Phishing Scam Targets BBB, Warns the Bureau
The BBB (Better Business Bureau) has sent out an alert to businesses in the U.S. and Canada that a scam using name and fake e-mail address of BBB is circulating in the wild, reported 'wibw' on March 2, 2007.
The computer systems of one Tucson and an advertising company based in Kennesaw, Georgia had been hacked since February, said the Bureau. Each of the company's computers has been producing bulk of fake messages that outlined a complaint with the BBB.
The Southern Arizona-based BBB is answering calls of businesses in Tucson, which say they have received an apparent complaint from the e-mail id: firstname.lastname@example.org and a hyperlink showing a complaint case number like "DOCUMENTS FOR CASE#BBA749BEDO"
As recipients click on the link embedded in the e-mail, it leads them to a phishing site. The link opens a sub-directory of hacked website of a victim firm. The sub-directory guides users to download documents concerning the complaint. The Bureau alerts that the download is an executable file that is actually a computer virus. phishing e-mails try to extract responses giving personal information such as names, addresses and financial details.
BBB is a network of non-profit agencies for 95 years that deals with consumer complaints. The e-mails purporting from BBB told businesses that they were the topic of a complaint and the link provided the related documents.
The Georgian company's computer system was first hacked on February 12, 2007 leading to a generation of innumerable phony e-mails pretending to be a complaint lodged with BBB.
According to a local BBB spokeswoman Kim States, two weeks earlier there was a phishing attack from the e-mail address email@example.com. The e-mail cited false return address, firstname.lastname@example.org<mailto:email@example.com> and also had a phishing hyperlink giving a case number for a BBB complaint such as "DOCUMENTS FOR CASE#263621205". The U.S. Secret Service Electronics Crime Task Force is carrying on with the investigation.
Tucson businesses that are not sure of the legitimacy of e-mail they receive should call the BBB member hotline at 888-6161. BBB urges recipients of e-mail from firstname.lastname@example.org to delete it and also not click on its links.
Related article: Phishing With A Redirector Code
» SPAMfighter News - 15-03-2007
We are happy to see you are reading our IT Security News.