Fake Better Business Bureau notifications carry malware

Emails purported to be notifications about complaints received by the Better Business Bureau are hitting inboxes, trying to scare recipients into opening the attached file:

The BBB is a well-known and respected nonprofit organization that provides free business reliability reviews on companies in the U.S. and Canada, so you might see how receiving such a notification would create a sense of urgency and panic with management of any business.

The email does look pretty legitimate: the text in the message is without obvious mistakes in grammar and expression, and the sender’s email is spoofed to look like it actually belongs to a BBB employee.

Unfortunately, it is not, and the attached file is a Trojan that allows remote attackers to access infected computers, take control and download additional malware of them, or steal user information, Sophos reports.

Be careful when assessing emails such as these and if you are not sure about their legitimacy, check with the organization in question – just don’t do it by following links from inside the email or phone numbers contained in them.