informa
/
2 MIN READ
News

Better Business Bureau Spoofed In Phishing Scam

The agency is warning people of a spoofing scam that is using the Better Business Bureau name and a false e-mail address to lure users to click on links and connect with malicious Web sites.
The Better Business Bureau has found itself tangled up in a phishing attack that is blasting U.S. and Canadian consumers and businesses.

The agency, which is a network of local offices that investigate consumer complaints, issued a statement on its Web site, warning people of a spoofing scam that is using the Better Business Bureau name and a false e-mail address to lure users to click on links and connect with malicious Web sites. A computer system in a Kennesaw, Ga. business on Monday night was compromised, the agency said. The compromised computers were then used to generate thousands of counterfeit messages, claiming to be a complaint filed with the agency.

The e-mail has a phony return address of [email protected] and a hyperlink citing a Better Business Bureau complaint case number. The agency gave "DOCUMENTS FOR CASE #263621205" as an example. The links actually direct access to a subdirectory of the hacked firm's Web site where users are asked to download documents related to the complaint.

The download, however, is actually an executable file that is believed to be some form of a computer virus, according to the agency's release.

"All recipients are advised that any e-mail from the [email protected] address is not coming from [the Better Business Bureau] and should be considered counterfeit," the warning says. "The Better Business Bureau strongly encourages recipients of any such message to delete the message immediately without clicking on the "DOCUMENTS FOR CASE" links."

The phishing e-mail return address of [email protected] does not exist and is being spoofed. Spoofing means that an e-mail address is altered to appear as if the message originated from a legitimate source.

Phishing is when hackers send out fraudulent e-mails in attempt to con people into giving up sensitive personal and financial information. Phishing is an increasingly popular tool for hackers and cyber thieves. In January, a California man was found guilty of operating a sophisticated phishing scheme that attempted to dupe thousands of AOL users. It was the first jury conviction under the Can-Spam Act of 2003. He's facing a maximum sentence of 101 years in prison.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing