Tracking Trouble:

A citizen reported receiving a scam email claiming to be from "Package Tracking" with the domain @firebaseapp. The email, titled "📦 Delivery Details", falsely informed the recipient that their order had shipped and included clickable links to "Track My Order" and view the order number or estimated delivery date. CyberWyoming Note: Upon investigation using Checkphish.com’s URL scanner, all links directed to a fraudulent site resembling a package tracking page (analyze-packaging[dot]store) where users could enter their tracking number. Never click links in unexpected emails even when claiming to be package updates; instead, verify shipments directly through the official retailer’s website. Always check URLs carefully, as scammers often mimic legitimate tracking sites to steal personal information or money.

Bogus CitiBank “Geeksquad” Card Offer:

A citizen reported receiving a scam email from someone named “Blake” using a personal Gmail address, claiming to confirm a CitiBank application for a “Geeksquad credit card” and requesting a $399.99 processing fee. The email included verification instructions asking for the recipient’s SSN and provided a toll-free number (877) to “cancel” the application if it was unauthorized. CyberWyoming Note: Investigation revealed that the phone number is not associated with any legitimate company; the 877 area code is a generic toll-free code that can be easily obtained by anyone. The odd number, language, scare tactics, and formatting indicate that this was a scam likely attempting to steal money through a fake processing fee and collect personal information, especially the victim’s SSN, for identity theft. Never respond to unsolicited emails requesting money or personal information and always verify contacts through official company channels before taking any action. Avoid calling numbers or clicking links in suspicious emails, as scammers often spoof legitimate brands to steal your data.

TamperedChef Malvertising Campaign:

A TamperedChef attack used Google Ads and other online ads to trick people into downloading a PDF editor that secretly stole passwords and other sensitive information from their computers. The malware was hidden in software that looked legitimate and used tricks to avoid being detected. The easiest way to stay safe is to not click on any ads. If something seems interesting, type the website address directly into your browser instead. This small extra step goes a long way in keeping your computer and accounts safe.
– Brought to you by CISA Region 8 & Sophos
‍www.sophos.com/en-us/blog/tamperedchef-serves-bad-ads-with-infostealers-as-the-main-course

149 Million Passwords Found in Exposed Database:

A security researcher, Jeremiah Fowler, uncovered an unprotected online database containing roughly 149 million stolen usernames and passwords. The information likely came from computers infected with malware that secretly record what people type or steal saved login details. The exposed database included logins for major services like Gmail, Facebook, Instagram, Yahoo, Netflix, financial institutions, crypto wallets, and even some government (.gov) accounts, and it continued growing until it was finally taken offline. Although the site hosting the data eventually shut it off, experts warn the damage isn’t over because the stolen passwords may still work and could already be in criminals’ hands, showing how important it is for people to use antivirus software, system updates, and cautious app installation.
– Brought to you by PC Mag
www.pcmag.com/news/database-containing-149-million-stolen-passwords-exposes-malwares-reach

U.S. Cybersecurity Experts Plead Guilty in Ransomware Case:

Two U.S. cybersecurity professionals, Ryan Goldberg and Kevin Martin, have pleaded guilty to conspiracy to commit extortion for their roles as affiliates of the BlackCat/Alphv ransomware group, according to the Justice Department. While employed at well-known incident response and threat intelligence firms, the men helped hack victim companies, steal data, and deploy ransomware, earning millions in illicit payments, including a $1.2 million Bitcoin ransom from one victim. As affiliates, they paid a share of their proceeds to BlackCat operators in exchange for access to the ransomware tools and extortion platform. They face up to 20 years in prison, with sentencing scheduled for March 2026.
– Brought to you by SecurityWeek
www.securityweek.com/two-us-cybersecurity-pros-plead-guilty-over-ransomware-attacks/amp/

What Can a Scammer Do With Your Banking Information?

Scammers can use your banking information in multiple harmful ways, even if they only have your account number. Alone, it may not allow them to directly access your funds, but it can help create fake documents or lend legitimacy to fraud. If they also have your bank’s routing number or institution name, the risk increases significantly. They could attempt unauthorized transfers, create counterfeit checks, make online purchases, launder money, or impersonate you to collect more personal information. To protect yourself, share account details only with trusted parties, use secure portals, enable transaction alerts, and employ strong passwords and multi-factor authentication. Early detection of unusual activity and prompt action by contacting your bank, documenting suspicious transactions, and involving authorities are key to minimizing damage and recovering from fraud.
– Brought to you by Identity Theft Resource Center
www.idtheftcenter.org/post/what-can-a-scammer-do-with-your-banking-information/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Microsoft Office and SolarWinds Web Help Desk. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Nike, Crunchbase, and SoundCloud. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register