Week 2 of National Cybersecurity Awareness Month!

Don’t miss CyberWyoming’s virtual community proclamation on Oct 22 at noon with prizes for the best and worst email signatures! Register or check out the Scary Cyber Stories webinar: cyberwyoming.org/national-cybersecurity-awareness-month-activities-2025/.

Government Shutdown Scammers:

Hackers across the U.S. are exploiting the current government shutdown by impersonating agencies such as Social Security, Medicare, Medicaid, SNAP, the FTC, the IRS, and even the FBI. They often claim they can provide services “despite the shutdown” but then request money or personal information. To stay safe, only contact people or agencies you have previously interacted with, remember that government agencies do not send texts or use social media for official business, and never ask for money via wires, cryptocurrency, or gift cards. Caller ID cannot be trusted, so always verify independently by contacting the agency directly.

Sophisticated Verizon Scam Alert:

A Sheridan citizen reported a sophisticated Verizon scam involving a caller identifying as Lewis Thomas from an 888 area code number used for toll-free calls. The scammer claimed there was fraudulent activity on their Verizon account, specifically purchases of an iPad and Apple Watch allegedly shipped to California, and used personal details to make the story convincing. They followed up with a text attempting to gain account access and maintained a calm, professional, and persistent demeanor. The scam was only thwarted by intuition; Verizon confirmed when contacted directly that no fraudulent activity existed and that Verizon does not initiate such calls. CyberWyoming Note: Due to a government shutdown, reporting agencies like the FTC and IC3.gov are currently unavailable, which scammers may exploit. People are advised to only contact official customer service numbers, avoid clicking links or sharing codes from unsolicited contacts, trust their instincts, and save all scam details for future reporting. This incident highlights how convincing and dangerous such scams can be.

Phony Fees Ahead:

A Laramie resident received a scam text from an Indonesian number (+62). The message, also sent to similar phone numbers, falsely claimed to be an “E-ZPazz Unpaid Toll Reminder.” It threatened late fees, account suspension, registration restrictions, and credit damage if payment wasn’t made that day, and included a suspicious shortened payment link. CyberWyoming Note: Scammers often create a false sense of urgency by giving short deadlines and threatening severe consequences to pressure quick action. Never click on suspicious links and always verify directly with the official agency or service instead.

Windows 10 Support Ends Next Week, Oct 14, 2025:

After this date, Microsoft will no longer provide technical assistance, feature updates, or security updates for Windows 10. Users are encouraged to upgrade to Windows 11 for a more secure and efficient experience. If a device doesn’t meet the requirements for Windows 11, options include enrolling in the Windows 10 Extended Security Updates (ESU) program for up to one additional year of security support or replacing the device with one that supports Windows 11. For PCs eligible for upgrade, check for updates via Start > Settings > Update & Security > Windows Update, or consider a new Windows 11 PC if needed.
For more information, visit the Microsoft Support page: support.microsoft.com/en-us/windows/windows-10-support-ends-on-october-14-2025-2ca8b313-1946-43d3-b55c-2b95b107f281

Google Fixes Gemini AI Security Flaws:

Google recently patched several security problems in its Gemini AI that could let attackers trick the AI into stealing data or doing other harmful actions. Researchers at Tenable called these issues “The Gemini Trifecta” and found three main attack methods, all needing little effort from attackers. The first targeted Gemini Cloud Assist, where attackers could insert malicious prompts into logs, which the AI might later follow, revealing sensitive information. The second used search history to trick Gemini’s search personalization feature into carrying out attacker instructions. The third attacked the Gemini Browsing Tool, using its ability to summarize web pages to secretly send user data to the attacker. Google patched all three vulnerabilities after being notified, reflecting growing concerns over AI assistants’ integration with enterprise services.
– Brought to you by SecurityWeek
securityweek.com/google-patches-gemini-ai-hacks-involving-poisoned-logs-search-results/

FEMA Shakeup After Cyberattack:

A major cybersecurity breach at FEMA, linked to a Citrix vulnerability, exposed employee data from both FEMA and U.S. Customs and Border Protection, raising concerns about systemic IT failures inside the agency. Hackers gained access using stolen login details, pulling data from FEMA’s Region 6 servers, which cover several southern border states. Despite remediation efforts through the summer, DHS (Department of Homeland Security) confirmed in September that sensitive data was stolen. In response, DHS fired about two dozen FEMA IT employees, including top tech and security leaders, saying they ignored problems, avoided fixes, and even lied about the risks. FEMA then ordered staff to change passwords and began restructuring its IT department, putting new acting leaders in charge. The breach underscores both FEMA’s value as a hacking target and the consequences of persistent cybersecurity mismanagement.
– Brought to you by Nextgov/FCW
‍nextgov.com/cybersecurity/2025/09/widespread-breach-let-hackers-steal-employee-data-fema-andcbp/408456/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Oracle E-Business Suite. If you use this product, make sure the software is updated.

Data Breaches in the News:

Oracle's E-Business Suite, Red Hat, Discord, Motility Software Solutions, Stellantis, and Qantas. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register