Personally VERIFY vendor invoices and change requests before processing
Sending fraudulent invoices sent by email or text message to state employees continues to be one of the top tactics to try to infect state government systems with malware, or to redirect state payments. Incidents often happens during busy periods, when fraudsters target staff who are rushed and may open links or process fake invoices or bank account changes without checking first. Vendor and bill payment fiscal policies require internal controls and personal validation that the request and requester are legitimate.
Action Steps
Do not rely solely on electronic submissions like texts, emails or calls to make vendor changes since these can be cloned and spoofed.
Employees in state government payroll or payments roles should PAUSE whenever they receive a request to pay an invoice or make a change to important information on file like a bank account, address, or other personal information.
Use teleconferencing tools like Zoom or Teams, or an in-person meeting to VERIFY with the requestor that the request to make a change or a payment is legitimate.