Hackers are using the Better Business Bureau name to trick people into downloading a virus onto their computer systems. The bogus email spoofs both the BBB name and a false BBB e-mail address to carry out the scam.
The BBB says a Kennesaw, Georgia firm had its computer system hacked this week. The firm's system is now generating thousands of counterfeit messages to businesses and consumers, purporting to be a complaint filed with the BBB.
The e-mail has a false return address of operations@bbb.org and a phishing hyperlink citing a BBB complaint case number, for example, "DOCUMENTS FOR CASE #263621205".
These links actually direct access to a subdirectory of the hacked firm's website where users are asked to download documents related to the complaint. The download is actually an executable file that is believed to be some form of a computer virus.
"All recipients are advised that any e-mail from the operations@bbb.org address is not coming from any BBB and should be considered counterfeit," the organization said in a statement. "The BBB strongly encourages recipients of any such message to delete the message immediately without clicking on the "DOCUMENTS FOR CASE" links."
The BBB said the e-mail return address of operations@bbb.org does not exist and is being "spoofed." Spoofing occurs when an e-mail address is altered to appear as if the message originated from a legitimate source. This is a common practice for both spam e-mail and phishing operations.
Phishing is a term coined by computer hackers, who use e-mail to fish the Internet hoping to "hook" recipients into giving them logins, passwords and/or other sensitive information.
In all these scams, the phisher first impersonates a legitimate company. In a typical scam, the phisher instructs recipients to click on a convenient link to receive or provide information that can then be used by phishers to access the recipient's sensitive personal or business information.
