Scam Alert Targeting Public Entities
March 4, 2019
The Auditor of State's Office has received information that over the last few weeks many Ohio school districts have been the victim of an email scam. The scenario involves a cyber-criminal impersonating the superintendent or a principal of a school district, sending an email to the payroll department employee requesting a change be made to the bank account linked to the superintendent's or principal's direct deposit. The payroll deposit then is directed to the criminal, and the scam isn't identified until the employee who was impersonated realizes they did not get paid. This same scenario is now being copied and tried with municipal governments.
Fraudulent emails from trustees, council members or other municipality leaders are being sent to payroll administrators requesting changes to personal bank account direct deposit information.
We encourage all municipalities to educate your staff on this recent cybersecurity scam, review procedures currently in place for making changes to an employee's payroll bank account and consider verification steps outside of the email system before making changes to an employee's payroll bank account.
The originator of any email can be verified by moving the cursor over the senders' name in the email and examining the return email address. If the email address does not look familiar, do not respond to the email or open any attachment contained.
Should your entity require additional support or assistance with this or any other cyber-related incident, contact Ohio Plan at 866-825-2467.