Self-Sent Password Expiration:

A Sheridan resident reported a phishing scam email that appeared to come from their own email address. The message claimed their Microsoft email password was about to expire and urged them to “retain current credentials” via a link, warning that inactive accounts would be deactivated within 24 hours. Several red flags included unusual capitalization and spacing, a non-official sender, and the misleading urgency. CyberWyoming Note: The goal is to trick the recipient into entering their login credentials. Legitimate companies like Microsoft typically don’t send emails asking users to update passwords this way. Instead, they prompt changes during the normal login process. If you receive a similar message, don’t click any links and go directly to the official Microsoft website to verify your account status.

Fake PayPal Payment:

A resident of Laramie reported a phishing scam email sent by someone using the name “Alia Tariq” from an @icb-eg address. The email had the subject “Your order Transaction is now confirmed and paid” and claimed an invoice for a recent purchase was attached, along with a Colorado phone number. The attachment appeared to be a fake PayPal invoice. The message was also sent to about 20 similar email addresses in what looks like a bulk, alphabetized distribution. CyberWyoming Note: If you receive a similar email, do not open the attachment or call the listed number. Instead, verify any supposed charges directly through your account on PayPal or the official website, and report the message as spam or phishing.

Boss in Name Only:

A resident of Laramie reported a phishing attempt where scammers impersonated their boss. The email came from a suspicious Gmail address (“internalmanagement0”) under the name “URGENCY,” used a subject line referencing the boss, and asked the recipient to share their cell number so they could continue the conversation by text. CyberWyoming Note: This scam was likely trying to move the conversation off email to make further requests like gift cards, money, or sensitive information. If you get a message like this, don’t respond or share details; verify the request directly with your boss using a known phone number or official email, and report the message.

Booking.com Breach Gives Scammers What They Need to Target Guests:

Booking.com has warned customers of a data breach after attackers accessed reservation information through compromised hotel partners using phishing malware, exposing names, contact details, and booking data that can be used for convincing scams. Security researchers attribute the attack to a group using fake IT “fix” emails to infect hotel staff systems, then leveraging stolen data to impersonate hotels and pressure guests into making fake payments. Similar scams have caused significant financial losses in recent years, and the incident highlights a broader pattern of vulnerabilities in the travel industry’s third-party systems. Booking.com advises users to ignore unexpected payment requests, verify bookings directly with properties, and monitor financial accounts for suspicious activity.
– Brought to you by Malwarebyteswww.malwarebytes.com/blog/data-breaches/2026/04/booking-com-breach-gives-scammers-what-they-need-to-target-guests

Investment Scams That Promise Big Returns Deliver Devastation:

In 2024, investment fraud, especially crypto-related scams, caused more financial losses than any other type of scam, totaling about $5.7 billion, and likely much more due to underreporting. These scams often start with harmless-looking wrong-number messages that slowly develop into trusted relationships and eventually lead victims to “can’t miss” cryptocurrency investment opportunities. Scammers may allow small early withdrawals to build credibility before disappearing when larger withdrawals are attempted, often citing fake taxes or fees. The scams rely on long-term manipulation and secrecy, so people are advised not to respond to unknown messages and to treat secrecy or pressure as warning signs. Victims should quickly contact their financial institutions and report the crime to law enforcement to improve chances of recovering funds and help prevent further cases.
– Brought to you by AARP Fraud Network
aarp.info/fwnInvestmentScams26

The Dumbest Hack of the Year Exposed a Very Real Problem:

A cyberattack on Bluetooth-enabled crosswalk buttons in Silicon Valley and beyond exposed how poorly secured some public infrastructure systems are. An unknown hacker exploited weak or default passwords to upload spoofed audio at intersections, including fake messages from Mark Zuckerberg and Elon Musk, before the incident spread to other cities like Seattle and Denver. The prank disrupted pedestrian signals but mostly left functionality intact, prompting embarrassment and confusion among local officials who realized they lacked clear cybersecurity standards and accountability in their contracts with vendors. Investigations stalled due to limited logging and surveillance, while the manufacturer, Synapse ITS (which acquired Polara), said the issue stemmed from poor password practices and has since tightened security requirements. The incident highlighted broader concerns about outdated security practices in widely deployed transportation technology.
– Brought to you by WIRED & CISA Region 8
www.wired.com/story/crosswalk-city-hack-cybersecurity-lessons/

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at https://cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome. If you use this product, make sure the software (or firmware) is updated.

Data Breaches in the News:

Vercel and Rocky Mountain Associated Physicians. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register