Dun & Bradstreet Reports Phishing Email Scam

Did you receive a customer complaint email from Dun & Bradstreet recently? It may be a phishing scam. According to a recent release on the D&B website, a spammer sent out a large number of emails purporting to come from D&B (alert@dnb.com) alleging that a complaint requiring prompt action had been made against the recipient. Like many phishing scams, the email looks real. In this case, the scammer used the Dun & Bradstreet Credibility Corp. logo and even the correct contact information.

Dun & Bradstreet, is working hard to identify the spammer and recommends contacting D&B (866-584-0283) if you ever doubt the origin or content of a D&B email.

For any email that you suspect may be a phishing scam:

• Do NOT click on any links or attachments.
• Read the email carefully for signs that it may be fake (for example, misspellings, grammar, generic greetings such as “Dear member” instead of a name, etc.).
• Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”
• Hover your mouse over links without clicking to see if the address is truly from the sender. The URL in the text should match the URL that your mouse detects. If the two do not match, it is most likely a scam.
• Delete the email from your computer completely (be sure to empty your “trash can” or “recycling bin,” as well).
• Run anti-virus software updates frequently and do a full system scan.
• Keep a close eye on your bank statements for any unexpected or unexplained transactions.

Read the full alert, here. 

How Does Malware Hurt a Business?

Right before Thanksgiving 2011, BBB became part of a huge phishing scam that continues to this day. Millions of pieces of email bearing our name and/or logo have been sent to consumers and business owners in the hopes the recipient will click on a link or open an attachment that launches malware. We responded aggressively to this illegal use of our name by assigning an IT professional on our national staff to manage the problem on the full-time basis, hiring a third-party vendor to help us shut down the referring websites, and launching BBB Scam Stopper (bbb.org/scam) to educate consumers about all kinds of scams.

Technology blogger Dan Steiner has an interesting post yesterday that just happened to mention “our” scam. He notes that globally malware is now a $100 billion problem, and he says all business owners need to think of IT security as a business necessity, not a luxury:

“How does malware hurt a business? By far the most damaging of cost of malware is on business reputation. Google, the world’s most popular search engine, protects users with its Safe Browsing Feature. If an online business, no matter how reputable, accidentally distributes a virus, Google automatically flags it. This leads to an ominous surfer warning or even removal from Google search results. Although a site can eventually be removed from blacklisting, it means weeks or months of lost business.  A lull like that is the kiss of death for many businesses.”

Read the whole story here on Business2Community.

Seven Scams that Target Small Businesses

Being vigilant against fraud is not only important for a company’s bottom line, it also strengthens customer trust in the business. 

Every year the BBB receives thousands of complaints from small business owners who fell for an invoicing scam or were misled into paying for products and services they didn't want. Scammers aren't always trying to steal money from a business; sometimes they are after a company’s financial or customer data and will use many kinds of high and low-tech methods for getting it.

Here are seven scams that commonly target small businesses:

1. Directory Scams – A perennial problem that has plagued businesses for decades involves deceptive sales for directories. Commonly the scammer will call the business claiming they just want to update the company’s entry in an online directory or the scammer might lie about being with the Yellow Pages. The business is later billed hundreds of dollars for listing services they didn't agree to or for ads which they thought would be in the Yellow Pages.
2. Office Supply Scams – Some scammers prey on small business owners hoping that they won’t notice a bill for office supplies like toner or paper which the company never ordered.  Every year BBB receives thousands of complaints from small business owners who were deceived by office supply companies and billed for products they didn’t want.
3. Overpayment Scams – Be extremely cautious if a customer overpays using a check or credit card and then asks you to wire the extra money back to them or to a third party. Overpayment scams target any number of different companies including catering businesses, manufacturers, wholesalers and even sellers on sites like eBay, Craigslist and Etsy.
4. Data Breaches – No matter how vigilant your company is a data breach can still happen. Whether it’s the result of hackers, negligence or a disgruntled employee, a data breach can have a severe impact on the level of trust customers have in your business. You can learn how to defend your company from a data breach for free with BBB’s Data Security – Made Simpler at www.bbb.org/data-security.
5. Vanity Awards – While it’s flattering to be recognized for your hard work, some awards are just money-making schemes and have no actual merit. If you are approached about receiving a business or leadership award, research the opportunity carefully and be wary if you’re asked to pay money.
6. Stolen Identity – Scammers will often pretend to be a legitimate company for the purposes of ripping off consumers. When it comes to stolen identity, the company doesn’t necessarily lose money, but their reputation is potentially tarnished as angry customers who were ripped off by the scammers think the real company is responsible.
7. Phishing E-mails – Some phishing e-mails specifically target small business owners with the goal of hacking into their computer or network. Common examples include e-mails pretending to be from the IRS claiming the company is being audited or phony e-mails from the BBB saying the company has received a complaint.  If you receive a suspicious e-mail from a government agency or the BBB, don’t click on any links or open any attachments. Contact the agency or the BBB directly to confirm the legitimacy of the e-mail.

What other scams have you heard of?

Beware of Facebook “Fan Page Verification” Scam

Do you have a Facebook page for your business? If so, beware! There’s a new phishing scam that is targeting admins and page owners, according to Hoax Slayer. 

The scam works like this; the user receives an email, which purports to be from Facebook Security, telling them about a new security feature for page owners called the “Fan Page Verification Program.” 

The email explains that to complete the process, the user must choose a 10-digit number that will be assigned as a security code. It threatens that if you do not choose a code, your page will suspended because it is “not considered safe for the wide audience.” 

The link provided at the end of the email brings the user to a fake “Fan Page Verification Program” website, where they are prompted to enter their Facebook login details and the 10-digit code.  However, this is nothing more than an attempt to steal Facebook account details.

If you receive an email like this, BBB recommends that you:

• Do not click any links in the email
• Delete the email
• Keep your virus software up-to-date

(Image courtesy of  http://www.hoax-slayer.com/fan-page-verification-scam.shtml)

Businesses: Don't Fall for Fake 'BBB' Emails

Beware of Business Identity Theft

The most sophisticated identity thieves are now pursuing even bigger payoffs by targeting businesses. Because businesses have higher credit limits and make larger purchases than consumers, charges by scammers are less likely to be noticed by owners, accountants and creditors.


ID theft aimed at stealing directly from a business isn’t the only type of commercial identity theft. Another form of business identity theft happens when a scammer poses as the company in order to rip off unsuspecting consumers. Following are examples of common business identity theft schemes identified by BBB.

Defrauding the Business
A crafty ID thief can do a lot of damage with a company’s Employer Identification Number, including gaining access to bank and credit card accounts or opening up new lines of credit under the business’s name. Business identity theft can also be perpetrated by scammers—and sometimes even employees—who purchase items in the company’s name either for personal use or to resell.

Phishing E-mails
Phishing e-mails are a common example of business ID theft, and all are designed to defraud consumers. Phishing e-mails are spam disguised as messages from a business or government agency, and are used to coerce sensitive financial information from the recipient or to install malware and viruses on recipients’ computers.

Defrauding Consumers
In many cases, criminals will hijack a company’s name and reputation to commit consumer fraud, such as advance fee loan or lottery scams. Scammers use and leverage the company’s identity and good reputation to create a trustworthy façade behind which they operate their scam. In BBB’s experience, business owners are usually alerted to the identity theft by angry consumers who were ripped off by the scammers.

Following are steps BBB recommends small business owners take to mitigate harm if their business identity has been stolen.

Alert the Authorities
Business owners need to immediately contact their local police department if they believe the company’s identity has been compromised. In some cases where bank or credit accounts have been compromised, law enforcement investigators may want the accounts to remain open in order to track down the thieves. If scammers are using the company’s name on phishing e-mails or with phony Web sites, business owners can also contact the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Alert Bank and Credit Card Companies
If scammers are accessing the business’s credit or bank accounts, forging company checks or opening up new lines of credit, it’s important for a small business owner to notify financial institutions involved in order to limit any further unauthorized transactions. Before closing any accounts, the business owners will want to receive the go-ahead from law enforcement so as not to jeopardize ongoing investigations.

Alert the Public
If the company’s identity has been stolen and is being used to rip off customers, warning the public is a top priority to prevent additional people from becoming victims. An easy first step is to prominently post a warning on the company’s home page briefly explaining the threat. Depending on the scope of the scam, business owners might also want to consider alerting media or making direct contact with customers via phone or e-mail. Businesses can also contact their BBB  for help in getting information out to consumers quickly.

Review Credit Report
If the business is a sole proprietorship, then the same consumer protections apply as if an individual’s ID were stolen—such as access to free credit reports and the ability to place a fraud alert on the report. Unfortunately for most businesses, monitoring their credit history is not that easy. Business credit reports exist; however, they don’t typically include the information necessary for detecting fraud. Small and medium-size enterprises can, however, increase internal controls and monitoring of accounts in order to better track abuses.