Phishing Scam Using BBB’s Name Spreading Malware

According to a recent report by Sophos Labs, one new scam e-mail that poses as a message from BBB (Better Business Bureau) and has the agency's logo is circulating online while so tricks users that they willingly view its malevolent attachment.

Security researchers state that it isn't unusual to hear about scammers who exploit financial institutions, government agencies as well as consumer watchdog groups such as BBB by using their names in their sinister strategies.

Displaying a striking header like "Urgent: Your Prompt Reply is Necessary" or "Complaint from your customers," the latest fake electronic mail tells the recipient that the BBB is informing him that a customer of his has sent the agency a complaint denoted with the (ID [random number]) in connection with that customer's dealership with the recipient. Here, the message requests the recipient to read the Complaint Report in a given attachment as well as know further about the problem so he may give his viewpoint ASAP.

But, the attachment along with a web-link in the e-mail carries malevolent phishing malware, which seizes data, leading to dire outcomes. Incidentally, Sophos identifies this malware as Troj/Bredo-RK.

Meanwhile, BBB officials say that the scam messages can be recognized via the attachments they have for, genuine BBB e-mails don't ever have files attached.

Nevertheless, incidents of BBB being hit with a phishing scam isn't new, while fraudsters utilizing its name as well as logo attempt at injecting malicious code via the phishing electronic mail. In fact, during January 2012, a fake e-mail that had a web-link "Start with Trust" was doing the rounds particularly to target businesses while the web-link carried malware like viruses.

Hence, security specialists state that incase anybody unexpectedly gets an e-mail asserting as being sent from BBB, but feels suspicious about it, he must send it at BBB's phishing@council.bbb.org before erasing it permanently. Moreover, he mustn't follow any given web-link or view any given attachment since they could contaminate his PC with malware. However, just in case he follows the web-link by clicking on it he must directly scan his computer wholly with anti-virus software.

Related article: Phishing With A Redirector Code

» SPAMfighter News - 2/14/2012