The watchdog agency says it was recently victimized by con artists employing a “phishing” scam that has potentially affected tens of thousands of people from the Middle Tennessee business community.
The really messed up part is the scammers are preying on businesses using the good name of the BBB, the very agency that targets such scams.
BBB spokeswoman Kathleen Calligan says it started in mid-April, when she said hundreds of thousands of emails started arriving in the inboxes of business people.
The emails indicated that a client or customer of that business had filed a complaint with the BBB.
To find out more about the nature of the complaint, the email urges the recipient to click on the link.
Calligan says that is all this email wants people to do.
“Everyone is familiar with phishing emails, they are scam emails and consumers are savvy. If they don’t ID the sender they delete the email. We have been doing a lot of education, getting people to ask, is this real from your bank or credit union? But what if you are a business? What if you get an email from the BBB that says click on this link, you have a customer complaint. All businesses that get an email like this from the BBB are concerned. This email identified itself from the BBB. Unfortunately, a lot of companies clicked on the link and found out the hard way, the link was sending a virus to their computer, or maybe nothing happened, but [the link] sent in a hidden Trojan bot that will cause problems later.”
Calligan says lawyers, architects and service companies that are in good standing with the BBB all received the emails.
I called one of the lawyers on the list. The recipient says he can’t remember if he clicked on the link or not, though he did report the email to the BBB.
Calligan says do not click on the link and contact your IT department immediately.
“If it is a customer email we have a customer ID number for you, and we’ll have a contact number asking you to call us or email us. You will not be asked to click on a link.”
“It will send more phishing emails to everyone from your address book and it will look like it comes from you. The major concern is it embeds itself and monitors your key strokes and attaches to your online banking.”
Calligan says identity theft is still the number one fraud in America.
“The ID of a consumer or business is highly coveted by con artists. Clicking on the link gives them access to everything in your email account and your address book. The bigger worry, is it’s a virus or it might be malicious, malware that will attach and lay dormant and when you do online banking they have your password and account number and then they have you.”