Another BBB Phishing Scam. Don’t Bite!

  
     
January 15, 2013

Phishing scams look like legitimate email, and they are getting more sophisticated every day. What these con artists are really after is your banking and financial information. And they won’t mind destroying your computer to get it.

Once again, scammers are sending emails that appear to come from your trusted Better Business Bureau. They’ll tell you that a complaint has been registered against your business, or that a customer has submitted a review of your business. (It doesn’t matter that you might not even OWN a business.)

The email will ask you to download and complete an attached form, or it will ask you to click on a link to view and respond to the consumer posting. Don’t do either!

The “attached form” is actually an executable file that will drop a malware onto your system.The malware is written in such a way that it usually passes by anti-virus programs undetected. Once the malware is in place, the scammer can sniff for your banking information (including user names and passwords), and can use your system to send more scam emails out to your contacts under your name.

The characteristincs of the email are as follows:

FROM: address is "BBB" no-replay@bbb.com or "BBB Accreditation Services" <fffff_lllll@newyork.bbb.org> (Where fffff_lllll is a fraudulent first name and last name)

SUBJECT: is BBB SBQ Form #nnnnnnnn(Ref#xxxxxxxxxxx) (Where “n” and “x” are random numbers) 

ATTACHMENT is named: BBB SBQ Form.zip

The bottom line is this: If you don’t own a business, you can disregard any BBB email that requests that you fill out an SBQ form. If you do own a business, you can always check with your local office to confirm the legitimacy of any email purporting to come from BBB. To find your local office, visit www.bbb.org/find. But never click on a link in an email or download an attachment unless and until you confirm that it truly came from BBB.

BBB would like you to send us any bogus emails claiming to come from BBB. Forward the email(s) to phishing@council.bbb.org. Don’t worry if you receive a notification that the email could not be delivered because of an attached virus. We pull them from quarantine and examine them anyway. Please understand that we would like to reply to each email, however, when the traffic to the phishing mailbox is particularly heavy, we might not be able to offer a direct reply. If you need personal assistance with an email, contact your local BBB.