Fake Traffic Ticket Texts Recirculating:

A Laramie resident reported a scam text message claiming they had unpaid traffic violations in multiple states (including Tennessee and Missouri). The message included an official-looking document and a link urging immediate payment to avoid legal consequences. CyberWyoming Note: The Wyoming Department of Transportation (WYDOT) has warned that these types of messages are part of a “smishing” scam, where scammers impersonate agencies like a “Wyoming DMV” to pressure individuals into paying fake fines or sharing personal and financial information. WYDOT does not send text messages demanding payment or collect ticket fees in this manner. Residents should avoid clicking suspicious links or providing sensitive information and instead verify any concerns directly with official Driver Services offices (https://www.dot.state.wy.us/home.html).

The Free Gift Gimmick:

A citizen reported receiving a suspicious email claiming to be from “Your T-Mobile Gift,” and was sent from a generic Hotmail address instead of an official T-Mobile domain. The subject line promoted a free HP laptop and urged the recipient to claim it through a special T-Mobile offer. The message appeared professionally created and included T-Mobile branding, logos, and product images, stating the recipient had been selected for a limited-time promotion. It encouraged completing a short survey to unlock an exclusive discount or reward, while stressing urgency with repeated mentions of limited stock and time. Multiple buttons throughout the email, such as “Claim Your HP Laptop Now” and “Check Your Discount Now,” all directed to the same external “topoffer” website. CyberWyoming Note: Despite its polished appearance, the mismatched sender address, repeated calls to action, and suspicious links suggest it is likely a phishing attempt intended to get users to click malicious links or share personal information. Do not click on links or provide information in unsolicited emails, especially when the sender address does not match the company it claims to represent. Instead, verify promotions directly through the company’s official website or customer service channels.

IRS Phishing Scam via Zoom Docs:

A business in Laramie reported a likely phishing attempt disguised as an official IRS communication. The email appeared to come through Zoom Docs using a legitimate-looking “@zoom[dot]us” domain and had the subject “Internal Revenue Service invited you to view ‘Internal Revenue Service (IRS).’” The message urged the recipient to click a link to view documents and included a warning that the sender was external to make it appear more official. CyberWyoming Note: Officials have identified similar campaigns where attackers abuse legitimate Zoom Docs links to target accounts, often Microsoft credentials. These emails mimic legitimate file-sharing invitations such as contract proposals or important documents. Because the link leads to a real Zoom domain, traditional warning signs are less obvious, increasing the likelihood of users trusting the message. To protect against such attacks, users should verify the sender by checking the full email address, avoid clicking unsolicited links especially those creating urgency or referencing sensitive entities like the IRS, instead verify any concerns directly through an official website, and use multi-factor authentication.

Social Media Stealing Personal & Financial Info When Users Click Ads:

Researchers warn that social media giants Meta and TikTok use tracking pixels in ads to collect extensive personal and financial data from users, even when they opt out of sharing it. These pixels, embedded on advertiser websites, capture names, locations, credit card details, shopping behavior, and more, creating detailed user profiles for microtargeted advertising. Advertisers often consent to these pixels without fully understanding the legal and reputational risks, leaving them exposed to GDPR and CCPA violations. While Meta and TikTok argue that privacy controls and configuration options exist, experts say the default design maximizes data collection, effectively shifting legal and ethical responsibility onto advertisers.
– Brought to you by the Dark Reading & CISA Region 8
www.darkreading.com/cyber-risk/meta-tiktok-steal-sensitive-pii

Android Flaw Lets Hackers Unlock Phones in Under a Minute:

A serious security flaw, CVE-2026-20435, affects some Android phones with MediaTek processors, letting attackers with physical access unlock devices, bypass encryption, and steal sensitive data like passwords, photos, and cryptocurrency seed phrases in under a minute. The problem happens during the phone’s startup, before its security fully kicks in. MediaTek has released a fix, but phone makers need to send updates to users, so many devices, especially cheaper ones, might not be patched yet. Users can protect themselves by installing updates, keeping physical control of their phone, avoiding storing sensitive data, using strong screen locks, enabling two-factor authentication, using a password manager, and turning on USB-restricted mode if available.
– Brought to you by Fox News
‍www.foxnews.com/tech/android-flaw-lets-hackers-unlock-phones-minute-

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at https://cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Microsoft products, Adobe products, and Fortinet products. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

CareCloud, OneDigital, Rockstar Games, Booking.com, and McGraw-Hill. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register