Better Business Bureau is warning businesses not to click on an email that claims to be a “BBB SBQ” (Standard Business Questionnaire). The email was sent out this morning to what is believed to be tens of thousands of businesses across the country. The email has a ZIP file attachment that links to a site that can download malware on the user’s computer.
Spoofing well-known and trusted brands is a common scam tactic. Other organizations such as the IRS, the FBI and Fortune 500 companies have been spoofed in similar phishing campaigns that victimized consumers and businesses.
“As soon as we heard about the scam, we immediately notified our security vendors and we are in the process of taking down the website,” said Ben Steinberg, Chief Information Officer for the Council of Better Business Bureaus, the umbrella organization for 112 local, independent BBBs across North America. “We have a structure in place to quickly address and mitigate the impact of scammers who use our name. Our highest priority is protecting the public.”
The emails are coming from the domain “BBBL.org,” which is not a BBB domain name, although it is clearly designed to look as if it is. The domain name was created last October and is registered to an individual in Antwerp, Belgium. It’s not immediately clear if the domain owner is directly involved in the phishing scam, but BBB will be turning over its information to the FBI and Interpol for further investigation.
BBB offers this advice to anyone who receives this or other unsolicited emails with links or attachments:
- Do not click on links or open attachments in unsolicited email.
- If your email program allows it, tag the email as spam.
- Report the email to your Internet Service Provider.
- If you are unsure if an email is legitimate, call the sender using a phone number that you know to be correct (not from the email).
- Check out BBB Scam Stopper (bbb.org/scam) for additional information on scams.
Howard Schwartz, CT Better Business Bureau