End-of-Year DocuSign Scam:

A Laramie resident received a phishing email impersonating the University of Wyoming from “Support_Management_No-Reply” with a suspicious UK-based email address ending in “Robert@jostec…”. The email, titled “Payment Docs EnabIed-lD: December 11, 2025 refID: 3723898751|l7tVmz6kge”, claimed the recipient had Q4 pending payment and end of the year bonus documents to sign via DocuSign. The message included a realistic-looking UW logo and signature but was entirely an image linking to a suspicious external site. The user’s email system flagged it as coming from a non-UWYO address, warning against opening links or attachments from external sources. CyberWyoming Note: Be cautious of unexpected DocuSign or document requests, especially during peak business periods like year-end or tax season, as scammers increasingly impersonate institutions to trick employees. Always verify the sender’s email and avoid clicking links in messages from unfamiliar or non-official addresses. You can always confirm these requests through other channels like official phone numbers or a trusted email address.

The Criminal Use of Authority:

A Sheridan resident received a call at their workplace from someone claiming to be a police officer. After asking for the resident’s name, the caller said there was a warrant for their arrest for missing jury duty and demanded $3,500 to clear it, even providing a badge number and confirming past addresses to sound legitimate. Suspicious, the resident put the call on speaker and, on their manager’s advice, drove to the police department. The caller became agitated and warned them not to go to the station, which confirmed it was a scam. Police reported they had received eight similar complaints that day and believe scammers are targeting businesses and whoever answers the phone first. CyberWyoming Note: Scams like this are becoming increasingly common, not just involving fake jury duty warrants but many other police, court, or government authority impersonation schemes. These calls are designed to be frightening on purpose. Scammers rely on panic, urgency, and fear of arrest to push victims into acting before they have time to think or verify the claim. Remember the Police, Sheriff’s Office, and Courts will never call you to demand immediate payment, ask for your credit or debit card numbers over the phone, or threaten arrest for not paying. If you receive a call like this, hang up and contact the agency directly using a verified public phone number.

Holiday Online Shopping Safety:

As the holiday season wraps up, online shoppers and businesses should continue to take steps to protect personal, financial, and business information from cyber criminals. Shoppers should keep devices updated, use strong and unique passwords with multifactor authentication, and enable automatic software updates. Only shop with trusted vendors, verify suspicious emails or links, and ensure websites use encryption (https and padlock icon). When making purchases, use credit cards or secure payment methods, review privacy policies, and monitor accounts for fraudulent activity. Businesses should also implement cybersecurity basics, such as data encryption and backups, to protect themselves and their customers. Vigilance and simple precautions can help ensure a safe holiday season online.
– Brought to you by Cybersecurity & Infrastructure Security Agency (CISA)
https://www.cisa.gov/securetheseason-holiday-online-shopping-safety

Fake URLs You Can’t Spot:

Homograph attacks are a more convincing form of phishing in which scammers create fake URLs that look identical to legitimate ones by substituting letters with look-alike characters from other alphabets, especially Cyrillic. Instead of the obvious misspellings or random characters found in older scams, these manipulated URLs—such as replacing an “a” or an “l” with nearly indistinguishable foreign characters—can pass as perfect copies of sites like Amazon or a victim’s bank. When clicked, they lead to cloned websites designed to steal login credentials. Because these forged URLs often appear legitimate depending on the device or browser, spotting them can be extremely difficult. To avoid homograph scams, never click links from unexpected texts or emails and instead go to the company’s official web address or contact them through other official channels.
– Brought to you by CUSO Magazine & Malwarebytes
‍cusomag.com/2024/02/26/font-or-fiction-how-scammers-are-using-fonts-to-trick-your-members/
‍www.malwarebytes.com/blog/news/2017/10/out-of-character-homograph-attacks-explained

Man Sentenced to Prison for Wi-Fi Attacks at Airports:

Australian man Michael Clapsis has been sentenced to a little over seven years in prison for carrying out Wi-Fi attacks at airports and on domestic flights in Australia. Using a Wi-Fi Pineapple device, Clapsis created rogue access points to trick victims into entering their email and social media credentials on fake login pages. The Australian Federal Police uncovered thousands of stolen personal credentials, intimate images, and evidence of fraudulent Wi-Fi schemes during searches of his luggage and home. Clapsis also attempted to delete online files and access confidential information on his employer’s laptop after the investigation began. CyberWyoming Note: Try not to connect to Public Wi-Fi, use your phone’s hotspot instead. If you have to connect to Public Wi-Fi, avoid entering passwords or sensitive information and use a VPN service.
– Brought to you by SecurityWeek
‍www.securityweek.com/australian-man-sentenced-to-prison-for-wi-fi-attacks-at-airports-and-on-flights/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Google Chrome, Apple products, and Cisco AsyncOS. If you use these products, make sure the software is updated.

Data Breaches in the News:

700Credit and Fieldtex. Note: If you have an account with these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register