Local governments continue to be targeted by cyberattacks and cyber scammers using a wide variety of social engineering tactics that require heightened diligence by public officials and staff to avoid falling victim to these scams.
Recently an Ohio County, mistakenly sent a scammer $625,000 while paying what appeared to be a legitimate invoice from a paving company with which the county had an open contract.
Scammers are sending invoices that come with a proper looking name in the title, but the contact information is bogus. The email address and/or web address may mimic addresses your government has been sending correspondence before, but they have slight differences in spelling or characters, so they are not the same addresses where you have sent money before.
Finance Directors and staff deal with hundreds of invoices daily or monthly depending on the size of the entity, so these small details can be very difficult to distinguish. Extra precautions need to be taken and a comprehensive review of each invoice is recommended, preferably by more than one person, so another set of eyes sees the invoice prior to the transfer of funds. This can help prevent your entity from being the next victim of a cyber attack.