Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Better Business Bureau hacked/phish scam

Four oF NINE

Four oF NINE

macrumors 68000
Original poster
Sep 28, 2011
1,932
897
Hell's Kitchen
I found an e-mail that was ostensibly sent by Better Business Bureau in my junk mail folder. It was sent September 25, I didn't find it until November 17.

Being careful (I thought) I tried calling the number posted on the e-mail. It rang through to BBB HQ in Arlington VA. There was a vague statement about a complaint about my business, and there was a hyperlinked case file. I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.

What should I do? Does anyone have any ideas? Should I be worried? :confused:

Thanks
 
RE: clicking that link...

By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

Good luck,
Switon
 
I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links. :)
 
mwhities said:
Check the email's headers. Verify that it came from the BBB or from some other source.
Click to expand...

Phone number and physical address were legitimate, as was the logo with the e-mail. But it was still fraudulent.

switon said:
By clicking that link you may have sent your contacts or other information to the foreign server. Have any of your email contacts been bothered by similar BBB e-mails? If so, those addresses probably came from your e-mail contacts.

If you are worried, then I'd also download (there is a version in the Mac App Store) ClamXav and run it on all of your disk drives. Lastly, you might also consider one of the "reverse firewalls", that is, one of the apps that catch outgoing traffic and don't allow it until you authorize it. Little Snitch comes to mind. The reverse firewall app can keep, if you are diligent, keystroke recorders or trojans from communicating with their home servers.

Good luck,
Switon
Click to expand...

I haven't heard of anyone else's e-mail on my contact list getting this, but it's only been a couple of days

Thanks for the suggestions!

Caromsoft said:
I have Gmail grab email from one of my accounts that gets these kinds of messages all the time. Here is one that came in two days ago.

The message "FW:Case #22181581" from Better Business Bureau (help@dallas.bbb.org) contained a virus or a suspicious attachment. It was therefore not fetched from your account.

I have Mac Mail set up to automatically delete these messages. I would guess that you are OK as long as you clicked the link on your Mac, but yes, from now on don't click on the links. :)
Click to expand...

I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"

I'm probably okay, but it's put me into a precautionary mode.

I thought I was invulnerable with my Apple, I've NEVER had to run any AV stuff before, but there's not much defense against stuff I facilitate myself, I suppose.


Thanks to all of you!
 
I understand that. I deal with this crap daily. If you look at the headers, you can find out where it came from. Not that you could really do much but, at least you can confirm it.
 
RE: Sophos and ClamXav...

Four oF NINE said:
I downloaded and ran SOPHOS for OS X 10.8.2 at a friend's recommendation; The report was "No Threat Detected"
Click to expand...

Hi Four oF NINE,

Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

Just a suggestion...

Regards,
Switon
 
switon said:
Hi Four oF NINE,

Just to let you know, I recommended ClamXav because it is the least "intrusive" of the virus scanners. By default, it does not leave a daemon running all the time the way some of the other virus scanners do. ClamXav is relatively well regarded, and it appears not to cause troubles with the Mac OS. In fact, clamav/clamavd have been included with previous Mac OSes. The ClamXav.app is just the GUI interface to clamav. On the other hand, there have been reports of Sophos causing problems in the past, including kernel panics. So if your system becomes "flaky", then I would remove Sophos and instead use ClamXav.

Just a suggestion...

Regards,
Switon
Click to expand...

Thanks for the heads up, I wasn't aware of those issues. I removed Sophos after the successful scan btw.. I really prefer not having those things, but if I need one again, I'll go with ClamXav.
 
Four oF NINE said:
I didn't find out until Monday, two days later that they had been hacked by someone, and I'm wondering if I should be worried about clicking on that link? It went to a foreign language website.
Click to expand...
If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.

Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.
 
GGJstudios said:
If you didn't install anything, you're fine. It sounds like you just got a spam or phishing email, which doesn't affect your computer.
Click to expand...

Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.
 
Weaselboy said:
Given the fact the most recent Mac malware was spread by simply visiting a compromised web site (like the OP did), your comment is not accurate. You don't need to "install" anything to get a malware infection.
Click to expand...
Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.
 
GGJstudios said:
Whether the installation is active or passive, the fact remains that without anything being installed, there is no infection.
Click to expand...

Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently :confused:) understands what "install" means.
 
Weaselboy said:
Ah I see... you want to go down this parsing road again about what "install" means rather than acknowledge you were mistaken. Everybody reading this (except you apparently :confused:) understands what "install" means.
Click to expand...

Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.
 
GGJstudios said:
Again you join a thread to try to dissect my post to try to find fault with it, rather than contribute to the thread in a helpful or useful way. The OP does not have a malware infection. Period.
Click to expand...

Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.
 
Weaselboy said:
Um no... I joined the thread to point out you gave the OP bad information. Maybe don't take things so personal and just acknowledge when you are mistaken.
Click to expand...
The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.
 
GGJstudios said:
The information I posted is accurate. If the OP didn't install anything, whether by clicking a link or by following another installation process, then their computer is not infected. It has already been confirmed that nothing was installed and there is no malware present.
Click to expand...

Okay, so clicking a link to visit a web site is "installing"... got it. :cool: Yeah... visiting a web site is an "installation process"... alrighty. Just keep digging that hole. :)

Kind of funny the last time we had this discussion about your little copy/paste AV info telling people they could only get malware by "installing" something, you waited a few days and reworded that section and removed the word install.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back