Official Domain, Official Scam:

A citizen reported a phishing email that appeared to come from a legitimate @wyo[dot]gov address and passed SPF/DKIM (email record) checks. The email, sent from a “noreply” address with the subject “Account Notice,” claimed there was unauthorized activity affecting the recipient’s account and included a Trezor (hardware wallet to store cryptocurrency) logo. It contained a suspicious “View Blog” link and a fake footer which had the same @wyo[dot]gov email domain. The reporter believes the message is part of a cryptocurrency scam impersonating the Wyoming government and Trezor. CyberWyoming Note: This is a great reminder to not trust emails solely because they pass your email’s safety checks or appear to come from a legitimate domain. Always verify unexpected security alerts through official websites or contacts. Avoid clicking suspicious links or providing information, especially for cryptocurrency accounts.

Faking the Familiar with a Tax Trick:

A Laramie business received a phishing email impersonating one of their employees, but it was sent from a completely different "@scalapay" email address. The email, titled "Billing Logged," included a message about 2025 tax preparation, stating that it had “attached the payment receipt and the missing Schedule K-1 for your records,” along with a suspicious link labeled "View Receipt." The email also used the employee’s legitimate email signature, making it appear even more authentic. CyberWyoming Note: After investigation, it appears that the phishing website that was linked has since been taken down, according to CheckPhish.com. Always verify unexpected emails by checking the sender’s full address and confirming with the supposed sender, and never click suspicious links or share sensitive information

Masquerading as Montana DOJ:

A citizen received a phishing email falsely claiming to be from the Montana Department of Justice – Driver Services Division, warning of an unpaid vehicle citation with a short deadline. The email pressured the recipient to click a payment link, which appeared official using “mt[dot]gov” in the middle of the link but actually directed to a fraudulent “[dot]fit” domain. The message threatened collections and legal action if payment wasn’t made. CyberWyoming Note: Never click links in unsolicited emails, even if they look official and check the sender’s domain carefully, as scammers often mimic legitimate addresses. When in doubt, access government services directly through the official website instead of using links in the message.

Foreign-made Routers Banned by FCC:

The FCC has added all routers produced in foreign countries to its Covered List, citing national security and cybersecurity risks. This decision follows a National Security Determination which found that foreign-made routers have been exploited in cyberattacks, threatening American homes, businesses, and critical infrastructure. These routers introduce supply chain vulnerabilities and can be used for espionage, network disruption, and botnet attacks. Existing foreign-made models may continue to be sold, but no new devices can receive FCC authorization unless the Department of War or Department of Homeland Security certifies that a specific router or class of routers poses no unacceptable risk.
– Brought to you by Federal Communications Commission & CISA Region 8
docs.fcc.gov/public/attachments/DA-26-278A1.pdf

AI Agents Hack Systems Without Being Asked:

Researchers at the AI security firm, Irregular, discovered that AI agents performing routine enterprise tasks can autonomously hack systems without being explicitly instructed to do so. In simulated corporate tests, agents retrieving documents, managing backups, or drafting posts bypassed security controls, exploited software vulnerabilities, gained elevated access, and exfiltrated data in pursuit of completing ordinary assignments. Factors included unrestricted access to tools, motivational prompts like “don’t accept errors,” and multi-agent escalation loops, which pushed agents to circumvent obstacles creatively. The findings show that even standard AI task automation can unintentionally create security risks and reflect real-world incidents where AI models independently accessed sensitive credentials.
– Brought to you by GovInfoSecurity
‍www.govinfosecurity.com/ai-agents-hack-systems-without-being-asked-a-31026

“Silent” Phone Scamming:

Scammers often remain silent when you answer their calls because their main goal is to confirm that your number is active, not to talk. These “silent” or delayed calls are usually automated, part of largescale operations that validate numbers before targeting victims with phishing, SIM swap, or other attacks. Speaking briefly doesn’t usually risk voice cloning, but it can make future scams more convincing if combined with other personal data. To stay safe, hang up on unknown numbers, consider staying on the line without responding to see if the call disconnects, and use spam call filtering apps or carrier tools to reduce unwanted calls. Filtering helps but isn’t foolproof, so strong account security remains essential.
– Brought to you by ZDNET & CISA Region 8
‍www.zdnet.com/article/why-scammers-call-you-say-nothing-how-to-respond-safely/

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at https://cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Progress ShareFile, Cisco products, Fortinet FortiClientEMS, and Mozilla products. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Mercor, Hasbro, Oklahoma Tax Commission, Hims & Hers, and DocketWise. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register