Email Account Takeover:

A Wyoming employee experienced an email account takeover after replying to a message from a legitimate vendor that had been compromised. The vendor’s email appeared authentic, but the response “This employee doesn’t work here anymore” with a link to the new contact’s email address triggered unusual activity. The employee’s account began sending out RFP requests, and some emails disappeared from their folders. Despite having a strong password and MFA, it is believed the vendor’s compromised mailbox exploited a vulnerability in Google’s temporary access tokens, allowing hackers to hijack the session. Even after the employee changed their password, session persistence may have allowed continued access briefly. CyberWyoming Note: Recommended actions include changing your email password, enabling MFA, signing out of all browser sessions or email clients (like Outlook, Thunderbird, etc), reviewing filters and forwarding addresses deleting any you don't recognize, checking recent security activity, and ensuring the POP email setting has not been enabled.

Remote Job Recruitment Scam:

A Laramie resident received a group text from a Moroccan number (+212) claiming to be "Katie Moore from HireArt." The message offered a part-time, remote assistant job promising $250–$500 per day (with a minimum of $1,000 every four days) for 60–90 minutes of work, four days a week. It claimed no experience was needed, provided training, and included flexible hours and paid vacation. The message encouraged replying "Yes" to receive full details. CyberWyoming Note: Never respond to unsolicited job offers from unknown numbers, especially those promising unusually high pay for minimal work, and avoid sharing personal information. Legitimate employers won’t recruit this way. Always verify opportunities through official company channels before engaging.

Congressional Budget Office Hacked:

The Congressional Budget Office (CBO) confirmed it was hacked, potentially exposing sensitive government data. The small agency, which provides lawmakers with impartial budget analyses and cost estimates for nearly all legislation, said it has contained the incident and implemented new security measures. While reports suggest a suspected foreign actor may be behind the intrusion, the CBO has not confirmed. The agency emphasized that its work for Congress continues and that it routinely monitors and addresses cybersecurity threats. The CBO manages extensive data on policies ranging from immigration and tariffs to tax and spending legislation.
– Brought to you by Federal News Network
‍federalnewsnetwork.com/cybersecurity/2025/11/the-congressional-budget-office-was-hacked-it-says-it-has-implemented-new-security-measures/

Give Safely in the Season of Giving:

As the year ends, many Americans participate in the “Season of Giving,” donating billions to charitable causes, with a significant portion occurring in the final months. However, this generosity also attracts scammers who exploit well-meaning donors. Common tactics include unsolicited calls, emails, or messages claiming to represent charities, creating a sense of urgency, or requesting unconventional payment methods like gift cards or cryptocurrency. To ensure donations reach legitimate causes, donors should research organizations through trusted sites like CharityNavigator.org or CharityWatch.org, verify names and web addresses carefully, avoid clicking suspicious links, and use credit cards for safer transactions. Supporting crowdfunding campaigns is safest when organized by known and trusted individuals and maintaining a pre-selected list of charities can help resist pressure from aggressive solicitations.
– Brought to you by AARP Fraud Network
‍aarp.org/money/scams-fraud/text-alerts.html

Password to the Louvre Surveillance System?:

The recent theft at the Louvre exposed not just the loss of priceless jewels but decades of egregiously poor cybersecurity. Investigations revealed that the museum had relied on outdated systems and weak passwords (like “LOUVRE” for critical surveillance servers) despite multiple audits over the past decade flagging these vulnerabilities. Experts had repeatedly warned that the museum’s IT infrastructure needed modernization, yet management failed to act. The incident has become a stark example of negligent cybersecurity, highlighting the costly consequences of ignoring known risks. This is a great opportunity to learn from the mistakes of others.
– Brought to you by Secure The Village
‍open.substack.com/pub/stanstahl/p/password-to-the-louvre-surveillance

Scammers Target Lost iPhones:

The Swiss National Cyber Security Centre (NCSC) warns iPhone users about a phishing scam targeting lost or stolen devices. Scammers send convincing texts or iMessages, claiming a lost iPhone has been found, often including details like the model and color, and directing victims to fake Apple login pages. These phishing attempts aim to steal Apple ID credentials to bypass Activation Lock, which normally prevents unauthorized use of the device. The NCSC advises never clicking links in unsolicited messages, enabling Lost Mode immediately, protecting SIM cards with a PIN, using a dedicated contact email on the lock screen, and ignoring any messages claiming Apple found your phone, as Apple does not send such alerts via SMS or email.
- Brought to you by BleepingComputer
‍bleepingcomputer.com/news/security/lost-iphone-dont-fall-for-phishing-texts-saying-it-was-found/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Cisco, Apple, Google Android OS, Adobe, Microsoft, and Mozilla. If you use any of these products, make sure the software is updated.

Data Breaches in the News:

Conduent, Hyundai AutoEver America, Nikkei, and Wakefield & Associates. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register