Scheme uses Email and Blogs to Encourage Recipients to Register Software with BBB
Austin, Texas, October 24, 2008 - Better Business Bureau is alerting consumers and businesses about a phishing scheme that uses both email messages and blog posts directing recipients and viewers to register software with BBB. BBB wants the public to know that such messages and posts are not coming from any element of the BBB System. This attack has not affected BBB computer systems or networks, nor has any data been comprised.
Reports to BBB indicate that businesses began receiving bogus messages yesterday requiring them to "register new software and update contact information" with BBB, using a link. In investigating the attack, BBB also discovered phony "notices" and postings on various blogs being used as additional tactic to reach victims.
"The messages and posts are most likely part of a large-scale phishing scam leveraging the trusted nature of the BBB name to entice recipients and bloggers to open messages and access attachments or links," says Carrie A. Hurt, President and CEO of BBB serving Central, Coastal and Southwest Texas. "Anyone receiving an email or viewing a blog requiring the registration of software with BBB should not click on any links or in any way respond to the message, because doing so may allow harmful viruses or spyware to enter the recipient's computer or network."
Following is a copy of an actual email associated with this phishing scheme:
---------- Original Message ----------------------------------
From: "Better Business Bureaus Account Service"
Date: Wed, 22 Oct 2008 21:04:22 +0000
Attention Better Business Bureaus Consumers!
We've enhanced web surfing process with new security measures to keep your online data and personal information safer. All registered and new BBB consumers must register new software and update contact information until October 24, 2008. Please read the following information carefully:
Register your BBB company certificate here>>>Link
As always, we appreciate your business. And thank you for working with us.
Sincerely, Sherry Hopper
2008 Council of Better Business Bureaus
"end of message"
BBB has determined that there are a number of addresses and subject lines being used in to perpetrate the email element of the attack. Following is a representative sample of actual address and subject lines used in this attack.
- Address: "Better Business Bureaus Service Center" provisor399@bbb.org
- Subject Line: Council of Better Business Bureaus - We restrict access to nonpublic personal information about you
- Address: "Better Business Bureaus Update" provisor633@bbb.org
- Subject Line: Better Business Bureaus, Attention: Protecting your personal information
- Address: Better Business Bureaus Support Center provisor062@bbb.org
- Subject Line: Better Business Bureaus, Attention: Shred unwanted documents that contain personal information.
The phishing scheme is also appearing on multiple blog sites. Following is a representative example of the type message BBB research and investigation has discovered on a number of blog sites.
"We've enhanced web surfing process with new security measures to keep your online data and personal information safer. All registered and new BBB consumers must register new software and update contact information until October 24, 2008." Please read the following information carefully>>>Link
BBB is advising consumers and businesses to take the following precautions and actions to steer clear of this phishing attack and to protect their computer systems and networks.
- Anyone receiving an email similar to those described should not open the message, not click on any links, or respond to the message - the message is not from any entity affiliated with BBB. Opening or viewing a preview of the email, or clicking on the link within the email, could enable a discreet download of a virus or spyware.
- Report receipt of any such messages. BBB is working with the U.S. Secret Service's Electronic Crimes Task Force (ECTF) to address phishing issues using the BBB name. BBB has established an email address - phishing@council.bbb.org- people can use to forward the message to, thereby reporting the incident to BBB and the ECTF.
- The public can view updates and the latest information on the phishing attack on the BBB website at the Security and Alerts Web page at http://www.bbb.org/securityalerts.
About the BBB System
BBB's mission is to be the leader in advancing marketplace trust. BBB accomplishes this mission by creating a community of trustworthy businesses, setting standards for marketplace trust, encouraging and supporting best practices, celebrating marketplace role models and denouncing substandard marketplace behavior. Businesses that earn BBB Accreditation contractually agree and adhere to the organization's high standards of ethical business behavior. BBB provides objective advice, free business BBB Reliability Reports and charity BBB Wise Giving Reports, as well as educational information on topics affecting marketplace trust. To further promote trust, BBB also offers complaint and dispute resolution support for consumers and businesses. The first BBB was founded in 1912. Today, 128 BBBs serve communities across the U.S. and Canada, evaluating and monitoring more than 3 million local and national businesses and charities. Please visit bbb.org for more information about the BBB System.
This Better Business Bureau is currently supported by approximately 8,900 Accredited Business locations and serves more than 5.5 million consumers in its 62-county service area in Texas. These counties include: Aransas, Atascosa, Bandera, Bastrop, Bee, Bell, Bexar, Blanco, Bosque, Burnet, Caldwell, Calhoun, Comal, Comanche, Coryell, De Witt, Dimmit, Duval, Edwards, Falls, Fayette, Freestone, Frio, Gillespie, Goliad, Gonzales, Guadalupe, Hamilton, Hays, Hill, Jackson, Jim Wells, Karnes, Kendall, Kerr, Kinney, Kleberg, Lampasas, La Salle, Lavaca, Limestone, Live Oak, Llano, Maverick, McLennan, McMullen, Medina, Mills, Navarro, Nueces, Real, Refugio, San Patricio, San Saba, Travis, Uvalde, Val Verde, Victoria, Webb, Williamson, Wilson and Zavala.