Another BBB Phishing Scam. Don’t Bite!
Phishing scams look like legitimate email, and they are getting more sophisticated every day. What these con artists are really after is your banking and financial information. And they won’t mind destroying your computer to get it.
Once again, scammers are sending emails that appear to come from your trusted Better Business Bureau. They’ll tell you that a complaint has been registered against your business, or that a customer has submitted a review of your business. (It doesn’t matter that you might not even OWN a business.)
The email will ask you to download and complete an attached form, or it will ask you to click on a link to view and respond to the consumer posting. Don’t do either!
The “attached form” is actually an executable file that will drop a nasty virus onto your system. Next thing you know, you’ll see a pop-up message that claims your computer is infected with dozens of viruses, and that will offer to clean your system for a fee. If you provide your credit card or banking information to have your system cleaned, you will waste your money, and the scammers will then have access to your funds and will steal even more of your money.
The links in the bogus email are dangerous, as well. They look like a link to a BBB page, but the code behind the link will actually route your browser to a website where malware is dropped onto your computer. The malware is written in such a way that it usually passes by anti-virus programs undetected. Once the malware is in place, the scammer can sniff for your banking information (including user names and passwords), and can use your system to send more scam emails out to your contacts under your name.
The bottom line is this: If you don’t own a business, you can disregard any BBB email that claims your company has been the subject of a customer communication. If you do own a business, you can always check with your local office to confirm the legitimacy of any email purporting to come from BBB. To find your local office, visit www.bbb.org/find. But never click on a link in an email or download an attachment unless and until you confirm that it truly came from BBB.
BBB would like you to send us any bogus emails claiming to come from BBB. Forward the email(s) to email@example.com. Don’t worry if you receive a notification that the email could not be delivered because of an attached virus. We pull them from quarantine and examine them anyway. Please understand that we would like to reply to each email, however, when the traffic to the phishing mailbox is particularly heavy, we might not be able to offer a direct reply. If you need personal assistance with an email, contact your local BBB.
ALERT: Phishing Scam Looks Like BBB Email…But It’s Not
The BBB name and logo are being fraudulently used by criminals in an on-going phishing scam. The emails look very much like notice of a complaint from BBB, but contain links to malware that can infect your computer, steal passwords, etc. BBB is working with law enforcement, as well as with a private deactivation firm (at our own expense), to shut down as many criminal websites as possible. To date, we have shut down well over 100 sites.
If you get an email that looks like it is a BBB complaint, here is what you should do:
- Do NOT click on any links or attachments.
- Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
- Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
- Hover your mouse over links without clicking to see if the address is truly from bbb.org. The URL in the text should match the URL that your mouse detects. If the two do not match, it is most likely a scam.
- Send a copy of the email to firstname.lastname@example.org (Note: This address is only for scams that use the BBB name or logo)
- Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
- Run anti-virus software updates frequently and do a full system scan.
- 8. Keep a close eye on your bank statements for any unexpected or unexplained transactions.
If you have a business and are not certain whether the complaint is legitimate, contact your local BBB (www.bbb.org/find).
Email Phishing Scam Hijacks BBB Name, Again!
A new scam using the BBB name popped up this morning, and has been received by consumers and businesses across the U.S. and Canada…including many BBB offices! How the Scam Works:
Two versions of the email have been received. One claims to be following up on a complaint filed with BBB, the other is asking for updated contact information “as a service to BBB Accredited Businesses.”
Both are good fakes – they use correct grammar and follow formats often used by BBB, so they look quite realistic. Both refer the recipient to an online form, and the address appears to be that of a local BBB. However, if you hover your mouse over the web address (the part that begins with http), you can see that the real address is not BBB at all. DO NOT CLICK ON THE LINK!
The link actually takes you to a rogue website that downloads a Trojan virus on your computer.
BBB is working with a professional deactivation service to take down the websites that are spreading the malware, and we have reported the incident to the FBI and other law enforcement agencies. Consumers are urged to delete suspicious emails and keep their anti-virus software up-to-date at all times. Example of the Phishing Email:
Check out a screen shot
of a sample phishing email. The text is below:
Thank you for supporting your Better Business Bureau (BBB).
As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.
We encourage you to use our ONLINE FORM to provide us with this updated information. The URL below will take you directly to this form on our website:
(UserID: 882600422 Password: mcvn34JDF3r54f)
You may also complete the form on the reverse side of this letter and mail to PO Box 1000; DuPont, WA; 98327; or fax to (206)436-5496.
Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.
Thank you again for your support, and we look forward to receiving this updated information.
BBB Warns Consumers and Businesses About Phishing Scam
Arlington, VA – April 3, 2012 – The Council of Better Business Bureaus (CBBB) issued the following statement today:
“For the past 4+ months, BBB has been the victim of a massive phishing scam that uses our name and logo to fool people into thinking the email is from BBB concerning a complaint against their business. Although they appear to be coming from a BBB computer, they are not.
The emails appear to have been totally random in who they are sent to. They have gone to businesses, but they have also gone to individuals who have never owned a business, as well as to educational, nonprofit and government addresses. There is no indication that BBB Accredited Businesses are being targeted.
The emails appear to be part of a criminal campaign that has spoofed other trusted identities, including Bank of America, Intuit (maker of Turbo-Tax) and the Internal Revenue Service. The FBI has made this a priority and CBBB is working closely with their cyber crime division and other law enforcement agencies to shut down the scammers.
The spammers’ goal is to get as many email recipients as possible to click on the link within the email which redirects to a website infected with malware. If you clicked on the link within these emails, your computer is likely to be infected. The criminals then use that malware to transfer money out of bank accounts or obtain additional email addresses.
BBB is directing many resources to combat this attack. We have hired security specialists to track the fraudulent emails and shut down the websites hosting the malware. We have been working with forensic criminal experts to make sure no malware has infiltrated BBB’s computers or those of our vendors.
In the past week, many recipients have gotten multiple copies – sometimes dozens or even hundreds – of the same email. This may be due to some unsophisticated “copycat” spammers who don’t even know or care that they are sending multiples of the same email.
The two things people can do right now to prevent being victimized by this scam or other phishing scams:
- Install good anti-virus software on your computer(s) and get regular updates of virus definitions several times a day.
- Never click on links in emails that have come to you unsolicited.
If you have clicked on a link in one of these emails, run a complete system scan of your computer or network, and make sure your anti-virus software includes elimination of the Zeus or Z-bot virus.”
ABOUT BBB: For 100 years, Better Business Bureau has been helping consumers find businesses, brands and charities they can trust. In 2011, consumers turned to BBB more than 100 million times for Business Reviews on more than 4 million companies and Charity Reviews on 11,000 charities, all available for free at www.bbb.org. The Council of Better Business Bureaus is the umbrella organization for 116 local, independent BBBs across the United States and Canada, as well as home to its national programs on dispute resolution and industry self-regulation.