March 27, 2017
|
Albany, NY

Misleading Emails, CL-836

Vendor Emails from Unknown Sender

A number of businesses have reported receiving emails coming from an apparently fraudulent email address: “[email protected]

The email claims to be on behalf of “New York State Procurement” and from Adobe Acrobat Online. The correspondence includes a graphic panel (see below) stating that it contains a PDF document claiming to contain “NYS Contract Regulations” that are accessible after opening the box with Adobe Acrobat. By clicking on the embedded link, a new box appears asking the reader to enter their email address and a password.

This email is NOT from the NYS Office of General Services or NYS OGS Procurement Services (formerly NYS Procurement). It is using the OGS email address to lend credibility to the email with a goal of obtaining your credentials and other sensitive information.

If you should happen to receive this email, DO NOT CLICK on the attachment/link!

If you have already done so, do not provide any additional information. If you have filled in any information you should contact your IT Support Group to have your workstation investigated for signs of compromise.

This incident is being investigated by the NYS Office of Information Technology Services Cyber Command Center, NYS Enterprise Information Security Office.

Example screenshot of misleading email

Download the Announcement