BBB Spoofed in Complain Confirmation Phishing E-mailThe Better Business Bureau is warning businesses and consumers to be careful of a newly launched phishing scam. The scam is actually based on an e-mail confirming a complaint filed by the recipient with the BBB against certain business. Phishing, state Internet security specialists, is a computer hackers' practice of sending e-mails in anticipation of 'hooking' recipients. Hackers craft these e-mails in such a way that the recipients would divulge their login details, passwords as well as other sensitive details. The current phishing e-mails first drew the BBB's notice on October 15, 2009. Describing how the attack worked, the specialists said that there was a fake address viz. operations@bbb.org given in the e-mail for sending replies to along with a phishing web-link that mentioned the case number of complaint - "DOCUMENTS FOR CASE #263621205." However, the link redirected the user to a subsidiary directory of hacked company's website. At this website, the e-mail recipients were encouraged to download documents. Nevertheless, the download led to a malicious executable, which contained a PC worm. As typical of phishing and spam mails, the reply address, operations@bbb.org is non-existent and a hoax. According to the security specialists, when consumers formally file a complain to the BBB against any business, they might get a confirmation message electronically from it followed by more e-mails that report of their complaints' status. Thus, in the current scam, phishers have copied those e-mails and added the target's full name along with that of the business against which the complaint has supposedly been filed. The BBB states that the individuals whom the scam targeted are employees of the businesses whose names have been involved in the complaints, but these individuals in reality didn't lodge any complaint, as reported by FOX28 on October 20, 2009. In the end, the security specialists remarked that in case a person got an e-mail confirming a complaint and claiming that it was from the Better Business Bureau, but the person hadn't in reality formally complained to the BBB, then he should not follow any given web-links. Rather he must delete the e-mail or send it to phishing@council.bbb.org. Related article: BBA Outlines Steps To Ward Off Online Fraud ยป SPAMfighter News - 11/2/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
