Better Business Bureau hacked/phish scam

[Four oF NINE]

I found an e-mail that was ostensibly sent by Better Business Bureau in my junk mail folder. It was sent September 25, I didn't find it until November 17.

Being careful (I thought) I tried calling the number posted on the e-mail. It rang through to BBB HQ in Arlington VA. There was a vague statement about a complaint about my business, and there was a hyperlinked case file. I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.

What should I do? Does anyone have any ideas? Should I be worried?

Thanks

[ChrisMan287]

Check it out on a friend's computer LOL.

[mwhities]

I pull links up that I don't trust up in my Safari on my iPhone.

[Four oF NINE]

So does anyone have ANY helpful ideas or insights on this issue?

[mwhities]

Check the email's headers. Verify that it came from the BBB or from some other source.

[switon]

By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

Good luck,
Switon

[Caromsoft]

I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links.

[Four oF NINE]

Quote:

Originally Posted by mwhities

Check the email's headers. Verify that it came from the BBB or from some other source.

Phone number and physical address were legitimate, as was the logo with the e-mail. But it was still fraudulent.

Quote:

Originally Posted by switon

By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

Good luck,
Switon

I haven't heard of anyone else's e-mail on my contact list getting this, but it's only been a couple of days

Thanks for the suggestions!

Quote:

Originally Posted by Caromsoft

I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links.

I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"

I'm probably okay, but it's put me into a precautionary mode.

I thought I was invulnerable with my Apple, I've NEVER had to run any AV stuff before, but there's not much defense against stuff I facilitate myself, I suppose.


Thanks to all of you!

[mwhities]

I understand that. I deal with this crap daily. If you look at the headers, you can find out where it came from. Not that you could really do much but, at least you can confirm it.

[ChrisMan287]

My father actually got the same email today. He no haz business.

Spam.

[switon]

Quote:

Originally Posted by Four oF NINE

I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"

Hi Four oF NINE,

Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

Just a suggestion...

Regards,
Switon

[Four oF NINE]

Quote:

Originally Posted by switon

Hi Four oF NINE,

Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

Just a suggestion...

Regards,
Switon

Thanks for the heads up, I wasn't aware of those issues. I removed Sophos after the successful scan btw.. I really prefer not having those things, but if I need one again, I'll go with ClamXav.

[GGJstudios]

Quote:

Originally Posted by Four oF NINE

I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.

If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.

Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

[Weaselboy]

Quote:

Originally Posted by GGJstudios

If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.

Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.

[GGJstudios]

Quote:

Originally Posted by Weaselboy

Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.

Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.

[Weaselboy]

Quote:

Originally Posted by GGJstudios

Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.

Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently ) understands what "install" means.

[GGJstudios]

Quote:

Originally Posted by Weaselboy

Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently ) understands what "install" means.

Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.

[Weaselboy]

Quote:

Originally Posted by GGJstudios

Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.

Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.

[GGJstudios]

Quote:

Originally Posted by Weaselboy

Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.

The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.

[Weaselboy]

Quote:

Originally Posted by GGJstudios

The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.

Okay, so clicking a link to visit a web site is "installing"... got it. Yeah... visiting a web site is an "installation process"... alrighty. Just keep digging that hole.

Kind of funny the last time we had this discussion about your little copy/paste AV info telling people they could only get malware by "installing" something, you waited a few days and reworded that section and removed the word install.

[vglazer]

Quote:

Originally Posted by Four oF NINE

So does anyone have ANY helpful ideas or insights on this issue?

I did contact the real Better Bus. Bureau about it and was informed that it is a virus.