HB Ad Slot
HB Mobile Ad Slot
EPA Issues Warning About False Environmental Violation Notices
Wednesday, July 31, 2024

Highlights

  • The EPA has warned businesses to be on the lookout for an increasingly common Notice of Violation scam
  • Recipients of suspect notices should contact the EPA's enforcement office to verify authenticity, and should not take any action outlined in the letter, including submitting payment, until they have done so
  • Businesses can and should take proactive steps to protect themselves from this kind of business email compromise

The U.S. Environmental Protection Agency’s (EPA) Office of Inspector General (OIG) has issued a fraud alert stating that businesses have been receiving falsified Notice of Violation letters through the mail or via email demanding payment for alleged environmental violations. The EPA reiterated the warning on its enforcement webpage.

According to the OIG, “The letters allege that the target business violated an environmental regulation such as the Clean Air Act. They indicate that the business owes thousands of dollars in fines and should respond by phone or email.” According to the OIG, “The letters allege that the target business violated an environmental regulation such as the Clean Air Act. They indicate that the business owes thousands of dollars in fines and should respond by phone or email.” The OIG said the email address provided – invoice(at symbol)epa.services – is not associated with the EPA, noting that, “Official U.S. government organizations use the ‘.gov’ domain name; for example, ‘epa.gov.’”

It is best to thoroughly review any Notice of Violation letter received and to contact the EPA's enforcement office directly to verify authenticity. The EPA further clarifies that recipients of notices they believe are false should email OECA_communications@epa.gov with an electronic version of the letter and should not take any action outlined in the letter, including submitting payment.

The OIG offers the following tips on how organizations can protect themselves from this kind of business email compromise:

  • Create organizational policies for receiving new payment instructions, including a multistep process to verify new payment instructions
  • Employ email security systems that can detect phishing attempts, domain spoofing, and other cyber threats, and use two-factor authentication to combat account compromise
  • Train staff regularly on cybersecurity best practices and how to recognize phishing emails and require them to report phishing attempts – even seemingly minor ones

We will follow this fraud alert issue and provide additional information as it becomes available.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins