Fraudulent State Farm Bill:

A Wyoming resident received a suspicious email claiming to be from State Farm, referring to an autopay charge for their account. The email listed only an account number, and the amount owed, prompting the recipient to click a “View Bill” button for more details. Notably, there were two identical buttons, with oversized text that didn’t fit properly. This was an unusual design flaw. The email also mentioned a State Farm agent by name, but hovering over the button revealed an email address with a different name. Additionally, none of the links in the message are directed to the official State Farm website. CyberWyoming Note: Always hover over links before clicking to verify their destination and be cautious of emails with design flaws or mismatched sender information—these are common signs of phishing scams. When in doubt, contact the company directly through their official website.

Fake Invoice Scam Hits Local Inbox:

A Laramie resident received a scam email from "Transaction_History#913" with an unknown Gmail address. The email, posing as a PayPal invoice, had a subject referencing an invoice number and included a vague message urging the recipient to check a purchase receipt. It also contained an attachment that resembled a fake PayPal invoice, likely intended to deceive the recipient into providing personal or financial information. CyberWyoming Note: Unfortunately, PayPal impersonation scams are extremely common. Avoid opening attachments or clicking links in unexpected emails, especially those claiming to be invoices or payment requests. Always verify transactions directly through official websites instead of relying on email prompts.

PayPal Scam Uses Docusign to Send Phishing Emails:

Scammers are exploiting the Docusign API to make phishing emails appear more legitimate. By using Docusign's templates, they send fraudulent invoices from PayPal, bypassing security filters. The emails look authentic, claiming unauthorized transactions and asking for immediate action, but they contain red flags like suspicious email addresses and fake transaction details. To verify suspicious emails, go to Docusign's website directly, enter the code in the email, and check for errors. If you're a victim, report the issue to both PayPal and Docusign. Always check your accounts for unauthorized activity and report it through the respective platforms' fraud features. Key tips to remember: Avoid clicking on links in unsolicited emails, verify the sender's email, and visit Docusign’s site directly to check document validity.
– Brought to you by Secure The Village & MalwareBytes
malwarebytes.com/blog/news/2025/03/paypal-scam-abuses-docusign-api-to-spread-phishy-emails

Creator of Haveibeenpwned Clicks on Fraudulent Link:

In his blog post titled "A Sneaky Phish Just Grabbed my Mailchimp Mailing List," cybersecurity expert Troy Hunt recounts how he fell victim to a phishing attack that compromised his Mailchimp account. While traveling and fatigued, Hunt received an email prompting him to click a link leading to "mailchimp-sso.com," a fraudulent site. Despite his password manager not auto filling the credentials, a typical red flag, he manually entered his login details and one-time password. This allowed attackers to swiftly access his account and export approximately 16,000 subscriber records, including email addresses and associated metadata. Hunt expresses frustration over his lapse and emphasizes the importance of vigilance, especially regarding subtle phishing tactics that exploit human factors like fatigue. He also highlights concerns about Mailchimp retaining data of unsubscribed users, which contributed to the extent of the breach.
– Brought to you by Troy Hunt
troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

Invisible Hack Attacks:

"You can’t see me" hack attacks exploit a technique called “hidden text salting” to evade email security measures. Attackers add invisible characters into an email’s HTML code to fool spam filters and hide from security tools. This trick is often used in phishing and fake brand emails. According to Cisco Talos researchers, the hackers change how the email looks using HTML and CSS so that people can’t see the harmful parts, but the email still looks normal to security systems. To mitigate these threats, experts recommend enhancing filtering systems and analyzing visual email characteristics to detect suspicious activity.
– Brought to you by Forbes
forbes.com/sites/daveywinder/2025/01/29/this-security-threat-hides-in-plain-sight-the-you-cant-see-me-hack/

FBI Recovers 8 Million Dollars After Scam:

The FBI successfully recovered nearly $8 million of the funds swindled from small-town investors in Kansas after the collapse of the Heartland Tri-State Bank in Elkhart. The bank's CEO, Shan Hanes, became a victim of a "pig-butchering" cryptocurrency scam, in which fraudsters deceived him into wiring more than $47 million from customer accounts into offshore accounts. While the Federal Deposit Insurance Corporation (FDIC) reimbursed insured customers, around 30 local shareholders were left with significant financial losses. Through a detailed investigation, the FBI was able to trace the stolen money to an overseas digital wallet, ultimately returning nearly all the $8 million back to the affected investors. This case underscores the growing risks of cryptocurrency-related scams and the FBI’s commitment to recovering stolen assets for victims.
– Brought to you by the FBI
fbi.gov/news/stories/fbi-recovers-8-million-swindled-from-failed-kansas-banks-small-town-investors

MS-ISAC and CISA Patch Now Alert:

The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Oracle products and Apple products. If you use these products, make sure the software (or firmware) is updated.

Data Breaches in the News:

The Siegel Group, Inc., Laboratory Services Cooperative (LSC), Wolters Kluwer, Bank of America, Endue Software, Hertz, and Landmark Admin. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

‍

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

‍Other ways to report a scam:

• Better Business Bureau Scam Tracker: bbb.org/scamtracker/us/reportscam
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints

• File a complaint with the Federal Trade Commission at reportfraud.ftc.gov
• Get steps to help at www.IdentityTheft.gov
• Report your scam to the FBI at www.ic3.gov/complaint
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General: oig.ssa.gov
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potential Medicare fraud, abuse, or errors at 1 800 856-4398
• Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register