BBB Scam: Don’t click that link

Phishing Alert: The BBB and FLSA?

We were recently contacted by one of our clients because they had received a confusing email from the Better Business Bureau.

image-ashxSpecifically, the email came from the “Better Business Bureau Compliance Department”, and it stated that our client had received an employee complaint claiming that they were in violation of the Fair Labor Standards Act (FLSA). The email included a link that promised to give our client access to the full claim document and further explanation. Finally, the “BBB” requested a response to their email within 48 hours that included details showing “what you intend to do about it”.

This is weird. Especially since:

a) generally, wage and hour violation claims are not initially communicated via email, and
b) the Better Business Bureau doesn’t enforce FLSA claims – the Wage and Hour Division (WHD) of the US Department of Labor does

One of our HR Account Managers advised our client to contact the Better Business Bureau directly to check out this strange request. An email was quickly received back with dire warnings about the message they had received:

“These emails are going to companies AND individuals.  In each case, they ask you to click on a link that appears to go to a BBB page, or you are asked to download an attached form or file. These are very dangerous emails.  It is important that you do NOT click on any of the links in the emails or download any attachments.”

Below, you’ll find the full reply from the real BBB, which includes instructions on what to do if you receive an email like this, and here is a link to the BBB website with further information.

Unfortunately, phishing scams like these are not going away. When opening email, the old adage stands: An ounce of prevention is worth a pound of cure. If something seems strange, ask for a second opinion from someone you trust, and definitely… don’t click that link.

*****************************************************************************
Here is the full response to our client from the real BBB:

Thank you for contacting the Council of Better Business Bureaus.

You may have received an email that says your company is the subject of a complaint filed with BBB, or asks that you complete a BBB business questionnaire, or claims that a customer review about your business has been posted. It may reference a case number or it may be vague on the details.

These emails are going to companies AND individuals.  In each case, they ask you to click on a link that appears to go to a BBB page, or you are asked to download an attached form or file.

These are very dangerous emails.  It is important that you do NOT click on any of the links in the emails or download any attachments.

If you did click on a link or open or download any attachments, your computer may have unwittingly downloaded a stealthy malware program which is able to pass by most anti-virus programs undetected.  In the event you clicked on a link, you should consider having your computer scanned by a trusted computer repair professional to see if any malware is present and, if so, can be removed.

If you did not click on any links or attachments, you are still strongly encouraged to run a complete virus scan on your system.

You can learn more about these bogus phishing and malware scams at http://www.bbb.org/us/article/email-phishing-scam-hijacks-bbb-name-again-36089

In the future, if you receive an email that appears to come from Better Business Bureau, please check with your local BBB office to determine whether it is legitimate.  You can find your local BBB office by visiting http://www.bbb.org/find   You can also forward the email to phishing@council.bbb.org for assistance.

Thank you for contacting the Council of Better Business Bureaus, Inc.  We hope this information is helpful.

Council of Better Business Bureaus