Best Practices to Protect Your IEEPA Refund Information

Most importers are focused on getting IEEPA refunds filed. Very few are focused on how easily those refunds can now be intercepted, delayed, or compromised.

That’s the real risk emerging with CBP’s CAPE rollout.

CBP just issued a warning that scammers are actively targeting importers seeking IEEPA duty refunds through fake emails, fraudulent websites, and requests for ACE credentials, banking information, and company data.

On paper, the process sounds straightforward: File through ACE. Submit the CAPE Declaration. Recover eligible duties.

But we’re already seeing where this breaks down operationally. In many cases, importers don’t have centralized control over ACE access, account ownership is outdated, or multiple third parties are involved in the refund process without clear verification protocols. That creates exposure — especially when refund dollars are involved.

The companies most at risk are the ones moving quickly without strong internal controls:

• Decentralized import operations
• Shared ACE logins
• Outdated account contacts
• Heavy reliance on email-based communication

The companies least affected tend to already have disciplined customs governance, restricted portal access, and direct oversight of refund activity.

Watch out for:

• Requests for personal or financial information
• Offers of refunds in exchange for data
• Unsolicited emails, calls, or texts
• Pressure to act quickly
• Poor grammar, spelling errors, or suspicious links in solicitation emails

Take steps to protect your information:

• Ensure ACE account owner information is accurate and up to date.
• Do not respond to unsolicited emails about IEEPA refunds. CBP will not independently schedule reports to be delivered to users’ e-mail addresses. If trade users schedule ACE reports to be run and provided via email, reports will be provided from the following CBP email address: bobjadm@cbp.dhs.gov.
• Beware of phishing attempts: If you receive emails claiming to be from CBP regarding CAPE refund reports, verify the sender (all CBP email addresses end in “@cbp.dhs.gov”) and do not click on any links or attachments that have not been sent by CBP.
• Never share sensitive information: Do not provide personal or financial information in response to emails regarding CAPE refund reports or IEEPA refunds unless it is from a CBP email address (“@cbp.dhs.gov”).
• Use official channels: Always use official CBP email addresses for any questions or concerns.
• Report suspicious activity: If you receive suspicious emails or communications, report them to IEEPAFraud@cbp.dhs.gov.

The DHS Office of the Inspector General (OIG) also investigates fraudulent allegations by submitting a complaint through the DHS OIG Hotline.

And this isn’t just a cybersecurity issue. If bad actors gain access to account information, the downstream impact can mean delayed refunds, compromised banking data, operational disruption, and significant time spent untangling filings and permissions with CBP.

The bigger point here: refund recovery is now both a compliance process and a data security process.

Importers that treat CAPE filings like routine paperwork are underestimating the operational risk attached to these claims.