Be on alert for fraudulent invoices and emails at close of Accounts Payable Period
Fraudsters know that as the end of an accounts payable period approaches, there may be increased pressure due to fiscal year close-out payment activity. Be on alert for attempts to submit fraudulent invoices, emails, and vendor file changes designed to redirect payments or infect remote equipment. Fraudsters focus on creating a sense of urgency. Some vendors may have multiple invoices that have not been submitted increasing the risk of overpayments. Some end of fiscal year tips for all staff:
Continue to follow normal validation process for all invoices to ensure that the invoice has not already been paid, and that the vendor and invoice is legitimate.
Be cautious of email invoice submissions since invoice emails are the primary means hackers use to trick staff into clicking on malicious links or opening infected attachments.
If you think you have opened a fraudulent email or document, notify your IT team immediately to ensure that your equipment has not been infected, since any infection may travel into your agency network. Infections do not always impact your equipment immediately, but are designed to spread ransomware and other malicious software undetected.
Do not rely on electronic submissions and phone calls requesting payment, and take the necessary steps to validate the invoice and vendor from on-file information.
In addition to your normal incident response protocols, please contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks or if you need assistance with internal controls.