The IC3 has received several complaints from businesses regarding an e-mail, purportedly from the BBB, which states the BBB has received a complaint from a customer regarding their business.
The recipient is asked to review the complaint attached to the e-mail and respond to the BBB. The file attached to the e-mail contains a virus.
In one complaint received by the IC3, a business claimed their computer was infected with a virus after opening the attachment in the e-mail they received.
As a result, the business lost nearly $100,000 when fraudsters successfully wired money from the company's bank account after the virus enabled them to capture passwords and other important banking information.
The BBB posted the following alert on December 7, 2011:
ALERT Malicious Complaint E-mail Claiming It's From BBBBetter Business Bureau is issuing an urgent SCAM alert cautioning businesses and consumers about an email that looks like it is from BBB, with the subject line "Complaint from your customers." This e-mail is fraudulent; ignore its contents and delete it immediately. If you have already clicked on a link in the e-mail, run a full virus scan of your computer.
The e-mails have return addresses that BBB does not use (one example is riskmanager@bbb.org) and it is signed with the address of the Council of Better Business Bureaus, the national office of the BBB system. The e-mail contains a link to a non-BBB web site. Do NOT click on the link.
BBB is working with law enforcement to determine its source and stop the fraudulent campaign.
This is what the email looks like (click image to enlarge):
