Notice of Cybersecurity Threat
The Anne Arundel County Office of Information Technology has identified a sophisticated and active phishing campaign aimed at contractors and developers working with the County. It is important to note that Anne Arundel County would never send an invoice from an employee’s email account.
Cyber criminals are utilizing artificial intelligence (AI) to rapidly generate fraudulent messages that closely resemble official County communications. Because these malicious emails originate from external domains, Anne Arundel County cannot track or monitor them. These attacks are designed to steal your login credentials, infect systems with malware, or solicit payments for fake invoices.
Action Required
We urge all partners to exercise heightened vigilance. Please apply your organization’s standard security awareness training protocols to evaluate the legitimacy of any communication purporting to be from Anne Arundel County.
Key Indicators of Phishing:
- Urgent or unusual requests regarding contract details, credentials, or invoice payments.
- Slightly altered or mismatched email domains (always verify the sender's address matches official @aacounty.org formats).
- Unexpected links or attachments.
How to Verify Authentic Communications
If you receive a suspicious message, do not click any links, open attachments, or reply. Before taking any action on a dubious communication, please verify its authenticity by using these confirmed County channels to verify its authenticity:
- By Phone: Call your primary County contact directly, or contact the main County phone line.
- By Email: If you received a suspicious email purporting to be from Anne Arundel County, Maryland, please notify us at itsecurity@aacounty.org.
Distributed by the Anne Arundel County Office of Information Technology.