The Only Thing They Know Is How to Scare You:

A Wyoming resident reported receiving an email scam from an Outlook address, which included a PDF attachment containing an extortion letter. The letter contained personal details such as the victim's phone number and threatened to expose damaging information unless paid off. The scammer claimed to have malware on the victim's devices, remote access, and control over their camera. CyberWyoming Note: Despite the intimidating language, this type of scam is often a scare tactic with no actual access to the victim's devices. The scammer likely uses a template to insert personal information for different victims. To protect yourself from such scams, avoid opening suspicious email attachments and verify the sender's identity before responding. If you receive threatening emails, report them to authorities rather than engaging with the scammer. Ensure your devices are secured with up-to-date antivirus software, enable firewalls, and use strong, unique passwords to prevent unauthorized access.

Clickbait Voicenotes:

A Wyoming citizen reported a phishing email impersonating Microsoft with the subject "Important Task: New Missed Audio Notes for [Recipient's Email Address], Please Release Now." The email, sent from "Wyoming VoIP” with a .jp (Japanese country code) address, claimed the recipient had "2 missed voicenotes" and urged them to "Listen Here" via a linked button. The email used Microsoft logos to appear legitimate but directed users to a suspicious domain. Upon investigation with Checkphish.com, the link led to an "Account Suspended" page, indicating it was likely a ploy to steal Microsoft account credentials. The recipient had encountered similar scams before. CyberWyoming Note: Always verify the sender’s email address, and avoid clicking on links in unsolicited emails—especially those urging immediate action or requesting login credentials—even if they appear to come from trusted companies like Microsoft, as scammers often impersonate well-known brands.

ITRC 2025 Cybercrime Predictions:

The Identity Theft Resource Center (ITRC) predicts that in 2025, identity theft and cybercrime will increase due to reduced government support, less law enforcement focus, and fewer resources for victims. The federal government may deprioritize cybercrime prevention and victim assistance, while a decrease in fines and asset forfeitures will leave fewer funds for services. Cybercriminals are expected to exploit AI tools and weak regulations, leading to a surge in cybercrime. Additionally, states will implement their own privacy laws, creating confusion and compliance burdens, while self-regulation is set to make a comeback, raising the risk of increased fraud and consumer distrust.
‍– Brought to you by The Identity Theft Resource Center (ITRC) idtheftcenter.org/identity-theft-resource-center-2025-predictions/

New Year, New You—With a Secure Identity!:

As we enter the new year, protecting your identity should be a top priority. In 2023, identity fraud cost Americans $43 billion, with criminals exploiting data breaches, scams, and stolen mail. To reduce risks, use strong, unique passwords for all accounts, enable multi-factor authentication for added security, and regularly monitor your credit report for suspicious activity. Freezing your credit can also prevent unauthorized accounts from being opened. By taking these steps, you can better safeguard your personal information in 2025. – Brought to you by AARP aarp.org/money/scams-fraud/text-alerts.html

Service Fraud Prevention:

Fraud cost veterans, service members, and their families $477 million in 2023, according to the latest Federal Trade Commission (FTC) data. Scammers employ vet-focused twists on impersonation scams, investment fraud, and more. Criminals frequently impersonate the VA, often threatening to cut off benefits if you don’t provide sensitive personal information or pay bogus fees. They may also contact you about investment opportunities, with low fees or special offers just for veterans. They may also claim to be a veteran themselves. The White House along with the VA unveiled new fraud prevention resources for veterans. Visit: Vsafe.gov online or reach out to the new call center at 833-38V-SAFE (833-388-7233).
‍– Brought to you by AARP & the FTC

The Treasury's Uninvited Guest:

The U.S. Treasury Department confirmed that its workstations were hacked by a group linked to China, exploiting a vulnerability in third-party software provider BeyondTrust. The breach, discovered on December 8, occurred when a threat actor gained access to a key used to secure a cloud-based service for remote technical support, allowing them to bypass security and remotely access certain unclassified documents. The incident, classified as a "major incident," has been attributed to a China-linked Advanced Persistent Threat actor. The Treasury Department is collaborating with law enforcement and cybersecurity agencies to assess the full impact.
– Brought to you by CyberScoop cyberscoop.com/treasury-workstations-hacked-china-beyondtrust-identity-access-management/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Apache Struts2, SonicWall SonicOS, and Ivanti Products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Volkswagen, American Addiction Centers (AAC), PracticeSuite, Deloitte, Bank of America (“BofA”), and PowerSchool. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register