Accessing Amazon Account From Mumbai?:

A Big Horn citizen received a scam text claiming to be from Amazon, warning of suspicious activity on their account from Mumbai, India. The message included a suspicious link and came from an unknown number with a Canada (416) area code. Fortunately, the citizen recognized it as a scam, reported it as junk, and deleted the message. CyberWyoming Note: Always be cautious of unsolicited text messages, especially those with suspicious links or unfamiliar numbers. Verify account alerts through official channels and avoid clicking on any links in messages you did not expect.

Toll Tales:

A Laramie resident reported receiving a scam text claiming to be from "EZDriveMA" regarding an unpaid toll invoice, urging payment that day to avoid late fees. The message included a suspicious link along with instructions to reply and open the link in a browser. The resident identified it as a scam due to the email address (techchicas.appleaccount), their lack of recent toll road usage, and the urgency of the message. CyberWyoming Note: This wasn't the only report of fake toll texts circulating in the area, signaling a growing trend of similar scams. Always verify unexpected messages about payments or invoices, especially if they come from unfamiliar email addresses or urge immediate action. Avoid clicking on links or replying; instead, contact the company directly through official channels to confirm the claim.

Scammers Exploit Los Angeles Wildfire Relief Efforts:

Authorities are warning the public about scammers exploiting the generosity of people trying to help victims of the ongoing Los Angeles wildfires. Fraudulent organizations, often targeting vulnerable groups such as the elderly and non-English speakers, have been misleading donors into giving money under false pretenses. Officials urge donors to research charities through trusted platforms like Charity Navigator, Charity Watch, GuideStar, and the Better Business Bureau before contributing. They also recommend avoiding cash donations and using secure, traceable payment methods.
– Brought to you by ABC News abcnews.go.com/US/beware-scams-donating-la-fire-victims-officials-warn/story?id=117605591

A Billion Passwords Walk Into the Dark Web:

A recent security report reveals that over 1 billion passwords were stolen by malware (malicious software) in 2024, compromising both consumer and organizational data. These stolen credentials are often sold on the dark web for as little as $10. Attackers use infostealer malware to harvest sensitive information, often exploiting phishing, malicious downloads, or software vulnerabilities. Despite the use of complex password policies, malware circumvents security measures, emphasizing the need for stronger practices like multi-factor authentication, unique passwords, and password managers. The widespread theft highlights the ongoing vulnerability of passwords, even in well-secured environments. – Brought to you by Forbes
‍forbes.com/sites/daveywinder/2025/01/23/security-alert-issued-as-1-billion-passwords-stolen-by-malware-act-now/
CyberWyoming Note: To prevent malware, Windows users should create two profiles: a local user for daily use (without install permissions) and a separate admin account for software installations.

Small Business Cybersecurity Statistics for 2025:

Cyberattacks on small businesses are rising, with small enterprises becoming attractive targets for cybercriminals due to weaker security and fewer defenses compared to larger companies. In 2021, 61% of small businesses experienced cyberattacks, with common threats including malware, ransomware, and phishing. The financial impact is significant, with costs ranging from $826 to $653,587 per incident, and many small businesses lack cyber insurance. Despite increasing cybersecurity spending, many small businesses remain unprepared, with 51% having no cybersecurity measures in place. The lack of awareness and resources leaves them vulnerable, but growing attention to cybersecurity and stronger defense measures offer hope for reducing these risks. – Brought to you by Secure The Village & StrongDM
strongdm.com/blog/small-business-cyber-security-statistics

Fortinet and SonicWall Vulnerabilities Pose Major Risks:

Both Fortinet and SonicWall are facing critical vulnerabilities in their firewall products, exposing thousands of devices to active exploitation. Fortinet's vulnerability in its FortiGate devices, tracked by the Shadowserver Foundation, has left nearly 47,000 unpatched devices globally, with over 8,000 in the U.S. still exposed to attacks that grant super-admin privileges. Similarly, SonicWall’s SMA 1000 Series VPN appliances are being actively targeted, with a zero-day flaw (CVE-2025-23006) impacting the devices. Despite patches being available, unpatched devices remain vulnerable, with the Cybersecurity and Infrastructure Security Agency urging swift updates to prevent further compromise.
‍– Brought to you by CISA, CyberNews, & The Record
‍cybernews.com/security/nearly-50k-fortinet-devices-left-unpatched-and-widely-exploited
‍therecord.media/sonicwall-devices-exposed-zero-day

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for SonicWall Secure Mobile Access (SMA) 1000 Series Appliances, Google Chrome, and Apple products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

UnitedHealth, Bank of America, Gas Express, Alko Distributors, Avery Label-Printing, Garden of Life, LLC, Wolf Haldenstein law firm, BayMark Health Services, Gravy Analytics, Green Bay Packers (team store), International Civil Aviation Organization, Medusind healthcare breach, STIIIZY, and Telefónica Telcom. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register