Phishing with Payments:

A Casper resident reported a scam email impersonating the American Occupational Therapy Association (AOTA). The email appeared legitimate, claiming to have an invoice for an order, but the sender's email address was altered with "members" instead of the correct "customerservice." The resident became suspicious because the charge mentioned in the email didn't match any transactions in their bank account, and the email contained suspicious links for payment. They reported the scam to AOTA, blocked the sender, and shared screenshots with the association for awareness. CyberWyoming Note: Protect yourself from email scams by not clicking on any links, contacting the organization directly, confirming any financial transactions through trusted sources and reporting any suspicious activity, just as this recipient did.

Google My Business Scam Call from "Cozy Corner Inn":

A Laramie business received a phone call from "Cozy Corner Inn" that turned out to be an impersonation. Immediately, a recorded voice came on, saying, "There's a problem with your Google Business listing. Press 1 to talk to a live person or press 2 to be removed from the call list." CyberWyoming Note: This incident shows how easy it is to impersonate a number you are familiar with. Remember, do not press any number, as doing so signals that your phone number is valid and can lead to more scam calls.

UW Alert for Recent Phishing Attempts and Fraud:

The University of Wyoming Information Technology (UWIT) has issued a warning about recent phishing attempts and fraudulent activities targeting the university community. These scams aim to steal sensitive information such as usernames, passwords, and personal details. UWIT reminds users that the university will never ask for login credentials via email or text, nor will it request authentication through DUO outside of legitimate logins. If an unsolicited DUO verification request is received, it may indicate a compromised account, and users should report it immediately.
Suspicious emails, texts, or login requests should be denied and reported to: uwyo.teamdynamix.com/TDClient/1940/Portal/Requests/ServiceDet?ID=9605

FTC Warns of Tax Season Identity Theft Scams:

The Federal Trade Commission (FTC) has issued a warning about rising identity theft scams targeting taxpayers during the tax filing season. Scammers are increasingly using text messages and emails to impersonate the IRS and steal personal information by directing victims to fake websites. The FTC advises people not to click on links in unsolicited messages and instead visit official sites like IRS.gov. To protect themselves, individuals should freeze their credit, use strong passwords, file taxes early, and consider using an IRS identity protection PIN. Parents are also urged to freeze their children's credit to prevent long-term damage.
– Brought to you by NBC DFW
‍nbcdfw.com/news/ftc-warns-of-identity-theft-scams-targeting-taxpayers-during-filing-season/3755638

Potential OpenAI Data Breach and How to Respond:

A Russian hacker claims to have stolen login data for over 20 million OpenAI users, including email addresses and passwords, with samples appearing on the dark web. While OpenAI has found no evidence of a breach, users should take precautions to protect their accounts. Recommended steps include enabling two-factor authentication, changing passwords (especially if reused elsewhere), and logging out of all devices. Given the sensitive data stored in ChatGPT queries, such as financial or medical information, the risk of targeted phishing attacks is high. – Brought to you by PCWorld
pcworld.com/article/2602780/20-million-openai-users-hacked-heres-how-to-stay-safe.html

From DeepSeek to DeepLeak:

China-based AI company DeepSeek, the No. 1 app in both the Apple and Google app stores, left a database completely open, exposing chat logs, API keys, and other sensitive data. Security firm Wiz found that anyone could access and even control the database without a password, though DeepSeek quickly fixed the issue when alerted. At the same time, concerns remain over DeepSeek’s censorship and data privacy. The chatbot strictly follows China’s government rules but sometimes reveals sensitive information when tricked with creative prompts. With its rapid rise in popularity, experts worry about data collection, government surveillance, and its overall trustworthiness, leading to investigations in Europe.
– Brought to you by Kim Komando & The Register
komando.com/tips/artificial-intelligence/deepseek-told-me-some-weird-things/
theregister.com/2025/01/30/deepseek_database_left_open/

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Fortinet Products, Adobe products, Microsoft products, Google Chrome, Microsoft Outlook, Dante Discovery, Sophos XG Firewall, Apache OFBiz, and Paessler PRTG Network Monitor. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

GrubHub, CBT Americas, and VectraRx. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register