Hello all, Detective Cy here with a story about phishing!
Is it possible that an email from your employee could be a scam? In one district, an “employee” sent an email to his CFO stating that he’d been having issues with receiving his paycheck at an old bank account. To resolve the issue, he asked the CFO to change his direct deposit information to a new account prior to his next paycheck. The CFO, hoping to help his employee, complied.
Several days later, the employee contacted the CFO over the phone to complain about not receiving his paycheck. Confused, the CFO spoke with the employee and realized that the request to change the bank account information had come from an impersonator. A single phishing email had caused him to fraudulently change an employee’s financial information!
Fortunately, the municipality’s insurance assisted them with recovering the stolen funds. However, they still needed to expend time and effort to change the employee’s bank account information. While the situation could have been much worse, it was still extremely frustrating and put a great deal of stress on the municipality.
To prevent something similar from happening to you and your municipality, remember to always verify that every email you receive is from a reliable source. You can also contact the sender directly via phone to confirm any requests. If you receive an email asking to switch any bank or medical information, be sure to verify the charge with the vendor before making a payment. You should also hover over any links in an email to determine if you recognize the website.
- Always verify the sender of emails you receive. If necessary, you can call the sender or use a known email address to ask the user if they sent the original email.
- Always hover your cursor over links in an email to ensure the URL is legitimate and not masking an unknown site.
- Never click links in an email unless you trust and can verify the sender.