Better Business Bureau Malware/Phishing Scam

Malware Phishing Scam that appears to be from the Better Business Bureau.

Reprinted with permission from Paul Wagner. http://www.avwebmaster.com/blog
See notes from The Tech Gods at the bottom.

Posted on  by 

NOTE:  This morning, Monday, February 25th, 2013, scammers launched a a new phishing campaign.  This campaign involves emails sent to consumers and business owners, with a claim that the recipient has been the subject of a complaint filed with the New York City BBB. But these emails are being fed around the country.

The emails carry a dangerous virus.  These emails did NOT come from BBB.  Please read below for further cautionary information:

Here’s how it reads:

Thank you for contacting the Council of Better Business Bureaus.

6QBT126CThe Better Business Bureau has received the above-referenced  complaint from one of your customers regarding their dealings with you.  The details of the consumer’s concern are included on the reverse

You may have received an email that says your company is the subject of a complaint filed with BBB, or claims that a customer review about your business has been posted, or asks that you complete a BBB business questionnaire. It may reference a case number or it may be vague on the details.

(and so on)

These emails are going to both individuals AND companies.  In each case, they ask you to click on a link that appears to go to a BBB page, or you are asked to download an attached form or file.

These are very dangerous emails.  It is important that you do NOT click on any of the links in the emails or download any attachments.

If you have already clicked on a link or have already opened or downloaded any attachments, your computer may have, without your knowing it, downloaded a stealthy malware program which is able to pass by most anti-virus programs undetected.

In the event you clicked on a link, you should consider having your computer scanned by a trusted computer repair professional to see if any malware is present and, if so, can be removed.

If you did not click on any links or attachments, you are still strongly encouraged to run a complete virus scan on your system.

You can learn more about these bogus phishing and malware scams at http://www.bbb.org/us/article/email-phishing-scam-hijacks-bbb-name-again-36089.

In the future, if you receive an email that appears to come from Better Business Bureau, please check with your local BBB office to determine whether it is legitimate.

A simple technique is to reply back to them with the following request: “Sorry – can’t open the zip file. Please resend as PDF or Word DOC.” Then you’ll know it’s bogus if it comes back to you with a Mail Daemon (with valid information from the Better Business Bureau).

You can find your local BBB office by visiting http://www.bbb.org/find.  You can also forward the email to phishing@council.bbb.org for assistance.

Notes from The Tech Gods:

This particular type of scam has been around for quite some time in different forms. Examples include e-mails telling of found money, Fed Ex packages that couldn’t be delivered, and fraudulent credit card charges. The bottom line is that users need to become more suspicious of e-mails they do not recognize. Tell-tale signs of scams are poor grammar, bad spelling, and improper capitalization, as well as attachments with unusual extensions and non-descriptive names.

Remember that reputable companies and agencies will never make you download something from an e-mail unless you know about it beforehand. An example of a known download might be a .pdf file from your printer with a proof of your business cards or a sign you’re having made. You may also receive e-mails with attachments from your insurance agent or your lawyer. You will definitely know about it and know that it’s safe before a company or agency sends you something that you need to download. If it looks suspicious, it probably is. If you have any doubts, you should always circumvent what the e-mail is trying to get you to download or click on by instead calling the company referenced or sending that company an e-mail independently to inquire further.

Paul makes a good point about replying to the e-mail and saying you’re having trouble opening it — the downside to this is that it may expose your e-mail address to further spam. Every business and even personal users should have spam filters in place to filter out the most prevalent spam. We can help you set this up on your business or home computers.

Additionally, even if you don’t think you’ve been exposed to virulent or infectious activity on your PC, you should make a habit of running virus and malware scans regularly — once a week if possible, once a month at worst. Our techs are well-educated and know what to click and what not to click, and yet we still get infections from time to time. Even the best software catch everything every time, however, we highly recommend the following scanners:

Virus Scanners:
(Choose ONLY one)

Microsoft Security Essentials
AVG Free

Malware/Spyware Scanners:
(Can be run concurrently)

Superantispyware
Malwarebytes

As these are all free products, we offer installation of these free to our customers, or you can Google any of the names above and install them yourself. We generally do not recommend products by Norton or McAfee, as they have proven over the years to be very bloated pieces of software that tend to lock down computers and keep them from performing every day tasks. We need our computers to work for us, not against us, so we recommend the products above. They not only work well, but are completely free to use. As stated earlier, none of these can keep you completely safe from all infections — the best defense you have is an informed user. The second best defense you have is a good tech guy, so don’t just pray to The Tech Gods — call us directly. 661-524-5140.

Comments are closed.