Watch out for scam targeting financial management staff
The State has discovered a phishing campaign targeting its financial management employees, so we should be alert for something similar. The scam involves an “urgent” message to State financial management staff using the name of a financial management executive in their agency from an email address that looks legitimate. If the employee engages in a conversation with the scammer, a second email is sent requesting an urgent payment be made to a specific bank routing number.
Here’s an example of the phishing email:
Are you busy? I am currently tied up in a meeting and we need to carry out an urgent payment. Let me know if you can handle it, so I can send the details.
Financial Management Executive
Sent from my iPhone
Similar to the City, State process doesn’t allow for such a transaction to be made. However, the key in this scam is the degree to which the scammer has gone to research specific staff based on their agency role and the financial management authority from their agency.
Since it’s Cyber Security Awareness Month, we are reminded that security awareness among all staff is important and it works. Employees are the first layer of defense against these scams.
Please be vigilant and aware that phishing attacks are on the rise. Financial management staff are the target of the most recent campaign, but we are all potential targets. If you receive a suspicious email at work, please send that email as an attachment to firstname.lastname@example.org or call the IT ServiceDesk at 612-673-2525.
Questions or comments?
Do you have a security-related question or suggestion or want to comment on this article? Contact the IT security officer.
Published Oct 19, 2016