Cyber criminals targeting state vendors
The Operational Services Division (OSD) is warning of an email phishing campaign that requests vendors on statewide contract to complete a direct deposit form, in order to trick them into revealing bank account information. The email appears to come from a legitimate mass.gov email address but is fraudulent.
OSD does not use direct deposit for payments and does not send generic emails to Statewide Contract vendors requesting payment information. All contract documents are provided directly to vendors at the time of contract award. Any changes after that time are made directly with the OSD contract manager.
To safeguard against fraud, set up a process with your vendors to validate any request for information or changes directly with the contract manager.
See our CTR Cyber page for cybersecurity internal controls including our guidance from the Cybersecurity and Infrastructure Security Agency on ransomware preparedness. Please contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.