Internet scammers are using the Butter Business Bureau’s (BBB) name and reputation as a way of gaining access to sensitive financial data from small businesses.
The campaign that started May 2nd was the second biggest phishing scam in the country according to a leading Internet monitor which is assisting the Council of Better Business Bureaus in tracking phishing scams that use the BBB name.
Using emails that said a complaint had been filed with the BBB, the email unleashes a viscous virus that requires total cleaning and wiping of computers,
The phishing emails – the fifth wave since Thanksgiving that uses the BBB’s name – uses BBB’s name and logo in an attempt to look like a notice of a newly filed complaint, according to the University of Alabama at Birmingham’s Spam Data Mine, one of the nation’s foremost computer forensics labs.
The latest round includes a ZIP attachment, but that has not always been the case. Whether by an attachment or a link, the phishing emails attempt to trick the recipient into clicking and opening the “complaint,” which downloads malware onto their computer. The malware is designed to infect the computer and look for information such as bank account numbers and passwords in order to steal money from the recipients’ accounts.
If a small business is receives an email that looks like it is about a BBB complaint, the BBB recommends:
- Do NOT click on any links or attachments.
- Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
- Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
- Hover your mouse over links without clicking to see if the address is truly from bbb.org.
- Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
- Run anti-virus software updates frequently and do a full system scan.
- If you are not certain whether the complaint is legitimate, contact your local BBB (www.bbb.org/find).
- Forward the email to firstname.lastname@example.org so that our security team can track the perpetrators. If you receive a “bounce” message, there is no need to resubmit.
BBB also recommends that all businesses take steps to secure their data and the information they’ve collected on their customers. BBB’s “Data Security – Made Simpler” is available free-of-charge at www.bbb.org/data-security.