BBB Scam Alerts

BBB offers tips on cyber security

“Your BBB is reminding businesses that it is ‘our shared responsibility’ to keep your organization’s data secure,” stated BBB President and CEO Jim Hegarty. “Everyone has to help make the Internet a safer place to work and play.”

In Verizon’s recent global Data Breach Investigations Report (DBRI) it stated, “Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage. But rather than a synchronized chorus making its debut on New Year’s Eve, we witnessed separate, ongoing movements that seemed to come together in full crescendo throughout the year. And from pubs to public agencies, mom-and-pops to multi-nationals, nobody was immune.”

Cyber SecurityBBB is warning both businesses and consumers to protect their identities online. “Phishing” – the act of targeting victims via email in the hopes of spreading viruses and gathering personal information – can happen to anyone. Cybercriminals have become quite savvy in their attempts to lure people into clicking on links or opening phony email attachments. Online phishing attacks can not only spread computer viruses, but they can pose a significant risk for identity theft.

BBB has joined with the National Cyber Security Alliance’s STOP. THINK. CONNECT. Campaign to recommend the following tips to avoid falling for an email phishing scam:

Be on your toes. Only open emails, attachments, and links from people you know. Use anti-virus software regularly and enhance email filters to block threats. Watch out for unsolicited emails that contain misspellings or grammatical errors.

Don’t believe what you see. It’s easy to steal the colors, logos and header of an established organization. Scammers can also make links look like they lead to legitimate websites, and make emails appear to come from a different sender.

Avoid sharing. Don’t reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email. Be wary of any urgent instructions to take specified action such as “Click on the link or your account will be closed.”

Pay attention to a website’s URL. Hover over any links to see where they lead. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different – but similar – domain.

If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group. Report phishing attacks to APWG at

Set strong passwords. Use letters, numbers, and symbols…and don’t share them with anyone.

Limit personal information. Be careful what you post online, on social media sites. Use privacy settings to avoid sharing information widely.

Keep a clean machine. Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.

For more information you can trust, visit For more tips from the STOP. THINK. CONNECT Campaign, visit Stay Safe Online at

Scammers take advantage of “Obamacare” confusion

With the implementation of the Affordable Care Act, commonly labeled “Obamacare”, on the horizon, scammers are finding it to be the latest opportunity to steal people’s identities.

“Scammers are calling consumers claiming they’re eligible for health insurance cards in exchange for personal information,” said Jim Hegarty, BBB president and CEO. “Providing information puts consumers at risk for identity theft, so they need to ignore these calls.”

The scams work like this: You receive a call from someone claiming to be from the federal government. The scammer says that you have been selected to be part of a group of Americans to receive insurance cards. But before the card can be mailed, your bank account and Social Security numbers are required. Once they get this information, they can sell it or use it to access your accounts.

Affordable Care Act scammers are able to easily make consumers think that their calls are legitimate, especially with such a hot topic like “Obamacare”. Consumers need to realize that the government rarely calls individuals. If you receive this type of call, hang up.

BBB offers the following tips to people who experience healthcare scams:

Hang up the phone. If you get one of these calls, just hang up. You may be tempted to call back, but this will only give the scammer another opportunity to steal your information. Also, be sure not to press any buttons that the scammer instructs.

Never give out personal information. Never give out your bank account numbers, date of birth, credit card number or social security number.

Don’t rely on caller ID. Some scammers are able to display a company’s name or phone number on the caller ID screen. Don’t trust that the information you see is true.

The government rarely communicates via phone calls. The government usually uses traditional U.S. mail to contact consumers. The government rarely calls, emails or texts, so don’t give your information to these types of “government” messages.

Scammers "hijack" business names for use in cons

HijackerBusinesses are reporting that scammers are “hijacking” their names, using them for everything from fraudulent credit card purchases to scam websites. Don’t let your company become a victim of this growing trend.

The scam in action:

A supplier receives an order for a large purchase from an unknown company. To be cautious, the supplier decides to verify the order, and he calls the business listed on the request. When the business’ owner answers, he’s shocked. He claims no one in his office placed that order. He has no idea why his name and logo are on the purchase form.

It turns out, the order was a fake! Scammers had “hijacked” the business’ name. The business owner soon learned that several other orders had been placed using his company’s name, and the purchased supplies were being shipped to a storage facility in another city. The business owner alerted the police, and they are currently investigating.

Another version of hijacking:

Another common way scammers hijack business names is with scam websites. Scammers use a business’ URL and existing site to lend credibility to their schemes. Scammers sometimes hack into websites and put up fake web forms meant to capture credit card numbers and other personal information. Other times, they upload malware to the site in order to infect visitors’ computers. They’ve also been known to redirect web traffic to other sites selling counterfeit goods.

Signs that your business' name has been hijacked:

It’s difficult to detect if your name has been hijacked, but periodically search for your business on the Internet. Look for any sites or activity using your name that has not been created by you. Here are other signs to watch out for:

Scam alert – Yellow Pages scam targets small businesses

Business owners, watch out! Scammers are invoicing companies for online ads they never placed and are using the Yellow Pages name to lend them credibility.

Yellow Page ScamHow the scam works:

You are at work. You receive a call from someone representing a website, which they claim is an online version of the Yellow Pages. The caller says he is updating the directory and asks you some basic information, such as your office’s address, telephone number and email. After you answer, the representative repeats the information back to you, and you confirm the listing.

A few weeks later, your office receives an invoice for several hundred dollars for an ad from the Yellow Pages online directory. But you never agreed to that!

When you call to complain, the representative says that you verbally confirmed the placement. They even play back a spliced version of your previous conversation. The altered recording makes it sound like you were agreeing to place an ad, when you were really saying “yes” to the listing information.

How to protect yourself against this scam:
For more information

For more information about this scam and an interview with the CEO of the BBB Serving Greater Washington D.C. check out this news story.