DaytonDailyNews.com

Don't be fooled by a phishing scam using the Better Business Bureau name and false BBB e-mail addresses. It could cause harm to your computer system and steal sensitive information. Thousands of U.S. businesses have been targeted.

Your Better Business Bureau received over 25 calls last week about the scam from businesses including the Balancing Company Inc., Vandalia; Greater Dayton Construction Group Inc., Beavercreek; and Fred P. Kreuzer, CPA and Assoc., Englewood.

The scam originally surfaced earlier this year after a Georgia business' computer system was hacked, and thousands of counterfeit messages were sent to businesses and consumers, claiming to be complaints filed with the BBB. It's specifically going after businesses but could potentially begin targeting consumers.

E-mails are sent to business owners claiming complaints have been filed against them with the BBB. The e-mails reference complaint case numbers and instruct recipients to download attachments or click on links to get case-related information. Once clicked or downloaded, malware is installed on computer systems, a program that collects sensitive information, such as Social Security and bank account numbers. This information can be used to steal people's identities.

In addition to the recipient's computer, malware is also able to access the computer and/or network's directory, automatically forwarding the message and potentially spreading the fraud to other systems.

The phony e-mails are similar in appearance to notices the BBB sends to companies informing them of complaints. They're sent from what appears to be BBB e-mail addresses and are tailored to business owners and upper-level managers, addressing them by name and company name. Recipients are told instructions on how to resolve complaints, and copies of original complaints are attached or available for download, but accessing the information activates the dangerous program.

False e-mail addresses involved in the scam include complaints@bbb.org; operations@bbb.org; consumer-complaints@bbb.org; complains-serv@bbb.org; compl-srv@bbb.org; and complntscentercase@bbb.org. Keep in mind there could be other e-mail addresses emerging as phishers constantly change their tactics. The e-mails have messages similar to: "You have received a complaint in regards to your business services. The complaint was filled by Mr. XXXX on 06/03/2007/."

If you're unsure about an e-mail from the BBB, call (937) 222-5825 or (800) 776-5301 to verify its legitimacy before clicking on any links or opening any attachments. You should also forward the e-mail and its headers to phishing@cbbb.bbb.org to help investigators get more information about the scam.

Donna Childs is the president and CEO of the Dayton Better Business Bureau.