February 13, 2007 – Huntsville, AL
The
Better Business Bureau System warns all businesses and consumers across the
United States and Canada of a spoofing scam using the BBB name and a false BBB
e-mail address to entice recipients to access potentially damaging
hyperlinks. The Better Business
Bureau of North Alabama has received reports of these emails being delivered to local businesspeople and consumers.
A firm from Kennesaw, GA, had its computer system hacked last night. That firm’s
system is now generating thousands of counterfeit messages to businesses and
consumers, purporting to be a complaint filed with the BBB. The incident was first reported to the BBB serving Columbus, GA and the surrounding area by one its members.
The e-mail has a false return address of operations@bbb.org and a phishing
hyperlink citing a BBB complaint case number, for example, “DOCUMENTS FOR CASE
#263621205”. These links actually direct access to a subdirectory of the
hacked firm’s website where users are asked to download documents related to the complaint. The download is actually an executable file that is believed to
be some form of a computer virus.
All recipients are advised that any e-mail from the operations@bbb.org address is not coming from any BBB and should be considered counterfeit. The BBB strongly encourages recipients of any such message to delete the message immediately without clicking on the “DOCUMENTS FOR CASE” links.
The
phishing e-mail return address of operations@bbb.org
does not exist and is being "spoofed." Spoofing occurs when an e-mail
address is altered to appear as if the message originated from a legitimate
source. This is a common practice for both spam e-mail and phishing
operations.
Phishing
is a term coined by computer hackers, who use e-mail to fish the Internet hoping
to “hook” recipients into giving them logins, passwords and/or other sensitive
information. In all these scams, the phisher first impersonates a legitimate
company. In a typical scam, the
phisher instructs recipients to click on a convenient link to receive or provide
information that can then be used by phishers to access the recipient’s
sensitive personal or business information.
For
more information about phishing and for tips to avert other scams, please visit
www.bbb.org.
An
actual example of the false e-mail message is provided below. Names and other forms of identifying
information have been removed from the example #
# #
REPRESENTATIVE E-MAIL SAMPLE
From: operations@bbb.org [mailto:operations@bbb.org] Sent:
Tuesday, February 13, 2007 6:06 AMTo: XXXXSubject: BBB
Case #263621205 - Complaint for XXXX
Dear Mr./Mrs.
XXXX You have received a complaint in regards to your business services.
The complaint was filled by Mr. XXXX on 02/05/2007/ Use the link below to
view the complaint details:DOCUMENTS FOR CASE #263621205
Complaint Case
Number: 263621205
Complaint Made by Consumer Mr. XXXX Complaint
Registered Against: Company XXXX Date: 02/05/200.
Instructions on
how to resolve this complaint as well as a copy of the original complaint can be
obtained using the link below:DOCUMENTS FOR CASE #263621205
Disputes
involving consumer products and/or services may be arbitrated. Unless they
directly relate to the contract that is the basis of this dispute, the following
claims will be considered for arbitration only if all parties agree in writing
that the arbitrator may consider them: · Claims
based on product liability; · Claims
for personal injuries; · Claims
that have been resolved by a previous court action, arbitration, or written
agreement between the parties.The decision as to whether your dispute or
any part of it can be arbitrated rests solely with the BBB.The BBB
offers its members a binding arbitration service for disputes involving
marketplace transactions. Arbitration is a convenient, civilized way to settle
disputes quickly and fairly, without the costs associated with other legal
options. |
