Real estate offices and agents are being warned of a phishing scam that targets them. The messages are fake Better Business Bureau emails that claim the company is being investigated, and threaten legal action if the receiver does not respond with more information. However, links in the emails lead to websites that ask for detailed financial information. Some of the emails contain attachments that may include viruses or other malware.
"Better Business Bureau is frequently spoofed by scammers and other criminals, because we are a trusted source and the recipients are more likely to open the emails if they have the familiar BBB name and logo," noted Carrie A. Hurt, president and CEO of the Council of Better Business Bureaus (CBBB). "We have a vigorous program to detect these phishing campaigns as soon as they start, and we have been successful in shutting down more than 175 fraudulent websites in the past 18 months."
"We are taking an extra step this time to warn real estate agents and offices, because we haven't previously seen one specific industry targeted like this," Hurt added. The fraudulent emails have been sent to real estate offices across the United States, from New York to Phoenix, but Clearwater, Florida, seems to be specifically targeted.
CBBB is working with a professional deactivation service to have the fraudulent websites taken out of service, an action that normally takes less than a day and sometimes is as quick as one or two hours.
BBB has taken numerous steps to assure the security of its official email. All 113 BBBs across the U.S. and Canada, as well as the headquarters offices in Arlington, Va., and New York City, use multiple authentication protocols (SPF, DKIM and DMARC). This allows BBB to alert internet service providers immediately to reject emails that don't carry the proper authentication. About half of all ISPs honor BBB's reject requests, and these represent about 80 percent of all email traffic.
October is Cyber Security Awareness Month, and BBB recently offered these tips for avoiding phishing scams.