An email scam using the Better
Business Bureau’s name and logo continues to proliferate across North America,
and even to some overseas addresses. Most of the emails carry the famous BBB
torch logo and come with the subject line “Complaint from your customers.” The
emails have a link or an attachment containing malicious phishing malware that
steals information, often with devastating results.
Larry Andrus
is a member of the board of directors of BBB Western Michigan and also the CEO
of Trivalent Group, Inc., a BBB Accredited Business that helps its clients
manage, access, protect, and store their data. One of his firm’s clients opened
the affected attachment, which launched malware that quickly found the
accounting office’s computers, accessed bank numbers and passwords, and nearly
completed a fund transfer from the company’s account.
“We had to
completely wipe the computers in order to contain the damage to our client,”
said Dawn Simpson, Trivalent’s vice president of marketing and business
development.
Because of experiences
such as this one, BBB has updated its advice and recommends the following to
anyone who receives the email:
·
Do not to open
any attachments
·
Do not click
on any links
·
Delete the
email from your inbox, and then delete it again from your trash or recycling
folder
·
Run a full
system scan using reputable virus software
Previously, BBB had
recommended running a full system scan only if the recipient had clicked on the
link or opened the attachment. But due to the virulent nature of the virus, the
new recommendation is for everyone who receives it to do the scan. In offices
or homes that are networked, all computers should be scanned.
Chris Garver, Chief
Information Officer at the Council of Better Business Bureaus, recommends that
all domain owners set up a sender policy framework (SPF) and set their spam filter to
use it. “Using the SPF
standard helps fight spam and phishing attacks by allowing your email servers
to verify whether an email is legitimate…or not,” he says.
Microsoft offers a simple, four-step process for setting up an
SPF: www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
If you receive an email saying your business has a complaint filed
against it with BBB, there are several things you can do to authenticate it:
·
Look for typos, grammatical errors, etc. in the text that
could indicate it originated overseas.
·
Check to see who it says it is from. Complaints go out from
the local BBBs, not from the headquarters office.
·
Hover your mouse over the link to see if its destination is
really a bbb.org address.
·
Copy and paste the link into Notepad (not Word). Notepad
does not support html, so if the link is a fake bbb.org address, the real link
will show up.
·
If you still are not sure, go to www.bbb.org
to find your local BBB, and send them a new email to ask if you have a
complaint (do not Reply to the email you received, or forward it to them). They
have been swamped with requests, so you may not hear back immediately.
CBBB is working with federal law enforcement agencies to identify
the perpetrator of this fraud, and is also looking into other measures it can
take to help prevent future phishing scams from spreading.
