Bitcoin Sextortion Scam:

A Wyoming resident reported receiving a sextortion-style scam email claiming to be from the infamous hacking group “ShinyHunters,” sent from a suspicious address using a @qc[dot]commufa[dot]jp domain and titled “REMINDER - Important information about your online security.” The message falsely alleges the sender hacked the victim’s devices, accessed a Substack account, installed malware, and recorded private activity through the camera and microphone, then threatened to distribute fabricated explicit videos to contacts unless $2,000 in Bitcoin is sent to a specified wallet within 48 hours. It used intimidation tactics and instructed the victim not to contact authorities or respond. CyberWyoming Note: This is a classic sextortion phishing scam using fear, urgency, and fake claims of device compromise to pressure payment, and the alleged group ShinyHunters is often impersonated in these messages. Do not respond or pay. Simply delete and report the email, and if you’re concerned about account security, change passwords and enable multi-factor authentication through official sites rather than any links or instructions in the message.

Credit One Impersonation:

A Wyoming business reported receiving an email from an address using an Indian domain (@onegeneindia[dot]in) and posing as “Account Payable,” with a subject line claiming, “You have been added as the Recipient of this Payment.” The message impersonated Credit One Bank and used typical scam tactics such as a fake “new payment notification,” prompts to “view payment details,” and branding meant to appear official, while also including generic security disclaimers and app/social links to increase credibility. The recipient noted the email was convincing but recognized it as fraudulent since their business does not use Credit One Bank. CyberWyoming Note: Overall, the message appears to be designed to trick users into clicking links or revealing sensitive financial information. Don’t click any links or download anything from unexpected payment emails, especially if the sender domain looks unrelated to the company being impersonated. Instead, verify the claim directly through the company’s official website or known contact channels and report the message as phishing.

Clickbait Heartthrob:

A citizen reported receiving a suspicious scam email from the sender “francis47 - online,” using an @ittefaqtech domain. The email had the subject line “💞💌 Take a chance, I’m worth it.” The message content appeared to only say “This message was sent from a trusted sender. View in browser. or Refresh the Page To See images.” No actual substantive content was visible beyond this placeholder-style wording. CyberWyoming Note: If you receive a similar message, don’t click “view in browser,” open attachments, or interact with any links or images in emails like this, since they often use those actions to confirm your address is active or redirect you to malicious sites. Instead, mark the message as spam/phishing and delete it.

WBCI Warns Network About Increased Phishing Attacks:

The Wyoming Breast Cancer Initiative warned its network about an increase in sophisticated phishing and scam emails targeting organizations like theirs. They emphasized that attackers may impersonate trusted executives, partners, or vendors to pressure recipients into urgent financial actions, sharing sensitive information, or clicking malicious links. The guidance stresses verifying sender addresses, pausing to assess unusual requests, and independently confirming any suspicious communications through a separate channel like a phone call or new email thread before taking action.

Fake ChatGPT Download Site Infects Windows and Mac Users with Malware:

A fake website (openew[.]app) is pretending to be the official ChatGPT download page and is tricking people into installing malware on Windows and Mac computers. The site looks very convincing and offers fake “ChatGPT apps,” but instead it installs harmful software. On Windows, it can steal saved passwords and sensitive data from the browser. On Mac, it installs a more powerful type of malware that can steal passwords, browser cookies, messaging app data, and cryptocurrency wallet information, and it can even try to replace real crypto wallet apps with fake versions to steal funds. The attackers are taking advantage of people searching for “ChatGPT download” and clicking the wrong link. The safest way to avoid this is to only download ChatGPT from official sources, specifically OpenAI’s official website or the Microsoft Store.
– Brought to you by Malwarebytes
‍www.malwarebytes.com/blog/threat-intel/2026/05/fake-chatgpt-download-site-infects-windows-and-mac-users-with-malware

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for TanStack, Daemon Tools Lite, Palo Alto Networks PAN-OS, Oracle WebLogic Server, Linux Kernel, Android Framework, and Mirasvit Full Page Cache Warmer. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Carnival Cruise, Charter Communications, and Mariner Wealth Advisors. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register