Fraud and Consumer Alerts

December 7, 2022: Texas Comptroller of Public Accounts Information Update Phishing Email

We have received reports from several participants in our HUB/CMBL programs that they have received a phishing email that appears to have been sent by our agency requesting the recipient to click on a link to “verify or update” their information. The link goes to a malicious website designed to steal email username, password, personal and/or financial information. The email (view here) came from an Outlook domain address that is not associated with the Texas Comptroller’s office. This email did not originate from our office.

November 21, 2022: Document from Agency Contractor

Some Texas taxpayers have reported receiving the fraudulent email below. The email falsely represents that this is official correspondence from a “contractor” working for the Texas Comptroller of Public Accounts.

This email did not originate from our office and is not legitimate correspondence from the Texas Comptroller of Public Accounts.

This malicious email is designed to lure you into clicking on the provided link to spread malware, steal login credentials or trick you into sharing your personal and financial information.

An example of the malicious email appears below. If you receive such an email, please report it to our office and do not click on any link.

From: Contractor, Texas Comptroller <user@transferbigfiles.com>
Date: Fri, Nov 11, 2022 at 10:41 AM
Subject: You have file document from Texas Comptroller Contractor
To:XXXXXXXXXXXXXXXXXXXXXXXXX

---

You have file document from- Texas
Comptroller Contractor

Good Day,
Kindly check this attachment and click on the download page sent with OneDrive but you can log in with your email to view the attachment only on a computer. This is a new way to send large files.

Thank you,
Texas Comptroller Contractor

Go to Download Page »
https://www.transferbigfiles.com/fc113ee2-7d53-4d37-8f1d-0c8cd58bf12f/0wltY5ve78kyToHnEOwFnA2

(link expires 12/11/2022 8:00:00 AM)

Texas Comptroller Contractor

Texas Comptroller Contractor
Dropbox

DropBox.html

January 6, 2021: Central Master Bidders List (CMBL) recertification

Companies participating in the Central Master Bidders List (CMBL) reported a phishing email, purporting to come from the Texas Comptroller, that originated from an email domain that is not associated with our agency. This email falsely claimed the recipient needed to recertify to continue participation in the CMBL program and requested personal and financial information. The email also contained an attachment that, if opened, directed the email recipient to provide certain information to the perpetrator’s website. We believe the link is malicious and designed to spread malware or steal the login credentials and specific personal and

September 30, 2020: HUB License Revoked

Companies participating in the Historically Underutilized Business (HUB) Program have reported a phishing email purporting to come from the Texas Comptroller, from an email domain that is not associated with our agency. This email falsely claimed the recipient's HUB license had been revoked and contained two attachments that, if opened, directed the email recipient to a malicious website. This malicious website steals the recipient's login credentials if they enter their username and password, which they were told they had to provide in order to obtain additional information concerning the revocation. However, there is no information because the email is bogus and any login details would be sent directly to the bad actors. This email did not originate from our office and our agency will never ask you for your login credentials to provide more information.

June 24, 2020: Download FAX

A taxpayer received a phishing email purporting to come from the Texas Comptroller from an email domain that is not associated with our agency. This email claimed to contain a fax and instructed the recipient to click on a link to “View or Download Fax”. This email did not originate from our office and does not contain a fax. We believe the link is malicious and designed to spread malware or steal login credentials, personal and financial information from the recipient.

May 5, 2020: HUB Program certification

A number of Historically Underutilized Business (HUB) owners have reported receiving a phishing email from a sbs.tx.gov email domain that is not affiliated with our agency. The email purports to contain a message related to HUB Program certification, includes a malicious link and asks the recipient to provide their email login information to access a bogus message. One of the links in the email appears to spread malware while the other is designed to steal login credentials, personal and/or financial information. This email did not originate from our office.

April 14, 2020: RFQ

A vendor received a phishing email purporting to come from the Texas Comptroller of Public Accounts with the subject “The State of Texas Contract RFQ 2020” inviting them to click on a link to review a purchase order. This email did not originate from our office and we believe it is a fraudulent attempt to steal login credentials, products or personal and financial information from the vendor.

October 22, 2019: Invitation to Bid

Another vendor received a phishing email purporting to be from our Statewide Procurement Division with an attachment that claims to contain an “Invitation to Bid”. By clicking on the attachment, the vendor is sent to a fake Dropbox webpage (view here) where they are told they must enter their email username and password to view the “bidding opportunity”. This email was not sent from our office and is a fraudulent attempt to steal email logon credentials, personal and/or financial information.

June 25, 2019: Update Bidder Info

A vendor received a phishing email from someone claiming to be the Texas Comptroller of Public Accounts. The email (view here) instructed them to log into a website and provide “updated bidder directory information”. This email was not sent from the Comptroller's office and we do not require vendors to update their information in this way. The website is malicious and designed to steal email username, password, personal and/or financial information.

For the convenience of Texas taxpayers, the Texas Comptroller of Public Accounts (CPA) will begin processing payments over the telephone using credit cards and debit transactions. CPA urges you to be on the lookout for unexpected scam phone calls from anyone claiming to be collecting on behalf of our office.

Stay vigilant against scams

A caller from the Comptroller’s office will always:

• Introduce himself or herself as a Comptroller’s office employee.
• Be able to verify specific details on prior notices or historical account information.
• Offer multiple ways for you to make a payment.
• Explain the fees that are involved if you choose to pay by credit card.
• Encourage you to call the telephone number on your account statement or on our website if you have any questions about the process.

A caller from the Comptroller’s office will never:

• Threaten to bring in local police, immigration officers or other law-enforcement to have you arrested for not paying.
• Pressure you to make a payment by credit card or electronic check only.

If you are unsure that the person calling you is from the Comptroller’s office, please hang up and call the number on our account statement or on our website.

Cybercriminals are sending spoofed (impersonated) emails — appearing to be from the Comptroller's office — inviting recipients to bid on attached falsified Requests for Quotations (RFQs) included with the spoofed emails. These emails are not from the Comptroller's office and the RFQs are a fraudulent attempt to steal your money.

Don’t become a victim. Help the Comptroller’s office fight fraud.

The Comptroller’s office, like other companies and government agencies, has unfortunately been the subject of a number of recent email fraud attacks, including:

Spoofed emails purporting to be from our office and the Texas Department of Transportation using a fake agency email domain telling recipients to click on an attachment and “sign in with your email provider to generate a BID ID”. The attachment contains a fraudulent link designed to steal your email login credentials.

Spoofed emails claiming to be from our office but using a domain not associated with the agency, urging recipients to click on a “secure message” but the attachment is malicious, intended to steal usernames and passwords.

Spoofed emails purporting to be from our office but using a fake agency email domain telling recipients to click on an attachment and sign in to receive a message. The attachment contains a fraudulent link designed to steal your login credentials.

Spoofed emails (appear very similar to valid agency email addresses but with a period removed between first and last name) with fraudulent RFQs, designed to steal your money.

Spoofed emails purporting to be from an authorized GovDelivery email service but using a comcast.net email domain. The attached PDF instructs users to click on a “View Information” link which is designed to steal login credentials.

These cybercriminals are putting your information at risk and trying to damage good customer relationships. That is why we are expanding our efforts to fight fraud and keep you safe and secure.

If you are suspicious about an email that claims to be from the Comptroller’s office, follow these tips:

• Question whether the information should be requested via email.
• Be wary of links and attachments. Consider the context of the email, look for red flags such as poor grammar and/or sentence structure, and when in doubt, don’t click.
• Use an email spam filter and up-to-date virus software and avoid public Wi-Fi.
• When suspicious, do not respond to the original email. Use independent sources to verify sender details and establish a new channel of communication to confirm with the sender.

If you suspect any correspondence from our agency is fraudulent, please notify us by emailing stop.spoofing@cpa.texas.gov.

View an Example of a Spoofed Email

We recently became aware of a telephone scam involving an individual falsely claiming to represent the Texas Comptroller of Public Accounts. Caller ID spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Spoofing is often used as part of an attempt to trick someone into giving away valuable personal information so it can be used in fraudulent activity or sold illegally, but also can be used legitimately, for example, to display the toll-free number for a business.

The Comptroller’s office, like other companies and government agencies, has unfortunately been the subject of a number of caller ID spoofing attacks, including:

• A caller falsely warning taxpayers they have a tax liability and requesting a credit card number.
• Another phone scammer, also purporting to be with the Comptroller’s office and calling from a “spoofed” Texas Comptroller of Public Accounts phone number is asking taxpayers to send payment for government grants; a service the Texas Comptroller of Public Accounts provides for free.

Government imposter scams made up nearly half of the 535,417 imposter scams reported to the FTC in 2018

These scammers are putting your information at risk and trying to damage good customer relationships. That is why we are expanding our efforts to fight fraud and keep you safe and secure.

If you are suspicious about a phone call that claims to be from the Comptroller’s office, follow these tips:

• Never give out personal information such as Social Security numbers, mother's maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
• Use caution if you are being pressured for information immediately.
• If you get an inquiry from someone who says they represent our agency, hang up and call the phone number on your account statement, in the phone book, or on our website to verify the authenticity of the request.
• If you have received a call that you are suspicious about please contact CPA at stop.spoofing@cpa.texas.gov.

Some third party agents charge taxpayers a fee to submit an application for IFTA licenses and request the decals on their behalf. Individuals willing to pay a fee to third parties, should be aware the Comptroller issues these licenses and decals at no cost and does not charge an application fee. Please visit https://comptroller.texas.gov/taxes/fuels/ifta.php for additional information.

The Comptroller’s office offers assistance with recovering unclaimed property at no cost to claimants. Individuals willing to pay a fee to third parties offering assistance with unclaimed property should be aware that in most cases, fees cannot exceed 10% of the value of the property being claimed. Additional information is available at ClaimItTexas.org.

We recently became aware that the following website is charging taxpayers for services our office provides at no cost: http://statetaxcertificates.com/texas/. This third party is not claiming to be a state agency but the website is not secure, meaning data shared between you and this website is not encrypted. In addition the website contains the following misinformation:

• Taxpayers are not “issued an annual resale certificate” as the website claims. Instead taxpayers may download a resale certificate (Form 01-339) from our website and give this to their vendor or supplier to purchase items for resale, rent or lease. Taxpayers are required to have an active sales tax permit. The 11-digit Texas Taxpayer ID # that is assigned when an application for a sales tax permit is processed must be listed on the resale certificate.
• The “State Tax Certificate” this website is referring to is the Texas Sales Tax Permit. This does not expire unless the taxpayer ceases to do business in Texas.