[This article is being viewed in your Web Browser. 
To return to your newsletter, please go back to your e-mail application. Thank you.]

Scam Alert: Phishing Persists

No this is not a broken record BUT it is certainly beginning to sound like one! It had been a while since we'd had any new attacks and just when we were beginning to think that we were in the clear the phishing scam strikes again and is back with a vengeance. So, after a pretty quiet month the BBB has renewed it's efforts investigating and working with our partners in security and law enforcement, in an effort to again shut down the troublemakers. The BBB is working diligently, both proactively and reactively to address the problem.

When a small plumbing company in Monroe, Louisiana, got an email recently from BBB saying they'd had a complaint filed against them, they took it seriously. After all, the company is a BBB Accredited Business and the owner serves on the board of directors of BBB of Northeast Louisiana. What they got, however, was much worse than a complaint from an unhappy customer. The email was a fake, a phishing scam that downloaded viruses on two of the small business's computers, which had to be wiped clean in order to get rid of the malware infection. Fortunately for the plumbing company, the virus hadn't had a chance to steal any banking information.

Unfortunately, small businesses and consumers across the country are falling victim to the latest phishing scam that exploits BBB's trusted name. The new campaign was the second biggest phishing scam in the country on May 3, 2012, according to the University of Alabama at Birmingham's Spam Data Mine, one of the nation's foremost computer forensics labs. SDM is assisting the Council of Better Business Bureaus in tracking phishing scams that use the BBB name.

The phishing emails - the fifth wave since Thanksgiving that uses the BBB's name - uses BBB's name and logo in an attempt to look like a notice of a newly filed complaint. The latest round includes a ZIP attachment, but that has not always been the case. Whether by an attachment or a link, the phishing emails attempt to trick the recipient into clicking and opening the "complaint," which downloads malware onto their computer. The malware is designed to infect the computer and look for information such as bank account numbers and passwords in order to steal money from the recipients' accounts.

If you receive an email that looks like it is about a BBB complaint:

  • Do NOT click on any links or attachments.
  • Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as "Dear member" instead of a name, etc.).
  • Be wary of any urgent instructions to take specified action such as "Click on the link or your account will be closed."
  • Hover your mouse over links without clicking to see if the address is truly from bbb.org.
  • Delete the email from your computer completely (be sure to empty your "trash can" or "recycling bin," as well).
  • Run anti-virus software updates frequently and do a full system scan.
  • If you are not certain whether the complaint is legitimate, contact your local BBB at 1-800-222-1600.
  • Forward the email to phishing@council.bbb.org so that our security team can track the perpetrators. If you receive a "bounce" message, there is no need to resubmit.