SCAM ALERT: Fake BBB Emails

The BBB phishing scam has still been proliferating across the country. We are issuing an updated SCAM ALERT cautioning businesses and consumers about an email that looks like it is from BBB, with the subject line "Complaint from your customers." If you receive this email the BBB recommends the following:

• Do not open any attachments in suspicious emails.
• Do not click on any links.
• Forward individual scam emails to phishing@council.bbb.org for analysis.
• Delete the email from your inbox, delete it again from your trash or recycling folder, and from your sent folder.
• Run a full system scan using reputable virus software.

If you receive an email saying your business has a complaint filed against it with the BBB, there are several things you can do to authenticate it:

• Look for typos, grammatical errors, etc. in the text that could indicate it originated overseas.
• Check to see who it says it is from. Complaints go out from local BBBs, not from the headquarters office.
• Hover your mouse over the link to see if its destination is really a bbb.org address.
• Copy and paste the link into Notepad (not Word). Notepad does not support html, so if the link is a fake bbb.org address, the real link will show up.
• If you still are not sure, go to www.bbb.org to find your local BBB, and send them a new email to ask if you have a complaint. Do not reply to the email you received or forward it to the BBB.

Due to the virulent nature of the virus, the new recommendation is for everyone who receives it to do a scan. In offices or homes that are networked, all computers should be scanned. Anyone who received the fake BBB email and clicked on one of the links prior to the deactivations, and who didn’t have adequate antivirus protection, were likely infected. The particular virus at play is known as “Zeuss” or “Zbot” and is a “Trojan Horse” or spyware virus that downloads onto a recipient’s computer and harvests confidential and personal data without detection. According to the FBI, one criminal organization used Zeuss to collect $70 million from victims. It is thus imperative that anyone who believes they may have been infected do a security analysis and have the malware eradicated.

More information is provided about the Zbot virus on Symantec’s (aka Norton Anti-Virus) website provided below:

http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99

The BBB phishing scam has been reported to the FBI’s Internet Crimes Complaint Center and has been included in the following alert:

http://www.ic3.gov/media/2010/corporateaccounttakeover.pdf

The BBB is a nonprofit, business-supported organization that sets and upholds high standards for fair and honest business behavior. The BBB provides objective advice, free BBB Business Reviews, dispute resolution service, charity wise-giving reports, alerts and educational information on topics affecting marketplace trust. Please visit www.bbb.org for more information.