Madison County, MS spends $2.7M to train comptroller about phishing, IT security
kingfish1935.blogspot.comThis... Has to be someone familiar with this process/situation I would think. Unless the county posts all of the information required to pull off such a scam online (to be transparent or something).
Still, how would they know when payment was due, amounts, that it hasn't already been paid, etc. I think someone is going to get caught.
State and local government contracts are very often subject to sunshine laws and if they aren't publicly posted available via public records request, as are many internal documents of on-paper internal procedures as well as many documents from which in-reality procedures, to the extent they differ, can be inferred.
Please don't editorialise. The training bit is just a humorous jab best left as a comment.
There a should be an allowlist of bank accounts a public official is can to send money to.
They will lead with a spoofed email from utilities commissioner to comptroller: “We’re bringing Acme Co. on as contractor for the sewers project, their W9 and banking details are attached.”
Business email compromise scammers have improved and are no longer just spamming with obvious gift-card schemes in broken English.