Better Business Bureau hacked/phish scam

Four oF NINE · Nov 19, 2012

I found an e-mail that was ostensibly sent by Better Business Bureau in my junk mail folder. It was sent September 25, I didn't find it until November 17.

Being careful (I thought) I tried calling the number posted on the e-mail. It rang through to BBB HQ in Arlington VA. There was a vague statement about a complaint about my business, and there was a hyperlinked case file. I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.

What should I do? Does anyone have any ideas? Should I be worried?

Thanks

ChrisMan287 · Nov 19, 2012

Check it out on a friend's computer LOL.

mwhities · Nov 19, 2012

I pull links up that I don't trust up in my Safari on my iPhone.

Four oF NINE · Nov 20, 2012

So does anyone have ANY helpful ideas or insights on this issue?

mwhities · Nov 20, 2012

Check the email's headers. Verify that it came from the BBB or from some other source.

switon · Nov 20, 2012

RE: clicking that link...

By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

Good luck,
Switon

Caromsoft · Nov 20, 2012

I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links.

Four oF NINE · Nov 20, 2012

mwhities said:
Check the email's headers. Verify that it came from the BBB or from some other source.

Phone number and physical address were legitimate, as was the logo with the e-mail. But it was still fraudulent.

switon said:
By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

Good luck,
Switon

I haven't heard of anyone else's e-mail on my contact list getting this, but it's only been a couple of days

Thanks for the suggestions!

Caromsoft said:
I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links.

I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"

I'm probably okay, but it's put me into a precautionary mode.

I thought I was invulnerable with my Apple, I've NEVER had to run any AV stuff before, but there's not much defense against stuff I facilitate myself, I suppose.

Thanks to all of you!

mwhities · Nov 20, 2012

I understand that. I deal with this crap daily. If you look at the headers, you can find out where it came from. Not that you could really do much but, at least you can confirm it.

ChrisMan287 · Nov 20, 2012

My father actually got the same email today. He no haz business.

Spam.

switon · Nov 21, 2012

RE: Sophos and ClamXav...

Four oF NINE said:
I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"

Hi Four oF NINE,

Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

Just a suggestion...

Regards,
Switon

Four oF NINE · Nov 21, 2012

switon said:
Hi Four oF NINE,

Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

Just a suggestion...

Regards,
Switon

Thanks for the heads up, I wasn't aware of those issues. I removed Sophos after the successful scan btw.. I really prefer not having those things, but if I need one again, I'll go with ClamXav.

GGJstudios · Nov 21, 2012

Four oF NINE said:
I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.

If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.

Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

Weaselboy · Nov 21, 2012

GGJstudios said:
If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.

Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.

GGJstudios · Nov 21, 2012

Weaselboy said:
Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.

Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.

Weaselboy · Nov 21, 2012

GGJstudios said:
Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.

Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently

) understands what "install" means.

GGJstudios · Nov 21, 2012

Weaselboy said:
Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently ) understands what "install" means.

Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.

Weaselboy · Nov 21, 2012

GGJstudios said:
Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.

Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.

GGJstudios · Nov 21, 2012

Weaselboy said:
Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.

The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.

Weaselboy · Nov 21, 2012

GGJstudios said:
The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.

Okay, so clicking a link to visit a web site is "installing"... got it.

Yeah... visiting a web site is an "installation process"... alrighty. Just keep digging that hole.

Kind of funny the last time we had this discussion about your little copy/paste AV info telling people they could only get malware by "installing" something, you waited a few days and reworded that section and removed the word install.

vglazer · Nov 28, 2012

Four oF NINE said:
So does anyone have ANY helpful ideas or insights on this issue?

I did contact the real Better Bus. Bureau about it and was informed that it is a virus.

Better Business Bureau hacked/phish scam

macrumors 68000

macrumors 6502

macrumors 6502a

macrumors 68000

macrumors 6502a

macrumors 6502a

macrumors regular

macrumors 68000

macrumors 6502a

macrumors 6502

macrumors 6502a

macrumors 68000

macrumors Westmere

Moderator

macrumors Westmere

Moderator

macrumors Westmere

Moderator

macrumors Westmere

Moderator

macrumors newbie

Our Staff