Statement of Deception:

A Laramie business reported receiving a suspicious email that appeared to come from employees of Suna Solutions, a legitimate staffing and recruiting company based in San Diego, California. The email claimed that the recipient’s May account statement was available and instructed them to open an attached PDF, click a “Get Your Files” button, and log in with their email address and password to view the document. The message contained a long email chain that looked like real business correspondence between Suna Solutions employees and other companies discussing contractor rates and staffing matters, possibly included to make the email appear more legitimate. The reporting business stated they have no account or business relationship with Suna Solutions and did not recognize the companies or individuals involved. CyberWyoming Note: Based on the contents of the message and the suspicious link, it appears to be a phishing attempt designed to steal login credentials or potentially deliver malware through a file download. If you receive an unexpected email claiming to contain invoices, statements, or shared documents, do not open attachments, click links, or enter your login credentials. If you believe it is legitimate, independently verify the sender through known contact information instead.

Wyoming eSign Scams Strike Again:

A Fremont County resident reported receiving a suspicious scam email posing as “Wyoming eSign,” sent from an unusual @xj[dot]commufa[dot]jp domain. The message addressed the recipient by email name and claimed there was an urgent “Agreement Settlement Notice” requiring immediate review and signature via a SharePoint Online document. It referenced a fake “May Settlement” PDF with an ACH reference number and included a “Verify Document” button, attempting to prompt the recipient into clicking a malicious link. CyberWyoming Note: Do not click any links or buttons in unexpected emails, especially those that pressure you to act quickly on documents or payments. Verify the message independently by going to the organization’s official website or using a trusted phone number.

2026 World Cup Cyber Risk:

The 2026 FIFA World Cup, hosted across 16 cities in the U.S., Mexico, and Canada, will rely heavily on interconnected systems like ticketing, stadium operations, transportation, hotels, and city services, creating a large cyberattack surface. Experts warn of risks including cybercriminal targeting of fans and the hospitality supply chain, possible Iran-linked disruptive activity against U.S. infrastructure, hacktivist DDoS attacks or website defacement, and even potential malware targeting tournament IT systems. There is also a major fraud threat aimed directly at fans. Fraud groups have reportedly created hundreds of fake domains that closely mimic FIFA’s official website in order to steal login details and payment information from people trying to buy tickets. Past global sporting events like the Olympics and previous World Cups have seen many cyber incidents, although none stopped the competitions. The main concern is not whether attacks will happen, but how serious they could be and how well organizers and cities can defend against them.
– Brought to you by Unit 42 & CISA Region 8
unit42.paloaltonetworks.com/fifa-world-cup-attack-surface/

Hackers Are Targeting Systems Used to Monitor Industrial Fluids:

CISA, the FBI, and other federal agencies have warned that hackers are targeting internet-exposed automatic tank gauge (ATG) systems used across industries like energy, agriculture, and transportation to monitor liquid levels, temperature, and leaks. Attackers are exploiting flaws to access devices, disable alerts, and interfere with monitoring functions. Authorities are urging operators to disconnect systems from the internet where possible, change default passwords, and apply security patches. While officials have not attributed the activity to a specific group, some investigations suggest possible Iran-linked involvement. Experts note that while attackers can disrupt monitoring and operations, they cannot directly cause physical leaks, though impacts could still affect fuel, chemical, and food storage operations.
– Brought to you by Cybersecurity Dive
www.cybersecuritydive.com/news/cisa-fbi-hackers-targeting-systems-monitor-industrial-fluits/821873/

Instagram Accounts Hacked via AI Tool Abuse:

Meta says about 20,000 Instagram accounts may have been affected after hackers abused a bug in its account recovery “High Touch Support” tool. The flaw let attackers redirect password reset emails to addresses they controlled and take over accounts when two-factor authentication was not enabled. Some high-profile accounts were reportedly impacted and potentially sold on the dark web, though the final number may be lower and it is still unclear how much data was accessed. Meta has disabled the tool, invalidated reset links, reset affected passwords, and is notifying users while working to prevent similar attacks. Users should check their Instagram security settings, change their password, and enable two-factor authentication if it is not already on. Review recent login activity, remove unknown devices, and watch for suspicious emails or account changes.
– Brought to you by SecurityWeek & CISA Region 8
www.securityweek.com/meta-says-20000-instagram-accounts-hacked-via-ai-tool-abuse/

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Cisco products, Microsoft products, Google Chrome, and Check Point products. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

DentaQuest, Eversource, Ultrahuman, Meta Platforms, Inc. (Instagram), MasTec, and ServiceNow. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register