Fraudsters Posing as IT Staff
We’re seeing a new scam where multiple seemingly non-malicious emails come in without links or attachments. Staff who receive these emails are then contacted directly on Teams by someone posing as IT staff or IT help desk personnel. Notably, the sender looked like it was coming from an address with the text “EXT” or “External”. This should be an immediate red flag that it’s not a legitimate Commonwealth of Massachusetts address.
The fraudster claims that the recipient’s computer is compromised and asks for remote access to make the repair. Staff members then grant access, which allows the fraudster access to sensitive data. In one recent example, an employee was speaking with a fraudster and actually ignored an incoming call from legitimate IT support, because they thought they were already receiving assistance.
This is an example of a social engineering scam, which could target employees of large organizations who may not recognize IT staff or understand proper procedures for contacting IT.
Action Steps:
- Publicize the official Teams accounts or email addresses IT uses to communicate.
- Teach new employees your procedures for reporting suspicious emails or messages to IT.
- Train employees to treat as suspicious any unfamiliar email addresses marked “EXT” or “External”.
- Train and remind staff to Pause Verify Report: Encourage them to verify they’re talking to real IT personnel before taking action.
Bookmark our new CTR Compliance Corner as your one-stop shop for alerts and success factors that you can integrate into your daily operations to keep you safe.
See our Internal Controls page for more information on internal controls and contact [email protected] if you need support from our Statewide Risk Management Team.