Browse archive

Latest news

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

A spotlight on grid insecurity

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Hacking charge stations for electric cars

Fake Better Business Bureau notifications carry malware

Posted on 11.12.2012

Emails purported to be notifications about complaints received by the Better Business Bureau are hitting inboxes, trying to scare recipients into opening the attached file:

The BBB is a well-known and respected nonprofit organization that provides free business reliability reviews on companies in the U.S. and Canada, so you might see how receiving such a notification would create a sense of urgency and panic with management of any business.

The email does look pretty legitimate: the text in the message is without obvious mistakes in grammar and expression, and the sender's email is spoofed to look like it actually belongs to a BBB employee.

Unfortunately, it is not, and the attached file is a Trojan that allows remote attackers to access infected computers, take control and download additional malware of them, or steal user information, Sophos reports.

Be careful when assessing emails such as these and if you are not sure about their legitimacy, check with the organization in question - just don't do it by following links from inside the email or phone numbers contained in them.