Scam or Just Sloppy?:

A Laramie resident received a suspicious letter claiming to be from Comenity Capital Bank regarding a Bread Cashback application. The letter requested highly sensitive personal documents—such as a government-issued photo ID, Social Security card, and proof of residency—to be emailed to @breadofficial or mailed for processing. CyberWyoming Note: Legitimate banks typically use secure portals rather than unsecured email to protect sensitive information. While Bread Financial has a decent BBB rating, a Virus Total scan flagged its URL as suspicious. Even if the company is legitimate, requesting emailed documents to a general address is highly unprofessional and a major red flag.

Scam’s Club:

A citizen reported receiving a scam email impersonating Sam’s Club, with the sender’s name "Sam S ClUb Invitation" and an unrelated email address "@kaiweituliao." The email was suspicious because it was sent and CC’d to the recipient’s same email address. The subject line falsely advertised a "Sam's Club Membership for Only $20." The email contained poor grammar, lacked official logos, and included two suspicious attachments. Additionally, the message referenced random, unrelated text at the bottom, further indicating it was fraudulent. CyberWyoming Note: Avoid clicking links or opening attachments from unexpected emails, especially those with poor grammar, unusual sender addresses, or suspicious formatting. Always verify promotional offers directly on the official Sam’s Club website instead of trusting unsolicited emails.

The Biggest Cryptocurrency Heist in History:

Hackers stole $1.5 billion from Bybit in the largest cryptocurrency heist ever. The attack targeted an Ethereum cold wallet, moving 400,000 coins to unknown addresses. Bybit assured customers that other wallets and withdrawals were unaffected. The breach occurred during a routine transfer, with hackers masking the funds' destination. Arkham Intelligence tracked $1.36 billion of the stolen Ethereum, which was quickly sold across accounts. Bybit secured a bridge loan to cover lost funds and processed over 350,000 withdrawals. This breach surpasses past hacks like the $620 million theft from Ronin Network. The attack highlights ongoing concerns about crypto security and recovery.
– Brought to you by Secure The Village & The Greek Reporter
‍greekreporter.com/2025/02/22/hackers-steal-billion-biggest-cryptocurrency-heist-history/

Google’s New Ad Policy Faces Scrutiny:

Google's shift from cookies to digital fingerprinting for ad tracking is raising privacy concerns. This new method tracks users across devices and sessions, making it harder for people, even with privacy tools like VPNs, to stay anonymous. Experts warn that it allows advertisers to create detailed profiles of users. The change has attracted scrutiny from privacy regulators, with some calling it "irresponsible." Google had criticized fingerprinting in 2019, but now sees it as a more profitable option. Critics argue this shift will lead more companies to adopt fingerprinting, compromising user privacy further.
‍– Brought to you by Secure The Village & The Record
‍therecord.media/new-google-tracking-pandoras-box

CISA Disinformation Staff Put on Leave:

Last week, the Cybersecurity and Infrastructure Security Agency (CISA) placed several members of its election security team, focused on disinformation, on administrative leave. This move coincided with the dissolution of the FBI’s Foreign Influence Task Force. CISA’s work combating election-related disinformation, particularly foreign interference, has been controversial. Despite this, CISA continues to prioritize election security and cybersecurity, with disinformation work being a small part of its overall budget.
‍– Brought to you by Secure The Village & CyberScoop
‍cyberscoop.com/cisa-misinformation-disinformation-administrative-leave/

Say No To Google Ads:

A new phishing campaign is targeting Microsoft advertisers through malicious Google ads, similar to a recent attack on Google Ads accounts. Cybercriminals created fake sponsored search results for "Microsoft Ads" that redirect unsuspecting users to phishing sites designed to steal login credentials. To evade detection, attackers use cloaking, redirection techniques, and Cloudflare verification challenges. If accessed incorrectly, the phishing domain even displays a “rickroll” as a diversion. The phishing page mimics Microsoft's legitimate login portal, attempting to capture credentials and bypass two-factor authentication. Investigations suggest this campaign has been ongoing for years, potentially targeting other platforms like Facebook as well. Users are advised to scrutinize URLs, enable 2FA, monitor their accounts, and report suspicious ads. CyberWyoming Note: It is probably best not to click on any sponsored links on Google and visit what you know to be the real website. – Brought to you by Malwarebytes
‍https://www.malwarebytes.com/blog/news/2025/01/microsoft-advertisers-phished-via-malicious-google-ads

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Citrix Netscaler 8.8, Juniper 9.8, Palo Alto PAN-OS, and SonicWall SMA1000. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

Star Solution Services, VectraRx Mail Pharmacy Services, DISA Global Solutions, Orange Group, Nuna Baby Essentials, and RxSight. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register