For the convenience of Texas taxpayers, the Texas Comptroller of Public Accounts (CPA) will begin processing payments over the telephone using credit cards and debit transactions. CPA urges you to be on the lookout for unexpected scam phone calls from anyone claiming to be collecting on behalf of our office.
A caller from the Comptroller’s office will always:
A caller from the Comptroller’s office will never:
If you are unsure that the person calling you is from the Comptroller’s office, please hang up and call the number on our account statement or on our website.
Cybercriminals are sending spoofed (impersonated) emails — appearing to be from the Comptroller's office — inviting recipients to bid on attached falsified Requests for Quotations (RFQs) included with the spoofed emails. These emails are not from the Comptroller's office and the RFQs are a fraudulent attempt to steal your money.
The Comptroller’s office, like other companies and government agencies, has unfortunately been the subject of a number of recent email fraud attacks, including:
Spoofed emails purporting to be from our office and the Texas Department of Transportation using a fake agency email domain telling recipients to click on an attachment and “sign in with your email provider to generate a BID ID”. The attachment contains a fraudulent link designed to steal your email login credentials.
Spoofed emails claiming to be from our office but using a domain not associated with the agency, urging recipients to click on a “secure message” but the attachment is malicious, intended to steal usernames and passwords.
Spoofed emails purporting to be from our office but using a fake agency email domain telling recipients to click on an attachment and sign in to receive a message. The attachment contains a fraudulent link designed to steal your login credentials.
Spoofed emails (appear very similar to valid agency email addresses but with a period removed between first and last name) with fraudulent RFQs, designed to steal your money.
Spoofed emails purporting to be from an authorized GovDelivery email service but using a comcast.net email domain. The attached PDF instructs users to click on a “View Information” link which is designed to steal login credentials.
May 5, 2020 – A number of Historically Underutilized Business (HUB) owners have reported receiving a phishing email from a sbs.tx.gov email domain that is not affiliated with our agency. The email purports to contain a message related to HUB Program certification, includes a malicious link and asks the recipient to provide their email login information to access a bogus message. One of the links in the email appears to spread malware while the other is designed to steal login credentials, personal and/or financial information. This email did not originate from our office.
April 14, 2020 – A vendor received a phishing email purporting to come from the Texas Comptroller of Public Accounts with the subject “The State of Texas Contract RFQ 2020” inviting them to click on a link to review a purchase order. This email did not originate from our office and we believe it is a fraudulent attempt to steal login credentials, products or personal and financial information from the vendor.
October 22, 2019 – Another vendor received a phishing email purporting to be from our Statewide Procurement Division with an attachment that claims to contain an “Invitation to Bid”. By clicking on the attachment, the vendor is sent to a fake Dropbox webpage (view here) where they are told they must enter their email username and password to view the “bidding opportunity”. This email was not sent from our office and is a fraudulent attempt to steal email logon credentials, personal and/or financial information.
June 25, 2019 – A vendor received a phishing email from someone claiming to be the Texas Comptroller of Public Accounts. The email (view here) instructed them to log into a website and provide “updated bidder directory information”. This email was not sent from the Comptroller's office and we do not require vendors to update their information in this way. The website is malicious and designed to steal email username, password, personal and/or financial information.
These cybercriminals are putting your information at risk and trying to damage good customer relationships. That is why we are expanding our efforts to fight fraud and keep you safe and secure.
If you are suspicious about an email that claims to be from the Comptroller’s office, follow these tips:
Question whether the information should be requested via email.
Be wary of links and attachments. Consider the context of the email, look for red flags such as poor grammar and/or sentence structure, and when in doubt, don’t click.
Use an email spam filter and up-to-date virus software and avoid public Wi-Fi.
When suspicious, do not respond to the original email. Use independent sources to verify sender details and establish a new channel of communication to confirm with the sender.
If you suspect any correspondence from our agency is fraudulent, please notify us by emailing email@example.com.
We recently became aware of a telephone scam involving an individual falsely claiming to represent the Texas Comptroller of Public Accounts. Caller ID spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. Spoofing is often used as part of an attempt to trick someone into giving away valuable personal information so it can be used in fraudulent activity or sold illegally, but also can be used legitimately, for example, to display the toll-free number for a business.
The Comptroller’s office, like other companies and government agencies, has unfortunately been the subject of a number of caller ID spoofing attacks, including:
These scammers are putting your information at risk and trying to damage good customer relationships. That is why we are expanding our efforts to fight fraud and keep you safe and secure.
If you are suspicious about a phone call that claims to be from the Comptroller’s office, follow these tips:
Never give out personal information such as Social Security numbers, mother's maiden names, passwords or other identifying information in response to unexpected calls or if you are at all suspicious.
Use caution if you are being pressured for information immediately.
If you get an inquiry from someone who says they represent our agency, hang up and call the phone number on your account statement, in the phone book, or on our website to verify the authenticity of the request.
If you have received a call that you are suspicious about please contact CPA at firstname.lastname@example.org.
Some third party agents charge taxpayers a fee to submit an application for IFTA licenses and request the decals on their behalf. Individuals willing to pay a fee to third parties, should be aware the Comptroller issues these licenses and decals at no cost and does not charge an application fee. Please visit https://comptroller.texas.gov/taxes/fuels/ifta.php for additional information.
The Comptroller’s office offers assistance with recovering unclaimed property at no cost to claimants. Individuals willing to pay a fee to third parties offering assistance with unclaimed property should be aware that in most cases, fees cannot exceed 10% of the value of the property being claimed. Additional information is available at ClaimItTexas.org.
We recently became aware that the following website is charging taxpayers for services our office provides at no cost: http://statetaxcertificates.com/texas/. This third party is not claiming to be a state agency but the website is not secure, meaning data shared between you and this website is not encrypted. In addition the website contains the following misinformation:
If you suspect any correspondence from our agency is fraudulent, please notify us by emailing email@example.com
In 2015, the Texas Legislature passed House Bill 855, which requires state agencies to publish a list of the three most commonly used Web browsers on their websites. The Texas Comptroller’s most commonly used Web browsers are Google Chrome, Microsoft Internet Explorer and Apple Safari.