They're at it again! Phony emails bearing the BBB name are bombarding in-boxes across North America. The recent attack on consumers and businesses led the FBI to issue an alert this week about the recurrent scam.
Like many financial institutions and government agencies, BBB's visibility and reputation for trust makes us an ideal vehicle for scammers. Consider that bbb.org receives over six million visits every month; this makes us an attractive decoy for fraud and malicious activity.
We recommend that all domain owners set up a sender policy framework (SPF) and set their spam filter to use it. “Using the SPF standard helps fight spam and phishing attacks by allowing your email servers to verify whether an email is legitimate.
Microsoft offers a simple, four-step process for setting up an SPF:www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/.
There are two authentic BBB email addresses that should be whitelisted:
If you receive an email saying that your business has a complaint filed against it with BBB, there are several things you can do to authenticate it:
Note - an authentic email from BBB will always:
The BBB system is working with federal law enforcement agencies to identify the perpetrator(s) of this fraud and has retained a deactivation company to help with those efforts.