Fake BBB Emails Take On New Look

Fake BBB Emails Take On New Look

Typically e-mails used in phishing attacks have some tell-tale signs such as poor spelling, incorrect dates, and missing logos.  Recently a much more sophisticated phishing attack has started.  This attack appears to come from the Better Business Bureau.  It informs you that your business has had a complaint filed against it, and that you must respond quickly or your business will be tagged with an unfavorable rating.  Unlike past phishing attempts, this e-mail appears to use the correct BBB logo.  The spelling and grammar is passable (with a few noted exceptions we will discuss below).  The return address looks to be a BBB e-mail address.  Also the dates appear to be the current year and a recent day.

Example of a FAKE e-mail purporting to be from the Better Business Bureau:

BB-sample-phishing-attempt

So how can you tell that these e-mails are in fact bogus attempts aimed at getting you to visit a fraudulent site?  There are a few clues.

  1. Like all e-mails of this type, you want to avoid clicking on any link.  Instead, however over the link.  Doing so will show you the true destination of the link.  In this case the links go to a page that says BBB but on a domain like buymoresales.com or salepriceshoes.com.  Seeing a link that goes to a domain you do not recognize is your first and best clue.
  2. The e-mail fails to name your business.  It may have your e-mail address, but it will not have the name or address of your business.  Any real alert from BBB will have your business name, business address, and phone number.
  3. There are grammatical errors which indicate the sender was not a native English speaker.  In the example above you will note the sentence that includes “communicate with us about your glance”.  That phrasing is not normal.  Nor is the part about “ask you to overview”.
  4. If you have the ability to check the e-mail headers, you will find that the e-mail address is spoofed.. the e-mail does not actually come from the bbb.org domain as the return address claims.

As always if you have questions about an e-mail you receive, DO NOT click on any links, open any attachments, or download any images.  Contact us to have a look at it with you.