Phishing Alert: Cybersecurity Tips for State of Minnesota Vendors

This bulletin was sent at 01/11/2019 11:37 AM CST
MMB Standard Banner

Phishing: Recognize it – don’t click the bait! – and report it

Thank you for being a State of Minnesota vendor. We want to alert vendors about phishing emails that scammers, hackers, and others use to gain illegitimate access to information.

Phishing attacks present themselves as regular emails, but on close inspection they are procurement scams with malicious hyperlinks that could threaten financial loss for your firm and/or the state.

Recently, the attackers have looked up specific employees and are impersonating them. The phishing emails look like they are from a real person or agency that you know and trust. However, the fake email address domains contain slight adjustments (such as a misplaced dash or other unusual characters) that may look like these two examples:

The email signature of a phishing attack may also contain the name of a real state employee at a legitimate address; however, the phone numbers are incorrect and may contain malicious hyperlinks as shown below:

Best Regards
Real_name of state employee | Office of State Procurement State of Minnesota
130 State Capitol
75 Rev Dr. Martin Luther King Jr. Blvd.
St. Paul, MN 55155
Tel: 651-433-XXXX | Fax: 651-433-XXXX [the phone numbers will be incorrect and may contain malicious hyperlinks]

Always remember

Be alert for any emails that prompt you to click on a link or open an attachment and note the following:

  • Do not click any hyperlinks from a suspicious email
  • A real State of Minnesota email will have an email address (domain) that includes either “.state.mn.us”  or  “.mn.gov”
  • Confirm questionable emails by contacting the named agency
  • Validate State of Minnesota emails and phone numbers at the white pages

If you believe you have been phished and your computer has been compromised, please do the following:

  • Contact your own IT help desk right away.
  • Forward fraud messages as an attachment to the MN.IT Security Office following these instructions:
    • Highlight the suspicious message in your inbox. Do not forward it without following the next steps.
    • IMPORTANT: Use the key combination (CONTROL)(ALT)(F) to create a new email that automatically attaches the suspicious email. 
    • Address the email to: abuse@state.mn.us.
    • Add the Subject: Attempted Fraud. Type a short message if you wish.
    • Select Send or the key combination (Alt)(S).

Minnesota IT Services (MNIT) and Minnesota Management and Budget (MMB) are partnering to bring you this alert notice.