The Better Business Bureau has shut down 100 phony websites and alerted law enforcement that the BBB name and logo are being fraudulently used by criminals in an ongoing phishing scam.
The phony emails are similar to a notice of a complaint from BBB, but contain links to malware that can infect your computer and steal passwords.
In an official release, the BBB issued the following warning to business owners and consumers:
“You may have received an email that says your company is the subject of a complaint fled with BBB, or that a customer review about your business has been posted. It may reference a case number or a particular scam, or it may be vague on the details. These emails are going to companies AND individuals.
In each case, they ask you to click on a link that appears to go to a BBB page. However, if you hover your mouse over the link, you will see that the link routes to a non-BBB page.
If you did click on a link or open or download any attachments, your computer may have unwittingly downloaded a stealthy malware program which is able to pass by most anti-virus programs undetected. In the event you clicked on a link, you should consider having your computer scanned by a trusted computer repair facility to see if any malware is present and, if so, can be removed.
If you did not click on any links or attachments, you are still strongly encouraged to run a complete virus scan on your system.”
The BBB has also issued the following list of what you should do in case you get an email that looks like it is a BBB complaint:
- Do NOT click on any links or attachments.
- Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
- Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
- Hover your mouse over links without clicking to see if the address is truly from bbb.org. The URL in the text should match the URL that your mouse detects. If the two do not match, it is most likely a scam.
- Send a copy of the email to firstname.lastname@example.org (Note: This address is only for scams that use the BBB name or logo)
- Delete the email from your computer completely. (Be sure to empty your “trash can” or “recycling bin,” as well.)
- Run anti-virus software updates frequently and do a full system scan.
- Keep a close eye on your bank statements for any unexpected or unexplained transactions.
If you have a business and are not certain whether the complaint is legitimate, contact your BBB at (877) 267-5222.