Can a third-party website file an IEEPA refund request for me?

No. CBP says the only way to submit an IEEPA refund request is through a CAPE Declaration filed in a verified ACE Secure Data Portal account. Do not enter company, banking, or ACE information into a non-ACE website that claims to process IEEPA refunds.

Will CBP ask for bank account details or passwords by email or text?

CBP says it generally will not request sensitive information such as Social Security numbers, bank account details, or passwords by email or text message. Treat any such request as suspicious until it is verified through an official CBP channel.

Where should suspicious IEEPA refund messages be reported?

CBP identifies IEEPAFraud@cbp.dhs.gov as the reporting address for suspicious IEEPA refund communications. Companies can also consider a DHS Office of Inspector General Hotline complaint for fraud allegations.

Does scam cleanup change my protest or CAPE filing deadlines?

No. Security cleanup and refund-right preservation are separate workstreams. Continue to monitor CAPE eligibility, ACH enrollment, liquidation dates, protest deadlines, and possible CIT options while investigating suspicious outreach.

IEEPA Refund Scams: How to Verify CAPE Requests in 2026

Q: What email domain should legitimate CBP messages use?

CBP says official CBP email addresses end in @cbp.dhs.gov. Scheduled ACE report delivery emails may come from bobjadm@cbp.dhs.gov only when a trade user has scheduled those reports.

CBP has warned importers that scammers may use social media, email, text messages, phone calls, and fake websites to target IEEPA refund claimants during the CAPE rollout. The risk is simple: a party that gets your ACE credentials, company information, or ACH refund data may be able to delay, redirect, or interfere with a legitimate refund claim.

This guide turns CBP’s warning into a practical verification checklist for importers, brokers, finance teams, and trade-compliance managers.

IEEPA refund scam prevention checklist for CAPE filing and ACE Portal verification

What CBP Warned About

In CSMS #68569567, Best Practices for Protecting Your Information Regarding IEEPA Refunds, CBP says it expects scammers to try to secure importer account information in order to interfere with the IEEPA refund process. CBP specifically flags refund offers from unknown parties, requests for company or banking information, unsolicited emails or texts, urgent pressure, poor grammar, spelling errors, and suspicious links.

The most important rule is direct: a CAPE Declaration filed through a verified ACE Secure Data Portal account is the only way to submit an IEEPA refund request. A website outside ACE that claims to process IEEPA refunds should be treated as unsafe until proven otherwise through official CBP channels.

Before your team shares company data, entry lists, ACE screenshots, importer records, ACH information, or credentials, verify the request against this checklist:

The request came through an expected contact, not an unknown sender.
The sender’s CBP address, if it claims to be CBP, ends in @cbp.dhs.gov.
The request does not ask for passwords, Social Security numbers, or bank account details by email or text.
The filing path stays inside ACE, not a third-party refund website.
The broker, consultant, recovery firm, or attorney is already authorized by your company.
Any urgency is tied to a real statutory date, such as liquidation, the 80-day reliquidation window, a reconciliation due date, or the 180-day protest deadline.

If any item fails, pause the exchange and verify through a known phone number, an existing engagement contact, or an official CBP email address.

Legitimate CAPE Work Happens in ACE

CAPE filing and monitoring should run through ACE and the official reports CBP has identified for CAPE refund tracking. Start with the CAPE filing guide if you need the end-to-end process, and use the ACE reports monitoring guide to track declaration, entry, and refund status after filing.

CBP’s CSMS #68536553, CBP Offers Multiple ACE Reports for Monitoring CAPE Refund Claims, identifies several legitimate ACE reports. ES-022 links CAPE declaration, entry, and refund numbers and separates principal from interest. REV-603 tracks refund secondary statuses after Treasury receives the refund, including sent to Treasury, Treasury issued, funds diverted, and check or ACH returned. REV-613 helps identify ACH rejected refunds, and REV-615 provides entry-summary-level refund details.

CBP also notes that scheduled ACE report delivery emails may come from bobjadm@cbp.dhs.gov, but only when trade users schedule those reports. A message claiming to include CAPE reports is more suspicious if your team did not schedule the report.

Protect ACH and Account Ownership

IEEPA refunds are paid through ACH when the correct enrollment is in place. That makes account ownership and banking controls part of refund protection, not just finance administration.

Review these controls before and after filing:

Confirm the ACE Trade Account Owner is current and controlled by the right company personnel.
Limit ACE access to users who need it for CAPE, reports, or account maintenance.
Confirm ACH enrollment before relying on refund timing estimates.
Review who can update banking information and require internal approval for any changes.
Watch REV-613 and related refund reports for ACH rejections.
Keep a short audit log of who prepared, approved, and filed each CAPE declaration.

Red Flags That Should Stop the Process

Treat these as stop signs:

A party offers to file an IEEPA refund if you first provide banking data, ACE login credentials, or owner information.
A message links to a non-ACE website that asks for refund details.
A sender claims CBP needs bank account details, passwords, or Social Security numbers by email or text.
A caller pressures your team to act before you can verify the request.
The message uses a lookalike domain, attachment, shortened URL, or generic email account.
The party cannot explain which entries, entry numbers, declaration numbers, or refund reports are involved.

The right response is not to argue with the sender. Stop, preserve the message, notify the internal owner of ACE and banking controls, and verify through a trusted channel.

What to Do if You Already Shared Information

If someone in your company already responded to a suspicious CAPE or IEEPA refund request, split the response into three workstreams.

First, secure access. Change relevant passwords, review ACE users, revoke unnecessary permissions, and verify account-owner information. If banking data may have been exposed, notify finance and the bank through established contacts.

Second, preserve evidence. Save the message headers, sender address, phone number, links, attachments, screenshots, and any data that was shared. Do not delete the message thread until counsel or IT confirms it is no longer needed.

Third, report and monitor. CBP identifies IEEPAFraud@cbp.dhs.gov for suspicious IEEPA refund communications. Depending on the facts, your company may also consider a DHS Office of Inspector General Hotline complaint. Continue running ACE reports so you can spot unexpected refund statuses, ACH rejections, funds diverted, or changes in declaration activity.

Do Not Let Scam Cleanup Replace Refund Preservation

Security cleanup does not pause CAPE, liquidation, protest, or litigation deadlines. Keep the refund-rights workflow moving while IT and finance investigate the suspicious contact.

For clean Phase 1 entries, the usual path is still to file through ACE, fix validation errors, confirm ACH enrollment, and monitor reports. For entries outside CAPE Phase 1, keep protective protests and possible Court of International Trade review on the table. A scam warning is not a reason to miss the 180-day protest deadline or wait passively for an unannounced Phase 2 remedy.

If your team needs a quick triage, use the free CAPE assessment to organize the filing, ACH, validation, and backup-rights issues before sharing sensitive data with anyone new.

Source Notes

This article is based on CBP’s IEEPA Duty Refunds page, CSMS #68569567 (Best Practices for Protecting Your Information Regarding IEEPA Refunds), and CSMS #68536553 (CBP Offers Multiple ACE Reports for Monitoring CAPE Refund Claims). CAPE Portal Guide is not CBP, a customs broker, or a law firm.