Hundreds of calls are coming in to the Better Business Bureau (BBB) confirming the email scam using the Better Business Bureauâ€™s name and logo continues to proliferate across North America, even to some overseas addresses.
Most of the emails carry the famous BBB torch logo and come with the subject line â€śComplaint from your customers.â€ť
The emails have a link or an attachment containing malicious phishing malware that steals information, often with devastating results.
BBB reports one client opened the affected attachment, which launched malware that quickly found an accounting officeâ€™s computers, accessed bank numbers and passwords, and nearly completed a fund transfer from the companyâ€™s account. The computers had to be wiped clean in order to contain the damage.
Because of experiences such as this one, BBB has updated its advice and recommends the following to anyone who receives the email:
â€˘Do not open any attachments;
â€˘Do not click on any links;
â€˘Delete the email from your inbox, and then delete it again from your trash or recycling folder;
â€˘Run a full system scan using reputable virus software.
Previously, BBB had recommended running a full system scan only if the recipient had clicked on the link or opened the attachment.
But due to the virulent nature of the virus, the new recommendation is for everyone who receives it to do the scan. In offices or homes that are networked, all computers should be scanned.
Chris Garver, Chief Information Officer at the Council of Better Business Bureaus, recommends that all domain owners set up a sender policy framework (SPF) and set their spam filter to use it.
â€śUsing the SPF standard helps fight spam and phishing attacks by allowing your email servers to verify whether an email is legitimateâ€¦or not,â€ť he says.
Microsoft offers a simple, four-step process for setting up an SPF: www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
If you receive an email saying your business has a complaint filed against it with BBB, there are several things you can do to authenticate it:
â€˘Look for typos, grammatical errors, etc. in the text that could indicate it originated overseas.
â€˘Check to see who it says it is from. Complaints go out from local BBB offices, not from the headquarters office in Virginia.
â€˘Hover your mouse over the link to see if its destination is really a bbb.org address.
Copy and paste the link into Notepad (not Word). Notepad does not support html, so if the link is a fake bbb.org address, the real link will show up.
If you are still not sure, call BBB 800.828.5000 or email at firstname.lastname@example.org
BBB is working with federal law enforcement agencies to identify the perpetrator of this fraud, and is also looking into other measures it can take to help prevent future phishing scams.