The Better Business Bureau is warning business owners and consumers that criminals are fraudently using the BBB name and logo in an on-going phishing scam.
The emails look very much like notice of a complaint from BBB, but contain links to malware that can infect your computer or steal passwords.
Example of email being sent:
If you get an email that looks like it is a BBB complaint:
- Do NOT click on any links or attachments.
- Read the email carefully for signs that it may be fake (for example, misspellings, grammatical errors, generic greetings such as “Dear member” instead of a name, etc.).
- Be wary of urgent instructions to take specified action such as “Click on the link or your account will be closed.”
- Hover your mouse over links without clicking to see if the address is truly from bbb.org. The URL in the text should match the URL that your mouse detects. If the two do not match, it is most likely a scam.
- Send a copy of the email to firstname.lastname@example.org (Note: This address is only for scams that use the BBB name or logo)
- Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
- Run anti-virus software updates frequently and do a full system scan.
- Keep a close eye on your bank statements for any unexpected or unexplained transactions.
- If you have clicked on any of the links within the email, immediately change your email and network passwords AND notify your local IT provider for next steps and actions.
NOTE - If the link you clicked appeared to be for a Google Doc, a malicious service called "Google Docs" may gain access to everything within your Google account. You should, as soon as possible, access your Google permissions page to see what apps and sites are connected and have access to your account. Remove the Google Docs app, and then change your password.
If you have a business and are not certain whether the complaint is legitimate, reach out to us at 336.632-4970.
Please be assured BBB is working with law enforcement as well as a private deactivation firm to shut down as many criminal websites as possible. To date, we have shut down well over 100 sites.