They're at it again! Phony emails bearing the BBB name are bombarding in-boxes across the country and right here in our area as well. The recent attack on consumers and businesses led the FBI to issue an alert this week about the recurrent scam. Most of the emails come with the subject line “Complaint from your customers” and have a link or an attachment containing malicious phishing malware that steals information, often with devastating results.
Like many financial institutions and government agencies, BBB's visibility and reputation for trust makes us an ideal vehicle for scammers. Consider that bbb.org receives over six million visits every month; this makes us an attractive decoy for fraud and malicious activity.
We recommend that all domain owners set up a sender policy framework (SPF) and set their spam filter to use it. Using the SPF standard helps fight spam and phishing attacks by allowing your email servers to verify whether an email is legitimate.
Microsoft offers a simple, four-step process for setting up an SPF: www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/.
There are two authentic BBB email addresses that should be whitelisted:
• @bureaudata.com (for complaints)
• @akronbbb.org (for local correspondence)
If you receive an email saying that your business has a complaint filed against it with BBB, there are several things you can do to authenticate it:
• Look for typos, grammatical errors, etc. in the text that could indicate it originated overseas.
• Check to see who it says it is from. Complaints go out from the local BBBs, not from the headquarters office. If you "whitelisted" the two addresses above, this may eliminate your problems.
• Hover your mouse over the link to see if its destination is really a bbb.org address.
• Copy and paste the link into Notepad (not Word). Notepad does not support html, so if the link is a fake bbb.org address, the real link will show up.
Note - an authentic email from BBB will always:
• Come from your local BBB - not the Council of Better Business Bureaus or a BBB from another state.
• The from email address is email@example.com. The "xx" will be replaced with your BBB complaint contact person's initials.
• The email will include a secure HTTPS link to the complaint details.
• Complaints are never sent as attachments.
The BBB system is working with federal law enforcement agencies to identify the perpetrator(s) of this fraud and has retained a deactivation company to help with those efforts.
For more information on this and other scams, please call us at at (330) 253-4590 or visit www.akron.bbb.org.