Security Alerts

Beware! The BBB name continues to be used in "phishing" scams. Fraudulent emails containing malicious links and viruses have been sent to businesses and consumers around the country claiming to contain information on a complaint filed with the Better Business Bureau. None of the BBB's computer and email systems are involved in this hoax. The BBB and authorities are working together to stop these continued attacks. 

10/21/2008- New Phishing Scheme luring consumers and businesses to "register" software with the BBB. Please do not click on any links contained within any associated email.

Following is a copy of an actual e-mail associated with this phishing scheme:

---------- Original Message ----------------------------------
From: "Better Business Bureaus Account Service" <provisor670@bbb.org>
Date:  Wed, 22 Oct 2008 21:04:22 +0000

Attention Better Business Bureaus Consumers!

We've enhanced web surfing process with new security measures to keep your online data and personal information safer.
All registered and new BBB consumers must register new software and update contact information until October 24, 2008.
Please read the following information carefully:

Register your BBB company certificate here>>>Link>>>>

As always, we appreciate your business. And thank you for working with us.

Sincerely, Sherry Hopper.
2008 Council of Better Business Bureaus

BBB has determined that there are a number of addresses and subject lines being used in to perpetrate the e-mail element of the attack. Following is a representative sample of actual address and subject lines used in this attack.


• Address: “Better Business Bureaus Service Center " provisor399@bbb.org
• Subject Line: Council of Better Business Bureaus - We restrict access to nonpublic personal information about you

• Address: "Better Business Bureaus Update" provisor633@bbb.org
• Subject Line: Better Business Bureaus, Attention: Protecting your personal information

• Address: Better Business Bureaus Support Center provisor062@bbb.org
• Subject Line: Better Business Bureaus, Attention: Shred unwanted documents that contain personal information.

The phishing scheme is also appearing on multiple blog sites. Following is a representative example of the type message BBB research and investigation has discovered on a number of blog sites. 

“We've enhanced web surfing process with new security measures to keep your online data and personal information safer.
All registered and new BBB consumers must register new software and update contact information until October 24, 2008.”
Please read the following information carefully>>>Link >>>>

BBB is advising consumers and businesses to take the following precautions and actions to steer clear of this phishing attack and to protect their computer systems and networks.

• Anyone receiving an e-mail similar to those described should not open the message, not click on any links, or respond to the message – the message is not from any entity affiliated with BBB. Opening or viewing a preview of the e-mail, or clicking on the link within the e-mail, could enable a discreet download of a virus or spyware.

• Report receipt of any such messages. BBB is working with the U.S. Secret Service's Electronic Crimes Task Force (ECTF) to address phishing issues using the BBB name. BBB has established an e-mail address - phishing@council.bbb.org – people can use to forward the message to, thereby reporting the incident to BBB and the ECTF.



6/05/2008- The BBB name is being used in a "phishing" scam in which recipients receive a message from message from either of the following addresses:

seatac@go-bbb.com
operations@bbb.org
idtheft@bbb.org 
seatac@bbb.org

The message reads, with some variations:



WHAT TO DO IF YOU RECEIVE A FRAUDULENT EMAIL:
  • Do NOT click on any of the links or open any of the attachments.
  • Please help us in our work with the authorities by forwarding the email and its headers to phishing@council.bbb.org. Instructions for Outlook users are below.
    • Open the message (not the attachment), select ‘View’ from the menu, and then ‘Options’ from the drop down. Or, right click the message in the list of emails and select ‘Options’ from the menu.
    • At the bottom of the Message Options dialogue box that opens is a box labelled "Internet Headers" which contains the information we need to track the attacks.
    • Select the information in the box and copy it by hitting Ctrl-C on your keyboard, or right-clicking your mouse and selecting "Copy."
    • Close the dialogue box and select "Forward" in the message. Paste the headers at the top of the message and address the email to phishing@council.bbb.org.


Thank you for your diligence and help in stopping these malicious attacks.

PREVIOUS WARNINGS 
4/24/2008- The BBB name is being used in a "phishing" scam in which recipients receive a message from message from either of the following addresses:operations@bbb.org, idtheft@bbb.org 
seatac@bbb.org


3/19/2008-The BBB name is being used in a "phishing" scam in which recipients receive a message from message from either of the following addresses: operations@bbb.org, idtheft@bbb.org and seatac@bbb.org


2/27/2008 The BBB name is being used in a "phishing" scam in which recipients receive a message from message from either of the following addresses: operations@bbb.org, idtheft@bbb.org and seatac@bbb.org


1/23/08  The BBB name is being used in a "phishing" scam in which recipients receive a message from diputes@la.bbb.org (which is not a real address and note the misspelling of "disputes"). The message is replete with grammatical and spelling errors.

12/17/07  The BBB name is being used in a "phishing" scam in which recipients receive a message from disputes@us.bbb.org (which is not a real address).

10/23/07  The BBB name is being used in a "phishing" scam in which recipients receive a message from fraud@bbb.org (which is not a real address).

10/10/07  The BBB name is being used in a "phishing" scam in which recipients receive a message from various addresses, none of which are real, and include:
  • complaint@bbb.org
  • idtheft@bbb.org
  • onlineidentitytheft@euro-viza.com
  • consumer-complaints@euro-viza.com

9/18/07  The BBB name is being used in a "phishing" scam in which recipients receive a message from various addresses @complaint.bbb.org and idtheft@bbb.org (which are not real addresses).

6/18/07  The BBB name is being used in a "phishing" scam in which recipients receive a message from various addresses, none of which are real, and include:
  • complaints@bbb.org
  • operations@bbb.org
  • consumer-complaints@bbb.org
  • complains-serv@bbb.org
  • compl-srv@bbb.org
  • complntscentercase@bbb.org
  • fraud@bbb.org


WHAT TO DO IF YOU RECEIVE A FRAUDULENT EMAIL:
  • Do NOT click on any of the links or open any of the attachments.
  • Please help us in our work with the authorities by forwarding the email and its headers to phishing@council.bbb.org. Instructions for Outlook users are below.
    1. Open the message (not the attachment), select ‘View’ from the menu, and then ‘Options’ from the drop down. Or, right click the message in the list of emails and select ‘Options’ from the menu.
    2. At the bottom of the Message Options dialogue box that opens is a box labelled "Internet Headers" which contains the information we need to track the attacks.
    3. Select the information in the box and copy it by hitting Ctrl-C on your keyboard, or right-clicking your mouse and selecting "Copy."
    4. Close the dialogue box and select "Forward" in the message. Paste the headers at the top of the message and address the email to phishing@council.bbb.org.

Thank you for your diligence and help in stopping these malicious attacks.