Scams are everywhere. In our recent Research Assistant Peer Group meeting we discussed the recent scam alerts issued by both California and ACA. If you believe that scam artists are losing and you have this under control, think again. The scams are becoming increasingly more robust and sophisticated. Vigilance remains your best defense.
The alert from ACA warned of phishing campaigns impersonating federal regulators. These scams specifically target ACA members attempting to steal sensitive business and consumer data. They are impersonating the CFPB Compliance Department. The subject line will say “Request for Compliance Documentation Review”. They imply urgency and pressure tactics to force immediate action by demanding documents within 3 business days.
Some members in our RA meeting have already received this email and though they felt this is not how the CFPB would contact to request any business information or begin an audit, they still wondered how legit it was. Also, three business days to provide the type of extensive documentation asked for may make it obvious to many that the request is not legitimate.
If you are concerned, contact the CFPB directly at www.consumerfinance.gov to see if the communication you received is genuine. Do not click on the “Secure Portal” button in the email or reply to it. These actions will allow the scammer to access your data and systems.
The second scam alert we discussed targets California licensees, urging businesses to submit a form (501-CORP) and fee to a third party to file a Statement of Information on their behalf to the California Secretary of State. It threatens penalties, fines or suspension, or seizure to entice panic and urgency.
Emails with subject lines such as “California Corporations Annual Order Form” or similar are not sent by any entity working with the California Secretary of State. See their SOS website for details on how to recognize these scam solicitations.
Remember to use simple tests such as hovering over the link and viewing the true designation address, it will not be a true government URL if it is a scam as government URLs will aways be clearly identifiable. Again, if you are unsure, do not click on any link or respond. Contact the entity directly to see if they are indeed trying to reach you.
Hey, wait! There's more where this came from.
With Research Assistant (from insideARM), industry compliance is our expertise. Our weekly peer group roundtable is the perfect place to ask a question and get timely advice from industry colleagues who are facing the same challenges you are. Try it on for size with our 1-month free trial.