Companies are being urged to think twice before opening notices of complaint from the BBB as an intense phishing campaign ramps up targeting business owners. An email from Central Indiana branch of the BBB issued statements claiming that the “BBB name and logo are being fraudulently used by criminals” in a social engineering scheme.
Fraudulent emails are delivered under the guise of a violation complaint. Over 100 malicious websites have been shut down in response to attempts over the last few days.
Here are signs that you’re being targeted:
1. Check BBB emails to ensure details look legitimate. Poor formatting, typos, grammar mistakes, and generic form field greetings are all signs of a phishing email.
2. Double-check the sender’s email address. Does it appear accurate?
3. Do not click, save, or open any attachments or links.
4. Social engineers take advantage of fear, urgency, and doubt to rush targets into a rash decision. If an email asks you to take a specific action (like opening an attachment) to maintain your account or rating, think twice.
If you believe that you may be the target of a phishing email, follow these steps:
1. Delete the email and ensure that you empty your recycling bin.
2. If you clicked any links or opened attachments, immediately change your log-in credentials.
3. Watch your finances. If you see any unexpected transactions, you may want to investigate further.
4. Ensure that your endpoint protection is running with all available updates installed.
With proper understanding of social engineering practices, you can stay safe even against emerging threats.
Here’s a quick look at one of the inbox impostors:
The silver lining
Phishing is a topic to discuss in your workplace. This BBB scam represents a prime example of social engineering and cyber security safety that can be dissected for your team. Building a culture of cyber security in the workplace is a best practice that every business should keep on its to-do list. We encourage you to print the sample email provided above, highlight the tell-tale clues of social engineering, and hold a discussion with your staff about email security.
If you found a suspicious BBB notification in your inbox, do your part by reporting the email to firstname.lastname@example.org.
Fortunately, you don’t have to worry about fraudulent emails when you use SonicWall’s TotalSecure Email Protection.