Friendly Faces, Dangerous Links:

A Wyoming business reported a phishing scam in which an email appeared to come from a coworker’s legitimate email address and invited recipients to click a link to “Review PDF.” After identifying it as fraudulent, the business sent a warning to potentially affected employees advising that the message was not authorized and instructing them not to respond, click links, or download attachments. CyberWyoming Note: Be cautious of document signature and file-review scams, which are common and often appear to come from trusted contacts. Even if an email looks legitimate, always verify unexpected requests through another channel such as calling the sender or contacting them via a separate email before clicking links, opening attachments, or signing documents.

Job Scam Texts Circulating:

A Laramie resident reported receiving a scam text message from a Puerto Rico area code sent to multiple similar phone numbers. The message claimed to be from “Seraphina from Robert Half” and advertised a remote job that could be done on a mobile phone. It promised minimal work hours (60–90 minutes per day), unusually high guaranteed income ($100–$3,000 per day), free training, and paid vacation. The text instructed recipients to reply “YES” to a Los Angeles–area phone number. CyberWyoming Note: Be cautious of unsolicited job offers sent by text, especially those promising high guaranteed income for minimal work. We have been seeing a lot of these scams recently, often impersonating many different companies. Do not reply or share personal information and instead report the message and block the sender.

Start Your Year Off Safe:

As we step into a new year, it’s the perfect time to refresh your habits, including your online security. Good cyber-hygiene can help protect you from identity theft and other digital threats, keeping your personal information safe throughout the year. Start the year off right by testing your knowledge with the Identity Theft Resource Center's (ITRC) Cyber-Hygiene Quiz and discover simple steps to strengthen your online safety in 2026. Take the quiz! – https://www.idtheftcenter.org/are-you-cyber-safe/ CyberWyoming Note: Make January your unsubscribe month and clean up your inbox. With less spam, you will be more likely to recognize scams.

DocuSign Phishing Ranks as the Top Inbox Threat:

A recent StrongestLayer analysis identifies DocuSign impersonation as the leading phishing threat in corporate inboxes, appearing in 13.8% of over 2,000 attacks that bypassed enterprise email security, including Microsoft 365 and gateways like Mimecast and Proofpoint. These attacks often target industries relying on time-sensitive electronic signatures, such as legal, finance, and healthcare, aiming to steal Microsoft 365 credentials. The attacks are hard to detect because each email looks different, sometimes even using AI to make them seem real, and normal email security tools often fail to stop them. Experts say companies need stronger protections that check not just who sent the email, but whether it’s actually safe to open.
– Brought to you by SC Media
‍www.scworld.com/news/docusign-phishing-ranks-as-top-inbox-threat-analysis-finds

FBI Warns of Fake Proof-of-Life Scams:

The FBI warns about virtual kidnapping scams where criminals use altered photos or videos from social media as fake “proof of life” to demand ransom. Scammers often threaten violence and create urgency, sending media that may contain subtle inaccuracies like missing tattoos or distorted body features. To protect yourself, be cautious when posting missing person information online and avoid sharing personal details with strangers. Establish a secret code word with your loved ones for safe communication, and be wary of scammers creating a false sense of urgency. Always try to contact your loved one before considering any ransom payment. If targeted, victims should document all communications and report the incident to the FBI’s Internet Crime Complaint Center at www.ic3.gov.
– Brought to you by IC3
‍www.ic3.gov/PSA/2025/PSA251205

Why Banks Miss Scams Driven By Emotional Manipulation:

Banks are highly effective at catching fast, obvious fraud like stolen cards or unusual purchases, but they struggle with scams that unfold slowly and exploit emotions, such as romance or crypto scams. Traditional fraud detection focuses on unusual patterns in transactions, not the psychological manipulation behind them. Victims sending money willingly appear normal to algorithms, making authorized push payment fraud invisible to banks. While AI and behavioral analytics are improving detection, scammers are evolving just as quickly. Preventing these scams requires more than automation. It needs human intervention, empathy, and a focus on customer well-being. Blending technology with trauma-informed human oversight can help banks recognize distress, stop more fraud, and protect both money and people.
– Brought to you by Fightcybercrime.org
‍fightcybercrime.org/blog/why-banks-miss-scams-driven-by-emotional-manipulation/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for WatchGuard Fireware OS. If you use this product, make sure the software is updated.

Data Breaches in the News:

Goldman Sachs Group Inc., Aultman Health System, and WIRED. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register