Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« main.php Vector Change | Main | Post-Christmas Malware Lure »

December 21, 2011

Fake BBB Malware Lure

Today's lunchtime inbox morsel is a message aimed at the industrious small business worker/owner who tries to keep the company's customer reputation in first-class condition. The message claims to represent the Better Business Bureau, who has supposedly received a complaint from a customer.

Subject: Your customers concern

Better Business Bureau®
Start With Trust®

RE: Case # 58871023

Dear Sirs,

The Better Business Bureau has got the above-referenced complaint from one of your customers regarding their dealings with you.
The details of the consumer's concern are explained in attached file.
Please give attention to this case and notify us of your opinion.
We encourage you to open the ATTACHED REPORT to answer this complaint.

We look forward to your urgent reply.


Shawna Dennis

Dispute Counselor
Better Business Bureau

Privacy Policy | Terms of Use | Trademarks | Find a BBB | BBB Directory
© 2011 Council of Better Business Bureaus

In addition to the many grammatical errors in the message, the forged headers of this message are a mess. The From: field shows an address from a legitimate web site domain — not the BBB; the To: field is addressed to someone at cya.ca.gov (the California Youth Authority). Now I'd wager that some of the CYA's "customers" complain, but not through the BBB.

Although the action item of the message indicates that the complaint is in an attached file, instead there is a link to a hijacked web site. The offending page had been taken down by the site's owner (Way to go!), so I don't know if the page contained the main.php iframe or script download technique. Poker professionals will tell you that if you are bluffing, the story you're representing has to be solid so your opponent(s) can believe your bull. This one fails miserably.

I truly don't care where the links lead. I'd rather recipients be aware that this message — or any message that attempts to get the recipient all riled up and click-happy — is phony and potentially dangerous if they click the link.

Posted on December 21, 2011 at 04:05 PM