When a small plumbing company got an email yesterday from BBB saying they’d had a complaintfiled against them, they took it seriously. After all, the company is a BBBAccredited Business and they have not had a complaint filed against them before.What they got, however, was much worse than a complaint from an unhappycustomer. The email was a fake, a phishing scam that downloaded viruses on twoof the small business’s computers, which had to be wiped clean in order to getrid of the malware infection. Fortunately for the plumbing company, the virus didn’thave a chance to steal any banking information.
Unfortunately, small businesses and consumers across the country are fallingvictim to the latest phishing scam that exploits BBB’s trusted name. Thecampaign that started yesterday was the second biggest phishing scam in thecountry on Wednesday, according to the Universityof Alabama at Birmingham’s Spam Data Mine, one of thenation’s foremost computer forensics labs. SDM is assisting the Council ofBetter Business Bureaus in tracking phishing scams that use the BBB name.
The phishing emails – the fifth wave since Thanksgiving that uses the BBB’sname – uses BBB’s name and logo in an attempt to look like a notice of a newlyfiled complaint. The latest round includes a ZIP attachment, but that hasnot always been the case. Whether by an attachment or a link, the phishingemails attempt to trick the recipient into clicking and opening the“complaint,” which downloads malware onto their computer. The malware isdesigned to infect the computer and look for information such as bank accountnumbers and passwords in order to steal money from the recipients’ accounts.
If you receive an email that looks likeit is about a BBB complaint:
- Do NOT click on any links or attachments.
- Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
- Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
- Hover your mouse over links without clicking to see if the address is truly from bbb.org or an unrecognizable string of nonsense.
- Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
- Run anti-virus software updates frequently and do a full system scan.
- If you are not certain whether the complaint is legitimate, contact BBB serving Upstate New York at geninquires@upstatenybbb.org or call us at 800.828.5000.
- Forward the email to phishing@council.bbb.org so that our security team can track the perpetrators. If you receive a “bounce” message, there is no need to resubmit.
BBB also recommends that all businesses take steps to secure their dataand the information they’ve collected on their customers. BBB’s “Data Security– Made Simpler” is available free-of-charge at www.bbb.org/data-security.
