09/24/2025

Security Alert - Email Scam Targeting Ohio Lobbyists

 

A sophisticated email scam is currently targeting lobbyists and lobbying firms in Ohio. An OLA member's email account was recently hacked, and we've learned that several other lobbying firms have experienced similar attacks. According to IT security consultants, these hackers are specifically targeting lobbyists.

How the Scam Works:

Hackers access a lobbyist's email account and send fraudulent messages to their contacts, especially those they've recently communicated with via email. The fake emails appear to come from the legitimate address and claim that the sender has "updated their business banking information."

The emails feature an official-looking letter, supposedly from a bank employee, confirming new account details. Recipients are instructed to update ACH payment information and send future payments to the fraudulent account controlled by the hackers.

What You Should Do:

1. Be vigilant - If you receive any email about updated banking or payment information, verify it through a separate communication channel (phone call, text, etc.) before taking any action.
2. Alert your clients and contacts - Make sure those who send you payments know to verify any banking changes directly with you.
3. Review your IT security - Consult with your IT support about strengthening email security and implementing additional protective measures.
4. Establish verification protocols - Create procedures within your organization to verify any banking or payment changes through multiple channels.
5. Monitor your accounts - Watch for any suspicious activity or unauthorized access attempts.

While not all businesses may be able to prevent these attacks entirely, awareness is your first line of defense. Please share this information with your staff and encourage them to be cautious.

If you experience a similar incident or have questions, please don't hesitate to contact the OLA.