Faux Manager:

A Laramie citizen reported a scam email impersonating their boss. The email displayed the boss’s real name in the “From” field; however, the email address was incorrect. Instead of the company’s official email domain, the message came from a generic "companyexecutive" Gmail address. The subject just had the word “REQUEST,” and the message asked the recipient to share their phone number to discuss a task. The reporter noted that their boss already had their phone number and had just texted with them earlier that day. Thankfully, the reporter recognized these suspicious details and reported the email as a scam. CyberWyoming Note: This is a clever phishing attempt, likely designed to obtain the reporter’s phone number so the scammer could request money, such as gift cards, which is a common tactic used by these types of scammers. Always verify unexpected emails by contacting the person through a known method before responding. Avoid sharing personal information or phone numbers with unknown senders.

DocuSign Scam With A Personal Touch:

A Laramie resident reported a phishing email claiming to be from "E-Document Online Signature Service Portal via Xerox Online Document Scanner" with the subject “Signed ACH-Disbursement Addendum.” The email included a fake DocuSign message and an original message supposedly from “Juan Ortega,” discussing therapy arrangements for their child. The message attempted to appear legitimate and personal, including a detailed, emotionally charged note about the child’s therapy needs. It used specific names, dates, and personal circumstances to create a sense of urgency and trust, making it more likely that the recipient would click the embedded link without suspicion. Investigation revealed that the DocuSign link redirected to a suspicious site requiring human verification, and VirusTotal flagged the URL as malicious. CyberWyoming Note: DocuSign scams have become very common lately, so always verify unexpected emails and avoid clicking links or downloading attachments from unknown sources, even if they appear personal or official. Be sure to report suspicious emails as spam and delete them.

Fake Funding Offers:

A Wyoming nonprofit reported receiving two suspicious emails from someone identifying as “Dorothy Lewis.” They were using an unusual email domain which after investigation seemed to be associated with the Igongo Cultural Centre in Uganda. Both emails referenced the nonprofit by name and offered “line of credit and term funding” to support community programs and training events. The messages claimed to help nonprofits manage upfront costs for event logistics, speaker fees, and materials, and requested a short call to discuss options. CyberWyoming Note: This type of scam has become increasingly common, often using publicly available details about a business to make emails appear legitimate, and many are now likely generated with AI to create personalized, convincing messages. Never share financial information or engage with emails requesting calls or payments, especially from unknown or foreign domains.

A Hacker Threat Is Hiding in Your Car's Tire Pressure System:

A 10-week study by researchers at the IMDEA Networks Institute found that the tire pressure monitoring systems (TPMS) installed in most cars made after 2008 can be exploited to track vehicles. By collecting nearly 6 million wireless signals from over 20,000 cars, the team discovered that TPMS sensors continuously broadcast an unencrypted, unique ID that can be picked up from more than 50 meters away—even through walls—using inexpensive radio receivers. Originally mandated by the TREAD Act of 2000 for safety, TPMS was not designed with security in mind, allowing potential hackers to monitor vehicles’ movements, identify driving patterns, and infer daily routines without ever seeing the car. Experts warn this represents a significant but often overlooked privacy risk, adding to broader concerns about data collection in modern vehicles, and urge manufacturers and policymakers to implement stronger protections in future systems.
– Brought to you by CNET
cnet.com/roadshow/news/hacker-threat-hiding-in-car-tire-pressure-system/

Iranian Cyber Attacks Rise After Strikes:

Following a recent U.S. and Israeli air and sea campaign targeting Iranian military and government sites, security researchers warn of an elevated cyber threat from Iran-linked groups. Both state-sponsored actors and hacktivists tied to the IRGC are ramping up reconnaissance, espionage, and disruptive activities such as DDoS attacks, wipers, and phishing, primarily aimed at critical infrastructure in the U.S., Israel, and Gulf Cooperation Council countries. Researchers note that these preliminary actions often signal more aggressive campaigns, with targets including energy, finance, healthcare, and telecommunications sectors. Authorities, including the U.S. Department of Homeland Security and the U.K. National Cyber Security Centre, are actively monitoring the situation and urging organizations, especially those with assets or supply chains in regions of tension, to strengthen their cyber defenses amid escalating threats.
– Brought to you by Cybersecurity Dive
‍cybersecuritydive.com/news/iran-hackers-threat-level-us-allies/813494/

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Android OS, Cisco Products, and pac4j-jwt (JwtAuthenticator). If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

UFP Technologies, CatalystRCM, ManoMano, Pathstone Family Office, LexisNexis, and Mercer Advisors. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register