January 17, 2025

Alert: Two Scams Targeting City Officials

KLC is alerting city officials about two current scams threatening your city's security and resources.


small_1737140344543 1. Phishing Scam Targeting Emergency Responder Organizations

The Kentucky Office of Homeland Security has warned about phishing emails from cybercriminals posing as Kentucky emergency responder organizations.


Scam Characteristics:

  • Legitimate-looking email addresses (not obvious spoofs)
  • Brief, simple messages prompting you to "click" or "review" a link or attachment
  • References to DocuSign or Google Drive
  • Includes a link or attachment - Do not click anything.

What to Do:

  • Do not click links or attachments.
  • Notify your IT staff immediately.
  • Your IT staff should use the FBI Internet Crimes Complaint Center (IC3) 's online form to report incidents.
  • If you're unsure whether the email is legitimate:
    • Notify IT staff before clicking anything.
    • Verify the sender by calling them at a trusted number you already have on file (not from the email). Confirm the email's details and intent.


Small_1737140505279 2. Payroll Scam Targeting Employees

Scammers are impersonating legitimate email addresses to request payroll or account changes, aiming to redirect employee paychecks to fraudulent accounts.


Scam Characteristics:

  • Emails often look urgent and convincing.
  • Fraudsters mimic legitimate email addresses, adding subtle changes (e.g., extra characters or different domains).
  • Requests target payroll updates or direct deposit changes.

What to Do:

  • Always verify requests by contacting the sender directly through a trusted method (phone call or in-person confirmation).
  • Train employees to recognize subtle email address variations and question unusual requests.
  • Report suspicious emails to your IT staff and local law enforcement.