Alert – New Scam –Fraudsters Posing as IT Staff
A new scam has appeared locally where staff receive multiple seemingly non-malicious emails lacking links or attachments. Staff are then contacted directly on Teams by someone posing as IT staff or IT Helpdesk personnel. Notably, the fraudulent email includes the text “EXT” or “External” in which should be an immediate red flag.
The fraudster contacts staff, claiming their laptop or computer is compromised and urgently needs remote access for repair. Pressured by the urgency, the staff member grants access, inadvertently allowing the fraudster to control the device and access sensitive data. In a recent incident, a staff member, while on a Teams call with the fraudster, ignored an incoming call from legitimate IT support, mistakenly believing they were already receiving assistance.
Social engineering scams exploit staff in large organizations who may not recognize IT staff or understand proper contact protocols. The following actions steps should be added to your incident response preparation and cybersecurity awareness internal controls to educate and support staff and prevent unauthorized access to Commonwealth systems:
Action Steps:
- Include in onboarding and cybersecurity trainings the official Teams/email addresses IT uses for communication. Explain how staff can report suspicious activity or verify Teams calls, noting that messages marked “EXT” or “External” should be treated as suspicious.
- Establish a process for staff to save this information locally for easy access—such as on their desktop, email, or phone contacts—with clear instructions included in the notes.
- Train and remind staff to Pause, Verify and Report by encouraging them to confirm they are communicating with genuine IT personnel before taking action, and reinforce your department’s identity verification and reporting procedures.
Simple action steps like these can help prevent incidents and support continued due diligence to protect your department systems and data.
Bookmark our new CTR Compliance Corner as your one-stop shop for alerts and success factors that you can integrate into your daily operations to keep you safe.
See our Internal Controls page for more information on internal controls and contact [email protected] if you need support from our Statewide Risk Management Team.