Skip to Main Content
February 22, 2023

Fraudulent Invoices Are a Top Phishing Tactic

The text "Cybersecurity Tip of the Week"

Fraudulent invoices sent by email or text message continue to be one of the top phishing tactics. Government agencies are popular targets of invoice fraud since invoices increase during the latter half of the fiscal year.

Action Steps

Remind fiscal and accounts payable staff to PVR: Pause, Verify Report. It’s important to pause and verify any link or attachment BEFORE opening an invoice attachment. PVR requires staff to validate that the sender is legitimate using contact information already on file rather than what was submitted in the invoice.

The Pause Verify Report logo

PVR is designed to prevent most breaches by verifying the legitimacy of a submission before opening any malicious attachment. It only takes one click to take down a network. The PVR verification is the initial step before staff can begin the secondary review and verification of the invoice content.

See our CTR Cyber page for more cybersecurity internal controls and contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.