Businesses and consumers across the country have been hit by an on-going email phishing scam that appears to be from the Better Business Bureau. The fake emails started in November, and have changed forms a number of times. Most of them include a virus – if the recipient clicks on a link.
Now the latest version claims the recipient is a scammer. BBB serving Dallas and Northeast Texas was alerted to the latest spin on the phishing scam when a local business received an email that claimed to be from BBB and accused the firm of being involved in "check cashing and money order scam." Another email received in DuPont, WA, charged the recipient was involved in "home renovation scam." A business in Louisville, KY, received the version below, alleging the recipient is engaged in identity theft.
From: Better Business Bureau
Sent: Friday, February 24, 2012 7:08 AM
Subject: Your business is accused of illegal activities.
Valued business proprietor, we have obtained several complaints about your company alleged involvement in identity theft. You are asked to provide your official response to this complaint within 28 days. Failure to provide the corresponding response will result in cancellation your Better Business Bureau rating and possible withdrawal of your BBB accreditation status.
Last week, another round of BBB phishing email targeted accountants. That version of the scam uses a BBB.org email address in conjunction with the American Institute of CPAs logo and name. The message informs recipients that their CPA license is being terminated due to tax fraud allegations and encourages them to click on a link and reply to the charges. The link leads to a third party website that downloads a virus on to the recipient’s computer. This email scam primarily targets accountants, but BBB has received reports of other professionals receiving the emails.
Another wave of BBB phishing emails contained a subject line reading "BBB SBQ Form," followed by a series of numbers. Recipients are asked to click on a link to update their information with Better Business Bureau. The link supposedly leads to a form on BBB.org, but it really goes to a third party website that downloads a virus on your computer.
In addition to the latest wave of emails, the original version of the email scam is still out there. In this, recipients are told that a complaint has been filed against their business, and they need to respond by clicking on a link in the email. Again, the link takes them to a third-party website that infects their computer with a virus.
Steps to take:
Should you receive a suspicious email, don’t click on any links. You can test the links by using your mouse to hover over them. The destination of the links will appear in a small pop up box next to the link or at the bottom of the screen. If the email is a scam, the website shown will not be a BBB.org URL.
After you have identified a scam, delete it from your inbox and completely delete it from your system. Also, run a full system virus scan and make sure your virus software is up to date. Please forward the email to firstname.lastname@example.org.