CT Secretary of the State Warning Businesses Of Spoofing Email Scam

HARTFORD — Secretary of the State Stephanie Thomas is warning all Connecticut businesses to avoid a malicious email circulating that claims to be from the Connecticut Business Registry.

The email contains a malicious Team OpenSign link that prompts the user to review and sign an undisclosed digital document. according to Thomas.

The type of attack is known as "spoofing," where the sender changes the "from" address to make the email appear to come from a legitimate source — in this case, the Office of the Secretary of the State (SOTS).

The technique tricks users into clicking malicious links and revealing sensitive information to cybercriminals, which can include login credentials, money transfers, or the download of malware, according to Thomas.

"Cybercriminals are getting more sophisticated, and it’s critical that businesses stay alert," Thomas said. "Our office will never send unsolicited documents for signature. If something feels off, trust your instincts and verify before you click."

How to Identify and Prevent Attacks

Official Emails: Emails from the Office of the Secretary of the State will always come from a @ct.gov email address.

Key Security Reminders From Thomas

• Do not respond to or click any links in an email you suspect is malicious.
• All official business filings can be accomplished by going directly to business.ct.gov and logging in. If you are suspicious of a link, even in an email from @ct.gov, do not click it. While the Business Services Division may include quick links for convenience, it is never necessary to click a link to make a business filing.
• Never give your business.ct.gov credentials to anyone and turn on Multi-Factor Authentication (MFA) for added security.

Here is the scam: