Data Security, Critical Infrastructure Security, Phishing

Smishing attack prompts restricted New York payroll website access

Many dollar banks note on money background

StateScoop reports that New York City has limited access to its payroll system for more than a week now following the discovery of an SMS phishing, or smishing, campaign, which sought to facilitate personal data theft.

Attacks involved the targeting of New York City Automated Personnel System, Employee Self Service users with fake text messages with multi-factor authentication activation lures aimed at exfiltrating individuals' NYCAPS ESS credentials and driver's licenses, according to the state Office of Technology and Innovation.

Such phishing messages contained a link that redirected to a Lithuania-based phishing scam domain, noted New York City Panel for Education Policy member and technology consultant Naveed Hasan.

"NYC Cyber Command was made aware of a smishing campaign targeting NYCAPS users. City employees have been advised to remain vigilant and confirm the legitimacy of any NYCAPS and payroll-related communications and activity," said the Office of Technology and Innovation.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.