Did you get a Customer Complaint Email from D&B?

Update 7/30/14 

We have become aware of phishing emails that may be circulating. You may be a target if you received an email with one of the following subject lines:

  •                 “DNB Complaint – [string of numbers],” or
  •                 “D&B iUpdate: Company Request Processed.”

Please note that such emails are the result of an outside party sending spam emails that are not authorized by Dun & Bradstreet Credibility Corp. We suggest you do not open any related attachments, and any information regarding the status of your business credit report noted in such emails should be disregarded. To receive real alerts when your file is accessed by others or when changes occur in your D&B scores and ratings, you can register for our free alert service: CreditSignal.

If you’re concerned about your business’s general information, we recommend using our Company Update tool to ensure all your information is correct. The service is free, and changes made within it will be reflected in D&B’s database.

Over the weekend, a spammer sent out a large number of emails purporting to come from D&B (alert@dnb.com) that were illegitimate and alleged that a complaint requiring prompt action had been made against the recipient. These emails contained the Dun & Bradstreet Credibility Corp. logo and contact information. Dun & Bradstreet Credibility Corp. has no relation to these emails and our name and logo were being used illegitimately.

We believe this is a phishing scam that’s spoofing the @dnb.com email address. Some signs that the email is not legitimate include:

  • Authentic marketing (and alert) emails from D&B will include one email address in the “To:” section and will never include attachments.
Just some signs that the email is spoofed. 1) D&B and/or D&B Credibility Corp will only send emails with one email address in the "To:" section. 2) We will never send emails with attachments.

Some signs that the email is spoofed: 1) D&B will only send emails with one email address in the “To:” section. 2) We will never send emails with attachments.

D&B is working hard to identify the spammer, but frequently the responsible party will conceal their identity making it challenging to find them. If you ever doubt the origin or content of a D&B or D&B Credibility Corp. email, please contact us to verify the information at: 866.584.0283.

If you received one of these emails, please delete it. If you opened the email or the attachment that was included, please work with your desktop support team to ensure no malware has been added to your computer.

Also, it’s worth noting that there is no indication that any of your information with D&B or D&B Credibility Corp. was compromised, or that the incident was a result of a data security breach. D&B has released an important notice regarding this matter as well.

If you have any questions or concerns, please contact us at 866.584.0283

About Dustin Luther

As Director of Engagement at Dun & Bradstreet Credibility Corp (@DandB), I manage our teams focused on social media and events and always looking for opportunities to engage with small business owners and influencers, both online and in-person! You can find me on Twitter (@tyr), Facebook (dluther) and Google+ (+Dustin Luther).

Do you have an interesting opportunity you'd like to get in front of the @DandB team? Maybe an interesting idea, product or story? Maybe an event that attracts small business experts? Let's talk!

Comments

  1. Rhonda Studer says:

    I received one of these e-mails on 3/8/2013. It has a different case number, but otherwise is identical. I assume it too is spam. I’m deleting it. I tried to open the zip file, but fortunately I’m on a Mac so hopefully no damage was done.

    • Michael Green says:

      Yes the zip contains an executable file with “TDF” in the file name and an adobe logo. If you run it it seems to install some type of malware. Currently checking out its other properties. I’ll update later.

      • Gabrielle says:

        Hi Michael,

        Have you found any Malware on your computer? I tried to open the folder but it would not open – is is only possible to install Malware if the folder opens? I’ve run all the programs I have and have not run across anything yet, but I had a deep-rooted keylogger last year that was very hard to root out.

        Thanks so much,

        Gabrielle

        • Michael Green says:

          Yeah, it installed malware on my system. I had it on a vm and sandboxed so I wasn’t too concerned, none of my AV’s picked it up for 2 days but now it seems mbam will kill it. I’ve gotten pretty busy these last few days but I plan to put it (and several others) on my home network in the near future. See if they try to call home or what. Doesnt seem to be much more than a nuisance but I like reverse engineering things so hey.

    • I received one 3/8/13, Complaint – 8551192 with a file attached. I am a small business owner and was concerned when I first saw the email. But an attachment is a dead giveaway to me that it was spam. Thanks for posting this so I could confirm my suspicions.

    • Hey, Even same thing happens to me as well

    • We received the same spam email twice in this month.

  2. just received a similar email with an attachment

  3. I received on on 3/8. Luckily it went to my spam folder and I found this blog post when I searched the sender’s email address.

    Thanks for posting this to the blog. Will delete the spam.

  4. Inland Stone Inc says:

    I just received 2 emails from alerts@dandb.com saying my credit score of my company is being lowered, which makes no sense as my company has never paid a vendor late. It was only sent to my email address and has a little arrow on the right, saying view details…..I am thinking this is spam and don’t want to hit on the view details arrow. Can anyone tell me if this is spam? Thanks!

    • Hi team from Inland Stone,

      It’s quite possible that the email sent to you is legitimate, although it’s nearly impossible to say without seeing the email as the spammers have become pretty good at spoofing emails. Can you forward the email to: socialmedia@dandb.com and I can confirm?

      Best!

  5. How do I get rid of the virus

    • Lennon Cole says:

      Hi Lynn,

      While there may be certain antivirus programs capable of removing it, I am unfamiliar with the virus and how to/what will remove it. I recommend having a professional look over your computer to ensure it’s completely removed.

      My best,
      Lennon

      P.S. Has anyone successfully removed the virus using an antivirus program? If so, what program did you use?

      • Michael Green says:

        MBAM.

      • I received a copy of this email, I use Kaspersky and it recognized right away that there was a virus attached and deleted the virus file from the attached .zip. I would recommend giving it a try it can probably remove the virus if it is installed. I haven’t had any issues with viruses since installing it. Of course YMMV.

  6. I received an email today. Whenever I received email of the sort, I always perform a Google search using the senders name/email address and the word “scam” to see if it’s legit. Upon my Google search I found it was a scam so I deleted the email.

  7. Randy Leak says:

    Just this AM I received a phone call from somebody stating he was with D & B. While we were on the phone he sent me two e-mails, BOTH had attachments. The notice above says that authentic D & B e-mails will never have attachments, has somebody compromised your company via the phone as well as e-mail?

    • Hi Randy, you make a good point about the attachements… I’m going to update the blog post to be a bit clearer that we never send attachments from our marketing and/or alert emails. However, I would not be a bit surprised if a credit advisor followed up on a conversation by attaching a product one-sheet or some other useful resource.

      However, if you want to be on the safe side, feel free to forward the email to me (socialmedia@dandb.com) and I’ll confirm that it’s a legitimate email.

      Best!

    • Randy, I don’t think the company has been compromised at all. It seems to me that this is merely a case of someone spoofing an email address (which is trivial to do) combined with some social engineering. For example, did you happen to notice the number the people called you from? I only point this out because I don’t want the idea that the company security has somehow been breached. This is merely a case of someone impersonating an employee.

  8. Melissa Owen says:

    I just received one of these today. It was also addressed to two other individuals in the firm – one staff member and one partner.

  9. Is there an email at dandb.com that I can forward the phishing email I just received to for further investigation? I have not opened it as I knew it was phishing as soon as I received it. There are multiple ‘to’ email addresses on this one. This one just came in today 4/15/13.

  10. Private Investigative Services says:

    An associate opened the e-mail and tried to unzip the file…Dunn and Bradstreet should take steps to help the customers with a phish or malware cure IMMEDIATELY, or THEIR NAME WILL FOREVER BE TAINTED IN MY BOOK!!!… If D & B is aware of this they should “Man-Up” and clear their name IMMEDIATELY…

    • I totally get your frustrations, but these are not emails that D&B sends out. Personally, I’ve been getting similar phishing emails from spammers claiming to be banks, online retailers and others for years.

    • Michael Green says:

      I agree. They should have posted a warning on their website with a number to call and advice on what to do as soon as they became aware of this issue…. oh wait…. they did. As for a “phish cure”, the only good defense against pushing attempts is having a competent, educated, and intelligent user base. I’m sorry your organization lacks that. But that is not D&B’s fault.

    • …so if someone starts spoofing “private investigative services” and causes millions of dollars in damage, then PIS should “man up” and cover the costs by some crook who illegally used deceptive practices unknown to the victims and PSI (who also becomes a victim)? Interesting thought but there doesn’t seem to be much thought behind it, i hear more emotion than I do logic.

  11. I received this mail today, and i was not aware that it is a spam since the subject of the mail was complaint i thought maybe the mail was authentic. A PDF file was attached with the mail, and i tried opening it, but was not able to open the doc. I just want to know what i should do now?

    • The advice given in the blog post is the best advice I know to give:

      “If you received one of these emails, please delete it. If you opened the email or the attachment that was included, please work with your desktop support team to ensure no malware has been added to your computer.”

      Hope that helps!

  12. I find it interesting that I just signed up for D and B yesterday, and today I receive this phishing scam. Seems to me somebody has hacked D and B.

  13. We received an e-mail today with an attachment. I know this is a fake complaint because authentic companies don’t do it this way.

  14. Michele says:

    Just received one today, May 14, 2013

  15. just got one today..but i figure it was fake since no one can complain about my company.

  16. Keith Stevens says:

    We just receaved one of these emails. Maybe it is a “Zip” company who is doing the spamming. We had to download and purchase a Zip opening program to try to open the attachment.

    • I don’t know what the attachment is like that’s part of the email the spammer sent out today, but I highly recommend that others do not open it. I’ve heard from some people that there was an executable (*.exe) attached that could potentially install malicious software on their computer.

  17. Got one too. ZIP file was full of zero’s, could of been cleaned or was a dud.

  18. Received one today. “New Complaint : 6771147″ It had a .zip file “Case_6771147.zip” attached. I didn’t open it.

    • I also received the same email . “New Complaint : 6771147″ It had a .zip file “Case_6771147.zip” attached today.

      • Hi Sara/Heidi. Any chance you can forward the email you received to me? I would really like to better understand the differences between todays email and previous emails.

  19. Received one today glad to know a fake all co-addressees had same first nam….

  20. Just received one today, too.

  21. DO NOT OPEN EMAIL> DELETE IMMEDIATELY. Just received one today at our business email address. The staff member isn’t computer savvy. She opened the email attachment and BAM, now we have Trojan.Zbot and Trojan.ZeroAccess.C on our server. Pain in the rear to remove. Norton will not do it, will try MBAM, then call the pros.

  22. Gaurava says:

    Received one today.. is D&B really doing some thing on this?

  23. Hemachandran says:

    I received an email in our Domain with virus attachments. One of the way D&B should look into if already not being done is implementing SPF record for you domain. Just a suggestion, I am sure your security team might have already looked into possible solutions.

  24. I received this email yesterday. I opened the email and the zip file that came attached, but I did not get as far as installing the application that came with the zip file. That was my Wake up call! I did scan with MBAM, AVAST and SUPERANTISPYWARE and SUPERANTISPWARE found the following:

    .doubleclick.net [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .statcounter.com [ C:\USERS\DANIEL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

    Unless someone can identify any as a threat, I assume they are legit. I also would like to thank who ever was responsible for putting this info out there. Some of us are more gullible than we’d like to think.

  25. I received this exact same email in my spam folder on May 14,2013. The first red flag for me was that the email info stated that this email was sent to me and 7 others. I have excellent protection on my computer so I went ahead and clicked on the PDF file (the supposed case file against me) and my virus protection would not open it.. said possible threat to my computer and not to continue to open it.

  26. Andrew Broadmoor says:

    Just got this email this morning, so it looks like its starting up again, and it was preceded by about 5 other similar fishing scam emails to almost all of my 4 different email addresses in the last week, including the African lottery or whatever scam.

  27. I also received this message today!
    I make it a standard procedure to never open such attachments and check the sender. That way I came across your posted message. Thanks!
    Good luck with this matter and I wish that spammers like this “crash & burn and live in Hell forever”
    A fellow entrepeneur!

  28. Out again today: “New Complaint : 8111137″
    Avast sent it to the abyss *** VIRUS ***FW : Complaint – 8111137

  29. received this on 6/17/13 – “Complaint – 0164118″. it went directly to my junk mail so no attachment was saved.

  30. just got an email and it had more then one person in the to line. looks like a new virus is going around

  31. Another round was sent out 06/17. Our company just received one.

  32. Signtist says:

    YEP . . . I got one of these TODAY ! ! ! One clue I saw . . . was the 2012 Copyright in the bottom!

  33. Also received an email today 6/17/13. Opened email but did not open zip file as my first thought was it was spam of some sort.

    FW : Complaint – 9113919

    Judging by how many times this has happened, you guys really need to figure this out. Maybe change all your company email addresses/domains?

  34. I received one of these this morning. Looked suspicious so I did not open attachment and forwarded to the email in the above responses.

  35. Tyler T says:

    Several people at our company just received a similar email. This isn’t the first time that they have spammed using spoofed Dun & Bradstreet addresses. This one is coming from alert@dnb.com.

    It passed through AVG antivirus from 4 days ago. Version: 2013.0.3345 / Virus Database: 3199/6407 – Release Date: 06/13/13

    It appears they are using an anonymous proxys to disguise their ip. I would report these spam mails to the proxy servers. One appears to be a Comcast server in Needham Heights in the US.

    Here is a copy of the internet header:
    X-Antivirus: AVG for E-mail
    Received: from p3pismtp01-012.prod.phx3.secureserver.net (72.167.238.12) by
    P3PWEX3HT002.ex3.secureserver.net (184.168.131.205) with Microsoft SMTP
    Server id 14.2.318.1; Mon, 17 Jun 2013 08:42:24 -0700
    Received: from p3plsmtp09-06.prod.phx3.secureserver.net ([97.74.135.171]) by
    p3pismtp01-012.prod.phx3.secureserver.net with ESMTP; 17 Jun 2013 08:39:33
    -0700
    Received: (qmail 7901 invoked from network); 17 Jun 2013 15:39:33 -0000
    Delivered-To: ttrahan@bluefingrp.net
    Received: (qmail 7843 invoked by uid 30297); 17 Jun 2013 15:39:32 -0000
    Received: from unknown (HELO p3pismtp01-062.prod.phx3.secureserver.net)
    ([10.6.12.181]) (envelope-sender ) by
    p3plsmtp09-06.prod.phx3.secureserver.net (qmail-1.03) with SMTP for
    ; 17 Jun 2013 15:39:32 -0000
    Received: from 75-144-162-21-newengland.hfc.comcastbusiness.net
    ([75.144.162.21]) by p3pismtp01-062.prod.phx3.secureserver.net with ESMTP;
    17 Jun 2013 08:39:30 -0700
    Received: from 75.144.162.21(helo=jahxaaivc.qupjuygrzpucwar.tv) by
    75-144-162-21-NewEngland.hfc.comcastbusiness.net with esmtpa (Exim 4.69)
    (envelope-from ) id 1MM1M5-4081pt-XU for ttrahan@bluefingrp.net; Mon, 17 Jun
    2013 10:39:30 -0500
    From: Dun & BradStreet
    To:
    Subject: FW : Complaint – 2073215
    Date: Mon, 17 Jun 2013 10:39:30 -0500
    MIME-Version: 1.0
    X-Priority: 3
    X-Mailer: vnggicz-29
    Message-ID:
    Content-Type: multipart/mixed; boundary=”—-=a__xdjiwcup_44_51_20″
    Return-Path: SRS0=V6xS=QB=dnb.com=alert@bounce.secureserver.net
    X-MS-Exchange-Organization-AuthSource: P3PWEX3HT002.ex3.secureserver.net
    X-MS-Exchange-Organization-AuthAs: Anonymous
    X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0

  36. Shelley tinney says:

    I received this message today also. My computer would not allow me to open the attachment. What would a legitimate complaint notification look like?

  37. MintChip says:

    I also received one today. :/

  38. This morning at 8:30am we recieved this email about a customer complaint. As a company you want to respond to any complaints. Not knowing I did try to open it and my computer did block it from opening. I do hope it did not find a way to open. I am glad i did google this topic and found its not real.

  39. An employee tried to open up the attachment thinking we got some sort of Complaint Alert from D&B and it would not open. I looked at the e-mail and thought it was bogus. I called D&B and they checked for my name, my e-mail address, our website name and our company name. NO Complaint or Alert was on file with them. They said it has happened in the past and it’s been a phishing scam or someone trying to put a virus or malware on our computer. D&B said to delete the e-mail immediately and run a security scan to remove any virus or malware.

  40. Just got one of these emails today. The attachment was a file.zip.txt file, so the computer pegged it as a text file, when it operates like a zip (malware).

    Just a heads up to delete it and move on.

  41. Order Desk says:

    Also received this today. It’s stillout there!

  42. Adam Stetten says:

    I just received that same email on 6-17-2013 which is weird because I just moved and forgot to pay my Lowe’s credit card bill. I was like Damn-it I hate you Lowe’s! But then I googled the DandB zip file and found this blog, THANK YOU FOR HAVING THIS BLOG UP!!!!

  43. Yep… they are still sending them. Received today… with a zip attachment. Complaint # 7824434 is the number they are sending out to everyone, per the person AT D&B that I spoke to. Just deleted the emails and do not open the PDF!

  44. Michelle Lowe says:

    Another person here whom received this today. Mine had a .exe attachment within a zip file – as a small business owner I was genuinely concerned until I saw the type of attachment! Definitely one of the more believable scams… be careful, everyone.

  45. I got the same thing june 17. Complaint 1868404 . My IT guy couldnt open the attachment.
    Thanks for letting us know through the blog !!!!
    Mariela

  46. Ginger9077 says:

    Some of my users received these emails today. Hate your domain is getting spoofed because it is a pita to try and figure out how to get it under control.

    however, this one was claiming to be from a printer in my own organization with a scanned zip attached but the hidden email and reply to address is alert@dnb.com

    X-MAIL-FROM:
    X-SOURCE-IP: [216.51.136.193]

    good luck and let me know if you would like the rest of the header info

  47. Jennifer says:

    Different complaint number (333495) but same email. Sorry to hear this is STILL a problem for you.

  48. ARLibertarian says:

    I got one today in my .gov account. Header was “Scanned Copy”. Spam filter caught it.

    • ARLibertarian says:

      PS. Thanks for the heads up. I deal with many providers around the state, and it would not be unusual for me to get a scanned copy of something, and many don’t take the time to fill in the subject line.

  49. Kathy Mast says:

    Received one today! Virus detection caught it. It looks like this has been happening for months. Hope you are close to finding the source.

  50. One more was sent out today from “Dun & BradStreet”
    Subject: “Complaint – 4180693″ with just our company info email in the To field. The email contained a zip file that Norton scanned ok. Once unzipped the PDF file contains a Trojan Horse. Beware! Do not open.
    We always try to maintain good customer relations with a customer is always right policy and have never had a customer complaint that we could not resolve ending in a happy customer in the end. So we were initially surprised by this email and skeptical.

  51. Kyle Godfrey says:

    Just got another one today 6/25/2013, the company really needs to fix this problem before their credibility slides anymore.

    • The company’s e-mail is being spoofed. There is nothing they can do on their end other than educate the public and provide warnings to consumers which they have already done. Companies should provide training to their staff to ensure they recognize such an obvious spam/malicious e-mail.

  52. Looks like there are more of these going out . . . just got one this morning June 25th 2013.

  53. I received 2 emails with different case numbers on June 25th from alert@dnb.com with a zip attached. I did not open the attachment, even though I have a Mac. I’ve gotten into the habit of Googling suspicious emails.

  54. I just received one today (July 25, 2013)

  55. An FYI… I just received one today…

  56. Just received one with zip file attachment. The article helped to make a decision not to open

  57. The spammers have gotten smarter, in longer displaying multiple addresses in the “To” e-mail filed. Zip file included which was of course not opened. 2012 copyright date and inconsistent use of name and e-mail extensions was also a red flag. File format of Zip – what would have to be so big that it was zipped up and sent to!!!!! Chris K

  58. We received one today on a company computer from alert@dnb.com with zip file attached but didn’t try to open.

  59. Thanks for posting this. I received one today with a zip file but due to today’s issues economically, people have too much time on their hands. Good thing this was posted so I could verify before opening anything. Thank you!

  60. Just received mine today, glad I googled this first! Thanks for posting and letting the general public know of the spam!

  61. eastvalleygreen says:

    Thank you for posting this! I received mine today and I appreciate your putting this online and letting us know about this spam…I admit, I was a bit freaked out at first :)
    H.

  62. DStocker says:

    Please post info about the trojan attachment. I was unfortunate enought to unzip the file and run it. It is a password stealer and needs to be removed ASAP. If you run it, it modifies the registry. Here is the link to post for the virus info. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=PWS%3aWin32%2fZbot.gen!AM&threatid=2147678816
    Thanks.

    • Hi DStocker,

      I’m under the assumption that there have been different viruses attached to different emails… Nonetheless, thanks for posting! And hope your link can help others.

  63. got mine 6-25-13 . It looked real after I did a few checks I open the attachment . As soon as it started a run program I closed out . Too late !! A few hours later my Bank call said that they had some unknown activity on our bank account and they were closing my link to the bank.
    Real problems don’t open !!!

  64. Received an email saying that your company had received a complaint from someone. 7322735 is the complaint number.

  65. Tammy S says:

    I received one this morning and on my phone it has the attachment button that downloads it before u open it. I downloaded it before I saw this but it wouldn’t open and I deleted it. Am I safe since it was through my phone and not a laptop or desktop? I have the Samsung
    galaxy III and people say they do not get the viruses. Didn’t know if it would stop with phone or if it goes through email

  66. Just received this email today 11Jul2013

  67. Just got one, complaint 0244552. Opened the zip and saw an exe. Tried unzipping the exe, but no archive. Then found this post. Emailed full headers copy to you, but the originating server looks like a throw-away domain on an Austrailian server. IP2Location can’t turn the originating IP into a country, though.

  68. Harrison says:

    Just got an email. Fortunately was on mac so could not run exe. However, the spammer was wise enough to only put my address in the To: box. Complaint number: 2306656

  69. Came today. Used Malwarebytes, Combofix, AVG (not much), Kaspersky TDSSS Killer, and some other programs to get rid of it. http://malwaretips.com/blogs/zeus-trojan-virus/

  70. Hi, me too received it today but without attachment.. strange!? but I just a new comer to the company.. is that anything sign that can prove it is legitimate?

  71. I received one of these today 7-16-13. I did not open the attachment and advised others in office to do the same. Will delete email shortly.

  72. Received this e-mail today – smelled like fish to me with a zip file attached. Thank you for the communications about this problems. Freaking phishers. Always question attached ziped files!

  73. received two of these today on our companies sales email address. different “case #’s”. either the stars aligned and we were really bad at our jobs recently …or it is clearly a scam. if i understand correctly openening the email itself is not a problem…it’s openeing the attachment (which i would never do). A real problem would most like come in written mail and not email/ good luck

  74. I just received an e-mail today, 7-16-2013, with the Complaint # 0883253.

  75. I received one of these today. Considering I am a blogger and have had few dealings with businesses and no customers to speak of, I figured this was another spam email since it came with a zip file. In case you’re keeping track, the New Complaint # on this one is : 1930452.
    Thanks.

  76. I just received this email today. Looking legitimate, I double-clicked the attachment, however it wouldn’t open. I suspect they want me to save the file and unzip it, which I didn’t do. After searching “d&b scam,” this site came up and confirmed my suspicions. I noticed that I received the email late in the game, so it would have been nice if D&B had something in place to email all users of a potential phishing scam circulating the net using the D&B name, that way I would have recognized it immediately.

  77. Tabitha McGlaughlin says:

    I got one today. Good thing I googled it and didn’t open.
    New Complaint : 9421326

  78. Kelly D says:

    I just received one of these emails today (7/16/13) and am deleting without opening the attachment. Just wanted to keep you aware that they are still being sent. Thanks for the information on your blog!

  79. ben hill says:

    Also received this…thanks for the info

  80. John Doe says:

    I just received one today as well (Jul-16). Go get the bastard who did this.

  81. We also received one of these emails today. 7/16/2013..
    ———————> Start of Email End of Email HEADER <————————————–
    Return-path:
    Envelope-to: stan@xxxxxxxxxxxx.com
    Delivery-date: Tue, 16 Jul 2013 05:50:08 -0700
    Received: from [91.183.237.64] (port=2430 helo=static.isp.belgacom.be)
    by xxxxx.inmotionhosting.com with esmtp (Exim 4.80)
    (envelope-from )
    id 1Uz4hg-0005Ml-GM; Tue, 16 Jul 2013 05:50:08 -0700
    Received: from 91.183.237.64(helo=kjmfwf.ymifuuaaay.biz)
    by static.isp.belgacom.be with esmtpa (Exim 4.69)
    (envelope-from )
    id 1MMV5B-3170vo-H6
    for stan@xxxxxxxxxxxx.com; Tue, 16 Jul 2013 13:50:04 +0100
    From: “Dun & BradStreet”
    To: ,

    Subject: FW : DNB Complaint – 1003368
    Date: Tue, 16 Jul 2013 13:50:04 +0100
    MIME-Version: 1.0
    X-Priority: 3
    X-Mailer: fnnqjvjqd 37
    Message-ID:
    Content-Type: multipart/mixed;
    boundary=”—-=a__whkctiu_40_69_82″
    X-Spam-Status: No, score=1.5
    X-Spam-Score: 15
    X-Spam-Bar: +
    X-Ham-Report: Spam detection software, running on the system “xxxxxx.inmotionhosting.com”, has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn’t spam) or label
    similar future email. If you have any questions, see the administrator of that system for details.

  82. We are getting a lot of these

  83. Kimberly says:

    Received one two days ago and another today as well as 4 others in the last month. This one stated the Complaint was “New Complaint : 3745368.”

    Please fix this problem if you can.

  84. Jasmine says:

    I just received one & tried to open on my iphone. it gave be the option to save to dropbox so I did to look at later. when I went to my computer to view it was not there. hoping the dropbox team took care of it.

  85. Just received email from alerts@dnb.com with new complaint 8837936 .. Thank you for these posts

  86. I received the same as above, with complaint #3177728, but immediately noticed that it was from “.dndb.com”, not “dandb.com, so googled to see if there was a scam floating around, or if it might be real. I was suspicious of the .zip file, too. Otherwise, the email looked pretty believable.

  87. Today I also received this bogus email; lucky for us we are a small firm and know all of our clients, we have never had any complaints so I knew it was spam right away. I didn’t unzip the file and I hope these reports helps them get shut down.

  88. I got one today and it referenced “replying by June 8, 2013″. Idiots. I deleted. Thanks for the blog.

  89. Just received a zip file purporting to be D&B from alert @ dandb.com have deleted without opening

  90. I just received the email. It was in my spam folder and had it sent to my inbox. My AVG program noted that the attachment was suspicious so I wasn’t able to open it. I had complained about an Amazon order a few days ago so I was thinking it was a response to it. I deleted the email and am hoping all will be well.

  91. Not Necessary says:

    Shouldn’t D&B have FIXED the spoofing issue by now – since they had from February-on to work on it?

  92. Rebecca White says:

    I got one today as well.

  93. Name here says:

    Still going… just received one this morning. Attaching a zip file is basically a red warning light for me, so went straight to Google and found this, as I suspected. Probably the biggest giveaway, though, was that the email appears to be from “alert@dnb.com” but the small print at the bottom gives it as “alerts@dandb.com”. Classic.

  94. These emails are still going around. I got mine today, August 7, 2013.
    they’re very convincing. I’m glad you have this page up, and it’s easy to find, but I’m sure many folks are scammed.
    Go get em!

  95. Shakes head. says:

    Some comments on here are absolutely hilarious!

    Someone here BOUGHT a program to open ZIP file to open a spam zip?

    “Shouldn’t D&B have FIXED the spoofing issue by now” Lol – how is it their fault to fix?

    “I just received one & tried to open on my iphone. ” Should you even be allowed out alone, with a phone?

    “smelled like fish to me with a zip file attached.” – You SMELL your emails?

    Don’t open emails or attachments, especially zip files from ‘people’ or ‘companies’ you don’t know! It’s THAT simple!

  96. C D Harris says:

    I got one of these emails today. “FW : DNB Complaint – 4159615″. I opened the zip but did not run the .exe file inside. I hope I’m okay. I would be glad to forward the email to D& B for them to examine but I cannot find an email address.

  97. Catherine says:

    Not limited to business. I have no business registered to my name or any of my email accounts, yet I received this email (26/8/2013). Deleted it without so much as a second glance.

  98. You guys gave me a virus!

  99. 8-26-13: we received a Fake Dunn & Bradstreet email with a zip file attached. Avast Virus Scanner indicated it was a virus.

  100. Just received a “complaint” from D&B but don’t care because i just received an email from Nigeria saying that I am going to inherit millions! I am so lucky…

  101. Franc Schiphorst says:

    Hi,

    Just received one in the Netherlands. Worth noting is that the email had a react before date of one day into the future. That’s is usually a sign, trying to push you into the corner and give you no time to react so you rush and make mistakes.

    I assume that D&B will give a business some time to react.

  102. Despite my McAfee catching the virus, it has now corrupted a number of important files and documents, rendering them unreadable. I have days of work ahead of me, trying to replace these files with earlier versions from Carbonite. Had D&Bs phones been working when I tried to call, I would never have downloaded this spam. Your phone lines are all saying ””temporarily unavailable and try back later.””

  103. Has anyone found a way to remove this virus which has corrupted my entire computer? Thank you.

    • Lennon Cole says:

      Hey there,

      Sorry to hear about your machine. I suggest giving Malwarebytes Anti-Malware (MBAM) a try, since others have successfully removed the virus with it. However, I’m unsure whether they used the free or the paid version of the program, or if it’s even the same virus.

      Good luck! Please inform us of the results.

      • Tried it…it failed. So have all the other antivirus programs I have tried. Right now I’m running the 7th or 8th one. A few found viruses and malware and deleted them and now my computer is coming up clean yet all files on computer are corrupted and unreadable. McAffee tech support is trying to help. FYI spammers demanded 300$ ransom or said they’d wipe my hard drive clean after 3 days. We’re on day 2.

  104. Naveen Malhotra says:

    I received this mail today, and i was not aware that it is a spam since the subject of the mail was complaint i thought maybe the mail was authentic. I just want to know what i should do now?

    Regards,
    nAVEEN

    • Hi Naveen,

      Assuming you didn’t open the attachment, there’s not much to do besides deleting the email.

      -Dustin

      • Naveen Malhotra says:

        I opened the attachment, there is an zip.txt. When i opened the attachement note pad will be open and (This attachment was removed. ) hope its a scam and the complaint id is 0496633

        Naveen

        • Naveen, very quickly back up everything on your hard drive. If you got the same virus I did, in two days all your data and documents will become encrypted and you’ll be told the only way to fix it is to send money. Back up everything to an external and do a complete virus scan. I hope this prevents your having the same terrible problem I did. Good luck.

  105. I just tried to open the zip file….stupid, i know, but my boss insisted, because he was concerned about having a complaint made about him. He assured me that D & B was a legit company….now weird things are happening on my computer. Someone has defragged my computer at 1:30 AM this morning (while i was sleeping). I did a virus scan on my computer, but i don’t think it found it & took care of it. Any advice would be helpful. I know it was stupid to try & open the zip file, but when you’re pressured by your boss….it’s hard not to.

  106. we just received one, thanks for your post so i know not to open it and
    to delete it

  107. More spam emails sent to the UK

    Hope you catch the spammers sending their evil ZIP files

  108. We just received this scam email today, months after you first noted it in this post. So please be aware that it is still circulating.

  109. TranSpanish says:

    Email still going round. Got it today 10 Jan. 2014

  110. I have also received this today – FW : DNB Complaint – 3926532 Sender is alert@dnb.com

  111. carmen Simpson says:

    Whoever was sending this messages lat year is doing it again. I just received a new one today.

  112. have gotten 2 in January alone.. thank for making this blog..
    the email is alerts@dandb.com

  113. The current “D and B” email has a return email as dandb@click.dandb.com

  114. you need to work on this spam. i’ve been receiving this spam email several times already. i justt keep on ignoring it.

  115. Michelle Hydrick says:

    I received this email and didn’t even have to open the attachment. The dead giveaway was when outlook stopped responding as soon as the email was forwarded by an owner as he was concerned it may be a virus but wasn’t sure. The Trojan than it puts on your computer is one for ransom called cryptolocker. it encrypts random files on your computer and worse still if you are on a network it reached files on the network as well. It then says you have a set number of hours to pay the ransom so you can get the decryption key.
    http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
    It has been very frustrating that this has happened and has cost us money just to have our IT support fix it, let alone the work hours lost!

Trackbacks

  1. [...] just wanted to add this link for more information from D & [...]

  2. […] Today, we received a Fake Dunn & Bradstreet email with a zip file attached, supposedly including the report. It looked very suspicious. A quick look at the domain showed it was sent from dnb.com but Dunn & Bradstreet is dandb.com. Also a quick google of D&B fake emails took us straight to this report from Dunn & Bradstreet confirming their awareness of this fake email. […]

  3. […] and sure enough it is a scam. Check out this link before opening any email from Dun and Bradstreet: http://blog.dandb.com/2013/02/19/customer-complaint-email-dnb/. And, remember, never, ever, trust anything that seems suspicious! Don’t get caught by the […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 305 other followers

%d bloggers like this: