AGP Picks
View all

Constitution State Ledger
Provided by AGP

Secretary of the State Stephanie Thomas Warns Businesses of Spoofing Email Scam

Press Releases

Secretary Press Release Seal

06/01/2026


(Hartford, Connecticut) — Secretary of the State Stephanie Thomas is warning all Connecticut businesses to avoid a malicious email circulating that claims to be from the Connecticut Business Registry.

The email contains a malicious Team OpenSign link that prompts the user to review and sign an undisclosed digital document. This type of attack is known as “spoofing,” where the sender changes the “from” address to make the email appear to come from a legitimate source—in this case, the Office of the Secretary of the State (SOTS).

This technique tricks users into clicking malicious links and revealing sensitive information to cybercriminals, which can include login credentials, money transfers, or the download of malware.

“Cybercriminals are getting more sophisticated, and it’s critical that businesses stay alert,” said Secretary Thomas. “Our office will never send unsolicited documents for signature. If something feels off, trust your instincts and verify before you click.”

How to Identify and Prevent Attacks

Unfortunately, our Office cannot prevent these types of attacks. Our best defense is an informed and vigilant public.

  • Official Emails: Emails from the Office of the Secretary of the State will always come from a @ct.gov email address.
  • Verify the Sender: All standard email applications allow recipients to see the real sender by hovering over or clicking on the “from” address. If this process reveals an address that is not @ct.gov, the email does not come from the state and should not be trusted.
  • Be Careful with Lookalike Domains: Hackers are sophisticated. While checking the email address is essential, you must remain suspicious even if the email appears to be official. Criminals can trick you by using a very similar-looking address (like @cct.gov or @ct-gov.org), hoping you won't notice the small difference.

Key Security Reminders

  • Do not respond to or click any links in an email you suspect is malicious.
  • All official business filings can be accomplished by going directly to business.ct.gov and logging in. If you are suspicious of a link, even in an email from @ct.gov, do not click it. While the Business Services Division may include quick links for convenience, it is never necessary to click a link to make a business filing.
  • Never give your business.ct.gov credentials to anyone and turn on Multi-Factor Authentication (MFA) for added security.

Current Alert

A spoof email is currently circulating statewide with a malicious Team OpenSign link. It appears to be sent from the Connecticut SOTS (Secretary of the State) Business Registry. This email is a malicious phishing attempt used to steal your credentials and compromise your devices. Do not click on the links.

Subscribe to Business News for Monthly Resources

If you’d like more information, resources, and alerts like this, click here to sign up for the Secretary of the State’s monthly Business News e-newsletter.

# # #

Contact: Matthew Clyburn
Matthew.Clyburn@ct.gov
(959) 274-6725 

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share this page:

Sign up for:

Constitution State Ledger

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.