Anyone who receives a suspicious email or phone call claiming to be from a Vermont state agency should not click any links, open attachments, or respond to the message.
The Scam
Vermont businesses and licensed professionals are being targeted by a phishing scam in which fraudsters impersonate state regulators, according to the Secretary of State’s Office.
The scam involves emails that appear to come from the Office of Professional Regulation’s Enforcement Unit. The emails use a spoofed address designed to look like an official State of Vermont email, but they are not legitimate communications from any state agency.
How to Spot the Fake
The Secretary of State’s Office identified several red flags in the fraudulent emails that can help recipients recognize similar attempts:
The sender’s email address is not a vermont.gov address. Legitimate communications from state agencies will come from email addresses ending in @vermont.gov. If the sender’s address uses a different domain, that is a warning sign.
Embedded links do not point to official state websites. When you hover your cursor over a link in the email (without clicking), the destination URL should display. In these phishing emails, the links point to Google or other non-government sites rather than to official vermont.gov or OPR web pages.
Spelling errors and formatting problems. The fraudulent email contains misspellings, including the word “Vermont” itself. Areas where official images or logos should appear may be broken or incorrectly formatted.
What Phishing Is
Phishing is a type of fraud in which scammers send emails or make phone calls that appear to come from trusted sources, such as government agencies, banks, or well-known companies. The goal is typically to trick recipients into clicking malicious links, downloading harmful software, or providing sensitive information like passwords, Social Security numbers, or financial account details.
According to the Secretary of State’s Office, phishing scams by phone and email are at an all-time high.
What To Do
Anyone who receives a suspicious email or phone call claiming to be from a Vermont state agency should not click any links, open attachments, or respond to the message. Instead, contact the relevant agency directly using contact information from the agency’s official website to verify whether the communication is legitimate.
The Office of Professional Regulation has encouraged licensees and businesses to reach out directly if they ever question the legitimacy of a communication.
What Happens Next
The Secretary of State’s Office continues to monitor for phishing attempts targeting Vermont businesses and licensees. Vermonters who receive suspicious communications can verify their legitimacy by contacting the Office of Professional Regulation or the relevant state agency directly through official channels.