One firm reported that it opened the affected attachment, which launched malware that quickly found the accounting office’s computers, accessed bank numbers and passwords, and nearly completed a fund transfer from the company’s account. Because of experiences such as this one, the BBB recommends the following to anyone who receives the e-mail:
• Do not open attachments.
• Do not click on links.
• Forward the e-mail to firstname.lastname@example.org.
• Delete the e-mail from your inbox, and then delete it again from your trash or recycling folder.
• Run a full system scan using reputable virus software.
If you receive an e-mail saying your business has a complaint filed against it with BBB, there are several things you can do to authenticate it:
• Look for typos, grammatical errors, etc. in the text that could indicate it originated overseas.
• Check to see who it says it is from. Complaints go out from the local BBBs, not from the headquarters office.
• Hover your mouse over the link to see if its destination is really a bbb.org address.
The BBB system is working with federal law enforcement agencies to identify the perpetrators of this fraud and has employed the services of a phishing deactivation service to shut down the sites that were hosting the malware.
As of last week, more than 50 sites had been shut down. Deactivating the Web sites set up by the scam artists ensure that recipients who click on the link in the scam e-mails won’t have a virus loaded onto their computers.
It does not, however, prevent the e-mails from going out in the first place.
Bottom line, always be cautious about clicking on links or opening attachments from people or agencies that you are not in active communication with. While you may be familiar with organizations such as the BBB, IRS, FBI or some popular banks, don’t automatically assume the e-mail that you receive is actually from that organization.