E-mail phishing scams using the Better Business Bureau’s name and logo continue to proliferate across the Web. Most of the e-mails carry the BBB torch logo and come with the subject line, “Complaint from your customers” or “Urgent: Your Prompt Reply Is Necessary” but new subject lines are still popping up. The e-mails have a link or an attachment containing malicious phishing malware that steals information, often with devastating results. We also believe that the virus lies dormant on the computer for a period of time, only to eventually resend itself to the victims’ contact list.
One firm reported that it opened the affected attachment, which launched malware that quickly found the accounting office’s computers, accessed bank numbers and passwords, and nearly completed a fund transfer from the company’s account. Because of experiences such as this one, the BBB recommends the following to anyone who receives the e-mail:
• Do not open attachments.
• Do not click on links.
• Forward the e-mail to firstname.lastname@example.org.
• Delete the e-mail from your inbox, and then delete it again from your trash or recycling folder.
• Run a full system scan using reputable virus software.
If you receive an e-mail saying your business has a complaint filed against it with BBB, there are several things you can do to authenticate it:
• Look for typos, grammatical errors, etc. in the text that could indicate it originated overseas.
• Check to see who it says it is from. Complaints go out from the local BBBs, not from the headquarters office.
• Hover your mouse over the link to see if its destination is really a bbb.org address.
• If you still are not sure, contact us at email@example.com or firstname.lastname@example.org to ask whether you really have a complaint (do not reply to the e-mail you received).
The BBB system is working with federal law enforcement agencies to identify the perpetrators of this fraud and has employed the services of a phishing deactivation service to shut down the sites that were hosting the malware.
As of last week, more than 50 sites had been shut down. Deactivating the Web sites set up by the scam artists ensure that recipients who click on the link in the scam e-mails won’t have a virus loaded onto their computers.
It does not, however, prevent the e-mails from going out in the first place.
Bottom line, always be cautious about clicking on links or opening attachments from people or agencies that you are not in active communication with. While you may be familiar with organizations such as the BBB, IRS, FBI or some popular banks, don’t automatically assume the e-mail that you receive is actually from that organization.