Real Estate Scam:

A Laramie Real Estate Agent reported a scam impersonating the rightful owner of some land in Albany County. The scam was robust in that the fake owner provided the agent with a Florida driver's license with the Real ID start. The ID had the real owner's previous address. The fake seller even provided assessment information. The background check came up clean because the scammer used the real owner's name and address. The deal went south when the real estate agent asked for a passport to further verify the identity of the seller. CyberWyoming Note: When reporting this scam, the real estate agent asked what else they could do. We suggested implementing KYC (Know Your Customer) procedures for all out of state sellers/buyers. While it isn't perfect, it is more robust.

Asking Questions Helps Everyone:

A Wyoming business leader with an account at a locally owned filling station reported receiving odd emails asking for payment in a different way than normal. They called the filling station owner to alert them and it turned out that their email had been hacked. The hacker was deleting the sent emails so the filling station owner had no record of these fake emails. The filling station owner immediately secured their email account and was really grateful for the notification from his customer. CyberWyoming Note: Always be vigilant and question any unusual communication, especially regarding payment methods, as hackers often manipulate accounts to deceive others. Reporting suspicious activity promptly can prevent further harm and help secure both your and others' accounts.

FBI Warns of Scammers Impersonating the IC3:

The FBI warns of a scam where criminals impersonate employees of the FBI’s Internet Crime Complaint Center (IC3) to defraud victims, often claiming they can help recover lost funds. Between December 2023 and February 2025, over 100 such scams were reported. Scammers use emails, calls, social media, or forums to contact victims, sometimes posing as fellow fraud victims and directing them to fake IC3 officials like “Jaime Quin” on Telegram. The IC3 never asks for payment, communicates via social media, or refers victims to third parties for fund recovery. Victims should report scams to www.ic3.gov and avoid sharing sensitive information or sending money to unknown contacts.
– Brought to you by the FBI
www.ic3.gov/PSA/2025/PSA250418

Fake Google Emails Steal Passwords in New Attack:

Cybercriminals are using Google’s own tools to send fake emails that look like they come from Google, tricking people into giving up their Google account passwords. This scam was first noticed by an Ethereum Name Service developer, who got an official-looking email about a legal request, linking to a fake Google support page on sites.google.com. The attackers use a clever trick to pass email security checks, making the message seem real. If someone clicks the links, they’re taken to a fake Google login page that steals their details, giving attackers access to Gmail, Drive, Photos, and more. To stay safe, don’t click on links from unexpected emails, check if emails are real through other methods, and avoid using Google or Facebook accounts to sign into other sites. Google is now working on fixing the issue after first dismissing it.
– Brought to you by MalwareBytes
malwarebytes.com/blog/news/2025/04/all-gmail-users-at-risk-by-clever-replay-attack

Loss of CVE Funding Could Harm Global Cybersecurity:

Funding for the U.S.-backed Common Vulnerabilities and Exposures (CVE) database, run by the MITRE Corporation, is about to run out, worrying cybersecurity experts worldwide. The CVE system is an important tool that lists and explains cyber weaknesses, helping organizations decide which security problems to fix first. With the U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirming the contract is ending, experts warn this could cause big problems, comparing it to losing a shared language in cybersecurity. Without the CVE, companies and security teams may struggle to manage threats and protect their systems.
– Brought to you by Reuters
reuters.com/technology/us-funding-running-out-critical-cyber-vulnerability-database-manager-says-2025-04-15/

Ex-Disney Employee Jailed for Cyberattack:

Michael Scheuer, a former Disney employee, was sentenced to three years in prison for digital sabotage after being fired in June 2024. He manipulated Disney's internal menu system, falsely labeling foods as allergy-safe, including altering peanut-containing items to appear peanut-free, which could have endangered people with allergies. He also tampered with prices, inserted offensive content, and promoted political messages. Scheuer further targeted employees by locking them out of their accounts and creating a "dox" folder with personal information. Disney detected the tampering before it reached customers, and Scheuer later pleaded guilty, expressing remorse. He was ordered to pay nearly $688,000 in restitution.
– Brought to you by MalwareBytes
malwarebytes.com/blog/news/2025/04/digital-rampage-saw-ex-disney-employee-remove-nut-allergy-info-from-menus-dox-co-workers-and-more

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for SonicWall Secure Mobile Access (SMA) 100 Management Interface. If you use this product, make sure the software (or firmware) is updated.

Data Breaches in the News:

Ascension, Ticket to Cash, Kelly Benefits, and Legends International. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register