Yuma, Arizona - The Yuma Police Department and City of Yuma have received several e-mails from members of the public reporting a possible phishing scam. They have received an e-mail referencing an invoice and payment due to the City of Yuma, for records they allegedly requested/received. These e-mails have been received thus far in the areas of Phoenix and Indio, California, that we are aware of. These e-mails were not sent by the City of Yuma.
Based on checks conducted by City of Yuma Information Technology Services, City of Yuma e-mail services have not been compromised. There are no malicious/spam/phishing e-mails being sent from the City of Yuma e-mail servers to the individuals who have received, or are receiving these e-mails. Rather, their accounts are being “phished” using a City of Yuma e-mail address to feign legitimacy.
What appears to have occurred is the suspects trying to defraud people of their money may have gained access to the victims contact list through some sort of compromise. Once they gain access to their contact list or previously e-mailed contacts, they use this to make the phishing attempt appear more legitimate.
When someone begins receiving an e-mail notice such as this, it is highly recommended to change the password used for that e-mail account immediately. If that password is re-used for other accounts (such as a banking account, other e-mail accounts, or social media), they also need to be changed as soon as possible. As a best practice, never open e-mail attachments, or click on links in e-mails from unknown entities that you are not expecting.
The vast majority of these phishing scams originate outside the United States in countries where criminal investigation, extradition, and prosecution is very problematic and, at times, non-existent.
The City of Yuma Police Department greatly appreciates the prompt reporting of these types of incidents.