Not all crooks are dummies. In fact, many are very smart. How many times have you heard the sentiment, “If only they’d use their skills for legitimate purposes…”? These clever con men know the businesses and brands that we trust and they take advantage of that trust by using an iconic symbol, like the Better Business Bureau (BBB), to lull us into a false sense of security when we see their logo, all in an attempt to separate us from our money.
If you own or work for a small business, be careful not to automatically take email messages you receive from the BBB at face value. There are a handful of hoaxes that seem to resurface every year using the BBB’s good name and mark to trick us. These email scams all start similarly with fraudulent email messages posing as the BBB. The fake emails are often signed with the address of the Council of Better Business Bureaus, which is the national office of the BBB system. The email messages are very convincing looking, often using what appears to be standard BBB formatting, including details like a user ID, reference number, and password, which are similar to the authentic complaint case notices from the real BBB. The messages are usually well written with good grammar and no spelling errors. Here are three angles the spammers have taken:
FOLLOW-UP ON COMPLAINT FILED WITH BBB — An email with the subject line “Complaint from your customers” may be a scam. Just like the real ones, the fake emails inform you that a customer has filed a complaint about a negative experience they’ve had with your company. The messages often include language, such as:
We encourage you to use our ONLINE COMPLAINT system to respond to this complaint.
The following URL (website address) below will take you directly to this complaint and you will be able to enter your response directly on our website:
Often the email refers the recipient to a zip file attachment, which supposedly contains a copy of the complaint.
Do Not Open the Attachment or Click On the Link!
When you receive this type of notice, your first instinct might be to jump right in and resolve the complaint by opening the attachment or clicking on the link provided in order to view the details, just as they suggest. Don’t click it, it may link to a non-BBB website. Instead, hover your mouse over the website address or URL (the part that begins with http://). That may reveal the actual address, which may not be BBB at all. Then again, it may not, so still tread lightly even if it appears to be a BBB website address. The link might actually take you to a rogue website that downloads malicious software onto your computer in the form of a virus, like a trojan, or other malware such as a botnet, all of which are ultimately designed to steal banking information and passwords.
REQUEST FOR UPDATED CONTACT INFORMATION “AS A SERVICE TO BBB ACCREDITED BUSINESSES” – Another tact the fake emails take is to appeal to your sense of system integrity, as in the following:
As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.
We encourage you to use our ONLINE FORM to provide us with this updated information. The URL below will take you directly to this form on our website:
…Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily…
CONFIRMING CLOSURE OF A COMPLAINT FILED WITH BBB – Another way to get businesses to open malicious attachments or fake links is to draw your attention to a “resolved” complaint that you knew nothing about until now. Again, the email message is “phishing” to get you to open a file or click on a link in pursuit of answers to this supposed complaint, as follows:
As you are aware, the Better Business Bureau contacted you regarding the above-named complainant, seeking a response to this complaint. Your position is available online.
The following URL (website address) below will take you directly to this complaint and you will be able to view the response directly on our website:
…The complainant has been notified of your response.
The BBB believes that your response adequately addresses the disputed issues and/or has exhibited a good faith effort to resolve the complaint. The complaint will close as “Administratively Judged Resolved” and our records will be updated.
If you fail to honor your agreement or if the consumer has information that disputes the accuracy of your firm’s response, we will notify your office with substantiation to support the consumer’s position and the case will be re-opened. Cases will not be re-opened without documentation or good cause…
What To Do If You Receive an Email…
Though you might, at first, be concerned that your business has a disappointed customer, make sure the “complaint” passes the sniff test first. In other words, if you don’t have any clients or customers who pay for your company’s products or services in advance, then it’s unlikely they need to involve the BBB to remedy things.
Question the timing and supposed affiliations referenced in the email. If your business is a CPA firm and the email ties your company to the American Institute of CPAs during tax season, don’t assume it stands to reason so it must be legitimate.
- DO NOT open any attachments or click on any links to a website.
- If you are not certain whether the complaint is legitimate, contact your local BBB (www.bbb.org/find).
- Read emails carefully with a critical eye and look for clues of fakes, such as misspellings, poor grammar, generic or non-specific greetings.
- Don’t be tricked into reacting too quickly by urgent instructions such as, “Click on the link or your account will be closed.”
- Delete the email from your computer completely by emptying your “Deleted Items”, “Trash”, or “Recycle Bin”.
- Forward the email to email@example.com or alert them at https://www.bbb.org/scam/report-a-scam/ so the BBB’s security team can track the fraudsters. The BBB Council warns businesses and consumers that the return email address, firstname.lastname@example.org, is not valid for the BBB.
- Keep your antivirus software up-to-date at all times by running updates frequently, or better yet, have them set to update automatically. If you’ve already clicked on a link in the e-mail, run a full virus scan of your computer. Using an antivirus, spam filtering, and firewall software helps protect your business against the risks of malware attacks, such as botnets and trojans.