3 replies to this topic

[360texas]

A month ago or so The City of Fort Worth Water Department, working with their management company ask us to start using their new portal to check our water usage.
That required us to go to their new portal and create a new login and password to (I think) their management company server.  During the registration process I was asked to click on a button - I did and I was asked to download something about a secure VPN (virtual private network).  Well it did download and install a VPN software. I did do a google search on Wildfire VPN and found that there is a legal free limited version (probably the one the Water Departments company) Catch is there is a monthly pay upgrade VPN version.

 

Good thing I did not activate it.  Its called Wildfire VPN 1.0.2 (166mb).   I did remove Wildfire from my Windows Startup folder. Now it does not ask me 'register' .  Its just sitting there doing nothing but taking up space.

Iam asking the forum if anyone else had this experience with the City of Fort Worth Water Department's management company and FREE VPN software ?

 

Today found that McAfee trapped a Wildfire virus.  I did do a screen capture but I can't just drop and drag it here in this comment.  So:

McAfee reads:
------------------------------------------------
Virus Threats fixed (1)
Real Protect- LS!7553a5b88fff
File location:  C:\Program Files\VPN\WildfireVPNInstaller\WildfireInstaller.exe 
------------------------------------------------

 

AND: It sort of looks like WildfireInstaller.exe was trying to install itself and McAfee read that as suspicious activity like a virus.
I am now uninstalling Wildfire. In Windows Control Panel-Programs and Features If you uninstall WildfireVPNinstaller.... click to uninstall the 7.59 MB not the program166mb file.

And in your virus protection program do and 'clean' your Registry.  And doing a virus scan.

 

Talked to my Son over in Arkansas about Wildfire VPN software.  He is with J.B.HUNT as computer program developer) mentioned it would be a wild guess, but maybe during the COFW management company registering process might have been giving away free VPN Wildfire software in hopes unsuspecting folks would just upgrade to the pay version as a revenue generator.  Just guessing.

Hmmm time to go walk the cat ?

 

[steave]

Hmmm

 

To me that sounds a lot like a phishing scam. Go find the original email that instructed you to sign up for their portal and see if there's anything funny looking about it. Check the sender's email address, if it's not a normal city or management company address that's a red flag . Also if there are spelling errors or the formatting is messy or odd.

 

If it looks funny, I'd go find a known-good phone number or email address to someone from the water department or that management company and ask them if you were supposed to be sent a registration email like that. Then, if you provided any information into a website past a link clicked on that email, like a username and password, I'd go and change that password and check the accounts it goes to for any shady activity because there's a possibility it was compromised.

 

I've never heard of Wildfire VPN before. It's plausible that if the water department has an archaic computer program running on an internal server that you might be asked to set up a vpn, but if that was the case then I 100% guarantee the water department or mgmt. company should have an IT person who will know right away. If they don't, then it's definitely bogus.

[mmmdan]

I searched my email archives and I got the email from the city about the new web portal on June 17.  The email came from this email address:cityoffortworth@public.govdelivery.com

 

This is the weblink to the content of the email:  https://content.govd...lletins/31c3e2c

 

I don't recall if I setup my access to the new portal from a link in the email or if I just went to the city's webpage and navigated to the new portal from there, but I know I just set up the new portal like any other account and there was no download involved.

 

I'm with steave and think you may have been part of a phishing scam.  A google search for "wildfire vpn malware" turns up a lot of hits showing that this is ransomware.  It appears to have been around for a while, so hopefully your McAfee prevented it from doing anything serious.

https://www.mcafee.c...ock-files-free/

 

I am no expert, but I would recommend letting McAfee block this program and downloading and running malwarebytes to help isolate it.  

[360texas]

Apparently we  got a post card in the USPS mail

I too looked back and Yes 23 Jun 22 we sent email to mywateraccount at fortworthtexas.gov asking about the VPN software and we did get this:

 

Subject Reply
Accessing our account.?????

Auto-Response By (06/23/2022 04:34 PM)
Thank you for contacting Fort Worth Water Customer Service.
Customer By Service Email (06/23/2022 04:34 PM)
WARNING: The sender of this email could not be validated and may not match the person in the "From" field.

CAUTION: This email originated from outside of the City of Fort Worth email system. Do not click any links or open attachments unless you recognize the sender and know the content is safe.

CAUTION: This email originated from outside of the City of Fort Worth email system. Do not click any links or open attachments unless you recognize the sender and know the content is safe.

This was my email content
Received USPS mail FortWorthTexas.gov/water card.
Received email about new portal access.
Downloaded VPN information NO we are not using our cell phone for VPN services (secure access)
Tried 6 times to access our account but failed.
YES we did try to change our password using Chrome but failed 6 times

HOW exactly (read step by step) access our account using Windows 10 desktop ?

Frustrated.  Our account is xxxx01-xxx394 account name x  yes we are on AUTOPay  We just need to download our statements.

Thanks for your help
/s/

 

 

----------------------------------------

Thanks to both of you for your suggestions.