Fake Cloudflare:

If installed on a website, Cloudflare is a mechanism that checks to see if you are human. However, a Laramie citizen reported the following article, cybersecuritynews.com/hackers-use-fake-cloudflare-verification-screen/, that discusses impersonated Cloudflare pop-up windows. When the fake Cloudflare fails, then it prompts users to initiate a ‘verification’ process that copies malicious code to your computer’s clipboard.

Package Scam on Hold:

A Laramie resident reported receiving a scam text pretending to be from USPS, sent from a +44 number. The message claimed that a package was on hold due to incomplete address details and urged the recipient to update their address within 24 hours using a suspicious link. The recipient recognized the scam, as family members had encountered similar fraudulent messages before. The linked website asks for credit card information to pay a fee, which is a common tactic. CyberWyoming Note: Talk about the scams you see and ask your friends and family to share their stories as well. Because this resident had heard about similar scams, they didn’t respond to the text.

04/10/2025 Unexpected Upgrade Scam:

A Wyoming resident received a phishing email claiming their software was being upgraded to a paid plan, though it didn’t specify which software. The message included a link to a fake support website that redirected users to a fraudulent page. It was also sent to hundreds of other recipients without using BCC (blind carbon copy), exposing all email addresses adding a clear red flag and common tactic in phishing scams. CyberWyoming Note: Always be cautious of mass emails that mention unexpected charges or upgrades, after all, how many people really need to pay for that software upgrade?

Random Codes to Risky Clicks:

A Laramie resident received a suspicious email from someone claiming to be "Hideharu Shintani," using an unrelated Gmail address. The email's subject line was "ZNKG Payment processing report - 20/07/2025." The message body contained only a string of random codes: "(RPCD) (RTWA) (PHYL) (TAUF) (BZDP) (ODIQ)." It included a suspicious attachment, which, through the preview window, appeared to be a fake McAfee Antivirus invoice. CyberWyoming Note: This is likely a phishing or malware attempt, so never open attachments or click links in unsolicited emails, especially if the sender or content looks suspicious. Always verify the information or requests through official channels.

The Truth About Antivirus Software:

Antivirus software is still essential in 2025, despite common myths. Whether you're on a Mac, PC, or smartphone, you need protection beyond built-in tools, which only offer basic defense. Being cautious online isn’t enough. Threats like phishing, ransomware, and hidden malware can slip through without strong antivirus support. Modern antivirus programs are lightweight, easy to use, and often include extras like VPNs and parental controls. Remember, you’re still the first line of defense: use strong passwords, enable two-factor authentication, and stay alert. And don’t forget your phone—it’s just as vulnerable as your computer.
– Brought to you by Tom's Guide
tomsguide.com/computing/antivirus/its-time-to-stop-believing-these-lies-about-antivirus-software

How GhostGPT is Changing the Game:

GhostGPT is an uncensored AI chatbot made for cybercriminals to help them create malware, run scams, and commit other crimes. Unlike regular AI, it has no safety rules, so users can ask it to do harmful things. It’s sold on Telegram, making it easy for even beginners to use. The bot works quickly and doesn’t keep records of what users do, making it appealing for illegal activities like phishing. Experts are worried about how easily it can be accessed and used for cybercrime.
– Brought to you by Forbes
‍forbes.com/sites/daveywinder/2025/01/23/introducing-ghostgpt-the-new-cybercrime-ai-used-by-hackers/

Security Flaw Found in DOGE.gov Site:

The doge.gov website, created to track federal government cuts, is not secure and allows anyone to edit its database, according to two experts who found the vulnerability. One coder even added messages like “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN.” The site was quickly built after Elon Musk's comments about transparency, with content mirroring the @DOGE X account and stats on the federal workforce. It appears to be hosted on Cloudflare Pages, not government servers, and the database can be modified by third parties, affecting the live site.
– Brought to you by Secure The Village & 404 Media
404media.co/anyone-can-push-updates-to-the-doge-gov-website-2/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for iPadOS, iPadOS, macOS, watchOS, tvOS, visionOS, and Google Chrome. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

VMware ESXi, Allianz Life, AT&T, Lab 1, and Dior. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register