JUNE 2026
The Pulse Newsletter
 
 
Article 1 Image

Be Smart About “Fun in the Sun”

  
 

Article 2 Image

Looking Back to Ensure You Move Forward

  
 
Article 3 Image

Watch Your BEC!

  

Article 4 Image

Fall into Training Now

Watch Your BEC!

Business email compromise (BEC) scams are a growing concern for PDRMA members and other local government agencies across the country. Cybercriminals frequently target public entities using sophisticated phishing emails that include an attachment or link allowing the cybercriminal to take over the email account when you open the attachment or click the link.

Once they access the account, they change the account credentials and email rules, so they can’t be traced. They then use the account to access more systems and/or account credentials and send phishing emails with their linked software to that account holder’s contact list. According to the FBI, business email compromise is now one of the most financially damaging online crimes, costing organizations billions of dollars annually.

“Member agencies are particularly vulnerable, because staff routinely processes vendor payments, manages payroll and communicates with contractors and community partners via email,” explains Erika Koty, PDRMA Claims Supervisor.
 
“Cybercriminals become more sophisticated every year,” adds Koty. “Even experienced employees can fall victim to emails that appear legitimate. It’s critical to ensure your employees are aware of BEC scams and know the best ways to ensure the legitimacy of emails.”

PDRMA previously partnered with Arctic Wolf for cyber-related claims and risk management support. Arctic Wolf notes BEC attacks succeed, because they exploit trust and human behavior rather than just technical vulnerabilities. Their research shows organizations increasingly face targeted attacks designed to bypass traditional security defenses.

We recommend the following best practices to reduce BEC risk:

  • Implement multifactor authentication.
  • Verify wire transfers or payment changes through a secondary communication method.
  • Train employees to recognize phishing attempts and carefully review sender email addresses before responding.
  • Be suspicious of unexpected/unusual emails containing links or attachments even from trusted sources.

The FBI also advises against responding to urgent financial requests without independent confirmation.

“Strong internal controls and employee training remain your best defense,” Koty says. “A quick phone call to verify a request can prevent a costly loss.”

PDRMA Resources

CyberSecurity Series – Online Learning Center.