Phishing Attack Uses Better Business Bureau Name To Trap Consumers and Businesses

Bookmark & Share
  • FacebookFacebook
  • Post to MySpaceMySpace
  • Delicious Delicious
  • StumbleUpon logoStumbleUpon

St. Louis, Mo., October 24, 2008 – The Better Business Bureau (BBB) is alerting consumers and businesses about a phishing scheme that uses both e-mail messages and blog posts directing recipients and viewers to register software with the BBB.  These messages, however, are not coming from the BBB, and this attack has not affected BBB computer systems or networks nor has any data been compromised.

            The BBB has learned that businesses began receiving bogus messages yesterday, requiring them to “register new software and update contact information” with the BBB, and provided a link to process.  In investigating the attack, the BBB also discovered phony “notices” and postings on various blogs being used as an additional tactic to reach victims.

          “The messages and posts are likely part of a large-scale phishing scam leveraging the trusted nature of the BBB name to entice recipients and bloggers to open messages and access attachments or links,” said Tracy Hardgrove, BBB Vice-President of Operations.  “Anyone receiving an e-mail or viewing a blog requiring the registration of software with the BBB should not click on any of the links or in any way respond to the message, because doing so may allow harmful viruses or spyware to enter the recipient’s computer or network.”

          The following is a copy of the actual e-mail associated with the phishing scheme:


          ---------- Original Message ----------------------------------
From: "Better Business Bureaus Account Service" <provisor670@bbb.org>
Date:  Wed, 22 Oct 2008 21:04:22 +0000

Attention Better Business Bureaus Consumers!

We've enhanced web surfing process with new security measures to keep your online data and personal information safer.

 

-More-


All registered and new BBB consumers must register new software and update contact information until October 24, 2008.
Please read the following information carefully:

Register your BBB company certificate here>>>Link

As always, we appreciate your business. And thank you for working with us.

Sincerely, Sherry Hopper.
2008 Council of Better Business Bureaus

 

          The BBB is advising consumers to take the following precautions and actions to steer clear of this phishing attack and to protect their computer systems and networks:

·         Anyone receiving an e-mail similar to those described should not open the message, not click on any links, or respond to the message – the message is not from any entity affiliated with the BBB.  Opening or viewing a preview of the e-mail, or clicking on the link within the e-mail, could enable a discreet download of a virus or spyware.

·         Report receipt of any such messages.  The BBB is working with the U.S. Secret Service’s Electronic Crimes Task Force (ECTF) to address phishing issues using the BBB name.  The BBB has an established e-mail address -phishing@council.bbb.org-  people can use to forward the message, thereby reporting the incident to the BBB and the ECTF.

·         The public can view updates and information on the phishing attack on the BBB Web site at the Security and Alerts Web page at http://www.bbb.org/securityalerts.

·         You can contact the BBB at 314-645-3300 or www.stlouisbbb.org for further information.

 

 

-30-