Emails “BBB Complaint activity report” is an email security risk
September 24, 2012 8 Comments
MX Lab, http://www.mxlab.eu, started to intercept a new email based security risk with subjects like:
BBB Complaint activity report
BBB Case #9782213
The email is send from “Better Business Bureau” with a spoofed emailaddress in the form of DD3A0C27@domain.tld (random numbers and letters in capitals) in and has the following body:
Dear business owner, we have received a complaint about your company possible involvement in check cashing and Money Order Scam.
You are asked to provide response to this complaint within 7 days.
Failure to provide the necessary information will result in downgrading your Better Business Bureau rating and possible cancellation of your BBB accreditation status.
Council of Better Business Bureaus
3033 Wilson Blvd, Suite 600
Arlington, VA 22201
Phone: 1 (703) 276.0100
Fax: 1 (703) 525.8277
Image screenshot of the email:
A second version is sent from the spoofed email address “firstname.lastname@example.org” and with the subject “BBB – Read Your Customer Review”:
One of your customers has submitted a review of your company.
The Customer Review has NOT yet been posted in your BBB Business Review.
You can read the Customer Review and at your option provide a comment by logging into your BBB account.
Please login and use the link below.
Your BBB ID: 84167
Your emails is: email@example.com
All Customer Reviews are posted after one full business day.
Note:You can login to your BBB account and submit a comment to any Customer Review at any time.
290 Donald Lynch Boulevard, Suite 102
Marlborough, MA 01752-4705
Email ID: bcebfb9b
To confirm this email please login it at http://www.bbb.org/boston/login.
This mailing was sent to ****@*****.be.
This message is being sent to you by Better Business Bureau Serving Eastern Massachusetts, Maine, Rhode Island and Vermont.
Recommendation: when receiving such an email, put it in the trash or remove it from your system and most important do not click on any malicious URLs.