The Impostor Trick!
A recent trend among cyber criminals is to pose as employees and request an urgent change in a payroll direct deposit account. The impostor provides all the right information and the email or phone call seems legitimate. What should staff do?
Don’t click on links or attachments unless the request and email address have been validated.
Be aware that employees on Self-Service Time and Attendance can perform their own changes through the multi-factor authentication process.
If you don’t personally know the employee making the request, work with HR to validate the identification credentials for that individual with information already on file.
In addition to your normal incident response protocols, please contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks or if you need assistance with internal controls.