14 DAY TRIAL // Security researchers have spotted a spam campaign that leverages the name of Dun & Bradstreet, a New Jersey-based company that licenses information on corporations and businesses for use in marketing, supply chain management and credit decisions.
The emails intercepted by MX Lab are entitled “FW: DNB Complaint” and they come from spoofed email addresses such as “[email protected],” “[email protected]” or “[email protected].”
“Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position,” the bogus emails read.
They continue, “In the interest of time and good customer relations, please provide the DnB with written verification of your position in this matter by July 26, 2013. Your prompt response will allow DnB to be of service to you and your customer in reaching a mutually agreeable resolution.”
The fake Dun & Bradstreet notifications instruct recipients to open the attached file, which allegedly represents the complaint.
The attached zip file doesn’t store a complaint, but a piece of malware that’s designed to steal sensitive information from infected computers.
Currently, 26 antivirus solutions are capable of detecting the threat’s signature.
The scam emails have been making the rounds since around February. Dun & Bradstreet is aware of the scam.
In a notice posted on its website, the company advises customers to delete such emails immediately.
“The email content alleges a complaint has been made against the recipient and requires action be taken to address the matter. Please be aware, neither D&B nor DBCC issued or authorized this email. This incident is external to D&B. Our name and logo are being used illegitimately,” the company notes.
In case you’ve already opened the malicious attachment, scan your computer with an up-to-date antivirus.