BBB Issues Alert for Phishing Attack Targeting Thousands of Businesses and Consumers
Scam uses the “BBB” Name to Attract Victims

UPDATE - Arlington, VA, March 1, 2007 - The Better Business Bureau System warns all businesses across the United States and Canada of a spoofing scam using the BBB name and a false BBB e-mail address to entice recipients to access potentially damaging hyperlinks.

In February, a firm had its computer system hacked and that firm's system generated thousands of counterfeit messages to businesses and consumers, purporting to be a complaint filed with the BBB. Recently, another firm was hacked and similar emails have been received by businesses across the country.

The attack has NOT affected the computer system of any BBB nor have any of their data been compromised. As with most other phishing attacks, the perpetrators have attempted to pose as a respected business to gain the confidence of phishing victims. The BBB is working with authorities to thwart these malicious attacks.

The most recent e-mail has a false return address of and a phishing hyperlink citing a BBB complaint case number, for example, "DOCUMENTS FOR CASE #BBA749BED0". These links actually direct access to a subdirectory of the hacked firm's website where users are asked to download documents related to the complaint. The download is actually an executable file that is believed to be some form of a computer virus.

All recipients are advised that any e-mail from the address is not coming from any BBB and should be considered counterfeit. The BBB strongly encourages recipients of any such message to delete the message immediately without clicking on the "DOCUMENTS FOR CASE" links.

The phishing e-mail return address of does not exist and is being "spoofed." Spoofing occurs when an e-mail address is altered to appear as if the message originated from a legitimate source. This is a common practice for both spam e-mail and phishing operations.

Phishing is a term coined by computer hackers, who use e-mail to fish the Internet hoping to "hook" recipients into giving their logins, passwords and/or other sensitive information. In all these scams, the phisher first impersonates a legitimate company. In a typical scam, the phisher instructs recipients to click on a convenient link to receive or provide information that can then be used by phishers to access the recipient's sensitive personal or business information. For more information about phishing and for tips to avert other scams, please visit

An actual example of the false e-mail message is provided below. Names and other forms of identifying information have been removed from the example.



From: []
Sent: Thursday, March 1, 2007 6:06 AM
Subject: BBB Complaint for XXXXXXX - Case #BBA749BED0

Dear Mr./Mrs. XXXX

You have received a complaint in regards to your business services. The complaint was filled by Mr. XXXX on 02/28/2007/
Use the link below to view the complaint details:


Complaint Case Number: BBA749BED0
Complaint Made by Consumer Mr. XXXX
Complaint Registered Against: Company XXXX
Date: 02/28/2007

Instructions on how to resolve this complaint as well as a copy of the original complaint can be obtained using the link below:


Disputes involving consumer products and/or services may be arbitrated. Unless they directly relate to the contract that is the basis of this dispute, the following claims will be considered for arbitration only if all parties agree in writing that the arbitrator may consider them:
- Claims based on product liability;
- Claims for personal injuries;
- Claims that have been resolved by a previous court action, arbitration, or written agreement between the parties.

The decision as to whether your dispute or any part of it can be arbitrated rests solely with the BBB.

The BBB offers its members a binding arbitration service for disputes involving marketplace transactions. Arbitration is a convenient, civilized way to settle disputes quickly and fairly, without the costs associated with other legal options.