An individual we haven't identified is contacting CPA, accounting, and financial firms across the country while posing as IronGlove Studio® and as our owner, Derek Neuts. The messages come from a free Outlook address, not from us, and use a signature that copies our logo and real company details. We handle all of our accounting in-house, our taxes are filed on time, and we never file extensions, so any tax or financial outreach in our name isn't legitimate. We are a co-victim of this scheme, too. We have reported it to law enforcement and to Microsoft, we are pursuing it through counsel, and we are sharing what we know so you can verify quickly and protect yourself.
Anything from a free or throwaway address (Outlook, Gmail, Yahoo) or a lookalike domain such as iron-glove-studio.com or ironglove.studio.net is not us, no matter what the signature says. The operator changes addresses often, so the rule that always holds is simple: if it doesn't end in @ironglove.studio, it isn't us.
This is the only number to trust, and it's the one on this page. When you call, an automated assistant answers, screens the call, and routes you to the right person, and a member of our team follows up directly (if required). The assistant is there to help you verify quickly and this isn't a sign that anything is wrong. The scammer has used lookalike VoIP numbers that are only one digit off, and in some messages has copied our real number to make the contact appear legitimate. Either way, the number on this page reaches us.
Real work with us begins with a scoping conversation and a signed agreement. We will never cold-email or cold-call you to request credentials, financial records, or system access, and we will never send unsolicited documents or meeting invitations. If you received any of those in our name, it isn't us.
Here's what this person is actually doing, so you can recognize it:
Because our email is locked down. We use strict authentication (SPF, DKIM, and DMARC at full enforcement), so no one can send a message that appears to come from @ironglove.studio. That is exactly why the impersonator has to fall back on a free account and a lookalike signature.
This is not a one-off note. We filed a police report with the Canby Police Department and reported the impersonation to the FBI, we are cooperating with law enforcement, and we have reported the fraudulent Outlook address to Microsoft. We are also pursuing the matter through counsel to have the account shut down and to identify the person behind it for prosecution and civil damages. We will keep this page updated as the situation develops.
Don't reply, don't send anything, and don't agree to a meeting. Keep the message, report it to the FBI at ic3.gov, and (optionally) let us know so we can add it to the record. The more firms that report, the stronger the case, and the safer your financial community will be.
