BBB Issues Alert on Phishing Attack Targeting Thousands of Businesses and Consumers

Attack uses the “BBB” Name to Attract Victims

Austin, TX, February 14, 2007 – The Better Business Bureau system warns all businesses and consumers across the United States and Canada that a spoofing scam is using the BBB name and a false BBB e-mail address to entice recipients to access potentially damaging hyperlinks. These “phishing” emails were not sent by the BBB.

A firm from Kennesaw, GA, had its computer system hacked last night.  That firm’s system is now generating thousands of counterfeit messages to businesses and consumers, purporting to be a complaint filed with the BBB.  The incident was first reported to the BBB serving Columbus, GA and the surrounding area by one its members. 

One Dallas business forwarded the phony e-email to the BBB in Dallas. “I have no clue who or what this is about,” the business stated. The BBB has advised the Dallas business that the e-mail is phony.

The e-mail has a false return address of operations@bbb.org and a phishing hyperlink citing a BBB complaint case number, for example, “DOCUMENTS FOR CASE #263621205”.  These links actually direct access to a subdirectory of the hacked firm’s Web site where users are asked to download documents related to the complaint.  The download is actually an executable file that is believed to be some form of a computer virus. 

All recipients are advised that any e-mail from the operations@bbb.org address is not coming from any BBB and should be considered counterfeit.  The BBB strongly encourages recipients of any such message to delete the message immediately without clicking on the “DOCUMENTS FOR CASE” links. 

In fact, BBBs send customer complaints to businesses by e-mail when available. However, those e-mails are not from the phony operations@bbb.org e-mail address. In addition, the wording in the phony e-mails is different from genuine BBB e-mails.

The phishing e-mail return address of operations@bbb.org does not exist and is being "spoofed."  Spoofing occurs when an e-mail address is altered to appear as if the message originated from a legitimate source.  This is a common practice for both spam e-mail and phishing operations. 

Phishing is a term coined by computer hackers, who use e-mail to fish the Internet hoping to “hook” recipients into revealing logins, passwords, or other sensitive information. In all these scams, the phisher first impersonates a legitimate company.  In a typical scam, the phisher instructs recipients to click on a convenient link to receive or provide information that can then be used by phishers to access the recipient’s sensitive personal or business information.   For more information about phishing and for tips to avert other scams, please visit www.bbb.org.

An actual example of the false e-mail message is provided below.  Names and other forms of identifying information have been removed from the example.

#  #  #

REPRESENTATIVE SAMPLE OF PHONY E-MAIL

From: operations@bbb.org [mailto:operations@bbb.org]
Sent: Tuesday, February 13, 2007 6:06 AM
To: XXXX
Subject: BBB Case #263621205 - Complaint for XXXX

Dear Mr./Mrs. XXXX

You have received a complaint in regards to your business services. The complaint was filled by Mr. XXXX on 02/05/2007/
Use the link below to view the complaint details:

DOCUMENTS FOR CASE #263621205

Complaint Case Number: 263621205
Complaint Made by Consumer Mr. XXXX
Complaint Registered Against: Company XXXX
Date: 02/05/2007

Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:

DOCUMENTS FOR CASE #263621205

Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:

• Claims based on product liability;
  
• Claims for personal injuries;
• Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.

The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.

The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.

About Better Business Bureau
The Better Business Bureau, Inc. serving Central and South Central Texas (BBB) was founded in 1950 as a non-profit membership organization. The mission of the BBB is to promote and foster the highest ethical relationship between businesses and the public through voluntary self-regulation, consumer and business education, and service excellence.

This Better Business Bureau is currently supported by approximately 6,900 member businesses and serves more than 3,000,000 consumers in its 52-county service area in Texas. These counties include: Atascosa, Bandera, Bastrop, Bell, Bexar, Blanco, Bosque, Burnet, Caldwell, Calhoun, Comal, Comanche, Coryell, Dewitt, Dimmit, Edwards, Falls, Fayette, Freestone, Frio, Goliad, Gonzales, Guadalupe, Hamilton, Hays, Hill, Jackson, Karnes, Kendall, Kerr, Kinney, Lampasas, LaSalle, Lavaca, Limestone, Llano, Maverick, McLennan, McMullen, Medina, Mills, Navarro, Real, San Saba, Travis, Uvalde, Val Verde, Victoria, Webb, Williamson, Wilson, and Zavala.