BBB Warning: Phishing Scam Using BBB Name

This afternoon, unknown scammers began sending a wave of bogus emails to business owners and consumers. These emails were disguised to look like Better Business Bureau correspondence and asked people to open an attached Standard Business Questionnaire (SBQ), a form that BBBs use to gather information from businesses to create or update Business Reviews.

This attachment, however, delivers malware to the user’s computer, and should NOT be opened.

The Council of Better Business Bureaus (CBBB) has contacted its security vendor and initiated a takedown of the malicious site(s) behind this phishing scam. Over the past three years, BBB has taken down nearly 200 fraudulent sites of this kind.

Here are three ways to identify these scam emails:

  • The From line is “BBB Accreditation Services <firstnamelastname@newyork.bbb.org>.
  • The Subject line references “BBB SBQ Form” along with random reference numbers.
  • The malicious attachment is labeled “BBB SBQ Form.zip.”

The return addresses in the phishing emails are protected by CBBB’s use of DMARC (Domain-based Message Authentication, Reporting & Conformance), which helps protect recipients from fraudulent email. End users without DMARC filtering, however, must rely on their own spam filters for protection.

CBBB is asking that anyone who receives one of the fraudulent emails to forward it to phishing@council.bbb.org.

This entry was posted in Phishing Scam and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s