Skip to Main Content
Menu Button
CBIA

Take Action

Join Now

‘Malicious’ Email Scam Targets Businesses

06.04.2026
Featured
Small Business

Connecticut businesses are the target of a new email scam that could expose companies to malware, network breaches, and potential financial losses.

Emails claiming to be from Connecticut Office of the Secretary of the State contain a malicious Team OpenSign link that prompts users to review and sign an undisclosed digital document.

The scam email features the sender’s address as “[email protected]” and the subject line: “The Office of the Secretary–Connecticut Business Registry has requested you to sign Connecticut Business Registry.”

“Your signature is crucial to proceed with the next steps as it signifies your agreement and authorization,” reads the text of the email, which includes a “Sign here” link.

Those who click the link risk sharing sensitive information with cybercriminals.

Warning

The Secretary of the State’s Office issued a warning about the scam—known as a spoofing attack—to businesses June 1.

“Cybercriminals are getting more sophisticated, and it’s critical that businesses stay alert,” Secretary of the State Stephanie Thomas said.

“Our office will never send unsolicited documents for signature. If something feels off, trust your instincts and verify before you click.”

The secretary’s office cautioned that the “best defense is an informed and vigilant public,” sharing the following guidance for identifying and preventing cyberattacks:

  • Official emails: Emails from the Office of the Secretary of the State will always come from a @ct.gov email address.
  • Verify the sender: All standard email applications allow recipients to see the real sender by hovering over or clicking on the “from” address. If this process reveals an address that is not @ct.gov, the email does not come from the state and should not be trusted.
  • Be careful with lookalike domains: Hackers are sophisticated. While checking the email address is essential, you must remain suspicious even if the email appears to be official. Criminals can trick you by using a very similar-looking address (like @cct.gov or @ct-gov.org), hoping you won’t notice the small difference.

Security Reminders

The SOTS’ office also shared a list of security reminders:

  • Do not respond to or click any links in an email you suspect is malicious.
  • All official business filings can be accomplished by going directly to business.ct.gov and logging in. If you are suspicious of a link, even in an email from @ct.gov, do not click it. While the Business Services Division may include quick links for convenience, it is never necessary to click a link to make a business filing.
  • Never give your business.ct.gov credentials to anyone and turn on multi-factor authentication for added security.
Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

RELATED

EXPLORE BY CATEGORY

COMING EVENTS

Sat  |  Jun 06  |  10:00 am EST
National Civics Bee Connecticut State Finals 2026

2026 National Civics Bee Connecticut State Finals

Tue  |  Jun 09  |  1:00 pm EST

Activate AI: Spring Workshop Series 

Thu  |  Jun 11  |  1:00 pm EST

The Wheel of Health: CBIA Leadership Essentials

Stay Connected with CBIA News Digests

The latest news and information delivered directly to your inbox.

CBIA IS FIGHTING TO MAKE CONNECTICUT A TOP STATE FOR BUSINESS, JOBS, AND ECONOMIC GROWTH. A BETTER BUSINESS CLIMATE MEANS A BRIGHTER FUTURE FOR EVERYONE.

Join CBIA Today