Better Business Bureau is alerting consumers and businesses about a phishing scheme that uses e-mail messages directing recipients to respond to a complaint filed with BBB.
BBB wants the public to know that such messages are not coming from any element of the BBB System.
Reports to BBB indicate that businesses and consumers began receiving bogus messages yesterday, requiring them to “review this matter and advise us of your position .” The e-mail also provided a link for the process.
Following is a copy of an actual e-mail associated with this phishing scheme:
November 23, 2011 6:26 AM
To: Betty Graham
Subject: Complaint # 22101311
The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you.
The details of the consumer's concern are included on the reverse.
Please review this matter and advise us of your position.
As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.
We encourage you to use our ONLINE COMPLAINT system to respond this complaint.
The following URL (website address) below will take you directly to this complaint and you will be able to enter your response directly on our website: http://www.bbb.org
About Better Business Bureau
As the leader in advancing marketplace trust, Better Business Bureau is an unbiased non-profit organization that sets and upholds high standards for fair and honest business behavior. Every year, more than 65 million consumers rely on BBB Reliability Reports® and BBB Wise Giving Reports® to help them find trustworthy businesses and charities across North America. Visit www.bbb.org. Follow us on Twitter and Find us on Facebook.
Anyone receiving one of these e-mails should not click on any links or in any way respond to the message, because doing so may allow harmful viruses or spyware to enter the recipient’s computer or network.”
BBB has determined that there are a number of addresses and subject lines being used in to perpetrate the e-mail element of the attack. Following is a representative sample of actual addresses used in this attack:
• Address: email@example.com
• Address: firstname.lastname@example.org
BBB is advising consumers and businesses to take the following precautions and actions to steer clear of this phishing attack and to protect their computer systems and networks.
• Anyone receiving an e-mail similar to those described should not open the message, not click on any links, or respond to the message – the message is not from any entity affiliated with BBB. Opening or viewing a preview of the e-mail, or clicking on the link within the e-mail, could enable a discreet download of a virus or spyware.
• Report receipt of any such messages. BBB works with the U.S. Secret Service's Electronic Crimes Task Force (ECTF) to address phishing issues using the BBB name.