Better Business Bureau Tangled in E-Mail Scam

By Annys Shin
Washington Post Staff Writer
Wednesday, February 14, 2007

The Better Business Bureau network was the target of a "spoofing" scam yesterday in which thousands of businesses in the United States and Canada received e-mails encouraging them to download what is thought to be a computer virus.

The e-mails, using the name of the 95-year-old network of nonprofit groups that looks into consumer complaints, told businesses that they were the subject of a complaint and included a link to view related documents. Clicking on the link, however, accessed the address book of an infected computer and distributed the counterfeit e-mail to more recipients, said Steve Cox, spokesman for the Council of Better Business Bureaus.

The council is the umbrella group for the system's 129 local branches, which are funded by member businesses.

BBB members and nonmembers received the e-mail.

Confused business owners began calling the council's offices in Arlington at 6 a.m. yesterday, Cox said. By mid-morning, the organization had confirmed the attack was systemwide.

"It is the first time in recent memory where we've had an attack on this scale," Cox said.

The counterfeit e-mails were traced to an advertising firm in Kennesaw, Ga., that had had its computer system hacked into Monday night, Cox said. The agency had no prior affiliation with the BBB.

The Council of Better Business Bureaus warned recipients not to open any e-mail that contains a return address of "" or a link citing a complaint case number, such as "Documents for Case #263621205."

© 2007 The Washington Post Company