We may earn money when you click our links. Learn More. X

Beware of Email Scam Unauthorized ACH Transfers

Scam magnifying glassIf you receive an email in your inbox with the subject Better Business Bureau complaint of unauthorized ACH transfers, don’t open it! This is just another attempt by phishing scammers to extract personal, sensitive information from you. Here are some details on the email scam unauthorized ACH transfers, the BBB news release confirming this is a scam, and detailed measures you can take to prevent becoming a victim to a phishing scam.

What is Phishing?

Phishing is a term used to describe someone who “fishes” for information. The scammer may use email, websites, phone calls, or any other means of contact to try and extract sensitive, personal information (such as credit card or bank account information, social security numbers, date of birth, name, address, etc.) from you. In most cases, they will try and disguise themselves as a legitimate entity.

The problem with email phishing is that it becomes quite simple for the scammer to create a more or less legitimate looking email. That’s the case in this email from the Better Business Bureau, which attempts to lure you into thinking that a BBB complaint has been submitted against you or your organization.

We’ll show you the details of the email below. These vary from case to case.

BBB Phishing Email

Here’s what the email looks like you may have received. Certain elements, such as sender name, case ID, password, etc. may differ from email to email:

From: Eli Dawson <info@bbb.org>
Subject:
Better Business Bureau complaint of unauthorized ACH transfers.
To: [Your name/ email]

[BBB logo in blue colors]

Business Owner/Manager,

One of your customers has submitted a complaint with The Better Business Bureau regarding the unsatisfactory experience he had with your company. The consumer report is placed below. Please file your feedback to this matter as soon

Was this article helpful?

Thank you for your feedback!

Tell us how we can make your experience better next time.

9 responses to “Beware of Email Scam Unauthorized ACH Transfers”

  1. This Better Business Bureau attack is a classic example of a good phishing scheme, but readers should be aware that phishing schemes do evolve. Criminals are becoming more and more clever when it comes to how they attempt to cheat personal information from you, without you being aware. If an email can catch you off guard, that is good, but many people have strong spam filters or have learned to be on guard against email attacks. In this case.

    Personally, I've been annoyed by several different text message scams within the past year. These text messages purport to be from a financial or government institution and ask you to immediately send financial information. Often, the fake problem is some type of phishing scheme itself, which is a great way for criminals to throw off suspicion of their own message. When customers call the number or text information bank, criminals attempt to gather even more information or use what they can to steal money from you. One of the best things you can do is wait. Larger institutions are very good about jumping on these text messages, because they are sent to many different customers and are easy to examine.

     

  2. But text messaging is only one small part of the entire phishing scheme. There are also many fraudulent websites and pop-up windows out there that will try to deceive you. The problem with these windows and sites is that they can be tied into text messages or emails to make them see more legitimate even when they are not. These sites are designed to fool you into giving up yet more information, and are difficult to spot as scams if they are well made. It is a good idea to always avoid or Google a website you have any doubts about, just in case it is a phishing scheme.

    Then there are a number of traditional phishing methods, such as telephone calls or fax machine messages asking for urgent information to avoid lawsuits, extra taxes, or something else equally devastating. In some ways these are dangerous, because they can come up at you unexpectedly and you may give information before you can think about it. In other ways they are less dangerous, because you can simply ask them for a website or other information to confirm who they are, or force them to give more information about themselves

     

  3. Of course, not all thieves will go to such a great extent when it comes to robbing you. Some just want your information so that they can buy computers or sound equipment online. Others may use your information as a sort of scapegoat. If they are arrested, they can literally pretend to be you by giving your name and information to the police, creating another level of problems. Finally, some thieves are more practical. They will simply sell you information to other organizations for a sum of money and then move on.

    Some of my friends have had information stolen not once or twice but three times just because criminals have gotten ahold of necessary information to access their account information. If this is the case, switching credit cards may not help much at all. You may need to switch bank account numbers or even banks to make the problems stop. However, warning any banks that you use that your financial information was compromised is an invaluable step to take if you think you may have fallen victim to a phishing scheme.

     

  4. Phishing scams are one of the most popular Internet criminal activities in the United States and across the world. As the article mentions, the reasons for this are clear.

    Phishing scams are easy to create and can be used across a broad audience in order to gain as much information as possible with minimum effort. But why do criminals attempt these systems of online data theft? They have several different reasons. For one thing, the more malicious criminals may actually use the information you give them to alter your own financial condition. Some may open credit lines in your name, if they have enough financial information, and then quickly overextend the credit line buying goods in your name.

    Others may try to obtain loans. This is a trickier proposition, because traditional loan lenders often double-check a large amount of information, but if successful it can affect your credit and burden you with a debt that is not really yours. Some thieves will even use the information you provide to try to declare bankruptcy in your name if their debts get out of hand and they still have access to the necessary information.
     

  5. The peope who make these things are so talented at making them look like they actually come from the suggested source that it's scary. It makes me wonder why they don't use that talent for some kind of legit business instead of trying to rob people. Scary stuff.

    I've never gotten one from the BBB, but if I did, I wouldn't click on anything. I would just go to the site and see what I could find. If all else fails, I would simply call the and give them my name as well as my business name so they can look up the names and tell me if I need to take further action. If you don't have a business, you probably shouldn't even go that far.

    The scariest ones are the ones that come from banks and Paypal just because so many people use bank and Paypal whether they have a business or not. Again, just go the website. I think if there was a serious problem with your bank account, your bank would probably at least send you a snail mail.

  6. The scary part is that so many of the people that make these emails have gotten very good at making them look realistic. I couldn't tell you how many times I have gotten emails like this from Paypal or banks that I don't even bank with. It's horrible that someone has low enough morals to literally try to scam someone who has not only done nothing to them, but whom they have never even met.

    When I get an email from a bank or a business (supposedly), I never click on the link in the email. I suggest everyone else do the same. Instead of clicking on the link in the email, what you need to do is go directly to the site in question in an entirely different window. Once you log in, you will have a notification in your account letting you know if you need to take action. If there isn't a notification, then the email is a scam.

  7. After seeing this email actually listed and then so plainly debunked, I started wondering about how many people do actually fall for something like this. I guess the advantage of email is that is it free to send. Certainly anyone can build a program which scours websites and pulls email addresses. I imagine this is how most spammers are still capable of building huge email lists even after the tough anti spam laws have passed.

    Even though email is free and buying a spam list of hundreds of thousands of names is relatively inexpensive, if they did not produce any results, the criminals would stop. Therefore, I must conclude that some people do fall for this sort of thing. Too bad.

    The whole goal of a phishing scam like this is to divert someone to a fraudulent website that the criminals have created themselves (or hired someone else to build). Then, they will be instructed to leave personal information here. This will, of course, give the criminals enough information to get started down their path to destroying your finances, credit and good name.

    However, there are a number of things which can be done to make sure you do not fall for anything like this. The first method is to actually look at the message itself. Usually (although not always) there will be things which just do not match up. For example, in the message in the article, the links were different from what you would expect. This is a sign. Additionally, if they are claiming to be from a business or organization that knows you, than there should be some mention of your name, not just a generic dear sir type greeting. The grammar in many of these messages is also at least a little bit off. Sometimes the grammar and even syntax is WAY off.

    The main precaution you can take is to never ever click on links within an email. If it is from who it claims, then go directly to that bank or business or other web site. Actually type their physical web address into your browser bar. Then, you can begin your own investigation right at what should be the source. You may also consider calling them. Again, do not use any telephone number which is listed in an email. This may lead directly to the criminals or one of their representatives. Instead, call the real number that you on your phone, in your contacts or find from their real website directly.

    If you are supposedly given an award or some other offer that sounds too good to be true, assume it is indeed too good to be true. Maybe you have already received email messages that claim the person is dying and they want YOU to help them distribute their fortune. Think about this. Why would someone who you do not know, and does not know you, be so interested to give you tens of thousands of dollars for doing something so simple?

  8. Having been on the internet for quite some time, I am personally well aware of phishing and all kinds of other scams that run wild. However, I also recognize the fact that many people many not have the experience to recognize such a scam. Additionally, some people are just more trusting than others. It is sad to think that so many people feel they can just jump online and create a scam in order to defraud people out of their hard earned money. I am glad that they author decided to write this article since it will hopefully start opening the eyes of many people.

    In this particular article, the author points out a specific phishing scam that is going around. If you receive a email which looks like one that is shown here, then please do not act on this. The article actually advises you not to even open it. I guess this might be the smartest idea, but personally I am very curious, and I like to see what new things these scammers are trying to pull. So, maybe take a look at it, just from the view point of being curious and seeing what you can learn from it. Maybe by studying and examining this, which you now know is a scam, you will be able to apply this to other emails that you receive (save yourself from the trouble of falling for something else).

    Taking a look at the email it actually seems to be a pretty good attempt at obtaining your personal information. The first area where it might fall though is that it is targeted at business owners. This means that a large percentage of people who receive this will immediately know it is either a fraud or a mistake, since they do not own a business. On the other hand, if you do have a business, it may seem plausible that a customer may have filed a report with the BBB.

    The author also gives an excellent explanation of phishing. This is when someone sends a message (typically through an email) which tries to entice you into leaving your personal information. If you fall for something like this, the criminals behind the scam will use your information to purchase merchandise, or in some case, do even more sinister things. Believe me; going through anything related to identity theft is not much fun.

    The author also points out some interesting facts and features of this email which identify it as being fraudulent. Some of links in the mail do not match what you would expect if this was actually sent from the BBB. Also, the names given in the message and then on the signature line do not match (this is usually a dead giveaway). Of course, you are never greeted or addressed by name and no identifiable information about you is given out (this is what they are hoping you will provide!). All of these signs mark this as a scam.

     

  9. This article is full of very sound advice. However, I would also like to add that phishing could take many different forms. There is not only one strategy that cyber criminals use in an attempt to steal information from people. Many internet users think that they will never fall for the old "Nigerian prince" scam and consider themselves savvy. However, reports of new phishing techniques like this BBB email show how cunning some attempts can be. The reason this is a particular dangerous version, of course, is because it appears to be very official. It invokes both authority and fear in an attempt to short-circuit any common sense processes people might go through with more suspicious emails. Receiving an official-sounding notification from the BBB about a complaint sounds plausible, on the surface level, and so encourages a knee-jerk reaction, which is what all phishing schemes are designed to do anyway. In general, a good practice is to regard absolutely any type of email you do not immediately recognize with suspicion, as well as never following links and searching for common phishing emails if you have any doubts.

    One of the major weaknesses with this type of appeal to authority is that the authority actually exists. If you have any doubts, it is very easy to contact the real organization and find out if the email is legitimate or not. This is a huge problem for the phisher, and criminals attempt to cover it up by providing names, dates and whatever information they can to make the email appear real even when it is not.

    Other attempts can be even more sneaky. For example, the email itself may lead to a perfectly legitimate-looking website that is filled with useful information. Perhaps it doesn't even require you to do anything. Maybe it is just for a business offer or concerns ways you can save on car insurance. But accessing the website, even indirectly, may put you at risk through malware. Advanced malware schemes don't want to mess up your computer: on the contrary, they do their best work when unseen, stealing your contact information or recording your passwords as you type them in, then passing them along to criminals.

    So be suspicious of phishing even when the website does not ask for any information directly from you. Sometimes phishing schemes are at their most effective when they are combined with malware attacks, leaving you defenseless against future identity theft. When it comes to malware, the best defense is a constantly updated security system on your computer and a vigilant watch for suspicious requests or visits to a website. Browsers are good at authenticating websites and warning you if there seems to be a problem, but even this is no clear indication of safety. It is better to be safe than sorry, so when in doubt do not go to the indicated website at all.

Leave a Reply

Back to Top

We use cookies to enhance your website experience. By continuing to use our site you agree to the use of cookies in accordance with our policy. Click for more information to find out what cookies we use, what they do and how you can disable them.