I received an email from the Texas Comptroller’s Office on Thursday warning about a scam email that appears to be from the Texas Comptroller of Public Accounts. Perhaps you received it as well.
Cybersecurity thieves are bolder than ever as they are now impersonating government entities. This most recent case reveals that scammers are sending emails warning recipients about code violations from the Texas Comptroller of Public Accounts.
Some versions of these letters claim that the state of Texas will seize your assets and property for unpaid taxes unless a payment is made within a week.
Beware, because these emails are scams! By being bold and appearing to be authoritative, they are pressuring you to make a snap decision out of fear.
This fear tactic is nothing new; it’s simply a different twist on an old scam. The Texas Comptroller’s Office states that criminals have sent threatening scam faxes, letters, and phone calls impersonating state agencies for years.
Recipients are most intimidated when called by a brazen and threatening scammer demanding immediate payment. They often claim they will seize your property and assets or they will increase your liability if you do not pay immediately or provide sensitive information.
The scammer’s threat is intended to motivate you to:
- Call that criminal’s phone number; or
- Click on a fake link in the email to learn more about your individual case
- Force you to make an immediate payment or send payment via a gift card
Calling the phone number on a letter or fax will introduce you to a hard-pressing criminal who is impersonating the Texas Comptroller’s Office. That person’s purpose is to exert such a high degree of pressure by speaking with an authoritative delivery to convince you to comply immediately.
Clicking on the fake link will send you to a corrupted site that will then upload malware onto your computer to gather data – perhaps credit card and banking information along with private personal and business information.
Even worse, responding to such an email will likely result in a call or email demanding a ransom payment.
The email I have seen states:
Dear Sir/Madam,
I trust this message finds you well. The office of the Texas comptroller of Public Accounts, has identified specific code violations within our community that require immediate attention.
Enclosed, please find detailed reports below on the identified code violations, along with recommended steps for resolution.
Code Violation Notice ref::#3364541.PDF
Your cooperation is essential in ensuring prompt action. Use the link to sign and return the document as soon as possible.
That’s the setup. Here are my recommendations:
If you receive an email:
- Hover your cursor over (but DO NOT CLICK on) the sender’s email address. Unless the email address extension is clearly from a .gov address, it is likely to be fake.
- Scrutinize the content of the email for errors, including mistakes in spelling, punctuation and capitalization. In the sample above, please note that the word “comptroller” in the second sentence is not capitalized. The proper entity is the Texas Comptroller of Public Accounts. And there should be no comma after “Accounts” in the second sentence.
- DO NOT click on the link!
If you receive a fax (yes, there are still a lot of fax programs out there!) or letter:
- Do NOT call the phone number on the letter. If you think this could be a legitimate message, search online for the phone number of that entity. The Customer Service Liaison phone number for the Texas Comptroller of Public Accounts is 888-334-4112. Or call the Comptroller’s Collection Team at 800-252-8880. You may also send an email to stop.spoofing@cpa.texas.gov.
If you receive a phone call demanding payment:
- Remain calm.
- Ask the caller for their employee badge number (this often throws them off their pitch).
- Ask the caller to confirm your appropriate account information – either your Social Security number or your Taxpayer ID number along with your mailing address. If the caller gives you any information, accept it but do not confirm it.
- NEVER give any of your information to a collection caller. That caller needs to provide you with information.
- Ask them to send you a written copy of your account that includes your identification number (either Social Security number or Taxpayer ID number) as part of the document.
Once you have made this transaction more difficult, the scammer is likely to disengage. If the caller is legitimate, then you may respond appropriately only AFTER receiving documentation of the amount they state you owe.
In this cyber-insecure world, remember that distrusting a stranger is the smartest action to take.
Michael Moore is founder and CEO of M3 Networks, an IT Support and Cybersecurity firm located in Southlake with a nationwide presence. He has well over 20 years of experience in the IT and cybersecurity field and has been an in-demand speaker as a subject matter expert on cybersecurity and HYPER business growth utilizing technology as rocket fuel. He has co-authored “Cyber Storm,” a book featuring cybersecurity experts from around the world.