Workstream Email Scam on Thin Ice:

A Laramie resident reported receiving two scam emails impersonating the company Workstream, sent from a suspicious .ic domain (Iceland). The emails claimed to be onboarding instructions for a new job, including the completion of payment method and tax withholding information. They contained buttons and links directing the recipient to a fraudulent Iceland-based site, despite Workstream’s legitimate domain being .us and headquartered in San Francisco. The emails attempted to appear official by using company branding and typical onboarding language. CyberWyoming Note: Never provide personal or financial information in response to unsolicited emails, and always verify the sender’s domain before clicking any links or completing tasks. When in doubt, contact the company directly using official channels.

Vexing Venmo Verification:

A Laramie resident received a text from Venmo’s official number (86753) containing a two-factor authentication code for account verification. The reporter stated that they do not have a Venmo account and they were unsure whether the message is legitimate or a scam. CyberWyoming Note: Venmo scams are very common and often involve scammers pretending to be Venmo in some form. While Venmo does send messages from the number 86753, savvy scammers can spoof this number to make their texts appear legitimate. If you do not have a Venmo account and receive such a message, do not click any links. If you think the text is legitimate, contact Venmo support directly to ensure your phone number isn’t being linked to an account without your consent. If you do have an account, only use a verification code that you personally requested. If you receive an unexpected code, do not click any links, and consider changing your password while ensuring multi-factor authentication (MFA) is enabled on your account.

Account Takeover Attacks Increase:

The FBI and Amazon are warning holiday shoppers about a surge in account takeover (ATO) fraud, where scammers hijack online accounts including banking, email, and retail accounts to steal money or personal information. Attackers often impersonate customer support, send phishing emails or texts, create fake websites, and use tactics such as credential stuffing or browser push notification scams to trick users into revealing passwords and multi-factor authentication codes. Research shows thousands of malicious domains mimicking major brands and sophisticated techniques like SEO poisoning are fueling these attacks. ATO incidents have risen sharply, with TransUnion reporting a 21 percent increase from the first half of 2024 to the first half of 2025 and $262 million in losses reported to the FBI since January. Shoppers are advised to bookmark official login pages, use official apps, protect personal information, avoid sharing one-time codes, and consider passwordless login options like passkeys to reduce risk. Amazon emphasizes it will never request payment information or login details via email or phone. Victims should report fraud to their bank and the FBI’s Internet Crime Complaint Center (www.ic3.gov).
– Brought to you by MalwareBytes
‍malwarebytes.com/blog/news/2025/11/holiday-shoppers-targeted-as-amazon-and-fbi-warn-of-surge-in-account-takeover-attacks

Spotting and Avoiding Card Skimming Fraud:

Card skimming is a growing type of fraud in which criminals secretly install devices on ATMs, gas pumps, and point-of-sale terminals to steal card data and PINs, costing consumers and financial institutions over $1 billion each year. Thieves use this information to clone cards, make unauthorized purchases, and even drain vulnerable EBT benefits. Because skimmers are hard to spot and can be installed in seconds, it is especially important during the busy Christmas shopping season to stay alert. Inspect card readers and avoid any that look loose or tampered with. Cover the keypad and tug on it lightly. Choose pumps near the store and ATMs in well-lit areas. Use credit instead of debit for safer protection. Check your accounts frequently and set up alerts. If you notice suspicious activity or a compromised machine, report it immediately to your bank or to the FBI’s Internet Crime Complaint Center at ic3.gov.
– Brought to you by the FBI & United States Senate Federal Credit Union
‍fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/skimming
‍ussfcu.org/media-center/security-corner/blog-detail-security-corner.html

Cyberattack Disrupts Emergency Alert System:

A major cyberattack hit the OnSolve CodeRED emergency alert system, used by cities and counties across the U.S. to send urgent alerts about weather, evacuations, and other emergencies. The attack caused outages in some areas and may have exposed user data, including emails and passwords, prompting officials to tell people to change their passwords, especially if reused elsewhere. The breach, reportedly by the INC Ransom group, shows the risks of storing passwords in plain text and demonstrates how vulnerable critical public safety systems can be. Residents are advised to follow security steps like changing passwords, enabling strong two-factor authentication, watching for phishing, and monitoring their identity.
– Brought to you by MalwareBytes
‍malwarebytes.com/blog/news/2025/11/millions-at-risk-after-nationwide-codered-alert-system-outage-and-data-breach

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for SonicOS and Google Chrome. If you use these products, make sure the software is updated.

Data Breaches in the News:

Eurofiber, SitusAMC, Delta Dental of Virginia, OnSolve CodeRED, Cooper Steel Fabricators, OpenAI’s ChatGPT, Asahi Beer Company, British telco Brsk, ChristianaCare, and Coupang. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register