A new scam using the BBB name popped up this morning, and has been received by consumers and businesses across the U.S. and Canada, including many BBB offices.

How the Scam Works:

Two versions of the email have been received. One claims to be following up on a complaint filed with BBB, the other is asking for updated contact information “as a service to BBB Accredited Businesses.”

Both are good fakes – they use correct grammar and follow formats often used by BBB, so they look quite realistic. Both refer the recipient to an online form, and the address appears to be that of a local BBB. However, if you hover your mouse over the web address (the part that begins with http), you can see that the real address is not BBB at all. DO NOT CLICK ON THE LINK! The link actually takes you to a rogue website that downloads a Trojan virus on your computer.

BBB is working with a professional deactivation service to take down the websites that are spreading the malware, and we have reported the incident to the FBI and other law enforcement agencies. Consumers are urged to delete suspicious emails and keep their anti-virus software up-to-date at all times.

Example of the Phishing Email:

Thank you for supporting your Better Business Bureau (BBB).

As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.

We encourage you to use our ONLINE FORM to provide us with this updated information. The URL below will take you directly to this form on our website:

http://app.alaskaoregonwesternwashington.bbb.org/sbq [LINK REMOVED]
(UserID: 882600422 Password: mcvn34JDF3r54f)

You may also complete the form on the reverse side of this letter and mail to PO Box 1000; DuPont, WA; 98327; or fax to (206)436-5496.

Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.

Thank you again for your support, and we look forward to receiving this updated information.

Sincerely,

Accreditation Services

Better Business Bureau of Southern Arizona is warning consumers of a scam targeting the financial data of Facebook, Hotmail, Yahoo, and Gmail users. The scam infects its victim’s computers with a version of the Zeus Trojan virus- a malware program regularly used to commit bank fraud.

Trusteer, the computer security firm that discovered the scam, says the virus targets Facebook users by getting them to link their Visa or MasterCard debit cards to their Facebook account; enticing them with a fake 20 percent cash back offer.

Malware scams on social networks can be particularly malicious because the fraudulent offers appear to come from trusted friends. In the case of Facebook, scammers will often hijack a user’s  account by getting the user to click on their post and accept their application, which can give the scammers access to all of the user’s account information, and allow them make unauthorized posts in the user’s name.

The Zeus Trojan virus has been used by scammers for years to steal financial information from unsuspecting consumers. Different versions of the virus are used by vast international crime syndicates, who have employed the virus to steal over $60 million and infect over 4 million computers in 196 countries since 2007, according to the FBI.

BBB offers these tips to users of social networks to avoid scams:

• When using Facebook, never install a game or an application that you’re not entirely sure is legitimate.
• On Facebook and Twitter be wary of posts from friends that use overtly promotional language. Examples would be: “Check out how I lost 20 pounds in two weeks,” or “I just received a FREE $50 Amazon gift card. Click here to get yours!”  A good rule of thumb: if it doesn’t seem like language your friend would normally use, your friend probably didn’t post it.
• Never click on Facebook posts, or install applications, that claim they will tell you which of your friends viewed your profile. It’s impossible to find out who is viewing your profile, and any application that claims it can show you is a scam.
• On Twitter and Facebook beware of promotional offers using shorted links that look similar to this: http://is.gd/b8XwNO. While shortened links are commonly used by legitimate businesses, they mask the true URL of the destination Web site, and scammers will use them to direct their victims to sites that will infect their computers with malware.
• If you mistakenly install a dubious application on Facebook click on the “Home” icon in the top right-hand corner of the site, and go to “Account Settings.” On the right-hand column of the page click on the icon that says “Apps,” and uninstall the suspect application. After you do that, BBB recommends you change your account password in case that has been compromised as well.

For more information on how you can keep your financial and personal data safe online visit www.bbb.org/data-security. If you think you may have been a victim of an online scam you can file a complaint with the FBI at www.ic3.gov.