Better Business Bureau discovered that counterfeit BBB complaint notices are being sent out to businesses across the country—these e-mails appear to be a phishing attempt—which came to BBB’s attention on April 12, 2010.
Several businesses across the U.S.—including law firms, advertising agencies and architecture firms—have reported receiving a suspicious e-mail from the address "firstname.lastname@example.org." The subject line says "BBB Complaint Case #... (Ref #...)." Each one comes with a nine-digit case number and a 21-digit reference number.
The body of the e-mail claims that the company did not respond to a complaint filed by a consumer named Jason Harlow. E-mails contain a link that says "please click here to access the complaint." Those who hover over the link will find that it goes to ca-bbb.org, a fake BBB Web site page that has been suspended and is currently unavailable.
A copy of the actual e-mail follows:
Both BBB Accredited and non-Accredited businesses have been targeted.
"Part of BBB's role in the marketplace is to be a trusted third-party, which involves sending correspondence and informing businesses of complaints and compliments from consumers. It's really unnerving that someone is trying to defraud our system," said Robert W.G. Andrew, CEO of BBB serving Alaska, Oregon and Western Washington. "We want business owners to feel like they can trust all communications coming from our organization, which is why we are taking steps to stop unauthorized imitators."
BBB Of Alaska, Oregon and Western Washington does not:
- • Refer to itself as "Seatac BBB."
- • Send complaints to businesses outside of its service area. Based on where they are located, businesses can expect to hear from their local BBB only. For example, your BBB would not send a complaint notice to a company located in any state other than Alaska, Oregon, or Western Washington.
- • Send e-mails requesting private information. Do not provide personal details or payment information via unsolicited e-mail.
- Businesses that receive suspicious e-mails claiming to be from BBB should take the following steps:
- • Do not click on any links or reply to the message.
- • Forward it to email@example.com and delete it from your inbox.
- • Run a virus scan on your computer.
Businesses are encouraged to verify the legitimacy of BBB e-mails: If you receive an e-mail from Better Business Bureau about a complaint and need assistance in determining if it is legitimate, contact your BBB directly at 206-431-2222 or e-mail firstname.lastname@example.org.
For more advice on how to protect your business from malicious online attacks and data breaches, visit www.bbb.org/data-security.