(PRWEB) May 03, 2012
When a small plumbing company in Monroe, Louisiana, got an email yesterday from BBB saying they’d had a complaint filed against them, they took it seriously. After all, the company is a BBB Accredited Business and the owner serves on the board of directors of BBB of Northeast Louisiana. What they got, however, was much worse than a complaint from an unhappy customer. The email was a fake, a phishing scam that downloaded viruses on two of the small business’s computers, which had to be wiped clean in order to get rid of the malware infection. Fortunately for the plumbing company, the virus hadn’t had a chance to steal any banking information.
Unfortunately, small businesses and consumers across the country are falling victim to the latest phishing scam that exploits BBB’s trusted name. The campaign that started yesterday was the second biggest phishing scam in the country on Wednesday, according to the University of Alabama at Birmingham’s Spam Data Mine, one of the nation’s foremost computer forensics labs. SDM is assisting the Council of Better Business Bureaus in tracking phishing scams that use the BBB name.
The phishing emails – the fifth wave since Thanksgiving that uses the BBB’s name – uses BBB’s name and logo in an attempt to look like a notice of a newly filed complaint. The latest round includes a ZIP attachment, but that has not always been the case. Whether by an attachment or a link, the phishing emails attempt to trick the recipient into clicking and opening the “complaint,” which downloads malware onto their computer. The malware is designed to infect the computer and look for information such as bank account numbers and passwords in order to steal money from the recipients’ accounts.
If you receive an email that looks like it is about a BBB complaint:
1 .Do NOT click on any links or attachments.
2. Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
3. Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
4. Hover your mouse over links without clicking to see if the address is truly from bbb.org.
5. Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
6. Run anti-virus software updates frequently and do a full system scan.
7. If you are not certain whether the complaint is legitimate, contact your local BBB (http://www.bbb.org/find).
8. Forward the email to phishing(at)council(dot)bbb(dot)org so that our security team can track the perpetrators. If you receive a “bounce” message, there is no need to resubmit.
BBB also recommends that all businesses take steps to secure their data and the information they’ve collected on their customers. BBB’s “Data Security – Made Simpler” is available free-of-charge at http://www.bbb.org/data-security.