KLC is alerting city officials about two current scams threatening your city's security and resources.
1. Phishing Scam Targeting Emergency Responder Organizations
The Kentucky Office of Homeland Security has warned about phishing emails from cybercriminals posing as Kentucky emergency responder organizations.
Scam Characteristics:
- Legitimate-looking email addresses (not obvious spoofs)
- Brief, simple messages prompting you to "click" or "review" a link or attachment
- References to DocuSign or Google Drive
- Includes a link or attachment - Do not click anything.
What to Do:
- Do not click links or attachments.
- Notify your IT staff immediately.
- Your IT staff should use the FBI Internet Crimes Complaint Center (IC3) 's online form to report incidents.
- If you're unsure whether the email is legitimate:
- Notify IT staff before clicking anything.
- Verify the sender by calling them at a trusted number you already have on file (not from the email). Confirm the email's details and intent.
2. Payroll Scam Targeting Employees
Scammers are impersonating legitimate email addresses to request payroll or account changes, aiming to redirect employee paychecks to fraudulent accounts.
Scam Characteristics:
- Emails often look urgent and convincing.
- Fraudsters mimic legitimate email addresses, adding subtle changes (e.g., extra characters or different domains).
- Requests target payroll updates or direct deposit changes.
What to Do:
- Always verify requests by contacting the sender directly through a trusted method (phone call or in-person confirmation).
- Train employees to recognize subtle email address variations and question unusual requests.
- Report suspicious emails to your IT staff and local law enforcement.