Government employees are increasingly targeted for opportunistic malicious email campaigns. Specifically, targeting changes to employee direct deposit accounts for payroll.

Government employees are increasingly targeted for opportunistic malicious email campaigns.  Specifically, targeting changes to employee direct deposit accounts for payroll.  In order to help ensure that the State of Arizona does not fall victim to these fraudulent activities, the General Accounting Office, in conjunction with the ADOA ASET Enterprise Security team, has prepared the following procedures that must be followed to make a change to an employee’s direct deposit:

  1. Changes must only be made once a completed, signed GAO-65 form with supporting documentation is received.
    a. EIN must be entered on the form.
    b. Supporting documentation must be attached (e.g., void check or letter with signature on bank letterhead).
  2. Call the employee requesting the change using a phone number in the HRIS system, or other Agency maintained call list, to confirm that the employee has, indeed, made the request for the change.
    a. Ask for identifying information such as EIN or mailing address to confirm you are speaking directly with the employee.
    b. Alternatively, receiving the change request form in person from the employee, with identity confirmation, is another method of confirming the employee’s change authorization.
    c. After employee identity has been verified and the direct deposit change has been made, send an email and/or postal mail notification of the change, to the employee.


Security awareness is critical to ensuring employee and other confidential data is protected.  Some additional security procedures to follow include:

  1. DO:
    a. Take annual security awareness training.
    b. Be aware of phishing email red flags and be extra cautious when opening attachments or clicking on links. Report all suspected phishing emails to your organization’s IT service desk or Information Security department.
    c. Verify employee identity of ALL requests, including those received through postal mail.
  2. DO NOT:
    a. Make changes prompted only by an email request.  Phishing scams often include a sense of urgency and have recently targeted organizational leadership and executives.
    b. Forward suspected phishing emails to friends or co-workers.

 

If you have any questions or concerns, please contact [email protected]

Author
Tracey Cappuccio
Date