Fact-Free Fear Tactics:

A citizen reported receiving a series of threatening scam messages from a Gmail account associated with someone named “Paula,” which was likely spoofed or compromised. The messages falsely claimed the recipient had been recorded in an explicit video chat and that the sender had obtained contact information for the recipient’s family, partner, and coworkers. The sender threatened to distribute the alleged video unless the recipient complied with unspecified demands. However, the names provided did not match the recipient, their family, or anyone they knew, and the attached photo depicted an unknown individual, suggesting the scammer had mistaken the phone number’s owner. CyberWyoming Note: These scams commonly use fear, urgency, and claims of personal information to pressure victims into responding or sending money. Even when scammers reference accurate names, occupations, or family members, such information is often publicly available online. Recipients should not respond, pay, or engage with the sender, and should instead block, report, and delete the messages.

Text-to-Email Phishing Attempt:

A northern Wyoming business reported receiving a suspicious email that appeared to originate from a mobile phone number sent through Verizon’s multimedia messaging gateway using the vzwpix[.]com domain. The email contained no subject line or message body and included only a single attachment named text_0.txt. CyberWyoming Note: Scammers often use this tactic to slip past traditional email filters by sending messages through text-to-email gateways tied to mobile phone numbers. Businesses and citizens should be cautious of unexpected emails that contain attachments from unknown numbers, especially when there is no accompanying message or explanation. These attachments can contain malware or links designed to steal login credentials and other sensitive information.

Deepfakes And Vishing Scams: Why Every Family Needs a Code Word:

Criminals are increasingly using AI-generated voice cloning and deepfake technology to impersonate family members in “vishing” scams, tricking victims into sending money by making emergencies sound real. A Wall Street Journal report highlights a simple but effective defense: families should create a shared “code word” known only to trusted members to verify identity during suspicious calls. Experts advise choosing something memorable but hard for outsiders to guess but avoiding obvious choices like birthdays or pet names. The urgency is growing as cybercrime is projected to reach trillions in annual global losses. Real cases, such as a Philadelphia attorney nearly losing money after his son’s voice was spoofed, show how convincing these scams can be before being exposed.
– Brought to you by Cybercrime Magazine
‍cybersecurityventures.com/deepfakes-and-vishing-scams-why-every-family-needs-a-code-word/

Blame AI: Patch Tuesday Hits Record 206 CVEs:

Microsoft’s June 2026 Patch Tuesday fixed a record 206 security flaws (called CVEs), the largest update Microsoft has released so far. Experts say the number is growing because AI tools are helping researchers find vulnerabilities much faster than before. Among the fixes are a few especially serious bugs that could let attackers take over Windows systems remotely, including some that don’t require any user action. However, security experts note that most of these flaws are unlikely to ever be used in real attacks. The bigger concern is that companies now face a steady stream of new issues every month, meaning they can’t rely on patching alone and must also use other defenses like system monitoring and security tools to stay protected.
– Brought to you by Dark Reading & CISA Region 8
‍www.darkreading.com/vulnerabilities-threats/blame-ai-patch-tuesday-record-206-cves

North Koreans Behind Nearly Half of US Tech Industry Hacks:

A new CrowdStrike report says North Korean hackers posing as remote IT workers and recruiters were responsible for about 47% of state-backed “hands-onkeyboard” intrusions targeting U.S. tech companies between April 2025 and May 2026. The group, known as “Famous Chollima,” uses stolen identities, deepfake AI, and fraudulent documents to get hired at tech firms, where they earn salaries while also stealing intellectual property and sensitive data. These operations are designed to fund the North Korean regime, including its nuclear weapons program, and also heavily target cryptocurrency developers to steal digital assets. Once inside companies, the hackers often maintain long-term access using legitimate tools and may attempt extortion by threatening to leak stolen data.
– Brought to you by TechCrunch
‍techcrunch.com/2026/06/10/north-koreans-behind-nearly-half-of-us-tech-industry-hacks-says-crowdstrike/

Interested in cybersecurity business training?

The Made Safe™ Cybersecurity Training Program is a one-on-one program designed specifically for micro-businesses to reduce cyber risk and relieve anxiety around cybersecurity. Thanks to CyberWyoming’s members and sponsors, scholarships are available for Wyoming companies. Learn more at cyberwyoming.org/cyber-training/ or email info@cyberwyoming.org.

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for GlobalProtect portal and Gateway of PAN-OS. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Klue, Colorado Health Network, One Medical Seniors, and Texas Parks and Wildlife Department (hunting or fishing license). Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register