REPORT suspicious invoices, emails, or change request that you can’t VERIFY
One of the most important steps state employees can take to protect against fraud against Commonwealth of Massachusetts property is to REPORT suspicious emails, links, or any types of change requests that they are unable to VERIFY are legitimate.
Action Steps
PAUSE whenever a suspicious request, or just anything that looks odd, comes into Commonwealth of Massachusetts email or text.
REPORT those emails and texts to department IT security staff, and request that they scan any suspicious email, link, or attachment before it is opened. If the Phish Alert Report button is available, one click sends that right to IT staff and removes it from the Inbox.
State employees should consult supervisors or managers if they are unable to personally VERIFY any important requested changes, such as large dollar invoices, employee or vendor bank accounts, addresses, or other personal information.