Week 3 of National Cybersecurity Awareness Month!

Join CyberWyoming for a virtual community proclamation next Wednesday, October 22 at noon, with prizes for the best and the worst signatures. Register or check out the Scary Cyber Stories webinar here: cyberwyoming.org/national-cybersecurity-awareness-month-activities-2025/.

Part-Time Job, Full-Time Trouble:

A Laramie resident received a mass scam text from a Moroccan phone number (+212) claiming to be from “Katie Moore at HireArt.” The message advertised a part-time, remote assistant job paying $250–$500 per day, promising a guaranteed minimum of $1,000 every four days. It claimed the job required 60–90 minutes of work per day, four days a week, with no prior experience needed, offered training, paid vacation, and flexible hours. The text urged recipients to reply “Yes” to receive full details. CyberWyoming Note: Be cautious of unsolicited job offers promising high pay for minimal work, like this employment scam. Always verify job opportunities through official company channels before engaging. Be sure to block the sender’s number, report the message, and delete it immediately.

PayPal Invoices:

A Big Horn resident received multiple suspicious emails containing PDF attachments that appeared to be PayPal invoices. One email, from someone claiming to be "Robert Smith," had the subject “Automatic reply: Andre Dennis Auto Debit for Robert Smith” and read: “Dear sir/ma'am, Order received.” CyberWyoming Note: Never open attachments from unknown or suspicious emails, as they may contain malware or phishing attempts. Always verify invoices or payment requests directly through official accounts before taking any action.

Avoid Fake Downloads:

Fake versions of popular software, like Malwarebytes for Mac and LastPass, are being shared on GitHub to trick Mac users into installing malware. The attackers copy real brand names and use search tricks or ads to make their fake pages appear legitimate. When users follow the installation instructions, the malware, called Atomic Stealer, downloads and runs without warning, stealing information. Other software being faked includes 1Password, Audacity, Dropbox, Notion, Shopify, and many more. To stay safe, only download software from official sites, avoid running random commands in the terminal, use antivirus protection, and if your Mac is infected, remove suspicious files, reinstall macOS if needed, and change your passwords with multi-factor authentication turned on.
– Brought to you by MalwareBytes
malwarebytes.com/blog/news/2025/09/fake-malwarebytes-lastpass-and-others-on-github-serve-malware

The Anatomy of a Romance Scam:

Romance scams are carefully orchestrated schemes designed to manipulate emotions and exploit trust, often targeting individuals online through dating sites, social media, or apps. Here are the common steps scammers take:

• The Perfect Introduction – Scammers create convincing online profiles, often using stolen photos and mirroring the target’s interests to appear relatable.
• Building Trust and Connection – They develop emotional bonds over weeks or months, showing care and understanding, while avoiding in-person meetings.
• Creating Urgency and Sympathy – Once trust is established, they fabricate crises that elicit sympathy, like medical emergencies or financial trouble.
• The Ask – Victims are pressured to send money, gift cards, cryptocurrency, or share personal information. Scammers often continue asking after the first request.
• The Disappearing Act (or Not) – Sometimes the scammer vanishes; other times they linger, prolonging the scam. Victims are left emotionally devastated.

If someone has been scammed, it’s important to stop all contact, document everything, report the situation to authorities, and remember that being deceived does not reflect character. The key takeaway is that awareness and open conversation are your best defenses. Real love never asks for money.
– Brought to you by FightCybercrime.org
fightcybercrime.org/blog/the-anatomy-of-a-romance-scam/

AI-Driven Extortion Scams Targeting Gen Z and Millennials:

AI-driven extortion scams are increasingly targeting Gen Z and Millennials, exploiting their mobile-first habits and extensive digital footprints. Using tactics like sextortion, deepfakes, and virtual kidnappings, scammers create highly personalized, high-pressure threats that can severely harm victims’ emotions, reputations, and finances. Gen Z is particularly vulnerable, with over half targeted and more than one in four victimized. AI amplifies these risks by making scams feel more real, while constant cross-channel exposure and overconfidence in spotting scams leave users under protected. Prevention involves adopting mobile security measures, practicing cautious digital behavior, and following the STOP framework: Slow down, Test, Opt out, and Prove it to resist manipulative tactics.
– Brought to you by MalwareBytes
‍malwarebytes.com/blog/news/2025/10/ai-driven-scams-are-preying-on-gen-zs-digital-lives

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Ivanti products, Mozilla products, Microsoft products, and Adobe products. If you use any of these products, make sure the software is updated.

Data Breaches in the News:

Canadian Tire Corporation, SimonMed Imaging, Vietnam Airlines, and F5. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register