Scripts and Scams:

A Wyoming resident reported receiving a scam text from a toll-free 833 number. The message impersonated a doctor, claimed a GLP-1 prescription had been prepared, and included a suspicious bezocc domain link. CyberWyoming Note: This scam uses a fake medical message to lure victims into clicking a malicious link, potentially leading to identity theft or malware infection. Do not click links from unknown senders and verify prescriptions directly with your healthcare provider.

Elon Musk Impersonation Scam:

A Wyoming resident reported receiving a fraudulent Facebook Messenger message allegedly from “Elon Musk.” The message claimed the user had won $150,000 and a Tesla vehicle initiated because of a comment they made on a Tesla post. It instructed the recipient to contact a WhatsApp number (with a Vermont area code) to confirm their details for delivery. CyberWyoming Note: This is a common social media celebrity impersonation scam attempting to steal personal information or money. If something seems too good to be true, it probably is. Moving the conversation from Facebook Messenger to a messaging app like WhatsApp is very suspicious, as scammers often try to shift you to less secure platforms. Never share personal info or money with unsolicited contacts, verify offers through official channels, and report suspicious messages.

Claims, Captchas, and Confusion:

A Laramie resident reported receiving multiple suspicious emails, potentially part of a scam. One email, allegedly from "Claims" using a "cornerstoneunited" domain, referenced a claim number and unrelated customer name, stating that a tax error on a claim summary had been corrected and included an attachment for parts and labor details. Another email in the chain, appearing to come from a "Google Docs Online eSignature Services portal" with a "sunsportsunlimited" domain, claimed the recipient had received a signed ACH disbursement confirmation to review via a provided link. The reporter indicated they have no connections with either Corner Stone United or Sunsports Unlimited. CyberWyoming Note: Upon investigation using CheckPhish, the link preview strangely stopped at a captcha, preventing further examination. Never click links or open attachments from unfamiliar senders, and verify the sender’s domain carefully, as scammers often spoof legitimate services to steal information.

Beware of Back-to-school Scams:

Back-to-school season is a prime time for scammers to target families and students of all ages, taking advantage of the rush to shop for supplies, clothing, electronics, and other essentials. Scammers create fake shopping websites, bogus offers, and phony delivery notifications to steal money and personal information. Many of these sites either sell nonexistent goods or counterfeit items, and they often promote their scams through social media ads, email offers, and search links that appear legitimate. Phony shipping notifications are another tactic, designed to trick recipients into clicking links that install malware or lead to phishing sites. College students and their families are also at risk of scams, including fake scholarship offers and student loan forgiveness schemes, with AI tools increasingly used to mimic voices or messages in attempts to extract sensitive information. To avoid falling victim, shoppers should research unfamiliar retailers, pay with credit cards rather than debit cards, use scam detection tools, verify shipping notifications through official apps or websites, and never share personal or financial information over the phone or online unless fully confident of the source. Staying alert and cautious can help protect both money and sensitive data throughout the back-to-school season.
– Brought to you by McAfee & the Federal Communications Commission (FCC)
mcafee.com/blogs/internet-security/scammers-take-advantage-of-back-to-school-shopping-scams/
fcc.gov/back-school-scams-test-college-students

Google Confirms It Has Been Hacked:

In August 2025, Google confirmed it was hacked, with attackers stealing business contact information from a Salesforce database used for small and medium businesses. The attack, linked to the ShinyHunters ransomware group, happened in June and involved mostly publicly available data like names and contact details. Google responded by analyzing the impact and implementing mitigations, but it has not disclosed whether affected organizations were notified or faced extortion demands. Cybersecurity experts emphasized that the breach underscores the vulnerability of even the most secure and resource-rich companies, noting risks from social engineering, human error, and third-party platforms. While the data stolen is not highly sensitive, the incident highlights the importance of layered security measures, credential-less authentication, and vigilance against supply chain and human-targeted attacks. Businesses are advised to stay cautious but not panic.
– Brought to you by Forbes
‍forbes.com/sites/daveywinder/2025/08/09/google-confirms-it-has-been-hacked---user-data-stolen/

U.S. Data Breaches in First Half of 2025:

The first half of 2025 has seen 1,732 reported data breaches in the United States, affecting over 165 million individuals, according to the ITRC H1 2025 Data Breach Report. While the total number of incidents is comparable to previous years, the scale of mega-breaches seen in 2024 has not yet repeated. Cyberattacks continue to dominate the landscape, and supply chain vulnerabilities remain a major concern. In the first half of the year (H1) alone, 79 supply chain breaches impacted 690 organizations and compromised the data of more than 78 million people, illustrating how a single vendor weakness can ripple across multiple businesses and their customers. Individuals are advised to take practical steps to safeguard their personal information, including vigilance against phishing attempts, monitoring financial accounts, freezing credit if needed, using strong or unique passwords or passkeys, and enabling multi-factor authentication to reduce the risk of identity theft or unauthorized account access.
– Brought to you by Identity Theft Resource Center (IRTC)
idtheftcenter.org/publication/itrc-h1-2025-data-breach-report/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Chrome, Cisco Firewall Management Center, Drupal, Microsoft, WinRAR, Zoom, Adobe, Apache Tomcat, and Palo Alto Networks. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Fundamental Administrative Services, LLC, Workday, and Allianz Life. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register