Surge in fake emails impersonating Commonwealth employees
The Executive Office of Technology Services and Security (EOTSS) is warning all Commonwealth employees to be aware of a recent surge in fake emails impersonating Commonwealth leadership. The senders are using free email services such as GMail to create fake email accounts designed to impersonate Commonwealth leadership, and are using social engineering tactics to elicit a sense of urgency. Text messaging is being used in a variation of this phishing scam and is a growing cyber threat. EOTSS is working to block incoming malicious messages on MassMail. For non-Executive Branch departments not on MassMail, IT staff should be taking the appropriate steps to monitor and block these types of messages. If you receive an email or a text message requesting you to purchase a gift card, pay by gift card, or to wire money - for any reason - that’s a sure sign of a scam. Any correspondence, whether email or SMS message, directing you to make an immediate response should be treated with skepticism. Be alert for the key warning signs:
False sense of urgency
External email address as either the sender or the reply to address
Misspellings and typos
Suspicious attachments and links.
Learn more about the Red Flags of Social Engineering.
Staff must validate the legitimacy of emails by contacting the agency or vendor through a phone or video call using numbers already on file. If there is any doubt, users should NOT open these emails and immediately contact their departments' IT staff. For Executive Branch Departments on MassMail, suspicious messages or phishing emails can be reported to the EOTSS End-User Service Desk at (844) 435-7629 or your department’s IT support. Non-Executive Branch departments should follow their normal incident response process.
If your staff gets one of these suspicious emails, in addition to your incident response notification protocols, please contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks. This will ensure that CTR can act to protect enterprise systems or assist with mitigation strategies and continued operations. Visit the CTR Cyber Center for additional resources and links for Cybersecurity Tips and Alerts.