Phishing the Old Fashioned Way - Be Wary of Paper Notices!
Much attention has been paid to cyber-attacks targeting both business and individual computer systems. While these are extremely important issues and care should be taken to minimize these crimes, we would like to remind you that emails and phone calls are not the only way attacks can find their way into your company. Sometimes the United States Post Office delivers them the old-fashioned way. Like other delivery methods, “snail mail” shares basic traits with cyber-attacks by creating a sense of urgency through warnings of dire consequences printed on official-looking documents. There are many different scams, with new ones coming to surface all of the time. A couple examples are presented below.
We recently had a client forward us a letter they had received from the Alaska Council for Corporations (ACC). It said it was a private company and claimed that it had already filed corporate consent records on behalf of this client to keep them in compliance with Alaska statutes. It went on to say that it had already paid the necessary fee to the state on behalf of the company. It came with a form, an instruction letter for completing the form and a pre-addressed return envelope. It was addressed to the client’s company and even correctly identified the president of the company. We reviewed the form and read the instructions to determine what action, if any, was needed. The last section of the instructions said, “The preparation of the form does not satisfy the requirement to file the biennial report required by the Alaska Corporation Code.”
Upon investigation with the State of Alaska Department of Commerce, we found that the Alaska Council for Corporations has been in existence since 2013. Each year the ACC sends letters to companies registered to do business in Alaska trying to get money and information. The Department of Commerce receives reports every year from companies who receive this misleading letter and unfortunately, some of those reports come from companies that had already sent both money and information to the ACC.
Another state with reported issues is Georgia. After conducting normal business on their website, we visited the home page of the Secretary of State, where we found an article warning of “a sham entity calling itself the Business Compliance Division”. This entity makes false claims about businesses needing to obtain a Certificate of Existence, and charging a $125 fee to provide a copy to ensure that the company is in compliance. Companies should know that there is no reason to work with this group, as a business actually needing a copy of their Georgia Certificate of Existence can obtain one from the Secretary of State for a fee of $10.
Each state has their own requirements for registrations, certifications and/or reporting. For companies operating in multiple states, requirements can be hard to track, and non-compliance costs can be significant. It is therefore easy to be misled when receiving this type of correspondence. In addition, the worst part is that the money these scammers collect may pale in comparison to the value of the confidential information they may obtain; information which could allow them to develop more targeted attacks on your company, or even lead to identity theft depending on the nature of the information provided.
To protect yourself and your company, follow these simple rules:
Look at everything you receive skeptically.
Read everything thoroughly.
Do not blindly follow directions from this type of correspondence; go directly to a jurisdiction’s official website to verify the information.
If you are not sure or don’t have time to investigate, contact ECS Financial Services. We have the knowledge and experience to help you protect your business.
About the Author - Jason Hunter recently joined ECS Financial as a staff accountant providing portfolio management services for leasing companies. Previously he worked as an account manager servicing multi-million dollar accounts for a Chicago area manufacturing company.