The Department of Consumer Protections (DCP) issued an advisory today to warn Connecticut residents of a phishing scam targeting the state’s eLicense registration system.

“The Department of Consumer Protection issues more than 200,000 credentials annually, most of which are managed using the eLicense system,” said Bryan Cafferelli, DCP Commissioner. “Phishing attempts and imposter scams are common, so it is important to remain vigilant and recognize the signs of a scam.”

Scammers posing as government officials have been sending emails to eLicense users asking them to verify information on licenses they hold. The scammers threaten to revoke the user’s license if they don’t verify the information within 24 hours, and provide a link to a phony government website where they are asked to sign in using their account information.

The state’s eLicense program is an online portal that provides state residents, businesses, and organizations access to various types of licenses, permits, registrations, or certifications. According to the state’s eLicense website, over 800 state-issued credentials are accessible through the service. It is possible to download rosters of names, addresses, and other personally identifiable information on the state’s eLicense website.

The DCP statement included telltale signs of identifying these scam emails; the ‘from’ name of the scammers’ email addresses will not end in ct.gov, nor will the web address of the link provided in the email. Furthermore, the statement asserted that the DCP will never revoke a state-issued license without first holding a formal hearing.

Kaitlyn Krasselt, the DCP’s Communications Director, said that while some personal information may be accessed through eLicense users’ accounts, it is likely that scammers are targeting users in an attempt to identify passwords they may use on other accounts.

“It depends on the credential type, however, most credential holders do have to provide some personal information in order to obtain their credential that could be stored in their account,” said Krasselt. “The primary piece of information these scammers are looking for is the password individuals are using for their account, as many people use the same password for multiple accounts, such as bank accounts.”

Krasselt said that the DCP was made aware of the scam earlier this week by the Department of Administrative Services’ IT team. She said the DCP has no way of knowing how many eLicense users have been contacted by scammers, but said that scams such as these are “very common.” Last year, the FTC received over 330,000 reports of business impersonation scams and 160,000 reports of government impersonation scams, leading to an estimated $1.1 billion being stolen from victims of such scams.

The DCP recommends any person who has already provided their eLicense login to scammers to change the password on their eLicense account as well as any other account sharing the same password. eLicense users who receive such emails are advised to delete them, and can report scams by filing a complaint here.

Republish This Story

Republish our articles for free, online or in print, under a Creative Commons license.