Zoom Host Key Hijinks:

A Wyoming resident reported receiving a highly convincing phishing email posing as an official Zoom notification. The message appeared to come from a legitimate Zoom.us email address and used the subject line “Your Zoom meeting host key has been changed.” The email falsely claimed a $989.95 Zoom charge paid via PayPal and urged the recipient to call a provided phone number if the purchase was unauthorized. It also stated that the recipient’s Zoom host key had been changed and included realistic details such as a timestamp and Zoom branding. Although the email looked authentic and initially caused concern, the reporter confirmed by reviewing the full email headers that the message was spoofed. The reporter noted this was a particularly well executed phishing attempt that could easily mislead recipients at first glance. CyberWyoming Note: Do not trust urgent payment or account change emails, even if they appear to come from legitimate domains, and always verify by signing in directly to the official website rather than using links or phone numbers in the message. This case is unusual because the sender appeared to spoof, or possibly misuse, the zoom.us domain itself, underscoring the importance of staying vigilant and reporting suspicious messages.

Fake AARP Renewal Reported:

A Big Horn resident reported receiving a scam email posing as AARP. The message, sent from “AARP//Declined***” with the subject “Membership Expiry Countdown: Less Than 24 Hours,” claimed the recipient’s AARP membership was expiring and requested a $14.99 renewal payment. The resident confirmed they do not have an AARP membership, indicating the email was a scam attempt. CyberWyoming Note: This scam was most likely attempting to pressure recipients into clicking links to steal login credentials and possibly payment information. Never click links or provide personal or financial details in unsolicited emails, and always verify membership notices directly through the organization’s official website or trusted contact information.

Staying Safe Online When Money is Tight:

Staying safe online doesn’t require expensive tools, even during financial hardship. By using strong, memorable passwords, enabling free multi-factor authentication, keeping secure browsers updated, and being cautious on public Wi-Fi or shared devices, you can protect your personal information at no cost. Limiting what you share online and learning to recognize common scams further reduces risk. Small, consistent actions can provide meaningful security, helping you maintain control, privacy, and peace of mind regardless of your financial situation.
– Brought to you by FightCybercrime.org
fightcybercrime.org/blog/staying-safe-online-when-money-is-tight/

FBI Warns of Officials Impersonation Scams:

The FBI warns that since 2023, malicious actors have been impersonating senior U.S. officials, including government leaders and members of Congress, to target individuals through SMS and AI-generated voice messages. These attackers often move communication to encrypted apps like Signal, Telegram, or WhatsApp to request sensitive information, authentication codes, personal documents, or money transfers. Individuals are advised to verify contacts independently, carefully examine messages for subtle inconsistencies, avoid sharing sensitive data or funds, enable multi-factor authentication, and report suspicious activity to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov/ or relevant security officials.
– Brought to you by FBI’s Internet Crime Complaint Center (IC3) www.ic3.gov/PSA/2025/PSA251219

Montana Targeted in International ID Fraud:

Zahid Hasan, 29, from Dhaka, Bangladesh, has been federally charged for running online marketplaces that sold digital templates of fraudulent identity documents, including U.S. passports, social security cards, and Montana driver’s licenses, used by cybercriminals worldwide. Operating sites like TechTreek and EGiftCardStoreBD from at least 2021 to 2025, allegedly earned over $2.9 million from more than 1,400 customers, accepting Bitcoin payments for documents priced between $9 and $14.05. He faces nine counts, including transfer of false IDs, false use of a passport, and social security fraud, each carrying significant prison terms and fines. U.S. authorities have seized three of his domains, and the case is being prosecuted with FBI and international law enforcement support.
– Brought to you by the U.S. Attorney's Office, District of Montana
www.justice.gov/usao-mt/pr/man-charged-operating-online-marketplaces-selling-fraudulent-montana-drivers-licenses

How AI is Automating Romance and Crypto Scams:

AI is increasingly being used to automate and enhance romance and crypto scams by making them faster, more scalable, and more convincing. Instead of inventing new fraud tactics, scammers use AI to automate conversations, personalize messages, and manage many victims at once, strengthening trust and perceived legitimacy. AI-generated profiles, tailored emotional responses, realistic investment explanations, fake dashboards, and even deepfake images, audio, or video all help reduce suspicion and increase credibility. By analyzing public data, AI also helps scammers identify and target vulnerable individuals more efficiently. Overall, AI lowers operational risk for criminals while amplifying harm, highlighting the need for stronger education, detection, and cross-sector collaboration to counter these evolving threats.
– Brought to you by FightCybercrime.org
‍fightcybercrime.org/blog/how-ai-is-automating-romance-and-crypto-scams/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Mozilla, Microsoft, Fortinet, Google Chrome, and Adobe. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Instagram, Manage My Health, Gulshan Management Services, BreachForums, and Betterment. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register