StateScoop reports that New York City has limited access to its payroll system for more than a week now following the discovery of an SMS phishing, or smishing, campaign, which sought to facilitate personal data theft.
Attacks involved the targeting of New York City Automated Personnel System, Employee Self Service users with fake text messages with multi-factor authentication activation lures aimed at exfiltrating individuals' NYCAPS ESS credentials and driver's licenses, according to the state Office of Technology and Innovation.
Such phishing messages contained a link that redirected to a Lithuania-based phishing scam domain, noted New York City Panel for Education Policy member and technology consultant Naveed Hasan.
"NYC Cyber Command was made aware of a smishing campaign targeting NYCAPS users. City employees have been advised to remain vigilant and confirm the legitimacy of any NYCAPS and payroll-related communications and activity," said the Office of Technology and Innovation.
