When the Cops Aren’t the Cops

You have been tracking the developments in Washington, D.C., relating to the Federal Trade Commission’s beefed-up efforts to police dealers, and you know that one of the ways the FTC picks its targets is by fielding consumer complaints. So what’s your reaction when your dealership receives an email purporting to be from the FTC with a subject line that says “Urgent: Pending Consumer Complaint”?

People who aren’t suspicious of everything that they receive on the Internet would likely scream, “Yikes!” then open the thing to see how much trouble they were in. That would be a bad idea.

On September 1, 2011, the FTC warned small businesses that any email they receive with that subject line is not from the FTC. The email, according to the FTC, says that a complaint has been filed with the agency against the company receiving the email. The FTC advises not to click on any of the links or attachments with the email. Clicking on the links may install a virus on the computer. Double yikes!

This development brings to mind an incident a couple of years ago in Florida in which two fellows in dark suits showed up at a Florida dealership, flashed some ID and announced that they were from the FTC and had come to conduct a privacy safeguarding audit on the dealership. They spent the day plowing through the dealer’s customer files, and pirated all the personal financial information they could stuff into their briefcases. You know how this is going to end. It turns out that they were identity thieves, and you can imagine the ensuing mess.

So, if the phone rings with a purported FTC staffer on the other end asking for information, if two guys dressed like the Blues Brothers flash what look like FTC badges or if you receive one of these bogus emails, it’s time to toss out the old anchor and stop the boat. If you have any doubt, and I mean any doubt, that you are really dealing with the FTC (or the FBI, the local cops, the Consumer Financial Protection Bureau, the IRS or any other sort of enforcer), go into “information defense” mode.

Instruct your folks never to answer or open emails like this one. If you are dealing in person or on the phone, do not take any action with regard to any requests you have received until you have verified, as politely as possible (in case they are the real deal), that the people you are dealing with are actually who they say they are. And it goes without saying that you shouldn’t fall for the old trick of verifying their identities by calling the number provided to you by the imposters. Go to the phone directory or Internet and find the number of the office the fraudsters claim to represent. Remember, with staff turnover, this is the sort of lesson that has to be reiterated to your staff again and again.

If you are, in fact, dealing with fraudsters, these precautions will likely run them off. If you happen to be dealing with real, live enforcement personnel from a federal or state agency, they are far more likely to be impressed with the care you are taking in protecting your customers than they are to be miffed at the delay caused by your identification precautions.

Given the level of staffing at the FTC, the CPFB and other enforcement agencies, it’s pretty unlikely you will get a visit from any of their folks. Actually, when it comes to the enforcement agencies, I’d be a lot more worried about agency personnel engaged in mystery shopping, posing as shoppers to gather information on your business practices, but that’s an article for another day.