Tips, tricks and scams

PayPal Bitcoin Charge: A local Wyoming resident received a fake PayPal email this week, claiming they owed $379.99 in Bitcoin. The email warned that if the charge was a mistake, they had 12 hours to call the provided phone number. It also threatened that if no call was made within that timeframe, the amount would be charged to their account. Although the email appeared convincing, the request for payment in Bitcoin was a major red flag.CyberWyoming Note: Always be cautious of urgent emails requesting payment in unconventional forms, such as Bitcoin, especially from companies like PayPal, which typically don’t use cryptocurrency for transactions. Scammers often create a false sense of urgency to pressure you into acting quickly, and legitimate companies will rarely demand payment in such forms.

UW QR Code Quandary: A resident of Wyoming reported receiving a suspicious email that appeared to impersonate the University of Wyoming. The email invited them to a webinar and included only a QR code for registration, which was problematic since they were using a cell phone and couldn’t scan it. Upon closer inspection, they noticed the email wasn’t sent from an official UW address and lacked a professional signature—though they noted that some legitimate UW emails also lack formal signatures. CyberWyoming Note: Always verify the sender's email address and be cautious of unsolicited invitations with QR codes or links. Never scan an unknown QR code, as it could lead to malicious sites. If you are a business that sends out QR codes, ensure that the link the QR code leads to is also included in the email for transparency. Businesses can also improve email authenticity by adopting a more consistent and professional signature for all communications, making it easier to distinguish real emails from scams.

AARP Steps to Protect Against Identity Fraud: In 2024, 40 million Americans reported losing $47 billion to identity fraud, according to AARP. While this issue is growing, there are steps you can take to protect yourself, even if your data has been exposed. Here are three additional ways to safeguard your information:

• Enable Automatic Updates: Keep devices and software updated to fix security flaws.
• Be Cautious with Unsolicited Messages: Don’t click on suspicious links and verify unknown calls.
• Shred Sensitive Documents: Shred papers with personal info you no longer need.

– Brought to you by AARP Fraud Network

https://www.aarp.org/money/scams-fraud/text-alerts.html 

ChatGPT Bug Puts Organizations at Risk: A security flaw in ChatGPT (CVE-2024-27564) lets attackers redirect users to harmful websites, creating serious risks. Over 10,000 attack attempts have been made in just one week. Discovered by Veriti, the vulnerability mainly targets financial institutions but also affects government and healthcare sectors. The bug, rated medium-risk, allows attackers to inject malicious links into ChatGPT, causing it to make harmful requests. Many organizations are at risk due to poor security settings. Financial organizations are especially vulnerable, as the flaw can lead to data theft and other serious issues. Veriti advises organizations to check security settings and prioritize AI-related vulnerabilities in their risk assessments. – Brought to you by DarkReading

https://www.darkreading.com/cyberattacks-data-breaches/actively-exploited-chatgpt-bug-organizations-risk? 

Oracle Faces Second Cybersecurity Incident: Oracle confirmed a data breach involving its Gen 1 servers, marking the second cybersecurity incident in recent weeks. Discovered in February 2025, the breach exposed 6 million records, including usernames, emails, hashed passwords, and authentication credentials, with no full Personally Identifiable Information exposed. Oracle has secured the affected servers, and the Gen 2 servers and cloud infrastructure were unaffected. This follows a separate breach involving Oracle Health’s Cerner servers, raising concerns over legacy systems. – Brought to you by Cyber Security News

https://cybersecuritynews.com/oracle-acknowledges-data-breach/ 

Cybersecurity Best Practices in Crypto: As the cryptocurrency market evolves, so do the threats posed by hackers and scams. Here are key tips for safeguarding your digital assets:

• Use a Self-Custody Wallet: Transfer crypto off exchanges to a secure wallet you control to reduce hacking risks.
• Back Up Your Wallet: Store encrypted backups of private keys in multiple secure locations to prevent loss.
• Watch for Phishing: Avoid clicking links or opening attachments from unknown sources. Use tools to scan for malware.
• Understand Cyberattack Risks: Be aware of threats like ransomware, DDoS extortion, and crypto hijacking that target crypto users.

Stay vigilant, secure your assets, and practice caution to protect your crypto.

– Brought to you by HackRead  https://hackread.com/cybersecurity-crypto-practices-to-prevent-theft-fraud/ 

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Ivanti Products, Microsoft Products, Fortinet Products, Adobe Products, Ivanti Endpoint Manager, and Google Chrome. If you use these products, make sure the software (or firmware) is updated. 

Data Breaches in the News: Oracle, Twilio's SendGrid, Siegel Group (TSG), Nevro Corp., Europcar GitLab, Numotion, ATLAS CPAs & Advisors PLLC, and Monro, Inc. Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax.

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors.

Other ways to report a scam:

• Better Business Bureau Scam Tracker: www.bbb.org/scamtracker 
• Wyoming Attorney General’s Office, Consumer Protection
  • Email ag.consumer@wyo.gov
  • Complaint form https://attorneygeneral.wyo.gov/law-office-division/consumer-protection-and-antitrust-unit/consumer-complaints 
• File a complaint with the Federal Trade Commission at www.ftc.gov/complaint
• Report your scam to the FBI at www.ic3.gov 
• Get steps to help at www.IdentityTheft.gov 
• Reported unwanted calls to the Federal Trade Commission’s Do Not Call Registration. Online at https://www.donotcall.gov/report.html or call 1-888-382-1222, option 3
• Office of the Inspector General:  https://oig.ssa.gov/scam-awareness/report-the-scam/ 
• If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271.
• AARP Fraud Watch Network (any age welcome) Helpline 877-908-3360
• IRS: report email scams impersonating the IRS to phishing@irs.gov orhttps://www.irs.gov/privacy-disclosure/report-phishing
• Call the Wyoming Senior Medicare Patrol (SMP) for assistance with potentialMedicare fraud, abuse, or errors at 1-800-856-4398

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register.