‍

Social Security Scammers:

A Sundance resident received a phishing email pretending to be from the Social Security Administration. The email came from "support-76680752" with an "aliceadsl" domain and had the subject “Your Statement is Here: ID-76680752.” It claimed to provide an “enhanced” Social Security Statement and urged the recipient to log in via a link to review their benefits. The email included standard-looking SSA language about checking earnings records and retirement projections, but it was fraudulent. CyberWyoming Note: Social Security imposter scams are widespread and often use sophisticated tactics to steal sensitive information or money. The SSA will never suspend your number, demand payment, or ask for personal info via email. Most legitimate Social Security emails come from a “.gov” email address. If an email uses a non-.gov address, avoid clicking links or opening attachments. Always report suspected Social Security imposter scams, and other Social Security fraud, to https://oig.ssa.gov/report/.

Phishing for Your RSVP:

A citizen reported a scam involving a fake wedding invitation sent via Evite. The email, received from a friend, contained a link that could harvest the recipient’s contacts and perform other malicious actions. The reporter’s security system flagged it as suspicious, preventing them from being compromised. CyberWyoming Note: This scam has been around for a while. According to NBC 5 news report, victims who clicked on fake Evites have had their accounts locked, passwords and security questions changed, and their accounts used to send out further phishing emails. Always verify invitations with the sender before clicking any links, even if they appear to come from a friend. Keep your accounts secure with strong passwords and be cautious of unexpected emails, as scammers can reuse old breaches to trick you.

Fax Scams Are Still Alive:

A Laramie resident recently received a fax claiming to be from the Deputy Minister of Energy in Russia. In the message, he stated that he needed $45 million to help him and his daughter flee the country. He claimed his wife died during childbirth and that the money was for his daughter’s future. The fax ended by asking the recipient to keep the request secret and not to tell anyone. CyberWyoming Note: Government officials, foreign dignitaries, or organizations will never contact you by fax or email to request personal financial help.

SSN Leak Platform Resurfaces—How to Opt Out:

National Public Data, the site linked to a massive 2024 breach that exposed 272 million Social Security numbers and 600 million phone numbers, has resurfaced under new, unidentified ownership. The operators claim no ties to the previous owner, Jericho Pictures, but now run it as a free people-search engine pulling information from “publicly available sources.” Despite this claim, the site allows anyone to look up sensitive personal details like addresses, phone numbers, birth dates, and relatives without a paywall, raising privacy concerns. Users can remove their profiles by finding their listing, copying the full profile URL, submitting it via the site’s opt-out form, and confirming through email—though some report issues receiving confirmation messages. Privacy services like Atlas Privacy and PCMag’s recommended removal tools may also help scrub data from such sites.
– Brought to you by PCMag
‍pcmag.com/news/site-behind-major-ssn-leak-returns-with-detailed-data-on-millions-how-to

Massive Microsoft SharePoint Hack Hits 100 Organizations:

Hackers have attacked Microsoft’s on-premises SharePoint servers using newly discovered security flaws, affecting around 100 organizations, mostly in the U.S. and Germany. The attack, called “ToolShell,” lets criminals break into servers, steal information, install hidden access tools, and sometimes spread ransomware called Warlock. Victims include government agencies and major companies in industries like banking, healthcare, and manufacturing. Microsoft has issued patches, while CISA (Cybersecurity and Infrastructure Security Agency) has released detailed mitigation guidance, stressing that patching alone is insufficient—organizations must inspect for persistent malware, rotate ASP.NET machine keys, and harden servers. Over 8,000–9,000 servers remain potentially vulnerable, and attackers may still be expanding their reach.
– Brought to you by Reuters & CISA
‍- reuters.com/sustainability/boards-policy-regulation/microsoft-server-hack-hit-about-100-organizations-researchers-say-2025-07-21/
‍- cisa.gov/news-events/alerts/2025/07/20/update-microsoft-releases-guidance-exploitation-sharepoint-vulnerabilities

The Protection Gap:

Even with widespread awareness of mobile threats, users are not taking the necessary steps to protect themselves, according to the Malwarebytes 2025 Mobile Scam Report. Only 20% use mobile security tools, and fewer than one in five report scams. Gen Z, despite their digital fluency, are the least likely to take protective action. Many users cite confusion, overwhelm, or mistrust of authorities as barriers to reporting or securing their devices. Bridging the gap between awareness and protection is critical.
– Brought to you by Malwarebytes
‍https://www.malwarebytes.com/mobile-scams

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for SonicWall SonicOS Management Access and SSLVPN, Microsoft products, Adobe products, and Fortinet products. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Air France, KLM, Google’s Salesforce CRM, Connex Credit Union, Vector Security, and Manpower. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register