Announcement Detail


Secretary of the State Stephanie Thomas Warns Businesses of Spoofing Email Scam

 

Secretary Press Release Seal

 

Contact: Roger Senserrich
Phone: 860.543.1488

 

FOR IMMEDIATE RELEASE

October 23, 2025

 

Secretary of the State Stephanie Thomas Warns Businesses of Spoofing Email Scam

 

Hartford, Conn. – Secretary of the State Stephanie Thomas is warning all Connecticut businesses to avoid a malicious email circulating that claims to be from the Connecticut Business Registry.

 

The email contains a malicious Docusign link that prompts the user to review and sign an undisclosed digital document. This type of attack is known as “spoofing,” where the sender changes the “from” address to make the email appear to come from a legitimate source—in this case, the Office of the Secretary of the State (SOTS). This technique tricks users into clicking malicious links and revealing sensitive information to cybercriminals, which can include login credentials, money transfers, or the download of malware.

 

“Cybercriminals are getting more sophisticated, and it’s critical that businesses stay alert,” said Secretary Thomas. “Our office will never send unsolicited documents for signature. If something feels off, trust your instincts and verify before you click.”

 

How to Identify and Prevent Attacks

 

Unfortunately, our Office cannot prevent these types of attacks. Our best defense is an informed and vigilant public.

 

·       Official Emails: Emails from the Office of the Secretary of the State will always come from a @ct.gov email address.

·       Verify the Sender: All standard email applications allow recipients to see the real sender by hovering over or clicking on the “from” address. If this process reveals an address that is not @ct.gov, the email does not come from the state and should not be trusted.

·       Be Careful with Lookalike Domains: Hackers are sophisticated. While checking the email address is essential, you must remain suspicious even if the email appears to be official. Criminals can trick you by using a very similar-looking address (like @cct.gov or @ct-gov.org), hoping you won't notice the small difference.

 Key Security Reminders:

 

·       Do not respond to or click any links in an email you suspect is malicious.

·       Use the business.ct.gov: If you are suspicious of a link, even in an email from @ct.gov, do not click it. While the Business Services Division may include quick links for convenience, it is never necessary to click a link to make a business filing. All official business filings can be accomplished by simply going directly to business.ct.gov and logging in.

·       Protect Your Account: Never give your business.ct.gov credentials to anyone and turn on Multi-Factor Authentication (MFA) for added security.

 

CURRENT ALERT: Please be advised that a malicious spoof email is currently circulating statewide. It appears to be sent from the CT SOTS Business Registry. This email is a malicious phishing attempt used to steal your credentials and compromise your devices. DO NOT click on the links.

 

 

 

Roger Senserrich