Friday, September 28, 2012

Spammers Give Fake BBB Complaint Notices Another Go

BBB - Better Business BureauOnce again, spammers are exploiting the trusted Better Business Bureau (BBB) brand in order to trick users into visiting booby-trapped websites.

The attack starts with an email claiming that a complaint was filed with the BBB accusing the recipient’s company of part-taking in check cashing and money order scams.

Although the email carries the official BBB logo and sometimes comes from a spoofed bbb.org email address,  it is riddled with grammatical errors – a common trait of spam / phishing emails.

BBB Spam - Check Cash / Money Order Scam



Better Business Bureau

Start with Trust

Dear business owner, we have received a complaint about your company possibly involvement in check cashing and Money Order Scam.

You are asked to provide response to this complaint within 7 days.

Failure to provide the necessary information will result in downgrading your Better Business Bureau rating and possible cancellation of your BBB accreditation status.

Complaint ID#XXXXXXXX

Council of Better Business Bureau
3033 Wilson Blvd, Suite 600
Arlington, VA 22201
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277

Links within the email do not point to the Better Business Bureau website, but a third-party site hosting the widely-used BlackHole exploit kit.  The user will be presented with a blank page reading, “WAIT PLEASE. Loading… “ while the BlackHole exploit kit works silently in the background, attempting to exploit  system vulnerabilities to install malware on the visiting PC.

According to Websense, subject lines associated with this malware spam campaign include:

  • BBB Case #XXXXXXX

  • BBB Complaint activity report

  • BBB - Read Your Customer Review


What to Do with BBB Phishing Emails


Did you receive a suspicious looking email purporting to be from the BBB?

  • Do not click on any links or download files attached to the email.

  • Report the email to the Better Business Bureau by forwarding it to phishing@council.bbb.org.

  • Delete the email immediately.


Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment