Spammers are using the name of the Better Business Bureau to propagate malware, according to security company Sophos Ltd
Sophos discovered that emails labeled as coming from the BBB and purporting to contain information about a customer complaint have been actually carry malware.
Sophos said businesses should be wary of such emails because the BBB does not typically send out such emails concerning customer complaints. These messages “have been spammed out widely across the internet by cybercriminals hoping that you will be tricked into opening the malicious attachment,” Sophos said.
The spam letter reads:
Here with the better Business Bureau notifies you that we have received a complaint (ID [random number]) from one of your customers with respect to their dealership with you.
Please open the attached Compliant Report below to obtain more information on this matter and let us know of you point of view as soon as possible.
We are looking forward to your prompt reply.
Better Business Bureau
Sophos identified the malicious code contained within the attached file as Troj/Bredo-RK.
“Unfortunately, you’ll not be winning an award for good customer service by responding to the complaint – instead you’ll be unwittingly infecting your Windows computer with malware,” according to Sophos.