In July 2013, Internet users began receiving e-mailed messages purportedly sent by the Dun & Bradstreet Credibility Corp. advising them of customer complaints in need of resolution:
Example: [Collected via e-mail, August 2013]
New Complaint: 7406603Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position.
In the interest of time and good customer relations, please provide the DnB with written verification of your position in this matter by August 10, 2013. Your prompt response will allow DnB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.
The Dun & Bradstreet develops and maintains Reliability Reports on companies across the United States and Canada. This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Dun and BradStreet. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company.
We encourage you to print this complaint (attached file), answer the questions and respond to us.
We look forward to your prompt attention to this matter.
Dun & Bradstreet Credibility Corp. 103 JFK Parkway, Short Hills, NJ 07078
These messages invited recipients to print an attached document providing “the details of the customer’s concerns” in order to “answer the questions and respond to us.” These messages are bogus, and the expectation of the senders is that some of them will land in the inboxes of persons who operate businesses and lure them into following the hyperlink (which leads not to Dun & Bradstreet’s site, but to a completely different site altogether).
The mid-2013 Dun & Bradstreet phishing outbreak was simply a slight variation of similar phony messages that had sent out in the name of the Better Business Bureau (BBB) the previous year, prompting that organization to post a warning on its web site advising that:
Better Business Bureau is issuing an urgent SCAM alert cautioning businesses and consumers about an email that looks like it is from BBB, with the subject line “Complaint from your customers.” This e-mail is fraudulent; ignore its contents and delete it immediately. If you have already clicked on a link in the e-mail, run a full virus scan of your computer.The e-mails have return addresses that BBB does not use (one example is email@example.com) and it is signed with the address of the Council of Better Business Bureaus, the national office of the BBB system. The e-mail contains a link to a non-BBB web site. Do NOT click on the link.
BBB is working with law enforcement to determine its source and stop the fraudulent campaign.