend more than $20. I've never tried any of the online casinos which are popping up everywhere, but not all of them are what they seem. A growing number of fake ads are appearing on social media, luring people into depositing money on casinos that don’t actually exist. These scams often mimic real casinos or even state regulators, making them especially tricky to spot.

Take Michigan as an example. The Michigan Gaming Control Board recently warned that scammers were creating ads pretending to be from Detroit’s MotorCity Casino. The ads offered eye-catching promotions like $1,500 in bonus funds and 150 free spins—except MotorCity doesn’t even run an online casino. In Florida, the Miccosukee Casino & Resort faced a similar issue. Fraudulent ads claimed the tribal casino offered online gambling, when in reality it doesn’t.

These fake ads aren’t just annoying—they’re dangerous. They’re designed to steal your personal and financial information or steal money when depositing funds for fake credits, and because they’re not regulated, you have no protections if something goes wrong.

So how can you stay safe? Look for red flags:

• Misspelled or slightly altered casino names

• Promises that gambling is legal everywhere

• Promotions that seem “too good to be true”

• Fake seals from regulators like the Michigan Gaming Control Board

• Links that redirect you to shady websites

When in doubt, always check the official website of a legitimate casino. If they really do have an online platform, you’ll find direct links there.

The bottom line: stick with state-licensed online casinos. They’re regulated, held to high standards, and give you a place to turn if you run into problems. Don’t let flashy ads trick you into handing over your money and data to scammers.

Data breaches this week

Most of the time these will be companies that you don’t have any personal data with, but scan the names to make sure you aren’t affected.

West Virginia’s Fairmont Federal Credit Union: 187k people: West Virginia Credit Union Notifying 187,000 People Impacted by 2023 Data Breach

FinWise Bank: 689k individuals: 689,000 Affected by Insider Breach at FinWise Bank

Florida’s Medical Associates of Brevard: 247k people: Nearly 250,000 Impacted by Data Breach at Medical Associates of Brevard

Kering (Gucci and other luxury brands): 7.9M unique emails: Kering Customer Data Stolen, Amid Surge In Cyberattacks Against Luxury Brands

North Carolina’s Goshen Medical Center: 456k individuals: Goshen Medical Center Under Investigation for Data Breach of Over 450,000 Records

Florida’s Retina Group of Florida: 153k patients: Florida patients at risk after major data breach at eye care provider

SPAM example of the week

Here are the things that help to identify it as spam:

• the To address isn’t me

• it wouldn’t know if the photos were of a family

• expiration is spelled wrong

• you can’t register “cloud” as a trademark

• it’s a photo instead of text (that’s hard to tell in my screen capture)

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com