Skip to Main Content
,
October 16, 2023

Personally VERIFY employee change requests before processing

Graphic with a red pause button, a yellow check mark, and a green play button and the words pause, verify, report at work underneath.

State employees are a big target of fraudsters, who will use attacks to gain access to state system credentials. Cyber criminals will also attempt to divert payroll, and file fraudulent claims so that they can steal benefits. Payroll and HR employees for the Commonwealth should never make changes to employee personal or banking information without having validated that the request was authorized by the employee. Internal controls should be in place to ensure both the requester and the request are legitimate.   

Action steps 

Do not rely solely on electronic submissions like texts, emails or calls to make employee changes. These methods of communication can be cloned and spoofed. 

PAUSE and VERIFY personally with any employee requesting an important change such as bank accounts, addresses or other personal information.  

Use Zoom, Teams or in-person meetings to ensure you are dealing with the actual employee and that the request is legitimate. 

CTR helps with cybersecurity awareness

See Cybersecurity Awareness Training at Work

Tips and internal controls to protect Commonwealth Massachusetts workspaces, networks, and personal information

VISIT THE PAGE

Contact CTR with suspected cyber incidents or fraud

CTR is here to support with internal controls

VISIT PAGE