Last updated: November 15, 2012
First published: September 26, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subj: Complaint Case #32997120
November 14, 2012
The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer's concern are included on the reverse. Please review this matter and advise us of your position.
As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.
In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by November 16, 2012. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint, answer the questions and respond to us. (self-extracting archive, Adobe PDF)
We look forward to your prompt attention to this matter.
Better Business Bureau Complaint Department
Subject: BBB Case #8629393
Dear business owner, we have received a complaint about your company possible involvement in check cashing and Money Order Scam.
You are asked to provide response to this complaint within 7 days.
Failure to provide the necessary information will result in downgrading your Better Business Bureau rating and possible cancellation of your BBB accreditation status.
According to these emails, the Better Business Bureau (BBB) has received a complaint about the recipient's business practices. Some of the "complaints" suggests that the recipient's business may be involved in a check and money order scam. Others do not detail the supposed issue, but claim that information about the complaint is included in an attached file. In many variants, the recipient is advised to respond to the complaint by clicking a link in the email. Others instruct users to open an attachment and print out a file. The messages also warn that if the recipient does not provide a response within a specified time frame, his or her BBB accreditation status may be cancelled or other actions may be taken . The messages often come complete with BBB logos and formatting.
However, the messages are not from the Better Business Bureau and the supposed complaint has no validity whatsoever. In fact, the messages are an attempt by online criminals to trick people into downloading and installing malware. The messages contrive to panic business owners into clicking a link or opening an attachment without due forethought in the mistaken belief that their reputation may be damaged by a false complaint.
Those who are taken in by the ruse and click the "complaint" link will be taken to a webpage that displays a "Please wait, page loading" message like the one shown on the right.
The page will then automatically redirect to a compromised website that harbours malware. Once installed, such malware can download and install further malware components, collect sensitive information from the compromised computers and communicate with remote servers operated by online criminals. Some versions appear to hold a copy of the infamous Blackhole Exploit Kit, a collection of malware that can exploit various vulnerabilities on the targeted computer.
Other versions include the malware inside an attached file.
The Better Business Bureau's name and logo has been misused repeatedly in similar malware messages in recent months. Most of the malware messages claim that a complaint has been leveled against the recipient. Some versions urge recipients to open an attached file rather than click a link. Both links and attachments in the bogus emails can install malware.
The BBB has published information about these scams on its website. If you receive one of these messages, do not click on any links or open any attachments that it contains. If you are in doubt as to the veracity of a complaint, contact your local BBB directly.
Emails “BBB Complaint activity report” is an email security risk
BBB assistance malware attack strikes again
New Phishing Scam Hurts Small Businesses