Better Business Bureau warns customers to watch for email hacks

Local business emails spoofed to trick consumers
BBB: Watch out for job scams
Posted at 9:29 AM, Aug 19, 2019
and last updated 2019-08-19 11:29:03-04

BOISE, Idaho — Better Business Bureau is warning you to keep a close eye on your inbox after local businesses experience an email hack.

Idaho businesses have reported the hack that led to mass phishing emails being sent to their client lists. The emails can appear to be from services you know and trust, including your local plumber, dentist or spa. Businesses of all types--from construction to technology, big and small--are susceptible to data breaches.

Hackers know that every business has its weak spots, and they search for those open doors and raid them. Once hackers have credentials to gain access, they go to work. Hackers take the time to copy contact lists, mimic past email messages and copy company signature lines. By impersonating a local company you've worked with previously, con artists hope you'll fall for their tricks.

The phishing emails are usually pretty general. A scammer who hacked a local HVAC company sent out emails to a wide range of the company's past clients with the subject line: "Heating and Cooling Proposal [SECURE]." The message was short and to the point reading, "Good morning, attached is the revised proposal for your review. Kindly review and let me know if you have any questions." The email also included a link and the exact signature of the general manager, including the company's logo and mission statement.

If you receive one of these emails from a local business, or bigger companies like Amazon or Netflix, don't click on any links or attachments. Read the message carefully for signs that it may be phishing--for example: misspellings, grammar, generic greetings such as "Dear member" instead of a name, etc. Be wary of any urgent instructions to take a specified action, i.e. "Click on the link or your account will be closed." Hover your mouse over links without clicking. The URL in the text should match the URL that your mouse detects. If the two do not match, it's most likely a scam.

Better Business Bureau has a number of resources to help you avoid being scammed. You can find those here and keep up with the latest scams through the BBB Scam Tracker.