The Auditor of State's Office has observed an increase in Ohio governments falling victim to Payment "Re-Direct" Schemes and business email compromise (BEC) schemes. This is a type of spear phishing attack that has the objective of "re-directing" money to a bad actor, a cybercriminal pretending to be a vendor or employee of the government and then re-directing funds into fraudulent accounts. Last year the Auditor of State published the attached Bulletin detailing the risk and offering excellent guidance on preventing payment re-direct and business email compromise. This bulletin and the Payment Redirect Checklist (also attached) are valuable tools in combating these issues. James Hale, ARM-P, ARM-E Risk Control Consultant County Risk Sharing Authority 209 East State Street Columbus, OH 43215 614.246.1630 FAX 614.220.0209 " The leader in providing Ohio Counties with exceptional value, service, and protection of assets."