Businesses and consumers across the country, including Connecticut, are being bombarded in a new attack of phony “BBB” emails. Some report having received upwards of 50 of these emails in the last 24 hours.
The recent attack on consumers and businesses has led the FBI to issue an alert this week about the recurring scam.
The emails contain a hyperlink to a non-BBB website, which may download a virus or spyware. In some cases, bogus text that typically would hide the link is stripped by email servers and reveals the name of the malicious site or sites to which it is connected.
The SPAM email subject line has a number of variations, including:
•The Better Business Bureau investigation
•The Better Business Bureau dispute resolution
•The Better Business Bureau customer complaint
•Unathorized (sic) bank transfers to your company account
•The Better Business Bureau needs your immediate response
These emails are fraudulent. If you receive one, delete it immediately. If you already clicked on a link within the body of the email, run a virus scan immediately. These emails could potentially install software onto computers that is capable of stealing personal and business information.
In one case, the scam email tells the recipient:
“Dear business owner, we have obtained several complaints via the Better Business Bureau online complaint center concerning several unauthorized transaction from a number of private bank accounts to your corporate account. You can view the complaints in our online complaint center using the following link:” (Link deleted)
The BBB system is working with federal law enforcement agencies to identify the perpetrator(
Authentic Better Business Bureau email will:
•Come from your local BBB - not the Council of Better Business Bureaus or a BBB from another state.
•Employ a sender’s email address with the following convention: wallingford.xx@
•Include a secure “HTTPS” link to the complaint details.
•Never be sent as an attachment.
Genuine complaint alerts from Connecticut BBB are never sent as attachments.
If you receive an email saying that your business has a complaint filed against it with BBB, there are several things you should do to authenticate it:
•Look for typos and grammatical errors in the text that could indicate it originated overseas.
•Check to see who it says it is from. Complaints go out from the local BBBs, not from the headquarters office.
•Hover your mouse over the link to see if its origin or destination address really is a bbb.org address.
•Copy and paste the link into Notepad (not Word). Notepad does not support html, so if the link is a fake bbb.org address, the real link will show up.
Anyone receiving such emails should disregard their contents and forward them to firstname.lastname@example.org.
We recommend all domain owners set up a Sender Policy Framework (SPF) and set their spam filter to use it. Using the SPF standard helps fight spam and phishing attacks by allowing your email servers to verify whether an email is legitimate.
Microsoft offers a simple, four-step process for setting up an SPF:
There are two authentic BBB email addresses that should be whitelisted – allowed to pass through the filter:
•@bureaudata.com (for complaints)
•@ct.bbb.org (for local correspondence)
More information on these ongoing scams is available from the government-run Internet Crime Complaint Center (IC3) http://www.ic3.gov/
# # #
Founded in 1928, Connecticut BBB is an unbiased non-profit organization that sets and upholds high standards for fair and honest business behavior. For more advice on finding companies and businesses, start your search with trust at www.bbb.org.