Security reminders regarding requests for direct deposit information and changes
January 4, 2019
All agency staff are reminded to be vigilant in reviewing any request for information regarding direct deposit changes and in completing the agency confirmation of any direct deposit changes requested to ensure the change is valid and has been submitted by the account owner.
Fraudulent e-mails have been reported seeking to obtain information on changing direct deposit to a different bank account. In one case, the email was ‘spoofed’ to use the name of an actual state employee as the Sender and the Signature on the e-mail - however, the e-mail address from which the e-mail was sent was an external address that did not belong to the employee and included another person’s name. In another case, the sender, signature, and actual e-mail address all represented different names – none of which were state employees.
Please be vigilant in reviewing e-mail communications and complete a secondary/external validation for any request you receive seeking to obtain information on changing direct deposit (i.e. contact the actual requestor directly using the SOK phone directory, etc. to confirm the request came from that person.) DO NOT REPLY to any email that appears to be suspicious and if determined to be fraudulent complete the following steps:
- Write down the information (i.e. e-mail address from which it was sent)
- Block the sender from sending future e-mails if you have the capability (In Outlook, right click on the e-mail in your Inbox, then go to Junk and select Block Sender)
- DELETE the email
- Notify your agency IT support staff of the fraudulent e-mail and address from which it was sent
Thank you for your assistance and vigilance in this matter!