Glenn Hegar
Texas Comptroller of Public Accounts
Glenn Hegar
Texas Comptroller of Public Accounts
Skip navigation
Glenn Hegar
Texas Comptroller of Public Accounts
Skip navigation
Top navigation skipped

about

Fraud and Consumer Alerts

Recent Phishing Attempts

October 11, 2024

The Texas Comptroller of Public Accounts issues this fraud alert to prevent Texans from being defrauded by criminals who are using a DocuSign response email message.

Criminals posing as the agency or Comptroller’s office employees are sending emails to individuals and businesses asking that they review and sign a document via DocuSign. The hyperlinks in the email may steal your personal information and/or DocuSign credentials and inject a virus into your computer.

See sample email (PDF).

If you receive such an email (view example), please take the following actions immediately:

  • Forward the entire email as an attachment to security@docusign.com.
  • Do not respond to the email.
  • Block the sender of the email.
  • Change your password to any account (e.g., Comptroller’s office electronic systems, DocuSign) identified in the email.
  • Update your antivirus software and run a diagnostic.
  • If you have already opened the email and clicked on a hyperlink, report the fraud to the Federal Trade Commission at ReportFraud.ftc.gov and follow its instructions on how to avoid subsequent identity theft.

Aug. 29, 2024

The Texas Comptroller of Public Accounts issues this fraud alert to prevent Texans from being defrauded by criminals appearing to be providing state government services concerning the Uniform Commercial Code (UCC). This fraudulent activity is known as the Texas UCC Statement Services Scam.

Criminals impersonating a state government agency have been mailing a solicitation to Texas businesses stating that they must immediately pay $90 to obtain and file a delinquent UCC form within a short period. Texas businesses are unlikely to ever file the form, but if they do, the form may be ordered directly from the Texas Secretary of State for a small fee.

The Comptroller’s office encourages taxpayers to report all suspected fraud, theft, waste, abuse and scams to stop.spoofing@cpa.texas.gov. Taxpayers may also contact the Texas Attorney General’s Consumer Protection Division by calling 800-621-0508.


March 12, 2024

The Comptroller’s office has received reports that Historically Underutilized Business (HUB) members have received a phishing email purporting to come from the Texas Comptroller, from an email domain that is not associated with our agency.

See sample letter (PDF).

This email directs recipients to download an attachment and click on a hyperlink to confirm their business name is included within a list of “approved Active HUBS.” Do not click any link. Instead, report it to our office.

This email did not originate from our office. We believe the link in the attachment is malicious, is designed to spread malware, and is designed allow the intruder to exploit loopholes and steal sensitive information from the recipient.


Feb. 8, 2024: Comptroller Impersonation Fraud Alert

The Texas Comptroller of Public Accounts is warning citizens that criminals are sending emails impersonating the agency’s Open Records Division, claiming they have committed a Code violation. Do not click any links in these communications. To cause you to react and click onto the links, these fraudulent emails use the subject line: Code Violation Notice ref.:: 3364541.PDF.

See sample letter (PDF).

If you click the link, destructive malware is installed onto your computer or electronic device. The malware then steals your sensitive data.

If you or anyone you know receives an email or any other communication like this, again, do not click any link. Instead, report it to our office.


Jan. 25, 2024: Criminals Impersonating State, Threatening to Seize Assets

Some taxpayers have received fraudulent letters claiming the state of Texas will seize their assets and property for unpaid taxes unless payment is made within seven days. These illegitimate letters did not originate from the Comptroller’s office.

For years, criminals have used aggressive and threatening scam faxes, letters and phone calls impersonating state agencies. The criminals demand immediate payment, often via a specific payment method, and threaten to seize assets and property or significantly increase the liability if you fail to pay or provide sensitive personal information.

See sample letter (PDF).

Be incredibly wary whenever you receive unexpected messages like these, as they can be a trap. The criminals’ threats are designed to get you to react by calling the criminals’ phone number or clicking on a fake link to solve the problem. The consequences can be catastrophic. Not only can you lose your money, but if you click on links in scam emails or texts, you also could become a victim of identity theft or have malware installed on your phone or computer.

If you receive an unexpected message of this type, do not call the phone number or use the website or link provided in the letter, email or text. Most importantly, do not give the sender personal information or money. Instead, please email us at stop.spoofing@cpa.texas.gov or call the Comptroller’s Collection Team at 800-252-8880.


Previous Fraud Attempts

Nov. 17, 2023: Email Impersonation Scheme Targeting Texas Businesses

Texas business owners are reporting they have received an unlawful, unsolicited email (view here (PDF)) purporting to be from Texas Comptroller Glenn Hegar. These illegitimate emails, which offer a fictious business opportunity, did not originate from the Comptroller's office.

In them, the Comptroller’s title is incorrect, and the agency cited as offering the opportunity does not exist. The offering email comes from the domain “zohosign.com,” while the email address provided for queries concerning the fraudulent offer misspells the Comptroller’s name and contains a different commercial address from the domain “outlook.com.” An authentic email from the Comptroller’s office will give the user’s full name with the agency’s domain name that ends with .gov.

If you suspect any correspondence from our agency is fraudulent, please notify us by emailing stop.spoofing@cpa.texas.gov.

Sept. 14, 2023: HUB Message Falsely Representing Procurement Division

HUB members are reporting that they have received a phishing email from numerous individuals falsely representing official correspondence from the Statewide Procurement Division. The fraudulent email did not originate from the Comptroller's office and is not legitimate correspondence. The malicious email is designed to lure recipients into clicking on the provided link to spread malware, steal login credentials or trick people into sharing personal and financial information. Some fraudsters are following up with a telephone call. If you receive such an email (view example), please contact us at these addresses: HUB Members: StatewideHUBProgram@cpa.texas.gov; CMBL members: e.cmbl@cpa.texas.gov.

Nov. 21, 2022: Document from Agency Contractor

Some Texas taxpayers have reported receiving the fraudulent email below. The email falsely represents that this is official correspondence from a “contractor” working for the Texas Comptroller of Public Accounts.

This email did not originate from our office and is not legitimate correspondence from the Texas Comptroller of Public Accounts.

This malicious email is designed to lure you into clicking on the provided link to spread malware, steal login credentials or trick you into sharing your personal and financial information.

An example of the malicious email appears below. If you receive such an email, please report it to our office and do not click on any link.

From: Contractor, Texas Comptroller <user@transferbigfiles.com>
Date: Fri, Nov 11, 2022 at 10:41 AM
Subject: You have file document from Texas Comptroller Contractor
To:XXXXXXXXXXXXXXXXXXXXXXXXX


You have file document from- Texas
Comptroller Contractor

Good Day,
Kindly check this attachment and click on the download page sent with OneDrive but you can log in with your email to view the attachment only on a computer. This is a new way to send large files.

Thank you,
Texas Comptroller Contractor

Go to Download Page »
https://www.transferbigfiles.com/fc113ee2-7d53-4d37-8f1d-0c8cd58bf12f/0wltY5ve78kyToHnEOwFnA2

(link expires 12/11/2022 8:00:00 AM)

Texas Comptroller Contractor

Texas Comptroller Contractor
Dropbox

DropBox.html

Jan. 6, 2021: Central Master Bidders List (CMBL) recertification

Companies participating in the Central Master Bidders List (CMBL) reported a phishing email, purporting to come from the Texas Comptroller, that originated from an email domain that is not associated with our agency. This email falsely claimed the recipient needed to recertify to continue participation in the CMBL program and requested personal and financial information. The email also contained an attachment that, if opened, directed the email recipient to provide certain information to the perpetrator’s website. We believe the link is malicious and designed to spread malware.

Sept. 30, 2020: HUB License Revoked

Companies participating in the Historically Underutilized Business (HUB) Program have reported a phishing email purporting to come from the Texas Comptroller, from an email domain that is not associated with our agency. This email falsely claimed the recipient's HUB license had been revoked and contained two attachments that, if opened, directed the email recipient to a malicious website. This malicious website steals the recipient's login credentials if they enter their username and password, which they were told they had to provide in order to obtain additional information concerning the revocation. However, there is no information because the email is bogus and any login details would be sent directly to the bad actors. This email did not originate from our office and our agency will never ask you for your login credentials to provide more information.

Jun. 24, 2020: Download FAX

A taxpayer received a phishing email purporting to come from the Texas Comptroller from an email domain that is not associated with our agency. This email claimed to contain a fax and instructed the recipient to click on a link to "View or Download Fax". This email did not originate from our office and does not contain a fax. We believe the link is malicious and designed to spread malware or steal login credentials, personal and financial information from the recipient.

May 5, 2020: HUB Program certification

A number of Historically Underutilized Business (HUB) owners have reported receiving a phishing email from a sbs.tx.gov email domain that is not affiliated with our agency. The email purports to contain a message related to HUB Program certification, includes a malicious link and asks the recipient to provide their email login information to access a bogus message. One of the links in the email appears to spread malware while the other is designed to steal login credentials, personal and/or financial information. This email did not originate from our office.

Apr. 14, 2020: RFQ

A vendor received a phishing email purporting to come from the Texas Comptroller of Public Accounts with the subject "The State of Texas Contract RFQ 2020" inviting them to click on a link to review a purchase order. This email did not originate from our office and we believe it is a fraudulent attempt to steal login credentials, products or personal and financial information from the vendor.

Oct. 22, 2019: Invitation to Bid

Another vendor received a phishing email purporting to be from our Statewide Procurement Division with an attachment that claims to contain an "Invitation to Bid". By clicking on the attachment, the vendor is sent to a fake Dropbox webpage where they are told they must enter their email username and password to view the "bidding opportunity"". This email was not sent from our office and is a fraudulent attempt to steal email logon credentials, personal and/or financial information.

Jun. 25, 2019: Update Bidder Info

A vendor received a phishing email from someone claiming to be the Texas Comptroller of Public Accounts. The email instructed them to log into a website and provide "updated bidder directory information". This email was not sent from the Comptroller's office and we do not require vendors to update their information in this way. The website is malicious and designed to steal email username, password, personal and/or financial information.

This in an example of the malicious email:

Note: The sender addresses vary significantly but tend to incorporate the false name of the sender. None of the known sender addresses end with "gov."

From: John Van Haren
Sent: Friday, September 8, 2023 2:48 PM
Subject: HUB LETTER

HUB Member,

Attached is information regarding your HUB Eligibility.

If you have any questions, please do not hesitate to contact me.

John Van Haren , ASME, SNAME, MRINA, MPA, MCA
HUB Certification Analyst
Statewide HUB Program Manager
Statewide Support Services Division (SSSD)
Comptroller of Public Accounts
1711 San Jacinto Blvd.
Austin, TX 78701