BBB Takes a Double Hit from Phishing
The Better Business Bureau used for two different email scams
Two new phishing email scams have surfaced using the Better Business Bureau name as bait to lure victims into following malware links. The BBB became aware of these malware attacks this week (July 31st to be exact) and want to get the word out to prevent consumers from falling for the phishing scams.
The two scams come to your email box and according to the BBB they are very good imitations of real emails. Unlike many phishing emails these use correct grammar and spelling. The fakes also copy the formats often used by the BBB. One scam looks to infect your computer with malware and the other gather or steal your personal information.
The malware email scam comes in two versions. One as a follow up to a fictitious BBB complaint the other as a request for updated contact information. These phishing scams are directed at both individuals and businesses. The hope is that the recipient will follow the directions telling them to update their information by following a link in the email body.
If you get any such email, DO NOT click or follow the link. The email will look as if it came from a national or local BBB office but if you hover your mouse pointer over the link your computer will show you the link address and you will see that it is not a BBB address. (The address will not begin with BBB.)
The Better Business Bureau has contracted a professional deactivation service and is working to take down the websites that are spreading the malware. The incident has been reported to the FBI and other law enforcement agencies. The BBB reminds us to delete suspicious emails and keep our anti-virus software up-to-date at all times.
To see an example of the phishing email, you can follow this BBB link: Check out a screen shot of a sample phishing email. The example si safe to view and the link in it is deactivated.
The information gathering or theft email takes a different angle. Like some large retailers and name brands, the BBB is being used to promote fake gift cards. Fake gift cards are offered in order to gather your email address, phone number, address and other personal information. The offer is bogus and you will never be able to redeem the offer.
The email states that Better Business Bureau is giving away $1,000 Visa gift cards. These emails come from a variety of web addresses and contain a number of different links, but they all use a variation of the following message: (There are no links here so this is safe.)
On behalf of Better Business Bureau you have been issued a $1,000 Visa Gift Card free of charge.
Card type: Visa Gift
Card Issued to: JOHN SMITH
Issuing branch: Amarillo, Texas
Valid until: 08/2015
Please use the following website to claim your card and have it shipped to the address of your choosing: Go to: www reward2012 com Note that claims must be made within 48 hours from this email being sent, or the above link will become invalid.
Customer Service Employee Benefits Center, LLC
If anyone follows the link in the email they are directed to the web site asking for information about your age, address, email and cell phone number. Given that the survey does not request your Social Security Number, banking information or ask you to download a maleware file, it is not likely an attempt at ID theft. Rather, it's probably an unscrupulous way to collect consumer data, such as email addresses and phone numbers but do not give them the chance to get it. Do not follow the link.
If you do get any of these emails, report it to the BBB. Reports help them put a stop to who ever is behind these phishing scams.
Thank you and stay safe,
Published August 1, 2012