Over the weekend, a spammer sent out a large number of emails purporting to come from D&B (alert@dnb.com) that were illegitimate and alleged that a complaint requiring prompt action had been made against the recipient. These emails contained the Dun & Bradstreet Credibility Corp. logo and contact information. Dun & Bradstreet Credibility Corp. has no relation to these emails and our name and logo were being used illegitimately.
We believe this is a phishing scam that’s spoofing the @dnb.com email address. Some signs that the email is not legitimate include:
- Authentic marketing (and alert) emails from D&B will include one email address in the “To:” section and will never include attachments.
Some signs that the email is spoofed: 1) D&B will only send emails with one email address in the “To:” section. 2) We will never send emails with attachments.
D&B is working hard to identify the spammer, but frequently, the responsible party will conceal their identity making it challenging to identify the sender. If you ever doubt the origin or content of a D&B or D&B Credibility Corp. email, please contact us to verify the information at: 866.584.0283.
If you received one of these emails, please delete it. If you opened the email or the attachment that was included, please work with your desktop support team to ensure no malware has been added to your computer.
Also, it’s worth noting that there is no indication that any of your information with D&B or D&B Credibility Corp. was compromised, or that the incident was a result of a data security breach. D&B has released an important notice regarding this matter as well.
If you have any questions or concerns, please contact us at 866.584.0283
About Dustin Luther
I received one of these e-mails on 3/8/2013. It has a different case number, but otherwise is identical. I assume it too is spam. I’m deleting it. I tried to open the zip file, but fortunately I’m on a Mac so hopefully no damage was done.
Yes the zip contains an executable file with “TDF” in the file name and an adobe logo. If you run it it seems to install some type of malware. Currently checking out its other properties. I’ll update later.
Hi Michael,
Have you found any Malware on your computer? I tried to open the folder but it would not open – is is only possible to install Malware if the folder opens? I’ve run all the programs I have and have not run across anything yet, but I had a deep-rooted keylogger last year that was very hard to root out.
Thanks so much,
Gabrielle
Yeah, it installed malware on my system. I had it on a vm and sandboxed so I wasn’t too concerned, none of my AV’s picked it up for 2 days but now it seems mbam will kill it. I’ve gotten pretty busy these last few days but I plan to put it (and several others) on my home network in the near future. See if they try to call home or what. Doesnt seem to be much more than a nuisance but I like reverse engineering things so hey.
I received one 3/8/13, Complaint – 8551192 with a file attached. I am a small business owner and was concerned when I first saw the email. But an attachment is a dead giveaway to me that it was spam. Thanks for posting this so I could confirm my suspicions.
just received a similar email with an attachment
I received on on 3/8. Luckily it went to my spam folder and I found this blog post when I searched the sender’s email address.
Thanks for posting this to the blog. Will delete the spam.
I just received 2 emails from alerts@dandb.com saying my credit score of my company is being lowered, which makes no sense as my company has never paid a vendor late. It was only sent to my email address and has a little arrow on the right, saying view details…..I am thinking this is spam and don’t want to hit on the view details arrow. Can anyone tell me if this is spam? Thanks!
Hi team from Inland Stone,
It’s quite possible that the email sent to you is legitimate, although it’s nearly impossible to say without seeing the email as the spammers have become pretty good at spoofing emails. Can you forward the email to: socialmedia@dandb.com and I can confirm?
Best!
How do I get rid of the virus
Hi Lynn,
While there may be certain antivirus programs capable of removing it, I am unfamiliar with the virus and how to/what will remove it. I recommend having a professional look over your computer to ensure it’s completely removed.
My best,
Lennon
P.S. Has anyone successfully removed the virus using an antivirus program? If so, what program did you use?
MBAM.
I received an email today. Whenever I received email of the sort, I always perform a Google search using the senders name/email address and the word “scam” to see if it’s legit. Upon my Google search I found it was a scam so I deleted the email.
Just this AM I received a phone call from somebody stating he was with D & B. While we were on the phone he sent me two e-mails, BOTH had attachments. The notice above says that authentic D & B e-mails will never have attachments, has somebody compromised your company via the phone as well as e-mail?
Hi Randy, you make a good point about the attachements… I’m going to update the blog post to be a bit clearer that we never send attachments from our marketing and/or alert emails. However, I would not be a bit surprised if a credit advisor followed up on a conversation by attaching a product one-sheet or some other useful resource.
However, if you want to be on the safe side, feel free to forward the email to me (socialmedia@dandb.com) and I’ll confirm that it’s a legitimate email.
Best!
Randy, I don’t think the company has been compromised at all. It seems to me that this is merely a case of someone spoofing an email address (which is trivial to do) combined with some social engineering. For example, did you happen to notice the number the people called you from? I only point this out because I don’t want the idea that the company security has somehow been breached. This is merely a case of someone impersonating an employee.
I just received one of these today. It was also addressed to two other individuals in the firm – one staff member and one partner.
Is there an email at dandb.com that I can forward the phishing email I just received to for further investigation? I have not opened it as I knew it was phishing as soon as I received it. There are multiple ‘to’ email addresses on this one. This one just came in today 4/15/13.
Sure thing… if you email it to me at socialmedia@dandb.com, I’d be happy to look at it.
An associate opened the e-mail and tried to unzip the file…Dunn and Bradstreet should take steps to help the customers with a phish or malware cure IMMEDIATELY, or THEIR NAME WILL FOREVER BE TAINTED IN MY BOOK!!!… If D & B is aware of this they should “Man-Up” and clear their name IMMEDIATELY…
I totally get your frustrations, but these are not emails that D&B sends out. Personally, I’ve been getting similar phishing emails from spammers claiming to be banks, online retailers and others for years.
I agree. They should have posted a warning on their website with a number to call and advice on what to do as soon as they became aware of this issue…. oh wait…. they did. As for a “phish cure”, the only good defense against pushing attempts is having a competent, educated, and intelligent user base. I’m sorry your organization lacks that. But that is not D&B’s fault.
I received this mail today, and i was not aware that it is a spam since the subject of the mail was complaint i thought maybe the mail was authentic. A PDF file was attached with the mail, and i tried opening it, but was not able to open the doc. I just want to know what i should do now?
The advice given in the blog post is the best advice I know to give:
“If you received one of these emails, please delete it. If you opened the email or the attachment that was included, please work with your desktop support team to ensure no malware has been added to your computer.”
Hope that helps!
I find it interesting that I just signed up for D and B yesterday, and today I receive this phishing scam. Seems to me somebody has hacked D and B.
We received an e-mail today with an attachment. I know this is a fake complaint because authentic companies don’t do it this way.
Just received one today, May 14, 2013
just got one today..but i figure it was fake since no one can complain about my company.
We just receaved one of these emails. Maybe it is a “Zip” company who is doing the spamming. We had to download and purchase a Zip opening program to try to open the attachment.
I don’t know what the attachment is like that’s part of the email the spammer sent out today, but I highly recommend that others do not open it. I’ve heard from some people that there was an executable (*.exe) attached that could potentially install malicious software on their computer.
Got one too. ZIP file was full of zero’s, could of been cleaned or was a dud.
Received one today. “New Complaint : 6771147″ It had a .zip file “Case_6771147.zip” attached. I didn’t open it.
I also received the same email . “New Complaint : 6771147″ It had a .zip file “Case_6771147.zip” attached today.
Hi Sara/Heidi. Any chance you can forward the email you received to me? I would really like to better understand the differences between todays email and previous emails.
Received one today glad to know a fake all co-addressees had same first nam….
Just received one today, too.
DO NOT OPEN EMAIL> DELETE IMMEDIATELY. Just received one today at our business email address. The staff member isn’t computer savvy. She opened the email attachment and BAM, now we have Trojan.Zbot and Trojan.ZeroAccess.C on our server. Pain in the rear to remove. Norton will not do it, will try MBAM, then call the pros.
Received one today.. is D&B really doing some thing on this?
Hi Guarava: I can assure you that the D&B and D&B Crediblity teams take this issue very seriously.
I received an email in our Domain with virus attachments. One of the way D&B should look into if already not being done is implementing SPF record for you domain. Just a suggestion, I am sure your security team might have already looked into possible solutions.
I received this email yesterday. I opened the email and the zip file that came attached, but I did not get as far as installing the application that came with the zip file. That was my Wake up call! I did scan with MBAM, AVAST and SUPERANTISPYWARE and SUPERANTISPWARE found the following:
.doubleclick.net [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Unless someone can identify any as a threat, I assume they are legit. I also would like to thank who ever was responsible for putting this info out there. Some of us are more gullible than we’d like to think.