Better Business Bureau becomes tangled in scam involving e-mail

WASHINGTON POST
WASHINGTON -- The Better Business Bureau network was the target of a "spoofing" scam this week in which thousands of businesses in the United States and Canada received e-mails encouraging them to download what is thought to be a computer virus.
The e-mails, using the name of the 95-year-old network of nonprofit groups that looks into consumer complaints, told businesses that they were the subject of a complaint and included a link to view related documents. Clicking on the link, however, accessed the address book of an infected computer and distributed the counterfeit e-mail to more recipients, said Steve Cox, spokesman for the Council of Better Business Bureaus.
The council is the umbrella group for the system's 129 local branches, funded by member businesses.
BBB members and nonmembers received the e-mail. Confused business owners began calling the council's offices in Arlington, Va., at 6 a.m. Tuesday, Cox said. By midmorning, the organization had confirmed the attack was systemwide.
"It is the first time in recent memory where we've had an attack on this scale," Cox said.
The counterfeit e-mails were traced to an advertising firm in Kennesaw, Ga., that had had its computer system hacked into Monday night, Cox said. The agency had no prior affiliation with the BBB.
The Council of Better Business Bureaus warned recipients not to open any e-mail that contains a return address of operations@bbb.org or a link citing a complaint case number, such as "Documents for Case 263621205."