It’s National Cybersecurity Awareness Month!

CyberWyoming is holding a virtual community proclamation on October 22 at noon and all are welcome. Prizes will be given for the best and worst signature! Register for that or a Scary Cyber Stories webinar at cyberwyoming.org/national-cybersecurity-awareness-month-activities-2025/.

Citizen vs. Clearinghouse:

An Evanston resident reported receiving an in-depth Publisher’s Clearinghouse scam call claiming they had won $9.9 million. The scam began with a delivery driver, Steven Brown, calling the citizen to announce he was bringing a 2025 Mercedes. The caller had a choppy connection, a strong accent, and sounded somewhat AI-like, but already had the citizen’s name, phone number, and address. Steven instructed the citizen to call a general manager, Albert Johnson in New York, who also spoke with a strong accent and provided official-sounding details such as a badge number, package number, and ticket number. Albert claimed the citizen would receive $7,000 dollars monthly for life, in addition to the Mercedes, and said three women, a lawyer, a notary, and a CPA, would visit to celebrate. Although Albert insisted this wasn’t a scam since he wasn’t asking for personal information, he tried to have the citizen purchase a $200–$500 Walmart “tax card” to claim the winnings. The citizen playfully questioned the process, eventually provoking Albert’s frustration, which led him to hang up. CyberWyoming Note: By questioning the scammers and refusing to comply, the citizen not only protected themselves but also took responsible action by reporting the attempted fraud, helping to warn and safeguard others in the community.

Pastor Impostor Hits Inbox:

A Big Horn resident reported receiving a scam email from someone claiming to be "Pastor James Williams," with the subject line containing the reporter’s name. The email requested discreet assistance, stating the sender could not take calls and asking for a reply. The message included a real Sheridan, WY church address, which initially gave it credibility. The reporter verified the address through the church’s website and contacted an associate, who confirmed the email was a scam. The reporter noted that the email matched patterns seen in similar previous scams and did not target them specifically due to church affiliation. CyberWyoming Note: This is a common scam tactic in which fraudsters impersonate authority figures and instruct you not to call, aiming to prevent verification. Always independently verify the sender’s identity, avoid clicking on links or sharing personal information or money, and report any suspicious emails. Don’t hesitate to contact official sources directly to confirm legitimacy.

Cybersecurity’s Global Race Against Chaos:

Cybersecurity has become a global imperative, affecting national security, public health, and economic stability as societies grow increasingly dependent on digital systems. Critical infrastructure—hospitals, energy grids, and financial networks—is vulnerable to ransomware, data breaches, and cyber espionage, with attacks threatening lives and societal continuity. Preparedness varies: North America struggles with outdated regulations, Europe leads in privacy laws but enforces unevenly, the Gulf invests heavily amid geopolitical risks, Latin America faces underfunded defenses, and Asia shows contrasts between China’s state-controlled protections and India’s fragmented approach. Rapid technological growth and the proliferation of connected devices outpace legal frameworks worldwide. Meeting this challenge requires global coordination, harmonized regulations, and strong public-private partnerships to protect critical systems and sustain trust in the digital economy.
– Brought to you by The Globalist
theglobalist.com/cybersecurity-data-protection-technology-gdpr-ransomware-hacking-digital-economy/

Minor Mischief, Major Losses:

A teen has been arrested for a massive 2023 cyberattack on Las Vegas casinos, including MGM Resorts and Caesars Entertainment, linked to the hacking group Scattered Spider. Using social engineering, he reportedly tricked MGM IT into resetting a password, then disrupted slot machines, hotel key cards, emails, and bookings, causing $100 million in losses. Caesars also suffered a data breach affecting customer Social Security and driver’s license information, with reports suggesting the company paid the hackers. The teen turned himself in on Sept. 17 and faces extortion, identity theft, and computer crime charges, possibly as an adult, though his identity remains confidential.
– Brought to you by RochesterFirst
‍rochesterfirst.com/news/national-news/sophisticated-100m-cyberattack-on-vegas-strip-involved-teen-hacker-police/amp/

Identity Theft Lawsuits Target Salesforce:

Salesforce is facing several lawsuits in Northern California after a cyberattack exposed customer data through its connection with the third-party Salesloft Drift app. Many of the lawsuits aim to become class actions, claiming Salesforce failed to protect personal information that is now being used for identity theft. The attack began when hackers broke into Salesloft’s GitHub in March 2025, stole tokens, and later used them to access Salesforce-related data, affecting millions of people tied to companies like TransUnion, Farmers Insurance, and Pandora Jewelry. One lead plaintiff says Salesforce didn’t do enough to secure sensitive data and is seeking compensation and stronger protection. Salesforce denies its systems were breached, saying the issue came from third-party weaknesses and social engineering scams. Google’s Threat Intelligence team later confirmed the attacks, reporting that hackers tricked employees by posing as IT staff to steal credentials and gain access to Salesforce data.
– Brought to you by Secure The Village & The Register
theregister.com/2025/09/26/salesforce_class_actions/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Cisco products, Nx (build system) Package, and VMware Aria Operations. If you use any of these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

ApolloMD, Boyd Gaming, Volvo, Harrods, Veradigm, and WestJet. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register