There has been a recent increase in scams targeting finance, payroll and human resources departments of local governments. The scam involves emails that look like they are coming from the City Manager or equivalent to staff requesting either a wire transfer or employee W-2 information.
At Maze Live, our recent client day of training, I asked our clients if they had seen such emails and almost everyone raised their hand. In addition, I received an email the following day from a client stating they had received one of those emails while they were at the training.
Unfortunately, a number of clients have fallen for the scam by disclosing employee information or attempting a wire transfer. Given the number of organizations that have been victims, I felt it necessary to send out this alert.
What can you do?
- Train employees regularly on scams and how to spot suspicious requests
- Ensure dual authorization for all wire transfers
- Setup email rules that flag all emails coming from outside your organization
- Setup email rules to prevent social security numbers from being emailed outside your organization
More information can be found on my blog, including:
- Most Popular Cyber Scams http://www.learnsecurity.org/single-post/2018/08/02/Most-Popular-Cyber-Scams
- Email Flow Rules Help Prevent Scams http://www.learnsecurity.org/single-post/2018/08/07/Email-Flow-Rules-Help-Prevent-Scams
You can also check out my recorded session at Maze Live:
- Cybersecurity for Local Governments 2018 at https://youtu.be/Wfa9HCZhlhk
Finally, here is an FBI Alert on these types of scams:
- Business E-Mail Compromise https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise
If you have any questions feel free to contact us.