ARLINGTON, Virginia – In response to an email that appeared to be official from the Consumer Technology Association (CTA), a potential CES 2022 exhibitor purchased a booth at the show. “The communication included our company name and the signature information of a real CTA employee, with ‘CTA’ in the email username,” said Gary Shapiro, CTA’s president and CEO. “Unfortunately, this was a fraudulent operator who defrauded the unsuspecting company out of thousands of dollars.”
Known as “spoofing fraud,” this and other impersonation schemes are widespread, growing, and affecting a wide range of industries, trade shows, and events. “Since January 2021, we have received at least 60 reports of fraudulent email solicitations using our name and logo,” Shapiro said. “Offering non-existent CES booth space is one tactic. Many also claim to sell our attendee list, which we would never do. These are the cases we know of. The number of unreported intrusions is undoubtedly higher.”
Larger companies, Shapiro noted, are less likely to fall victim to these “boiler room” malicious operators. “They tend to be more experienced at spotting fraud,” he said. “The less savvy startups, entrepreneurs and nonprofits are the ones that are hit the hardest, often with significant and irrecoverable financial losses.”
CES 2022 is hosted by Omicron and shows the world how it’s done
Major brands like CTA are no less targeted, and their reputations are being tarnished. Other deceptive tactics include fraudulent websites claiming to offer CES-affiliated event-related services, such as hotel reservations.
“Conversations with many of our trade association members confirm that this is a growing problem, one that has increased in frequency and sophistication in recent years,” said J. David Grossman, CTA’s vice president of regulatory affairs. “To combat this problem, CTA typically sends a cease and desist letter to the owners of imposter domain names, assuming we can locate them. In cases where fraudsters are using our name and logo, we have also filed trademark infringement complaints with domain registrars and web hosts like GoDaddy and organizations like ICANN. These countermeasures only go so far, however. Malicious actors are elusive and difficult to track, and CTA has limited time and bandwidth to combat this problem.”
Strong regulatory and enforcement measures are being developed. On December 23, 2021, the Federal Trade Commission (FTC) issued a Advance Notice of Proposed Rulemaking (ANPR) on Identity Theft by Businesses and Governments.
“Rulemaking in this area could likely have a market-wide impact and serve as a deterrent to bad actors, given that a rule in this area would subject first-time violators to civil penalties,” FTC Chairwoman Lina M. Khan said in a December 2021 letter announcing the ANPR Act. “It could also allow the Commission to seek redress for people who lose money to these impersonation scams. This effort is especially critical in the wake of AMG (a reference to the U.S. Supreme Court’s April 2021 decision that significantly limited the FTC’s ability to seek monetary redress for consumers under the FTC Act) and would represent one of the agency’s most significant anti-fraud initiatives in decades.”
CTA, in alliance with industry peers such as IAEE and SISO, is doing its part to raise awareness by filing comments with the FTC during the open comment period, which ends February 22, 2022.
“In using this ANPR to formally consider whether to propose a rule, the FTC is seeking information about the prevalence of identity theft practices, the costs and benefits of a rule that would address those practices, and alternative or additional actions such as publishing educational materials for consumers and businesses and holding public workshops,” said Shapiro, who began his career as an attorney at the FTC. “With the authority to issue and enforce broad rules, the FTC can play a major role in combating this problem, starting by bringing much-needed visibility to the issue.”
Shapiro strongly encourages as many other industry groups in a similar and like-minded situation as possible to submit comments about their experiences with identity theft fraud.
“This is a large-scale effort to combat bad actors who are harming our events by using our event names or implying that they are the event organizer and selling fake services or listings and defrauding our unsuspecting customers,” he said. “Even a simple one-page description will be critical to alerting the FTC to the scope and scale of this problem,” Shapiro continued. “This in turn paves the way for the desired rulemaking, which would open the door to increasing the currently limited monetary penalties, creating reporting mechanisms, and other remedies. We will have the opportunity to work with the FTC to include industry-specific language in the rulemaking. The goal is to freeze these illegitimate operators with more substantial measures.”
Trade Fair Manager joins Shapiro in calling for broad industry participation in the fight, starting with submitting comments to the FTC by the February 22, 2022 deadline. Given postal delivery delays due to heightened pandemic-related safety measures, filing online is the fastest and highly recommended.
To do this, go to /comment/FTC-2021-0077-0001. You can also go to the website and type “ANPR Identity Theft; FTC Case No. R207000” in the search box. Then go to the Comments section and share your identity theft fraud story. As the FTC has noted, your comment, including your name and status, will be made part of the public record of this proceeding, including, to the extent possible, on the website.
In the meantime, Grossman recommends that trade show organizers and attendees, as well as members of the business community in general, adopt the same vigilance and best practices as they would as individual consumers when it comes to phishing emails, false claims of affiliation or endorsement, and other scams.
“The same principles apply here when it comes to business impersonation fraud,” he said. “Do you recognize the domain name? Are you expecting an email from the sender? Does it match previous correspondence that you know is legitimate and comes from official channels? These and similar tests are quick and easy ways to spot and avoid a bad actor.”
Trade Fair Manager We will be coming back to the CTA as this important regulatory process evolves. Stay tuned and vigilant.
Contact Gary Shapiro and J. David Grossman at (703) 907-7600 or CustomerService@cta.tech; the Federal Trade Commission at 202-326-2222 or www.ftc.gov/contact