E-Mail Scams Purport from BBB
A spurious scam targeted the Better Business Bureau network on February 13, 2007. The scammers sent out e-mails to a number of Canada and United States' businesses asking them for downloading the software that is perhaps a computer worm.
BBB reported a Georgia company's computer system suffered a hacking attack on the night of February 12, 2007. The result was a churning of large volume of fake messages spoofing a complaint lodged with the BBB. BBB is a network of non-profit organizations that addresses consumer grievances. The network has been running for 95 years.
The phony messages purporting to originate from BBB told companies that the recipients were the focus of a complaint and asked recipients to open the link for related documents. Upon clicking on given link, an address book appeared belonging to an infected PC while the malware distributed the fake e-mail to new recipients, divulged Steve Cox, Better Business Bureau Council's spokesman in a statement that Washington Post published on February 14, 2007.
The e-mail contains a spoof return address i.e. firstname.lastname@example.org<mailto:email@example.com and a hyperlink for phishing providing a BBB's complaint case-number like "DOCUMENTS FOR CASE #263621205". In reality these links make illegal access to subdirectory of the website of hacked firm. Here the mail encourages the recipients to download the documents connected to complaint. And, the download actually is an exe file, which is a computer worm.
One of the members of BBB functioning for Columbus, GA and the adjoining area first reported the incident. Puzzled businessmen started making phone calls to the Arlington based office of the council at 6am on February 12, 2007, said Cox. A little later in mid-morning it was confirmed by the council that the attack spread widely on the system.
Cox exclaimed it was the first attack they experienced on such a large scale.
The BBB warned all recipients that any e-mail from firstname.lastname@example.org<mailto:email@example.com> ID is not from their organization but are counterfeit e-mails. BBB recommends deleting such messages right away.
The scam is a true case of 'phishing' in which an attacker uses a legitimate looking e-mail intending to gain personal information.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 23-02-2007