Vendor imposter scam targeting municipalities, vendors
Several municipalities have received emails from an imposter claiming to be the “Department of Procurement for the State of Massachusetts.” Following the initial email, the impacted municipalities received subsequent emails with increasing urgency. The imposter attached the Commonwealth’s Electronic Funds Transfer (EFT) form, attempting to solicit banking information.
Be aware of these fraudulent emails. Your vendors, grantees and other payees may receive similar fraudulent emails from scammers who are pretending to be the Commonwealth in order to misdirect payments.
ACTION STEPS:
- Notify your vendor, grantees and payees of the process that they can use to validate if a request is legitimate.
- Ensure that staff follow rigorous validation internal controls, including “Pause Verify Report” to personally (not solely through email) verify any financial request with a previously identified authorized signatory to ensure the request is not from an imposter.
See our CTR Cyber page for more cybersecurity internal controls and our contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.