Go Back   MacRumors Forums > Apple Systems and Services > OS X > OS X 10.8 Mountain Lion

Reply
 
Thread Tools Search this Thread Display Modes
Old Nov 19, 2012, 07:05 PM   #1
Four oF NINE
macrumors 65816
 
Four oF NINE's Avatar
 
Join Date: Sep 2011
Location: Soviet Union
Better Business Bureau hacked/phish scam

I found an e-mail that was ostensibly sent by Better Business Bureau in my junk mail folder. It was sent September 25, I didn't find it until November 17.

Being careful (I thought) I tried calling the number posted on the e-mail. It rang through to BBB HQ in Arlington VA. There was a vague statement about a complaint about my business, and there was a hyperlinked case file. I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.

What should I do? Does anyone have any ideas? Should I be worried?

Thanks
Four oF NINE is offline   0 Reply With Quote
Old Nov 19, 2012, 07:17 PM   #2
ChrisMan287
macrumors 6502
 
Join Date: Nov 2012
Location: NY.
Check it out on a friend's computer LOL.
__________________
15" PowerBook G4, 1.67GHz, 2GB RAM, 250GB HD ; 16GB iPad2.
ChrisMan287 is offline   0 Reply With Quote
Old Nov 19, 2012, 07:39 PM   #3
mwhities
macrumors 6502a
 
Join Date: Jul 2011
Location: Mississippi
Send a message via AIM to mwhities Send a message via MSN to mwhities
I pull links up that I don't trust up in my Safari on my iPhone.
__________________
Late '11 MBP 17" - Blue Nano 8G - Black 4S 16G/64G - Black iPad2 16G - Black iPad mini 16G - 2TB TC
mwhities is offline   0 Reply With Quote
Old Nov 20, 2012, 03:37 AM   #4
Four oF NINE
Thread Starter
macrumors 65816
 
Four oF NINE's Avatar
 
Join Date: Sep 2011
Location: Soviet Union
So does anyone have ANY helpful ideas or insights on this issue?
Four oF NINE is offline   0 Reply With Quote
Old Nov 20, 2012, 07:18 AM   #5
mwhities
macrumors 6502a
 
Join Date: Jul 2011
Location: Mississippi
Send a message via AIM to mwhities Send a message via MSN to mwhities
Check the email's headers. Verify that it came from the BBB or from some other source.
__________________
Late '11 MBP 17" - Blue Nano 8G - Black 4S 16G/64G - Black iPad2 16G - Black iPad mini 16G - 2TB TC
mwhities is offline   1 Reply With Quote
Old Nov 20, 2012, 07:32 AM   #6
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: clicking that link...

By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

Good luck,
Switon
switon is offline   1 Reply With Quote
Old Nov 20, 2012, 03:21 PM   #7
Caromsoft
macrumors member
 
Join Date: Jun 2012
I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links.
Caromsoft is offline   2 Reply With Quote
Old Nov 20, 2012, 07:14 PM   #8
Four oF NINE
Thread Starter
macrumors 65816
 
Four oF NINE's Avatar
 
Join Date: Sep 2011
Location: Soviet Union
Quote:
Originally Posted by mwhities View Post
Check the email's headers. Verify that it came from the BBB or from some other source.
Phone number and physical address were legitimate, as was the logo with the e-mail. But it was still fraudulent.

Quote:
Originally Posted by switon View Post
By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

Good luck,
Switon
I haven't heard of anyone else's e-mail on my contact list getting this, but it's only been a couple of days

Thanks for the suggestions!

Quote:
Originally Posted by Caromsoft View Post
I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links.
I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"

I'm probably okay, but it's put me into a precautionary mode.

I thought I was invulnerable with my Apple, I've NEVER had to run any AV stuff before, but there's not much defense against stuff I facilitate myself, I suppose.


Thanks to all of you!
Four oF NINE is offline   0 Reply With Quote
Old Nov 20, 2012, 08:18 PM   #9
mwhities
macrumors 6502a
 
Join Date: Jul 2011
Location: Mississippi
Send a message via AIM to mwhities Send a message via MSN to mwhities
I understand that. I deal with this crap daily. If you look at the headers, you can find out where it came from. Not that you could really do much but, at least you can confirm it.
__________________
Late '11 MBP 17" - Blue Nano 8G - Black 4S 16G/64G - Black iPad2 16G - Black iPad mini 16G - 2TB TC
mwhities is offline   0 Reply With Quote
Old Nov 20, 2012, 08:38 PM   #10
ChrisMan287
macrumors 6502
 
Join Date: Nov 2012
Location: NY.
My father actually got the same email today. He no haz business.

Spam.
__________________
15" PowerBook G4, 1.67GHz, 2GB RAM, 250GB HD ; 16GB iPad2.
ChrisMan287 is offline   0 Reply With Quote
Old Nov 21, 2012, 07:07 AM   #11
switon
macrumors 6502a
 
Join Date: Sep 2012
RE: Sophos and ClamXav...

Quote:
Originally Posted by Four oF NINE View Post
I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"
Hi Four oF NINE,

Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

Just a suggestion...

Regards,
Switon
switon is offline   0 Reply With Quote
Old Nov 21, 2012, 07:55 AM   #12
Four oF NINE
Thread Starter
macrumors 65816
 
Four oF NINE's Avatar
 
Join Date: Sep 2011
Location: Soviet Union
Quote:
Originally Posted by switon View Post
Hi Four oF NINE,

Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

Just a suggestion...

Regards,
Switon
Thanks for the heads up, I wasn't aware of those issues. I removed Sophos after the successful scan btw.. I really prefer not having those things, but if I need one again, I'll go with ClamXav.
Four oF NINE is offline   0 Reply With Quote
Old Nov 21, 2012, 09:50 AM   #13
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Four oF NINE View Post
I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.
If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.

Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
GGJstudios is offline   0 Reply With Quote
Old Nov 21, 2012, 10:45 AM   #14
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by GGJstudios View Post
If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.
Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.
Weaselboy is offline   0 Reply With Quote
Old Nov 21, 2012, 10:48 AM   #15
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Weaselboy View Post
Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.
Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.
GGJstudios is offline   1 Reply With Quote
Old Nov 21, 2012, 10:57 AM   #16
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by GGJstudios View Post
Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.
Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently ) understands what "install" means.
Weaselboy is offline   1 Reply With Quote
Old Nov 21, 2012, 11:00 AM   #17
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Weaselboy View Post
Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently ) understands what "install" means.
Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.
GGJstudios is offline   1 Reply With Quote
Old Nov 21, 2012, 11:17 AM   #18
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by GGJstudios View Post
Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.
Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.
Weaselboy is offline   1 Reply With Quote
Old Nov 21, 2012, 11:26 AM   #19
GGJstudios
macrumors Westmere
 
Join Date: May 2008
Quote:
Originally Posted by Weaselboy View Post
Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.
The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.
GGJstudios is offline   1 Reply With Quote
Old Nov 21, 2012, 11:44 AM   #20
Weaselboy
macrumors G5
 
Weaselboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by GGJstudios View Post
The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.
Okay, so clicking a link to visit a web site is "installing"... got it. Yeah... visiting a web site is an "installation process"... alrighty. Just keep digging that hole.

Kind of funny the last time we had this discussion about your little copy/paste AV info telling people they could only get malware by "installing" something, you waited a few days and reworded that section and removed the word install.
Weaselboy is offline   1 Reply With Quote
Old Nov 28, 2012, 04:00 PM   #21
vglazer
macrumors newbie
 
Join Date: Nov 2012
Quote:
Originally Posted by Four oF NINE View Post
So does anyone have ANY helpful ideas or insights on this issue?
I did contact the real Better Bus. Bureau about it and was informed that it is a virus.
vglazer is offline   1 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > OS X > OS X 10.8 Mountain Lion

Tags
hacked, phishing, scam email

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
'The Bureau: XCOM Declassified' for Mac Gains Three New DLC Packs MacRumors Mac Blog Discussion 8 Mar 24, 2014 08:00 PM
OS X: The Bureau: XCOM Declassified for Mac Dirtyharry50 Mac and PC Games 11 Dec 16, 2013 10:17 AM
'The Bureau: XCOM Declassified' Now Available for Mac MacRumors Mac Blog Discussion 21 Dec 5, 2013 03:54 PM
Bureau apps 2 questions Ratatapa iPad Apps 4 Dec 29, 2012 07:45 PM

Forum Jump

All times are GMT -5. The time now is 03:25 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC