Facebook Marketplace Manipulation:

A Sheridan resident reported a Facebook Marketplace scam involving a fake Venmo payment scheme. The scammer quickly responded to a Marketplace listing and claimed they attempted to pay via Venmo, then sent an email impersonating Venmo that falsely stated the seller needed to upgrade to a business account for $300 to receive funds. After additional text exchanges and a phone call, the scammer gave a confusing explanation and claimed they would pay the fee, but hung up when questioned. The reporter noted they researched the interaction and found that this is a frequently used scam tactic. CyberWyoming Note: The reporter did a great job questioning their story and noticing the red flags. Users should always verify payment status directly in the official app or website instead of through links or emails sent by the other party and should never send money or “upgrade fees” based on emailed instructions, since legitimate services like Venmo do not require upgrades to receive payments. If something seems suspicious, users should stop communication and report the account through the platform’s official reporting tools.

eSignature Request Trap:

A Laramie business reported receiving a suspicious email claiming to be an “eSignature request” for an RFQ submission, stating that they had shared documents for review and inviting the recipient to click a “Review Document” link. The message appeared to come from Google Workspace and included branding and an address associated with Google LLC. CyberWyoming Note: When checking the embedded link on CheckPhish.com, it was flagged as a phishing site designed to trick users into entering their Google login credentials. The sender appeared to be a real person, which suggests their email account was likely compromised and used to mass-send the scam to contacts. The scam is becoming more prevalent, particularly among Wyoming businesses, and users are advised to change passwords if compromised, make sure two-factor authentication is on, and check email forwarding rules for unauthorized changes. If you receive a similar scam email, do not click any links or open attachments, and instead verify the request directly with the sender through a trusted contact method before taking any action.

Boss Level Scam:

A citizen reported receiving a scam email impersonating their boss. The message came from “SWIFT RESPONSE!” using a suspicious Gmail “workstation” address and had the subject line containing the real boss’s name. The email said, “Could you let me know the current number you use for text? I want to make sure I’m getting to you on the appropriate one.” The recipient recognized several red flags, including the incorrect sender information and the fact that their actual boss already had their correct phone number, as they had recently communicated by text. CyberWyoming Note: This is a common impersonation scam in which scammers pose as bosses or authority figures to move conversations to text messages, where they may attempt to obtain sensitive information or request money through gift cards or payment apps. Always verify unexpected requests through a trusted communication method before responding.

Fraudulent Court Notice Circulating:

The Cheyenne Police Department has recently issued a scam alert warning the public about a fraudulent “court enforcement” notice being circulated. CPD says notice is not legitimate and is designed to appear official in order to pressure people into making payments or scanning suspicious QR codes. Authorities emphasize that people should not scan unknown QR codes, should not send money in response to unsolicited notices, and should verify any court-related issues directly through official court contacts. They also encourage reporting suspicious activity to local law enforcement. Scammers often use official-looking logos, court names, and urgent language to appear credible, so the public is advised to confirm any questionable notices using verified phone numbers or websites.

Why Cybercrime Victims Are Blamed and What We Can Do About It:

Cybercrime victims often lose life-altering mounts of money, yet they are frequently met with shame and blame instead of support. This victim-blaming stems from misunderstandings about how sophisticated modern scams are, the false belief that “smart people don’t get scammed,” and psychological biases like the just-world hypothesis that make people assume victims must have done something wrong. Media coverage and even recovery systems can unintentionally reinforce this stigma by focusing on victims’ decisions rather than criminals’ tactics. As a result, victims are discouraged from reporting, which limits awareness and prevention. The issue mirrors past patterns seen with domestic violence and sexual assault, where cultural attitudes gradually shifted over time through advocacy and education. Addressing cybercrime stigma requires similar cultural change: better public education about scams, awareness of personal bias, less judgmental language, and stronger support for victims and advocacy organizations so responsibility is placed on perpetrators, not those they harm.
– Brought to you by FightCybercrime.org
‍fightcybercrime.org/blog/why-cybercrime-victims-are-blamed/

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at https://cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Apache HTTP Server, Mozilla Products, Adobe Products, Apple Products, Microsoft Products, and Fortinet Products. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Zara and Foxconn. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register