Impersonation Has Entered the Boardroom:

A Northern Wyoming organization reported a spear-phishing attempt targeting one of its board members. The attacker impersonated another board member using a fake Gmail address containing “president” and sent an email with the subject about a newsletter publishing expense. The message claimed the board treasurer (mentioning them by name) was unavailable and asked the recipient to cover the cost via ACH or wire transfer, promising reimbursement later. The organization was concerned the scammer may have obtained names and email addresses from publicly available sources, such as their website. CyberWyoming Note: If you receive a message like this, verify the request through a separate, trusted contact method before taking action, especially if it involves money transfers or reimbursements. Be cautious about the information your organization shares publicly online, and avoid posting unnecessary staff or board member details that could be used for impersonation. Unfortunately, even when organizations limit the information they share publicly, scammers may still be able to gather details from other online sources, so it is important to stay cautious with messages involving reimbursements or payment requests.

Bogus Electrical Bill:

A Sheridan County citizen reported receiving a scam email from someone identifying themselves as “Daquan Kerman” with the subject line “[Shore Village Electrical Ltd] Payment Receipt.” The email instructed the recipient to view an attached invoice for alleged services provided in Newbury Park, California, and referenced a contact named “Charles M. Warden” from the “Financial Department” of “Evergreen Cleaning of Missoula MN Partners” located at “153 S Roselle Rd, IL.” There was also an attachment titled “Payment_Receipt_View_INVOICE.” Further research determined there is no official business registered as “Shore Village Electrical Ltd.” The message also contained multiple inconsistencies and red flags, including incorrectly referencing “Missoula, Minnesota,” despite Missoula being located in Montana, and using a business name similar to, but not matching, a legitimate cleaning company in Missoula. CyberWyoming Note: The email is believed to be a fraudulent attempt to trick recipients into opening a malicious attachment or sending payments. Do not open unexpected email attachments or click links from unknown senders, especially with requests involving invoices or payments.

‘Password Expiring’ Trick Strikes Again:

A Wyoming business reported a phishing email that impersonated Microsoft 365. The message used the recipient’s real name and email address to appear legitimate and falsely claimed their email password would expire in three days. It urged the user to click a “Keep My Password” button to avoid losing access and included a disclaimer to seem official. CyberWyoming Note: The goal is likely to trick the recipient into clicking the link and providing Microsoft login information. Legitimate password changes are prompted during the normal login process, not through an unsolicited email. If you receive a similar message, do not click any links and go directly to the official Microsoft website to verify your account status.

Canvas Cyberattack Raises Concerns Across Wyoming Higher Education:

On March 6, the University of Wyoming warned students and staff about a nationwide cybersecurity incident involving Instructure, the vendor behind the Canvas learning management system used for WyoCourses, WyoLearn, and WyoGroups. UW said it had no confirmation that its own systems or data were directly compromised, but cautioned the campus community to be alert for phishing emails that could appear legitimate by referencing real courses, faculty, or students. Later that day, Northwest College’s IT director clarified that the breach did not affect Northwest College because it uses Moodle rather than Canvas, though they noted the broader attack was significant: the hacking group ShinyHunters reportedly targeted Instructure in a supply-chain style attack affecting roughly 275 million users and 9,000 educational institutions worldwide. The email also highlighted a growing cybersecurity trend in which attackers focus on major third-party vendors instead of individual schools, citing previous alleged breaches linked to ShinyHunters involving Salesforce, Infinite Campus, and McGraw Hill.

Consumers Lost $2.1B to Social Media Scams in 2025:

A new report from the Federal Trade Commission found that Americans lost $2.1 billion to social media scams in 2025, with losses increasing eightfold over recent years and surpassing those from any other scam contact method. Nearly 30% of scam victims said the fraud began on social media, with Facebook accounting for the most reported losses, followed by WhatsApp and Instagram. Shopping scams were the most common, often involving fake ads for discounted products or counterfeit versions of well-known brands. Investment scams also caused major harm, leading to $1.1 billion in losses through fake investment advice, fraudulent online groups, and fabricated testimonials. Romance scams were another significant threat, with nearly 60% beginning on social media, where scammers built trust before requesting money or steering victims toward fake investment platforms. The FTC recommends protecting against these scams by tightening social media privacy settings, avoiding investment advice from online strangers, and researching unfamiliar companies or products before making purchases.
– Brought to you by TechCrunch & CISA Region 8
‍techcrunch.com/2026/04/27/consumers-lost-2-1-billion-to-social-media-scams-in-2025-ftc-reports/

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at https://cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Gemini, SimpleHelp, Samsung MagicINFO 9 Server, WebPros cPanel & WHM and WordPress Squared. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Instructure (Canvas), Frontwave CU, Ameriprise Financial, and Trelix. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register