Booking Trouble:

A Cheyenne hospitality business encountered a scammer posing as someone planning a 70th birthday party for their mother. The scammer asked the business to book a band and include the cost in their charges. They provided an email address for the band, and when the reporter reached out, knowing it was a scam, the band responded with a cost list. The scammer then called from a Google number and became upset when informed that the business could not book the band and that the scammer would need to contact the band directly and make a deposit themselves. CyberWyoming Note: This incident highlights the importance of trusting your instincts when something feels off. Always verify contacts independently and avoid paying on behalf of unknown third parties.

Friendly Fire:

A Laramie business reported receiving a scam email that appeared to come from their insurance representative. The reporter noted that their insurance representative’s email may have been hacked. The email, likely part of a mass phishing attempt, had the subject line “[Employee’s name] [Hacked Company’s Name]” and included a suspicious PDF attachment titled with the sender’s name and a message stating “PDF Access Code to preview: 4314112.” The email came from a known person, their correct email, and included the correct signature of the real employee, prompting the reporter to click it. Thankfully, Google blocked the recipient from opening the attachment, preventing potential harm. CyberWyoming Note: Always verify unexpected emails with attachments, even if they appear to come from a known contact and avoid opening suspicious files. If unsure, contact the sender directly through another channel (e.g., phone or separate email address) to confirm the message is legitimate, and keep email security features enabled to help block potential phishing attempts.

Fake Business Filing Email:

A Wyoming business received a convincing email impersonating the Wyoming Secretary of State’s office, claiming their Annual Report was past due and threatening administrative dissolution. The email included accurate business details like the name, address, filing dates, and even a Cheyenne reply address, making it appear legitimate. However, the business found the email suspicious and checked directly with the Wyoming Secretary of State, where they confirmed that their Annual Report was not past due. The sender’s email was not from a wyo.gov address and did not resemble official Secretary of State emails. CyberWyoming Note: To verify notifications, businesses can search their filings on the Wyoming Secretary of State website (wyobiz.wyo.gov/Business/FilingSearch.aspx) or call the office directly. Through the Wyoming Secretary of State’s public filings, your business, registered agent, and filing information is accessible, including details such as your name, address, email, filing dates, and filing number. Unfortunately, scammers often use this information to make their fraudulent communications appear legitimate. The Secretary of State’s office also provides guidance on identifying impersonation scams here: sos.wyo.gov/Business/Docs/Notice_Beware_of_Scams_Targeting_Wyoming_Businesses.pdf

Staying Safe This Holiday Season:

During the holidays, scammers take advantage of the season to target shoppers and travelers. They often post fake online ads for popular items, using cloned websites and “limited-time” discounts to steal payment information and identities. Similarly, holiday travel deals can be traps, with scammers copying legitimate rental listings and requesting deposits or personal documents outside trusted platforms, leaving victims without accommodation and vulnerable to identity theft. Gift card scams are also common, where fraudsters impersonate friends or family via texts, calls, or AI-generated messages to pressure victims into sending gift card codes. To stay safe, always verify sources, be cautious of urgent or emotionally charged requests, and remember that offers that seem too good to be true usually are.
– Brought to you by Chase Bank
‍chase.com/digital/resources/privacy-security/security/how-to-spot-scams/card-holiday-scams

Chrome’s ID Storage Safety:

Google Chrome’s new “enhanced autofill” feature can now store sensitive information like driver’s licenses and passports, offering convenience for online forms and travel bookings. However, experts warn that storing such personal data in the world’s most popular browser poses major security risks, as Chrome is a prime target for hackers, malware, and phishing attacks. While Google encrypts data and requires user consent, stolen browser sessions (tokens), session latency, or rogue extensions could still expose your identity. It is advised to keep this feature turned off and instead use a dedicated, audited password manager for safer storage of sensitive documents.
– Brought to you by MalwareBytes
‍malwarebytes.com/blog/news/2025/11/should-you-let-chrome-store-your-drivers-license-and-passport
For information on how to turn off these Chrome features, email us at info@cyberwyoming.org. We have a video!

New Android Malware Enables Instant ATM Theft:

Researchers from CERT Polska have discovered new Android operating system malware called NGate that steals victims’ banking and NFC data, including card details and PINs, to enable instant, unauthorized ATM withdrawals. The malware infects phones through phishing messages that trick users into installing a fake banking app. When victims perform a tap-to-pay or verification action, NGate captures and transmits the real-time NFC transaction data and PIN to attackers, who use it immediately to emulate the card at an ATM and withdraw cash. To stay safe, users should only download apps from official stores, use updated anti-malware software, and avoid engaging with suspicious messages or calls claiming to be from their bank.
– Brought to you by MalwareBytes
‍malwarebytes.com/blog/news/2025/11/android-malware-steals-your-card-details-and-pin-to-make-instant-atm-withdrawals

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Fortinet products and FortiWeb. If you use these products, make sure the software is updated.

Data Breaches in the News:

DoorDash, Logitech, Checkout.com, Somalia’s e-visa system, SSA Holdings, and Under Armour. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register