iCloud Panic Scam:

A citizen reported receiving a phishing email from "Payment-Declined", which included the reporter’s name in the email address and used a @keeptouch domain. The email had the subject “Your iCloud ID Has been Blocked! Your Photos and Videos will be Removed” and falsely claimed that the recipient’s iCloud payment had failed, threatening deletion of photos and documents and urging immediate payment updates. It included account details, exaggerated risks, and directed the user to a suspicious offers.info website. CyberWyoming Note: This email is likely designed to trick recipients into providing payment or login information by creating a false sense of urgency. Scammers aim to induce panic and pressure users into acting without thinking. Always verify account issues directly through official services rather than clicking links in unsolicited emails.

Insta-Scam in Your WhatsApp:

A citizen reported receiving a suspected scam message on WhatsApp from an account linked to an overseas phone number with a United Kingdom (+44) prefix. The sender identified itself as an “Instagram Business Account” and claimed the recipient needed to reset their Instagram password, providing a link using an .me domain. The message included additional text stating that the business uses a “secure service from Meta to manage this chat,” along with an attached image resembling an Instagram profile. The image displayed a verification badge and options to block or view the profile, making the message appear legitimate. CyberWyoming Note: Be cautious of unsolicited messages claiming to be from social media platforms, especially those that arrive through WhatsApp or urge urgent actions like password resets. Always verify alerts by going directly to the official app or website and never click links or trust verification badges in messages, as these can be easily spoofed. Also, ensure two-factor authentication (2FA) is enabled on Instagram, other social media accounts, your email, and your bank accounts.

Fake Microsoft Teams and Google Meet Downloads:

Cybercriminals are targeting people in the financial world by tricking them into downloading malware disguised as popular apps like Microsoft Teams, Google Meet, PuTTY, and WinSCP. They use fake websites and online ads to make these downloads look real. Once installed, the malware, called Oyster (or Broomstick), secretly gives attackers access to your computer and keeps running even after you restart it. Some fake installers even used official-looking certificates to appear legitimate. This threat has been active since at least late 2024 and is linked to ransomware groups, meaning it’s very dangerous and likely to continue. The safest way to protect yourself is to only download apps from official websites.
– Brought to you by HackRead
‍hackread.com/fake-microsoft-teams-google-meet-download-oyster-backdoor/

Spotting Work-From-Home Scams:

Many work-from-home job listings that promise high pay with little experience are scams, which have surged since 2020, causing losses to jump from $90 million to $501 million by 2024, according to the FTC. Scammers often mimic real companies or invent fake ones, sometimes asking for upfront fees or using you to launder money, and may even send checks to cover “expenses.” To stay safe, verify job listings through official company channels, research the employer online, ask detailed questions about pay and requirements, and never share personal or financial information until the offer is confirmed legitimate.
‍– Brought to you by AARP Fraud Network
aarp.org/money/scams-fraud/text-alerts.html

New WhatsApp GhostPairing Scam:

A new WhatsApp attack known as GhostPairing uses social engineering rather than password theft or technical exploits to give hackers full and silent access to accounts. Victims are tricked into clicking messages that lead to fake Facebook pages where they enter their phone number and unknowingly share a WhatsApp device linking code, allowing attackers to add a rogue linked device. Once connected, attackers gain persistent access to messages, media, and sensitive information. First seen in Czechia, the attack is now spreading internationally. Users can protect themselves by never sharing verification codes, enabling two-step verification, and regularly checking Settings > Linked Devices to remove anything unfamiliar.
– Brought to you by Forbes
‍forbes.com/sites/zakdoffman/2025/12/17/new-whatsapp-attack-hackers-gain-full-access-to-accounts/

Organizations Can Now Buy Cyber Insurance That Covers Deepfakes:

Cybersecurity insurers are now beginning to address the emerging threat of AI-generated deepfakes, which are increasingly being used to deceive businesses and damage reputations. These synthetic videos, images, and audio clips can impersonate executives, prompt fraudulent transactions, or spread false information about companies. While such attacks are still relatively rare and highly targeted, they are more convincing than traditional phishing because AI can mimic voices and behaviors with startling authenticity. Experts warn that as AI tools become more powerful and accessible, deepfake-enabled fraud could soon become a common challenge for businesses of all sizes, fundamentally changing the landscape of cybercrime and corporate security.
– Brought to you by CyberScoop
‍cyberscoop.com/url-coalition-cybersecurity-insurance-coverage-deepfakes-reputational-harm/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) haven’t published a patch now (update your software) alert in the past week, but CyberWyoming noticed that Google’s Chrome browser requires an update. If you use this product, make sure the software is updated.

Data Breaches in the News:

CareOregon, Korean Air, NordVPN, Salesforce DB, Sax Financial Services, Singing River Health System, Trust Wallet, Neighbourly, Sedgwick, and Ledger. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register