The Better Business Bureau System warns all businesses and consumers across the United States and Canada of a spoofing scam using the BBB name and a false BBB e-mail address to entice recipients to access potentially damaging hyperlinks.

A firm from Kennesaw, GA, had its computer system hacked last night. That firm’s system is now generating thousands of counterfeit messages to businesses and consumers, purporting to be a complaint filed with the BBB. The incident was first reported to the BBB serving Columbus, GA and the surrounding area by one its members.

The e-mail has a false return address of operations@bbb.org and a phishing hyperlink citing a BBB complaint case number, for example, “DOCUMENTS FOR CASE #263621205”. These links actually direct access to a subdirectory of the hacked firm’s website where users are asked to download documents related to the complaint. The download is actually an executable file that is believed to be some form of a computer virus.

All recipients are advised that any e-mail from the operations@bbb.org address is not coming from any BBB and should be considered counterfeit. The BBB strongly encourages recipients of any such message to delete the message immediately without clicking on the “DOCUMENTS FOR CASE” links.

The phishing e-mail return address of operations@bbb.org does not exist and is being “spoofed.” Spoofing occurs when an e-mail address is altered to appear as if the message originated from a legitimate source. This is a common practice for both spam e-mail and phishing operations.