Your Better Business Bureau of
Mainland BC warns all businesses of a spoofing scam using the BBB name
and a false BBB email address to entice recipients to access
potentially damaging hyperlinks.
"The email has not affected the computer system of our BBB nor has
any of our data been compromised," says Lynda Pasacreta, President of
the Better Business Bureau of Mainland BC. "Like most other phishing
attacks, the perpetrators have attempted to pose as a respected
business to gain the confidence of phishing victims. The BBB is working
with authorities to thwart these malicious attacks."
Earlier this year a company in the US had its computer system hacked
and that firm's system generated thousands of counterfeit messages to
businesses and consumers, purporting to be a complaint filed with the
BBB.
The most recent email has a false return address of BEFEA7@bbb.com
and a phishing hyperlink citing a BBB complaint case number, for
example, "DOCUMENTS FOR CASE #BBA749BED0". These links actually direct
access to a subdirectory of the hacked firm's website where users are
asked to download documents related to the complaint. The download is
actually an executable file that is believed to be some form of a
computer virus.
All recipients are advised that any email from the BEFEA7@bbb.com
address is not coming from any BBB and should be considered
counterfeit. The BBB strongly encourages recipients of any such message
to delete the message immediately without clicking on the "DOCUMENTS
FOR CASE" links.
The phishing email return address of BEFEA7@bbb.com does not exist
and is being "spoofed." Spoofing occurs when an email address is
altered to appear as if the message originated from a legitimate
source. This is a common practice for both spam email and phishing
operations.
Phishing is a term coined by computer hackers, who use email to fish
the Internet hoping to "hook" recipients into giving them logins,
passwords and/or other sensitive information. In all these scams, the
phisher first impersonates a legitimate company. In a typical scam, the
phisher instructs recipients to click on a convenient link to receive
or provide information that can then be used by phishers to access the
recipient's sensitive personal or business information.
An actual example of the false email message:
Names and other forms of identifying information have been removed from the example.
For more information about what to do if you receive a fraudulent email, visit: http://www.bbb.org/alerts/security.asp