Better Business Bureau 'Complaint Received' Malware EmailsOutline
Emails purporting to be from the Better Business Bureau claim that a complaint has been received about the recipient. The recipient is advised to click a link or open an attachment and provide a response or risk cancellation of BBB accreditation status.
The emails are not from the Better Business Bureau. Some of the messages contain links that open a website that harbours malware. Others include the malware in an attached file. Several variations of these malware emails have been distributed in recent months. If you receive an unsolicited email claiming to be from the BBB about a supposed customer complaint, do not click any links or open any attachments that it may contain.
May 28, 2014
Case# 4033361: [Name Removed]
As you are aware, the Better Business Bureau contacted you regarding the above-named complainant, seeking a response to this complaint. Your position is available online.
The following URL (website address) below will take you directly to this complaint and you will be able to view the response directly on our website:
The complainant has been notified of your response.
The BBB believes that your response adequately addresses the disputed issues and/or has exhibited a good faith effort to resolve the complaint. The complaint will close as "Administratively Judged Resolved" and our records will be updated.
If you fail to honor your agreement or if the consumer has information that disputes the accuracy of your firm's response, we will notify your office with substantiation to support the consumer's position and the case will be re-opened. Cases will not be re-opened without documentation or good cause.
The BBB appreciates this opportunity to serve you. Dispute Resolution Department.
Subj: Complaint Case #32997120
November 14, 2012
The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.
As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.
In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by November 16, 2012. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint, answer the questions and respond to us. (self-extracting archive, Adobe PDF)
We look forward to your prompt attention to this matter.
Better Business Bureau Complaint Department
Subject: BBB Case #8629393
Dear business owner, we have received a complaint about your company possible involvement in check cashing and Money Order Scam.
You are asked to provide response to this complaint within 7 days.
Failure to provide the necessary information will result in downgrading your Better Business Bureau rating and possible cancellation of your BBB accreditation status.
According to these emails, the Better Business Bureau (BBB) has received a complaint about the recipient's business practices. Some of the "complaints" suggests that the recipient's business may be involved in a check and money order scam. Others do not detail the supposed issue, but claim that information about the complaint is included in an attached file. In many variants, the recipient is advised to respond to the complaint by clicking a link in the email. Others instruct users to open an attachment and print out a file. The messages also warn that if the recipient does not provide a response within a specified time frame, his or her BBB accreditation status may be cancelled or other actions may be taken . The messages often come complete with BBB logos and formatting.
However, the messages are not from the Better Business Bureau and the supposed complaint has no validity whatsoever. In fact, the messages are an attempt by online criminals to trick people into downloading and installing malware. The messages contrive to panic business owners into clicking a link or opening an attachment without due forethought in the mistaken belief that their reputation may be damaged by a false complaint.
Those who are taken in by the ruse and click the "complaint" link will be taken to a webpage that displays a "Please wait, page loading" message.
The page will then automatically redirect to a compromised website that harbours malware. Once installed, such malware can download and install further malware components, collect sensitive information from the compromised computers and communicate with remote servers operated by online criminals. Some versions appear to hold a copy of the infamous Blackhole Exploit Kit, a collection of malware that can exploit various vulnerabilities on the targeted computer.
Other versions include the malware inside an attached file.
The Better Business Bureau's name and logo has been misused repeatedly in similar malware messages in recent months. Most of the malware messages claim that a complaint has been leveled against the recipient. Some versions urge recipients to open an attached file rather than click a link. Both links and attachments in the bogus emails can install malware.
The BBB has published information about these scams on its website. If you receive one of these messages, do not click on any links or open any attachments that it contains. If you are in doubt as to the veracity of a complaint, contact your local BBB directly.
Last updated: May 30, 2014
First published: September 26, 2012
By Brett M. Christensen
Emails “BBB Complaint activity report” is an email security risk
BBB assistance malware attack strikes again
New Phishing Scam Hurts Small Businesses