Impersonating Al Pacino or Donald Trump may get you laughs at a party, but impersonation is no laughing matter when scammers do it.
In recent years, scammers have pretended to be from the IRS, the FTC, the FBI, and now – the BBB. The Better Business Bureau is warning consumers that it has learned that scammers are using its name and logo to shake down small businesses or infect their computers with malware.
Spam emails are going out warning businesses that they are “violating the Fair Labor Standards Act,” the “Health and Safety Act,” and numerous non-existent laws and regulations.
The emails contain a link where the recipient is instructed to go to either get more information or clarify the matter. The BBB says the link most likely triggers a download of malware that can steal user names and passwords, along with other sensitive records.
The BBB is a private organization that rates businesses. It is not affiliated with any government agency and does not enforce federal, state, or local laws or regulations.
What to do
If you receive a copy of one of these phishing emails purporting to come from the BBB, the Better Business Bureau would like to get a copy. You can forward it to firstname.lastname@example.org.
Phishing emails are usually pretty easy to spot. They're never specific about who they are addressed to. You won't find your name anywhere on it. Rather, you'll be addressed as “member,” or “customer.”
Scammers may be clever, but they aren't that skilled with grammar or syntax. Phishing emails are usually riddled with misspellings and oddly structured sentences.
Sense of urgency
Scammers often try to create a sense of fear or urgency to make their victims act before they think. They'll make threats like “you must click this link or your account will be closed,” or that some other unpleasant thing will happen.
Don't be fooled by impressive and official-looking logos. It's a very simple thing to copy a real logo and paste it into an email. If you have the slightest doubt, look at the link address by hovering your cursor over it. The text should match the URL your mouse reveals. Odds are great that it won't.
If you're reading this too late, after you've already clicked on a link in a phishing email, don't panic. First, run a good virus scan to detect any malware you might have downloaded, then change all your user names and passwords.