Misleading Mailer:

A Laramie resident received a letter in the mail from Payne Richards & Associates titled “Standard Recovery Agreement,” claiming they had located unclaimed funds from a previous state of residence. The letter requested sensitive personal information (birth date and SSN) and imposed a 14-day deadline to claim the funds, along with a required “finder’s fee.” Although the company is listed as legitimate with the BBB, the offer seemed predatory. The resident confirmed with the state's Unclaimed Property office that such funds are indeed available, but they emphasized that claiming them directly through official state channels is free and straightforward. The state office noted that while Payne Richards isn't an outright scam, their practices are misleading and potentially exploitative. They are now investigating the matter further. CyberWyoming Note: To avoid unnecessary fees and risk, residents should search for and claim unclaimed funds directly through official state resources, such as Wyoming's Unclaimed Property site (statetreasurer.wyo.gov/unclaimed-property/).

Travel Scam Warning:

A Colorado citizen recently booked a cruise and paid the required deposit. Three days later, they received a text message claiming there was an issue with the reservation and that a balance remained on the deposit. The message warned that the reservation would only be held for three hours and included a link to “finalize” the booking. After clicking the link and calling the number on the webpage, they spoke with someone who claimed $600 was still owed. When the first credit card provided was declined, the caller requested another, explaining that this happens frequently. That card was also declined. Realizing something was off, the citizen hung up and contacted the cruise line—only to learn it had been a scam. Fortunately, both credit card companies had flagged the suspicious activity, but the citizen still had to cancel and replace both cards to protect his accounts. CyberWyoming note: The text message never referenced that the deposit was for a cruise, which was a red flag. The scammer also never said the deposit was for a cruise until the citizen mentioned that he thought he had fully paid the deposit for the cruise. Careful reading of text messages and emails is critical to avoiding scams.

TracFone Plan Panic:

A Laramie resident reported receiving a suspicious email with the subject line "Tracfone: Auto-Refill Payment declined" from the address "TracFone@email2." The message claimed there was an issue with the recipient’s Auto-Refill payment and urged them to purchase a new service plan and update their payment information to avoid service interruption. Although the domain appears to be legitimately owned by TracFone, the recipient confirmed their service plan was active and their payment method had not been declined, suggesting the email may have been a deceptive marketing tactic designed to prompt an unnecessary upgrade. CyberWyoming Note: If it is a legitimate email, it's a terrible example of marketing that mimics phishing tactics and creates unnecessary alarm. Report such misleading communications to the FTC as potential unfair trade practices. Always verify suspicious emails directly through official channels before taking any action.

FTC Warns of Ad Scams:

Online ad scams are growing more sophisticated, with cybercriminals using fake tech support ads that mimic trusted companies like Microsoft or Apple. These ads often lead to real websites, but scammers manipulate search results to display fake contact info. Victims may unknowingly call scammers, leading to data theft, malware, or financial loss. Warning signs include urgent pop-ups, unfamiliar support numbers, and deepfake branding. To stay safe, users should verify contact details through official sites, keep software updated, train employees, use secure browsers, enable multi-factor authentication, and report scams to the FTC.
– Brought to you by National Cybersecurity Society

16 Billion Passwords Leaked:

A massive leak of nearly 16 billion login credentials from various platforms, including Apple, Facebook, and Google, has been confirmed as possibly the largest ever. The data wasn’t from direct breaches, but stolen databases sold on the dark web, putting billions at risk of account takeovers and phishing. Experts urge users to stop reusing passwords, adopt passkeys (a more secure, passwordless option) and use password managers and MFA. Organizations also need stronger security measures. This leak highlights the urgent need to move beyond passwords to better protect online accounts.
forbes.com/sites/daveywinder/2025/06/20/16-billion-apple-facebook-google-passwords-leaked---change-yours-now/
– Brought to you by Forbes
‍Worried, your info was leaked? Check your email at haveibeenpwned.com/ to see if your credentials appeared in any known data breaches.

Death by a Thousand Taps:

Many users unknowingly invite risk through routine behaviors. The Malwarebytes 2025 Mobile Scam Report explores how everyday habits expose people to scams. Actions like clicking on links, scanning QR codes, and trading data for discounts have become normalized, especially among Gen Z. Despite understanding the risks, users often prioritize convenience. This resignation is especially high in the US, where many believe scams are simply the cost of mobile life.
– Brought to you by Malwarebytes
‍malwarebytes.com/mobile-scams

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Cisco ISE and ISE-PIC, Fortinet FortiOS, D-Link DIR-859 Router, and AMI MegaRAC SPx. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Aflac, Nucor, McLaren, and Episource. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register