Cybercriminals are sending spoofed (impersonated) emails – appearing to be from the Comptroller’s office – telling recipients to click on a PDF attachment and sign in to receive a secure message. The email is not from the Comptroller’s office, and the attachment contains a fraudulent link designed to steal your email login credentials.

Don’t become a victim. Help the Comptroller’s office fight fraud.

The Comptroller’s office, like other companies and government agencies, has unfortunately been the subject of a number of recent email fraud attacks, including:

  • Spoofed emails purporting to be from our office but using a fake agency email domain telling recipients to click on an attachment and sign in to receive a message. The attachment contains a fraudulent link designed to steal your login credentials.

  • Spoofed emails (using actual agency email addresses) appear to look authentic but are designed to trick you into providing sensitive or personal data.

The Comptroller’s office will never send you an email asking for any personal or sensitive information such as your password or login ID.

These cybercriminals are putting your information at risk and trying to damage good customer relationships. That is why we are expanding our efforts to fight fraud and keep you safe and secure.

If you are suspicious about an email that claims to be from the Comptroller’s office, follow these tips:

  • Question whether the information should be requested via email.

  • Be wary of links and attachments. Consider the context of the email, look for red flags such as poor grammar and/or sentence structure, and when in doubt, don’t click.

  • Use an email spam filter and up-to-date virus software and avoid public Wi-Fi.

We value your business and take these matters very seriously. If you suspect an email may be fraudulent, please forward it to stop.spoofing@cpa.texas.gov. Our team reviews all submissions, but only responds when additional information is required.