phone : 281-443-2996

104 Lockhaven Dr. | Houston, TX 77073-5500

Security, how many times…

 
Notification of Phishing Email Scam — Termination of HUB Certification

Dear HUB/CMBL Participant:

The Texas Comptroller of Public Accounts has been notified by several participants in our HUB/CMBL programs that they have received a phishing email that appears to have been sent by our agency informing the recipient that the State of Texas Historically Underutilized Business (HUB) Program has revoked their license for an unnamed policy violation and the failure to comply with an unidentified CPA request. The email directs the recipient to respond, which takes the recipient to a malicious website. This malicious website steals the recipient’s login credentials when they login to obtain additional information concerning the claimed revocation. The Texas Comptroller of Public Accounts has already posted a Fraud Alert notice of this attack on its website.

If you receive this phishing email in the future or have received this phishing email but have not responded to the prompts, please send it directly to stop.spoofing@cpa.texas.gov.

If you have already received this phishing email, opened it, and provided your login credentials in response to the prompting at the malicious website, please follow the following instructions:

  1. Let us know that your login credentials have been compromised by contacting us at e.cmbl@cpa.texas.gov for CMBL or StatewideHUBProgram@cpa.texas.gov for HUB.
  2. IMMEDIATELY – Go onto the Comptroller’s Website at https://mycpa.cpa.state.tx.us/securitymp1portal/displayLoginUser.do and reset your password. If you are no longer able to access your account, please call 1-888-863-5881 (HUB) or 512-463-3459 (CMBL) for assistance.
  3. If possible, preserve the phishing email and any correspondence you have with the operators of the malicious website posing as our agency. This will better enable an investigation of this phishing attack.
  4. If we have current contact information for you, we will attempt to notify you when it is appropriate to destroy the email and any related documents.

There are some obvious tell-tale signs that this was a phishing email:

  • Our agency will never ask you for your login credentials to provide more information.
  • This phishing attack was sent from an email domain that has a “yahoo.com” address.
  • Our agency would have been in direct contact with you concerning any alleged violation long before termination of your status would have been considered.
  • Our agency does not have a “Nationwide Procurement Division.”
  • The fake employee’s name and erroneous email address do not match any of our agency experts in this area. Any effort to use the address or make a call to the employee would have established the email was not sent by our agency.

In the future, if you receive a similar phishing email or letter, please send it directly to stop.spoofing@cpa.texas.gov, directly call the Comptroller’s Fraud Hotline at 800-531-5441, Ext. 3-8707, or call our Statewide Procurement Office directly to verify the authenticity of the correspondence at 512-463-3459 (CMBL), 1-888-863-5881 (HUB Toll Free Line), or 512-463-5872 ( HUB Local Line).

 
Share this post