Better Business Bureau hacked/phish scam

Discussion in 'OS X Mountain Lion (10.8)' started by Four oF NINE, Nov 19, 2012.

  1. macrumors 65816

    Four oF NINE

    Joined:
    Sep 28, 2011
    Location:
    Soviet Union
    #1
    I found an e-mail that was ostensibly sent by Better Business Bureau in my junk mail folder. It was sent September 25, I didn't find it until November 17.

    Being careful (I thought) I tried calling the number posted on the e-mail. It rang through to BBB HQ in Arlington VA. There was a vague statement about a complaint about my business, and there was a hyperlinked case file. I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.

    What should I do? Does anyone have any ideas? Should I be worried? :confused:

    Thanks
     
  2. macrumors 6502

    ChrisMan287

    Joined:
    Nov 18, 2012
    Location:
    NY.
  3. macrumors 6502a

    Joined:
    Jul 13, 2011
    Location:
    Mississippi
    #3
    I pull links up that I don't trust up in my Safari on my iPhone.
     
  4. thread starter macrumors 65816

    Four oF NINE

    Joined:
    Sep 28, 2011
    Location:
    Soviet Union
    #4
    So does anyone have ANY helpful ideas or insights on this issue?
     
  5. macrumors 6502a

    Joined:
    Jul 13, 2011
    Location:
    Mississippi
    #5
    Check the email's headers. Verify that it came from the BBB or from some other source.
     
  6. macrumors 6502a

    Joined:
    Sep 10, 2012
    #6
    RE: clicking that link...

    By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

    If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

    Good luck,
    Switon
     
  7. macrumors member

    Caromsoft

    Joined:
    Jun 8, 2012
    #7
    I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

    The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

    I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links. :)
     
  8. thread starter macrumors 65816

    Four oF NINE

    Joined:
    Sep 28, 2011
    Location:
    Soviet Union
    #8
    Phone number and physical address were legitimate, as was the logo with the e-mail. But it was still fraudulent.

    I haven't heard of anyone else's e-mail on my contact list getting this, but it's only been a couple of days

    Thanks for the suggestions!

    I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"

    I'm probably okay, but it's put me into a precautionary mode.

    I thought I was invulnerable with my Apple, I've NEVER had to run any AV stuff before, but there's not much defense against stuff I facilitate myself, I suppose.


    Thanks to all of you!
     
  9. macrumors 6502a

    Joined:
    Jul 13, 2011
    Location:
    Mississippi
    #9
    I understand that. I deal with this crap daily. If you look at the headers, you can find out where it came from. Not that you could really do much but, at least you can confirm it.
     
  10. macrumors 6502

    ChrisMan287

    Joined:
    Nov 18, 2012
    Location:
    NY.
    #10
    My father actually got the same email today. He no haz business.

    Spam.
     
  11. macrumors 6502a

    Joined:
    Sep 10, 2012
    #11
    RE: Sophos and ClamXav...

    Hi Four oF NINE,

    Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

    Just a suggestion...

    Regards,
    Switon
     
  12. thread starter macrumors 65816

    Four oF NINE

    Joined:
    Sep 28, 2011
    Location:
    Soviet Union
    #12
    Thanks for the heads up, I wasn't aware of those issues. I removed Sophos after the successful scan btw.. I really prefer not having those things, but if I need one again, I'll go with ClamXav.
     
  13. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #13
    If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.

    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
     
  14. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #14
    Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.
     
  15. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #15
    Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.
     
  16. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #16
    Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently :confused:) understands what "install" means.
     
  17. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #17
    Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.
     
  18. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #18
    Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.
     
  19. macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #19
    The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.
     
  20. macrumors P6

    Weaselboy

    Joined:
    Jan 23, 2005
    #20
    Okay, so clicking a link to visit a web site is "installing"... got it. :cool: Yeah... visiting a web site is an "installation process"... alrighty. Just keep digging that hole. :)

    Kind of funny the last time we had this discussion about your little copy/paste AV info telling people they could only get malware by "installing" something, you waited a few days and reworded that section and removed the word install.
     
  21. macrumors newbie

    Joined:
    Nov 28, 2012
    #21
    I did contact the real Better Bus. Bureau about it and was informed that it is a virus.
     

Share This Page