Text Message Scam Alert – High Touch Fraud Attempt:

A bank in Northeastern Wyoming has reported a recurring text message scam involving messages from a 901 area code (Memphis, TN). The messages typically read: “We noticed a charge of $1,350.45 at Pbuy7 on your card. If this isn’t you, visit [link] to cancel or decline.” While the dollar amount, vendor name, and sender’s phone number may vary between messages, the format remains consistent. Multiple customers have reported receiving these texts.

Red Flags to Watch For:

These texts claim to be from a Wyoming bank but come from a Tennessee area code. The link provided is a random, unrecognizable URL—not affiliated with the bank. Some versions even include a misspelled bank name like “BanI<,” using a capital “I” and a less-than sign in place of “k.”

If You Click the Link: What Happens Next

Clicking the link leads to a fake login page that mimics the real bank’s website, including branding and background. Here’s how the scam unfolds:

1. Login Page Deception:
   • Clue: The “Submit” button is blue, not the bank’s actual branding color.
   • Clue: The URL still does not belong to the bank.
2. Phishing for Credentials:
   • After entering your user ID and password, the site prompts you to enter your email and phone number.
   • Clue: Your bank already has this information and would not ask for it again.
3. Fake Two-Factor Authentication:
   • The site claims to send a verification code to your phone/email to “confirm your identity.”
   • In reality, scammers are trying to log into your real bank account and trigger an actual two-factor authentication code.
   • Once you enter the code on their fake site, they now have full access to your account.
4. False Reassurance:
   • After submission, you see a message: “Transaction Cancelled. Please close the tab.”
   • This is meant to give you a false sense of security while your data is being used to compromise your account.

By the time you've entered your details on the fake website, the scammers now have your bank username, password, email address, phone number, and two-factor authentication code. With this information, they have everything they need to access your online banking account and potentially lock you out.

So how can you protect yourself from this type of attack? Two-factor authentication is important, but not all methods are equally secure. SMS and email codes can be phished, while apps like Google Authenticator or Authy offer better protection. Even more secure are hardware security keys (like YubiKey) or Passkeys. Never click on suspicious links. Instead, access your bank directly through its app or website and contact them if in doubt.

Beware of SVG File Email Scams

The same bank's IT staff also reported a spike in malicious SVG file attachments. These files may look like they're from trusted services (DocuSign, Dropbox, SharePoint) but can contain hidden redirects or encrypted JavaScript designed to steal login credentials. An example filename might be:

Check_Password_Report_to_Avoid_Account_Lockout_April2025.pdf.svg. On systems that don’t show full extensions, this can appear as a harmless PDF.

What You Can Do: Email administrators and small businesses should consider blocking SVG attachments unless absolutely necessary. End users should verify the sender before opening any SVG file—especially those prompting a login. For more info on blocking these files, visit:

• Google Admins: https://support.google.com/a/answer/2364580?hl=en&amp;src=supportwidget0&amp;authuser=0
• Microsoft O365 Admins: https://learn.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/common-attachment-blocking-scenarios

These types of scams are likely to spread to other banks in the region. Stay alert, question suspicious messages, and verify directly with your bank before taking action. Prevent the fraud by recognizing it early — and stopping it before you click.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Android OS, Adobe products, Fortinet Products, Microsoft products, and Ivanti Endpoint Manager Mobile. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Insight Partners, DaVita, Inc., Pearson, SogoTrade, and Steam. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register