PDA

View Full Version : BBB Spam



fayt
10-26-2012, 01:07 PM
These fake emails from the Better Business Bureau get more realistic all the time. I got one that sounds exactly like someone from the BBB, it has the graphics, colors and layout from the BBB, a case number, it even comes from bbb.org as the reply email. Plus the address of the BBB is correct.

However the attachment is like complaintu8t983t93309.pdf.zip

I do not trust that at all and I forwarded it to my local BBB office. I know it's fake because I pulled up my BBB account and still have 0 complaints filed.

Please be careful everyone, before ever opening a zip file from something you expect is not real, check with the company or sender.

KristineS
10-26-2012, 01:20 PM
It is a amazing how much time some of these spammers take to try and make their crap look like the real thing. It's always a good reminder to check anything that's even the least bit suspicious. Better to be safe than sorry.

Pack-Secure
10-26-2012, 04:04 PM
We received this from our local BBB:

The BBB name and logo are being fraudulently used by criminals in an on-going phishing scam. The emails look very much like notice of a complaint from BBB, but contain links to malware that can infect your computer, steal passwords, etc. BBB is working with law enforcement, as well as with a private deactivation firm (at our own expense), to shut down as many criminal websites as possible. To date, we have shut down well over 100 sites.



If you get an email that looks like it is a BBB complaint or a request to update business information, here is what you should do:



1. Do NOT click on any links or attachments.



2. Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as "Dear member" instead of a name, etc.).



3. Be wary of any urgent instructions to take specified action such as "Click on the link or your account will be closed."



4. Hover your mouse over links without clicking to see if the address is truly from bbb.org. The URL in the text should match the URL that your mouse detects. If the two do not match, it is most likely a scam.



5. Send a copy of the email to phishing@council.bbb.org (Note: This address is only for scams that use the BBB name or logo)



6. Delete the email from your computer completely (be sure to empty your "trash can" or "recycling bin," as well).



7. Run anti-virus software updates frequently and do a full system scan.



8. Keep a close eye on your bank statements for any unexpected or unexplained transactions.

seolman
10-26-2012, 04:05 PM
So many of these out there now. Snopes.com is a good place to check out the validity of some of these scams. BBB posted a warning on their website about the bogus emails ALERT Malicious Complaint Email Claiming It (http://www.bbb.org/us/article/alert-scam-email-claims-its-from-bbb-30916)

fayt
10-26-2012, 10:32 PM
Great information, I'll forward it to their phishing department.

daveM
10-27-2012, 11:01 AM
Best to avoid opening emails unless you recognize the sender..

fayt
10-28-2012, 09:34 AM
Best to avoid opening emails unless you recognize the sender..

The sender was noreply@bbb.org
So that is what confuses me.

billbenson
10-28-2012, 03:17 PM
They want you to open the attachment, not send an email.

fayt
10-28-2012, 06:25 PM
Right, but the actual email address it was sent from, was that above.

Freelancier
10-29-2012, 07:38 AM
Right, but the actual email address it was sent from, was that above.

Unfortunately, it really wasn't. I do software, and it's child's play to make a little bit of code do that. E-mail is "from" whoever they want you to think it's from. Only a good server-based spam catcher is going to verify that the e-mail headers are valid. And even if the e-mail address is correct, you want to still suspect e-mails that are not in response to an e-mail you sent or an action you took (like submitting a form on a web site). It's too easy to hijack accounts these days (the most commonly used password is still 12345678).

fayt
10-29-2012, 08:02 AM
Even when clicking Reply it sends to noreply@bbb.org
I know on incoming it can be spoofed, but normally when you reply, it changes email.

Freelancier
10-29-2012, 08:54 AM
I know on incoming it can be spoofed, but normally when you reply, it changes email.
It's just a simple header that you can put in the mail message. Really, the only thing you can't easily spoof is the block of headers that indicate which upstream servers processed the e-mail. Everything else is up for grabs, including even the date of the e-mail.

fayt
10-29-2012, 10:20 AM
That is crazy, I think these people have too much control over what they can do.

billbenson
10-31-2012, 07:50 PM
Unfortunately, it really wasn't. I do software, and it's child's play to make a little bit of code do that. E-mail is "from" whoever they want you to think it's from. Only a good server-based spam catcher is going to verify that the e-mail headers are valid. And even if the e-mail address is correct, you want to still suspect e-mails that are not in response to an e-mail you sent or an action you took (like submitting a form on a web site). It's too easy to hijack accounts these days (the most commonly used password is still 12345678).

Did you know that in the top 100 passwords most commonly used is Pi i.e. 3.14 ...

machine
11-05-2012, 07:04 AM
I thought this thread was going to be about the BBB actually being a scam :)

adeliarisk
11-05-2012, 01:07 PM
I want to support what Freelancier was saying -- it's so easy to fake email addresses. In fact, just Google "send a fake email," and you'll find plenty of websites where you can do it (for fun only, please!).

The problem is that every month there's a new one. I've seen amazingly convincing emails like this from LinkedIn, UPS, FedEx, Amazon, Verizon Wireless, and more. Everyone needs to be careful clicking ANY link in ANY email.

Here are a couple of pretty cool tests that see how good people are at spotting these phishing emails, and training them to recognize attacks:
OpenDNS > Phishing Quiz (http://www.opendns.com/phishing-quiz/)
SonicWALL Phishing IQ Test (Formerly the MailFrontier Phishing IQ Test) (http://www.sonicwall.com/furl/phishing/)

Hope this helps,
Josh

jamesray50
11-06-2012, 12:24 AM
Opening the email won't infect my computer, will it? I thought it was just clicking on the link that shouldn't be done. And I also thought it was okay to type the address in a browser without infecting my computer. Am I wrong about all this?

P.S. My dad clicks on everything. Probably why his computer is so slow and horrible. Pop ups all the time, lots of problems. He always believes the emails from the banks and wants me to go immediately to the bank and withdraw all his money. I have to convince him the email is bogus and there is nothing wrong with his bank accounts. But, he is 88 now and easily forgets what he should and shouldn't do on the computer.

billbenson
11-06-2012, 12:46 AM
Opening the email won't do any damage. Clicking on links in the email or attachments will do damage. If you copy the link to your browser and open it it may do damage.

KristineS
11-06-2012, 12:25 PM
Here are a couple of pretty cool tests that see how good people are at spotting these phishing emails, and training them to recognize attacks:
OpenDNS > Phishing Quiz (http://www.opendns.com/phishing-quiz/)
SonicWALL Phishing IQ Test (Formerly the MailFrontier Phishing IQ Test) (http://www.sonicwall.com/furl/phishing/)


Apparently I'm pretty good at spotting phishing e-mails. Those quizzes were interesting. It's amazing how realistic some of those phishing e-mails appear to be.

fayt
11-06-2012, 07:22 PM
On opendns quiz I scored 13 out of 14. I messed up on the AA airlines.

dianecoleen
11-07-2012, 01:31 PM
Scam email will obviously hurt a computer once you've clicked on its link. Some of these emails maybe used as a tool and stole your password from you bank account and other important login information that you've saved on your computer. So better be aware on what to click when it comes to emails coming from the unknown. Perhaps there is a software that can determine what scam emails are or somewhat a notification for you to be informed that the email is coming from the unknown scammers? Does anybody knows a sort of scam determining software and the like?

MostHeather
11-07-2012, 06:31 PM
Hello DianeColeen~ These types of Email get sent out all the time in the hopes that an unsuspecting recipient will click on the attachment or links provided in it.

Once this happens it opens up a 'door' so to speak for the senders, so they can start harvesting sensitive information. These threats are especially problematic for businesses that have a network of computers and no Email security running on their corporate network. If even one person opens an attachment or clicks a malicious link it puts every computer on the network at risk of being probed because they are connected and can be compromised.

The smartest and most cost effective way to get rid of these Emails is by using a cloud Email Security suite that detects these types of mails and quarantines them so they aren't delivered and therefor can't be opened. Since they aren't delivered and aren't opened, the risk is taken away. If you would like to know more details, please let me know and I'll be happy to go into further detail.

:)

billbenson
11-07-2012, 09:03 PM
Hello DianeColeen~ These types of Email get sent out all the time in the hopes that an unsuspecting recipient will click on the attachment or links provided in it.

Once this happens it opens up a 'door' so to speak for the senders, so they can start harvesting sensitive information. These threats are especially problematic for businesses that have a network of computers and no Email security running on their corporate network. If even one person opens an attachment or clicks a malicious link it puts every computer on the network at risk of being probed because they are connected and can be compromised.

The smartest and most cost effective way to get rid of these Emails is by using a cloud Email Security suite that detects these types of mails and quarantines them so they aren't delivered and therefor can't be opened. Since they aren't delivered and aren't opened, the risk is taken away. If you would like to know more details, please let me know and I'll be happy to go into further detail.

:)

I can't tell you how many times a week I'm talking on the phone with a customer, send him a pdf manual or html quote and it goes into the server spam mail. He needs to call IT to try to get my quote. There comes a point where security measures interfere with business. You need to be careful that you don't go overboard or not allow the recipient access to the spam file.

MostHeather
11-08-2012, 07:46 AM
I can't tell you how many times a week I'm talking on the phone with a customer, send him a pdf manual or html quote and it goes into the server spam mail. He needs to call IT to try to get my quote. There comes a point where security measures interfere with business. You need to be careful that you don't go overboard or not allow the recipient access to the spam file.

Thanks for your response Bill. One of the benefits of a comprehensive Email security suite is that it gives your corporate Email a "White Listing" which assures a higher delivery rate. This means that you can send Emails that have large files without getting flagged for "Spam" because the sending Email address is both White Listed and scanned for virus threats automatically. Surprisingly, this isn't that expensive to implement and makes your IT guys job a lot easier! ;)

..and keeps your networked computers safe from remote Email threats, too. Which also makes your IT guy's job a lot easier..

billbenson
11-08-2012, 09:08 AM
Thanks for your response Bill. One of the benefits of a comprehensive Email security suite is that it gives your corporate Email a "White Listing" which assures a higher delivery rate. This means that you can send Emails that have large files without getting flagged for "Spam" because the sending Email address is both White Listed and scanned for virus threats automatically. Surprisingly, this isn't that expensive to implement and makes your IT guys job a lot easier! ;)

..and keeps your networked computers safe from remote Email threats, too. Which also makes your IT guy's job a lot easier..

Usually I can get the customer's email to him by having him send me an email and responding back. Sometimes that won't work either. I assume that really just is a poor implementing of what you are referring to.

Another problem is some customers strip off html. My quotes are in html.It's not a critical problem yet, but it is one I need to resolve eventually. If that happens I copy it to a a pdf convertor, save it, and send it to the customer as an attachment. That only takes two minutes or so do which doesn't sound like much, but when you get back to back phone calls, each for quotes, its not a very clean system. I'm currently workig on a script to take care of this, but I haven't had time to work on it in over a month.

MostHeather
11-08-2012, 11:02 AM
Usually I can get the customer's email to him by having him send me an email and responding back. Sometimes that won't work either. I assume that really just is a poor implementing of what you are referring to.

Another problem is some customers strip off html. My quotes are in html.It's not a critical problem yet, but it is one I need to resolve eventually. If that happens I copy it to a a pdf convertor, save it, and send it to the customer as an attachment. That only takes two minutes or so do which doesn't sound like much, but when you get back to back phone calls, each for quotes, its not a very clean system. I'm currently workig on a script to take care of this, but I haven't had time to work on it in over a month.

Thanks for your response, Bill.

That sounds like a lot of extra steps to get in touch/stay in touch with new and existing clients.

:) You are probably right about that. The solution that I'm talking about uses no hardware or software, and provides 24/7 protection against spam, phishing and viruses as well as providing a whitelist to assure that your messages are always delivered. Complete with your attachments. Every time. This helps streamline business so you don't have to call the IT guy or sit and wonder whether or not a message got delivered to your customers inbox - and not their spam folder.

If you decide that you don't have the time to keep bothering your IT guy, sending, resending and formatting your Email messages, I'd be happy to talk to you.. Kindly let me now.. :)

billbenson
11-08-2012, 12:06 PM
Well I'm a one man show.. It's my customers that have the issue, not me. If you think that you have a solution I'd love to hear it, but I don't have a problem receiving emails. Its my customers that often don't get them. The US Navy is often a problem and I doubt they will change the way they do things.

dianecoleen
11-08-2012, 02:17 PM
Hello DianeColeen~ These types of Email get sent out all the time in the hopes that an unsuspecting recipient will click on the attachment or links provided in it.

Once this happens it opens up a 'door' so to speak for the senders, so they can start harvesting sensitive information. These threats are especially problematic for businesses that have a network of computers and no Email security running on their corporate network. If even one person opens an attachment or clicks a malicious link it puts every computer on the network at risk of being probed because they are connected and can be compromised.

The smartest and most cost effective way to get rid of these Emails is by using a cloud Email Security suite that detects these types of mails and quarantines them so they aren't delivered and therefor can't be opened. Since they aren't delivered and aren't opened, the risk is taken away. If you would like to know more details, please let me know and I'll be happy to go into further detail.

:)

Thank you for clearly describing the tool. Really appreciate it. I must say that this email security are way pretty cool than I thought. As for me, once I received an email from an unknown sender I would probably move it to the spam folder and delete it forever. Well, that is obviously the way we are all doing with spam emails I guess. Thank you for offering your help although I'm afraid that I won't be needing that as I'm not in the field of email marketing.

MostHeather
11-08-2012, 07:11 PM
Thanks for your response, DianeColeen!

This service isn't just applicable to Email marketers, it's good for anyone that sends and receives Email. It helps keep the nasty mails out of your inbox - whether it's a spam message or a fake message from the BBB. If you're someone that sends out Email like BillBenson - I'm not sure that he's an 'Email Marketer' - from the way it sounds he just uses Email to send attachments and communicate with clients - you want to be sure that your message gets delivered..

If you're wondering about just how much Spam is being sent out, please check out the image below:

275

Source: Commtouch Software Online Labs (http://www.commtouch.com/Site/ResearchLab/statistics.asp)

That's a lot of Spam and I'm not talking the mystery meat you fry up for lunch!