For the second time this year, the Better Business Bureau (BBB) is at the center of spam campaign. The spoofed emails, claiming to be about complaints made to the BBB by unhappy customers, attempt to entice recipients into downloading malware that can collect personal information from unwary consumers.
The spam email, which appears to be from the BBB, contains a Microsoft Word attachment. Although the email claims the attachment contains additional information about the alleged complaint to the BBB, it is a trojan downloader that installs a keylogger on the recipient’s PC.
In this scam, the spoofed email's subject line refers to a "complaint case number," according to Websense. The message body says, "You have received a complaint in regards to your business services. The complaint was filled by Mr. Mark Williams on 5/21/2007. Instructions on how to resolve this complaint as well as a copy of the original complaint are attached to this email."
Once opened, the attachment downloads the trojan and the keylogger, which can steal personal information such as bank, PayPal or eBay login information as well as all interactive data sent to every site the recipient visits, and sends the data to an IP address in Malaysia.
"The BBB ensures that despite the alarming amount of spoof emails that have been received, BBB database information has not been compromised," the organization said on its website. "The BBB is currently working with the Electronic Crimes Task Force to track down the spoofers."
Although phishers continually change their tactics, the scammed addresses include firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org.
"This could be the work of the highly sophisticated loosely organized crime groups who basically wake up every morning trying to think of new creative ways to scam American consumers," said Avivah Litan, a vice president and research director in Gartner Research. "They could very well be the same folks that launch highly technical attacks against retailers, like TJX.
"In our last consumer survey, we spotted a trend in which the scammers are using less conventional methods for phishing attacks that do not use well-known brands like banks, brokerages or PayPal," added Litan. "This is due to the fact that the large known brands spend considerable resources identifying phishing sites and taking them down before they can do much damage."