The
email scam using the Better Business Bureau’s name continues to proliferate
across North America, and even to some overseas addresses. Most of the emails
carry the famous BBB torch logo and come with the subject line “Complaint from
your customers.” The emails have a link or an attachment containing malicious
phishing malware that steals information, with potentially harmful results.
Larry Andrus is a member of the board of directors of BBB Western
Michigan and also the CEO of Trivalent Group, Inc., a BBB Accredited Business
that helps its clients manage, access, protect, and store their data. One of
his firm’s clients opened the affected attachment, which launched malware
that quickly found the accounting office’s computers, accessed bank numbers and
passwords, and nearly completed a fund transfer from the company’s account.
Because
of experiences such as this one, BBB has updated its advice and
recommends the following to anyone who receives the email:
- Do not open any attachments
- Do not click on any links
- Check to see who it says it is from - complaints go out from the
local BBBs, not from the headquarters office and are sent by US mail, not
by email
- If you still are not sure, call the BBB at 402-391-7612 or
800-649-6814
- Delete the email from your
inbox, and then delete it again from your trash or recycling folder
- Run a full system scan using
reputable virus software
Previously,
BBB had recommended running a full system scan only if the recipient had
clicked on the link or opened the attachment. But due to the virulent nature of
the virus, the new recommendation is for everyone who receives it to do the
scan. In offices or homes that are networked, all computers should be scanned.
Chris
Garver, Chief Information Officer at BBB’s national organization, the Council
of Better Business Bureaus (CBBB), recommends that all domain owners set up a sender policy framework (SPF) and set their spam filter to
use it. “Using the SPF standard helps fight spam and phishing attacks by
allowing your email servers to verify whether an email is legitimate…or not,” he says.
Microsoft offers a simple, four-step
process for setting up an SPF: www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/
“CBBB has been working with federal law
enforcement agencies to identify the perpetrators of this phishing attack. They
now know these scams are being executed by organized criminal rings which are
international and mainly outside the jurisdiction of the Secret Service and
FBI, so the chance of catching them is apparently a rarity. These criminals
engage in underground trading of data collected through these scams,” stated
BBB President Jim Hegarty.
The BBB System has engaged a respected
web-based technology firm that has a sophisticated phishing deactivation
process. “By taking a major, high-tech stance which is being implemented today,
we believe that the criminals will stop targeting us,” said Hegarty.
If
you happen to receive one of these scam emails, please forward it to
phishing@council.bbb.org and then delete it immediately from your “Inbox,” your “Sent” box and your “Delete” box.