Alert for businesses: beware of fake BBB complaint emails

January 18, 2013

I received an email recently that highlights the importance of business owners and employees being aware of various types of fraud activity:

From: Better Business Bureau <[redacted]@newyork.bbb.org>
Subject: Case #28475466
Owner/Manager

The Better Business Bureau has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position.

As a neutral third party, the Better Business Bureau can help to resolve the matter. Often complaints are a result of misunderstandings a company wants to know about and correct.

In the interest of time and good customer relations, please provide the BBB with written verification of your position in this matter by January 17, 2013. Your prompt response will allow BBB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.

The Better Business Bureau develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.

We encourage you to print this complaint (attached file), answer the questions and respond to us.

We look forward to your prompt attention to this matter.

Sincerely,

BBB Serving Metropolitan New York, Long Island and the Mid-Hudson Region

There was a 102KB file attached to the message named “Complaint Case  #28475466.zip”. Except for the fact that it appeared to come from a Better Business Bureau office a thousand miles away, it looked pretty legitimate.

However, looks can be very deceiving.

According to a report from Cisco, the attachment is an executable file that contains malicious code. They don’t specify what that malware is, but given the nature of the message I would guess it’s designed to log keystrokes or use some other method to steal online banking credentials from businesses. Once they’ve got account numbers and passwords, they wire thousands of dollars out of payroll, expense and other accounts, then use their network of (unwitting and witting) money mules to launder the ill-gotten funds.

So here’s the lesson today: if you receive a message like the one above, do not under any circumstances open the attached file. If you think there might be a legitimate complaint from the Better Business Bureau, contact them directly. It’s a general rule, but in this case it applied more specifically to business owners and their employees.


BobBear anti-fraud site shutting down.

May 3, 2010

This is sort of a bummer—the website bobbear.co.uk is shutting down for good.

According to the message on the site, if someone made a serious offer, he might sell the site to them. Even so, I doubt this would be done as a non-commercial venture. Websites always lose the thread when the person with the original vision is no longer involved (look at the sad case of JumpTheShark.com, which I’m not even going to link to because it’s pathetic. That was a bad thing you did, TVGuide.com).

BobBear was dedicated to exposing money laundering and reshipping fraud websites. Often these sites were hard to spot, as they look like professional pages from legitimate companies.

However, they were anything but. People who applied for jobs would either end up reshipping stolen electronics between thieves or wiring stolen money between bank accounts.

There are still a few lessons to be learned from BobBear:

  1. You have to research companies before you apply for a job. Just because it has a website doesn’t mean it’s a real company.
  2. Poor grammar and spelling are warning signs, but an absence of bad English doesn’t prove a site is legitimate.
  3. There is no reason to hire someone to receive a shipment of goods, and then have them send it to someone else.
  4. There is no reason to hire someone to receive electronic payments, and then have them wire these to someone else.

The Dangers of Online Job Searching: Money Laundering and Reshipping Schemes

January 29, 2010

I almost don’t even know where to begin because this topic is so large, and actually sort of frightening.

The quick version is that you have to be extremely careful with online job listings, even when they appear on a site like CareerBuilder or Monster, and even if you contact them first. You don’t want to inadvertently end up helping criminals launder money or goods.

I’ve written quite a few posts on avoiding Mystery Shopper scams over the past seven months, but there are other types of employment fraud that may not even steal your money, but can lead you into being the only traceable link in a money laundering chain.

Money laundering is a felony, in case you were wondering.

There are thousands of fake companies with fake websites, offering attractive sounding part-time work-at-home jobs. Often these jobs involve transferring payments between clients, or receiving shipments of goods and forwarding them to their final destination. What’s really happening is that you’re being used as a “mule.” The process works like this:

  1. After you’ve been hired, you give the company your bank account information and wait.
  2. A large deposit, usually a little under $10,000 will be wired into your account.
  3. You are instructed to withdraw these funds, minus your “fee,” and use Western Union or Moneygram to wire it to different places, usually in chunks of slightly less than $3,000.
  4. You get arrested and interrogated for your involvement in international money laundering.
  5. You might not ultimately end up in jail, but since you gave this “company” your personal information, you become a victim of identity theft later on.

The “reshipping” version of this scheme works this way:

  1. After you’ve been hired, you wait for a shipment to arrive.
  2. A shipment of electronics arrives with instructions to send it to a “client.”
  3. You do exactly that.
  4. You get arrested and interrogated for your involvement in international fraud, because those electronics were purchased with stolen credit card information.
  5. You might not ultimately end up in jail, but since you gave this “company” your personal information, you become a victim of identity theft later on.

So, you might not be the one being robbed of money in this case, but you’re definitely helping organized criminals (usually based in Eastern Europe) steal money and conceal the source of their funds.

Whence is the money being stolen? Usually, from businesses or public entities such as the Delray Beach Public Library whose networks have been compromised with malware (the link takes you to a fascinating rundown of a real-life example of this scheme).

So, how do you separate the legitimate job listings from the money laundering and reshipping schemes? It’s not super-easy, to tell you the truth. These criminals are very skilled at creating fake websites and credentials, and they use channels like CareerBuilder and Monster to hook potential mules. There are some things to keep in mind, though.

  1. Ignore any job offer in which you were contacted out of the blue. You’ve heard this one from me before.
  2. If you’ve got a resume up on a job search site, be extremely careful of any company that contacts you first. Take a few extra minutes to check out their website and carefully read the offer. If it has anything to do with “part-time work-at-home,” there’s about a 98% chance that it’s not something you should pursue.
  3. Don’t assume that having a website means a company is legitimate.
  4. Watch for poor English in the job listing or on the website. One dead giveaway is placing a definite article before a city (“We are based in the London”), which I hear is typical of Russian speakers who aren’t quite fluent in English. However, they also cut and paste from real websites, too—absence of this type of evidence is not an automatic green light for you.
  5. Just be extremely cynical about any company that claims to be in the shipping business.
  6. Also be extremely wary of jobs with titles like “Financial Agent,” Financial Manager,” or anything involving “processing payments.” Companies either process their own payments, or hire other companies (not individuals) to do it for them.
  7. Ask yourself this: why would an international corporation trust some random person out of the general public to receive payments or goods and forward them to their destination? What legitimate reason could they have for needing a middleman?
  8. Apply for jobs only with companies you’ve either heard of, or with companies with a verifiable web presence beyond just their own websites.
  9. Look up the company address on Google Maps, and look at the Street View. Compare it to the photo of the company’s headquarters on their website.
  10. Run a virus and spyware check after you’ve visited any website that ended up looking fishy. Just to check.

It’s hard to even come up with these guidelines, because some of these job listings are so similar to real ones. However, I think the first place I would start when checking out a company is to head over to bobbear.co.uk.

Bobbear is an excellent site (despite its funky “straight outta 1995″ appearance), with a running list of over a thousand active and inactive websites from fake companies. Under the section titled “Active Frauds,” you can view screenshots of these fake websites and a rundown of all the warning signs that they are fraudulent. I wouldn’t click any links under “Undocumented, Verified Fraud Sites” though, because these lead to the actual sites (and you never know what kind of malware might be lurking).

As you can see, there are hundreds of active sites. Check out nine or ten on bobbear, though, and you’ll start to see patterns that will help you stay vigilant when you’re looking for a new career.


Follow

Get every new post delivered to your Inbox.

Join 195 other followers