Better Business Bureau 'Complaint Received' Malware Emails

Outline
Email purporting to be from the Better Business Bureau claims that a complaint has been received about the recipient. The recipient is advised to click a link and provide a response or risk cancellation of BBB accreditation status.



Brief Analysis
The email is not from the Better Business Bureau. The link in the message opens a website that harbours malware. Several variations of these malware emails have been distributed in recent months. If you receive an unsolicited email claiming to be from the BBB about a supposed customer complaint, do not click any links or open any attachments that it may contain.

Enter your email address to subscribe to the Hoax-Slayer Newsletter:

Last updated: September 26, 2012
First published: September 26, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Example

Detailed Analysis

According to this email the Better Business Bureau (BBB) has received a complaint about the recipient's business practices. The complaint suggests that the recipient's business may be involved in a check and money order scam. The recipient is advised to respond to the complaint by clicking a link in the email. The message also warns that if the recipient does not provide a response within 7 days, his or her BBB accreditation status may be cancelled. The message comes complete with BBB logos and formatting.

However, the message is not from the Better Business Bureau and the supposed complaint has no validity whatsoever. In fact, the message is an attempt by online criminals to trick people into downloading and installing malware. The message contrives to panic business owners into clicking the link without due forethought in the mistaken belief that their reputation may be damaged by a false complaint.

Those who are taken in by the ruse and click the "complaint" link will be taken to a webpage that displays a "Please wait, page loading" message like the one shown on the right. The page will then automatically redirect to a compromised website that harbours malware. Once installed, such malware can download and install further malware components, collect sensitive information from the compromised computers and communicate with remote servers operated by online criminals. This version appears to hold a copy of the infamous Blackhole Exploit Kit, a collection of malware that can exploit various vulnerabilities on the targeted computer.

The Better Business Bureau's name and logo has been misused repeatedly in similar malware messages in recent months. As with this version, most of the malware messages claim that a complaint has been leveled against the recipient. Some versions urge recipients to open an attached file rather than click a link. Both links and attachments in the bogus emails can install malware.

The BBB has published information about these scams on its website. If you receive one of these messages, do not click on any links or open any attachments that it contains. If you are in doubt as to the veracity of a complaint, contact your local BBB directly.





References
Emails “BBB Complaint activity report” is an email security risk
BBB assistance malware attack strikes again
New Phishing Scam Hurts Small Businesses

---

Pages in this issue:

1. Miley Cyrus 'Sex Tape' Facebook Scam
2. AT&T 'Account Limit Exceeded' Phishing Scam
3. Visa - Mastercard 'Security Incident' Phishing Scam
4. 'Letter from Barack Obama' Advance Fee Scam
5. 'Blue Tiger' Picture on Facebook
6. Better Business Bureau 'Complaint Received' Malware Emails
7. Facebook Survey Scam - Free £100 ASDA Voucher
8. Windows Email Security Update Phishing Scam
9. Gmail 'Free Apple iPad Reward' Survey Scam
10. 'Personal Assistant' Money Laundering Scam