Do not open this Dun & Bradstreet – Inquiry Alert fake E-mail

Here is a malware phishing email that warns that “Dun & Bradstreet” received a complaint from a customer regarding their dealings with you. The attachment Case_nnnn.zip is an executable virus (or Trojan Horse). Dun & Bradstreet is a real company, this email isn’t from them. Dun & Bradstreet – Inquiry Alert is what you see but what you are really getting a virus is you open this Zip file up.

This is what the E-mail Looks Like

 

virus

 

Dun & Bradstreet – Inquiry Alert has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position.top-of-virus-email D&B-Virus-Email

 

Dun & Bradstreet has received the above-referenced complaint from one of your customers regarding their dealings with you. The details of the consumer’s concern are included on the reverse. Please review this matter and advise us of your position.

In the interest of time and good customer relations, please provide the DnB with written verification of your position in this matter by May 18, 2013. Your prompt response will allow DnB to be of service to you and your customer in reaching a mutually agreeable resolution. Please inform us if you have contacted your customer directly and already resolved this matter.

Who or what is Dun & Bradstreet or D&B?

150px-DunBradstreet.svgThe Dun & Bradstreet develops and maintains Reliability Reports on companies across the United States and Canada . This information is available to the public and is frequently used by potential customers. Your cooperation in responding to this complaint becomes a permanent part of your file with the Better Business Bureau. Failure to promptly give attention to this matter may be reflected in the report we give to consumers about your company. Dun & Bradstreet – Inquiry Alert!

We encourage you to print this complaint (attached file), answer the questions and respond to us.

We look forward to your prompt attention to this matter.

The Zip file attached is a Virus Do not Open! Delete the e-mail.

Also, it’s worth noting that there is no indication that any of your information with D&B or D&B Credibility Corp. was compromised, or that the incident was a result of a data security breach. D&B has released an important notice regarding this matter as well.

A Couple of Things to Keep in Mind if you ever receive a suspicious email.

  1. Keep antivirus up to date – One of the most important things you can do to avoid phishing attacks is keep your antivirus software up-to-date because most antivirus vendors have signatures that protect against some common technology exploits. This can prevent things such as a Trojan disguising your Web address bar or mimicking an https secure link. If your antivirus software is not up-to-date, you are usually more susceptible to attacks that can hijack your Web browser and put you at risk for phishing attacks.
  2. Do not click on hyperlinks in e-mails – It is never a good idea to click on any hyperlink in an e-mail, especially from unknown sources. You never know where the link is going to really take you or whether it will trigger malicious code. Some hyperlinks can take you to a fake HTML page that may try to scam you into typing sensitive information. If you really want to check out the link, manually retype it into a Web browser.
  3. Take advantage of anti-spam software – Anti-spam software can help keep phishing attacks at a minimum. A lot of attacks come in the form of spam. By using anti-spam software such a Qurb, you can reduce many types of phishing attacks because the messages will never end up in the mailboxes of end users.
  4. Verify https (SSL) – Whenever you are passing sensitive information such as credit cards or bank information, make sure the address bar shows “https://” rather than just “http://” and that you have a secure lock icon at the bottom right hand corner of your Web browser. You can also double-click the lock to guarantee the third-party SSL certificate that provides the https service. Many types of attacks are not encrypted but mimic an encrypted page. Always look to make sure the Web page is truly encrypted.
  5. Use anti-spyware software Keep spyware down to a minimum by installing an active spyware solution such as Microsoft Antispyware and also scanning with a passive solution such as Spybot. If for some reason your browser is hijacked, anti-spyware software can often detect the problem and provide a fix.
  6. Get educated – Educate yourself on how to prevent these types of attacks. A little research on the Internet may save you a great deal of pain if you are ever the victim of identity theft. You can report any suspicious activity to the FTC (in the U.S.). If you get spam that is phishing for information, forward it to spam@uce.gov. You can also file a phishing complaint at www.ftc.gov. Another great resource is the FTC’s identity theft page to learn how to minimize your risk of damage from ID theft. Visit the FTC’s spam page to learn other ways to avoid e-mail scams and deal with deceptive spam.