Both Ignite Consulting Partners and the National Independent Automobile Dealers Association warned dealerships about what they believe to be a phishing scam with fraudsters pretending to be from the Consumer Financial Protection Bureau.

In an industry message, Ignite Consulting Partners shared the contents of a message many of its dealer clients have received recently, which included:

The CFPB is conducting a furnisher compliance audit to assess adherence to reporting standards, data accuracy, and information security practices.

This review is part of CFPB’s ongoing oversight process to verify that all active data furnishers maintain compliance with established reporting and verification requirements.

You are required to provide the following information within three (3) business days of receiving this notice. Please use the secure portal below to submit all requested information.

INFORMATION REQUESTED

  1. Primary Reporting Contact
  • Current compliance officer or primary reporting contact
  • Name, phone number, email address, and mailing address
  1. Reporting Activity Summary
  • Total number of active accounts reported during the last 12 months
  • Types of accounts reported (e.g., revolving, installment, commercial, etc.)
  1. Sample Data Verification
  • A random sample of 25 accounts reported within the last three months
  • This file must be uploaded in CSV format using the designated upload section in the secure portal

Please ensure all transmitted files exclude consumer PII unless required for verification.

All uploads are encrypted in transit (TLS) and securely stored at rest.

  1. Subscriber Codes
  • Subscriber code for each credit bureau (Experian, TransUnion, Equifax, Dun & Bradstreet) to which you furnish data.
  1. Reporting Agreements
  • A copy of your current reporting agreement for each credit bureau to which you report

Thank you for your prompt attention to this request.

If you have any questions regarding this audit or submission process, please contact our compliance team using the details provided in the secure portal.

Sincerely,
Compliance Audit Division
Consumer Financial Protection Bureau (CFPB)

“We want to let all of our clients and friends know that late last week we were contacted by a number of dealers that received this purported email below that claims to come from the CFPB,” Ignite said in the industry message.

“For a variety of reasons, we believe this email to be a phishing scam from bad actors and is not a valid request from the CFPB,” Ignite continued. “If you’ve received such a request, our guidance is not to click on the link. You can always contact the CFPB through its website or by calling the phone numbers on the website if you want to further investigate this matter.”

In a separate industry message, NIADA made similar assertions and suggestions.

“NIADA wants to alert members about recent fraudulent e-mails claiming to be from the Consumer Financial Protection Bureau (CFPB),” the association said. “The email claims that the CFPB is conducting a furnisher compliance audit to assess adherence to reporting standards, data accuracy, and information security practices. It claims businesses have three days to comply with the request. It includes a clickable link.

“This phishing attempt follows a common practice with scammers relying on urgency and timing to pressure recipients into clicking quickly. These e-mails are not legitimate and may be designed to steal sensitive information or install malware,” NIADA continued.

“Do not click on links or attachments in suspicious emails and do not reply, forward, or share personal information. Always verify addresses directly through official .gov websites or contact numbers,” NIADA went on to say. “A reminder that the CFPB will never ask for personal or account information by e-mail.”

Dealers with questions or concerns can contact Ignite Consulting Partners at (682) 499-0325 or [email protected].