(BBB news release) The Council of Better Business Bureaus issued the following statement Tuesday:
“For the past 4+ months, BBB has been the victim of a massive phishing scam that uses our name and logo to fool people into thinking the email is from BBB concerning a complaint against their business. Although they appear to be coming from a BBB computer, they are not.
The emails appear to have been totally random in who they are sent to. They have gone to businesses, but they have also gone to individuals who have never owned a business, as well as to educational, nonprofit and government addresses. There is no indication that BBB Accredited Businesses are being targeted.
The emails appear to be part of a criminal campaign that has spoofed other trusted identities, including Bank of America, Intuit (maker of Turbo-Tax) and the Internal Revenue Service. The FBI has made this a priority and CBBB is working closely with their cyber crime division and other law enforcement agencies to shut down the scammers.
The spammers’ goal is to get as many email recipients as possible to click on the link within the email which redirects to a website infected with malware. If you clicked on the link within these emails, your computer is likely to be infected. The criminals then use that malware to transfer money out of bank accounts or obtain additional email addresses.
BBB is directing many resources to combat this attack. We have hired security specialists to track the fraudulent emails and shut down the websites hosting the malware. We have been working with forensic criminal experts to make sure no malware has infiltrated BBB’s computers or those of our vendors.
In the past week, many recipients have gotten multiple copies – sometimes dozens or even hundreds – of the same email. This may be due to some unsophisticated “copycat” spammers who don’t even know or care that they are sending multiples of the same email.
The two things people can do right now to prevent being victimized by this scam or other phishing scams:
* Install good anti-virus software on your computer(s) and get regular updates of virus definitions several times a day.
* Never click on links in emails that have come to you unsolicited.
If you have clicked on a link in one of these emails, run a complete system scan of your computer or network, and make sure your anti-virus software includes elimination of the Zeus or Z-bot virus.”