Phishing Scams and Social Engineering Exploits

I typically can spot these a mile away and the newer ones with .pdf attachments are just as transparent, but this one got me to at least give it some measure of credibility (less than 10%, perhaps).

Dear Mr./Mrs. Chris Marino,

This is an automated email that confirms the registration of your complaint case number : CX432846822 filed by your company on 7/29/2007 concerning Online Identity Theft.
While The Better Bussiness Bureau Online does not resolve individual consumer problems, your complaint helps us investigate fraud, and can lead to law enforcement action.

ATTACHED you will find a copy of your complaint .Please print and keep this copy for your personal records.
We use secure socket layer (SSL) encryption to protect the transmission of the information you submit to us when you use our secure online forms.
The information you provided to us is stored securely.

The form you used to register this complaint is designed to improve public access to the Better Business Bureau of Consumer Protection Consumer Response Center, and is voluntary. Through this form, consumers may electronically register a complaint with the BBB.Under the Paperwork Reduction Act, as amended, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. That number is 027-103.

Our staff will keep you updated regarding the status of our investigation.

© 2003 Council of Better Business Bureaus, Inc. All Rights Reserved.

Since I’m paranoid about ID theft I’m vulnerable to this kind of social engineering exploit. Maybe my wife filed a complaint? I’ve put myself on credit watch so maybe something triggered? There was just barely enough credibility in language of the email and it was somewhat plausible that the BBB would indeed send me an acknowledgment on a filed complaint that I made the effort to go to their website. There I found a Security Alert for today warning people about this phishing scam.

I didn’t come close to actually opening the attachment, but for about 5 sec. I wasn’t sure. That’s 5 seconds longer than I prefer…..


Subscribe to Blog Updates

Quickly connect apps, data, and devices

Start Free Trial
Contact Us Free Trial