Tuesday, December 16, 2025
PSAScams

Recent Email and Business-Filing Scams Target Wyoming Organizations

Justin Erickson

by Justin Erickson

Two separate but highly convincing scams have recently been reported by Cyber Wyoming (through their emailing list): an email account takeover and a fake business-filing notice impersonating the Wyoming Secretary of State. In the first case, a Wyoming employee received an email from a known vendor, with the sender address appearing legitimate. After replying, he received a response stating that the employee he contacted “doesn’t work here anymore.” Shortly afterward, other contacts began asking if his email had been hacked, as it was sending out fraudulent RFP messages — and both the suspicious reply and the RFP emails disappeared from his mailbox. This occurred even though his account had a strong password and multi-factor authentication enabled. Investigators suspect the vendor’s mailbox was compromised and that the reply “doesn’t work here” may have captured a temporary Google access token, allowing attackers to log in for a period of time on the user’s account. There may also have been a short delay (session persistence) before the victim’s password change fully invalidated the hacker’s session. So, what do you do if this happens to you?

  1. Change your password, and enable MFA
  2. Sign out of ALL browser sessions/email clients
  3. Check your email filters and forwarding addresses, delete any you don’t recognize
  4. Check recent security activity
  5. Double check that POP email has not been turned on in your settings

In the second incident, a Wyoming business received an email claiming to be from the Wyoming Secretary of State, warning that its Annual Report was past due and threatening administrative dissolution. The message included accurate business details (name, address, filing dates) and a Cheyenne address to reply to. However, the “Wyoming Business Filings” sender address was not from a wyo.gov domain and did not match the official Secretary of State’s email outline. The details in the scam email were pulled from public business filings. What to do if you suspect the email is fake:

  1. Call the Wyoming Secretary of State’s office. They’re well aware of scams like this (they have a PDF showing how to identify an impersonator – linked below).
  2. Search and review your business filings on https://wyobiz.wyo.gov/Business/FilingSearch.aspx
Third-Party references:

Click the links below to learn more details. (Opens in a new tab/window.)

Cyber Wyoming
Wyoming Business Filing Search

Notice_Beware_of_Scams_Targeting_Wyoming_BusinessesDownload