Fraudsters behind the decade-old EU Business Register scam are wreaking havoc once again, targeting thousands of businesses and organizations across the globe.
The 2022 iteration of the scam, picked up by Bitdefender Antispam Lab researchers this week, has proliferated in North America, Europe and Asia with particular spikes in the US (24%), Ireland (26%), Sweden (18%) Denmark (14%), Romania, the UK and Germany (2%).
How the EU business register scam works
The email invites businesses to list their organization into a fictitious EU register “free of charge”. Registration is simple. Recipients need to access the attached PDF document, fill out the form, and reply to the sender. The form below asks for information about your business, including your operating industry, name, address, telephone number and email.
Don’t be fooled by the official-looking registration form. The fine print hides the real intent of the operators behind the bogus online registry.
In the ill-defined fine print lurks a three-year agreement obliging you to pay a hefty 995 Euros per year as part of your data registry entry fee.
Opportunistic spammers who jump into this know nothing about the businesses or organizations they target, relying on the recipients’ negligence and lack of awareness.
Those who fail to read the fine print and sign the contract immediately receive the invoice for their first installment. Denying this payment will usher in more emails threatening your business with court action under the claims of a legally binding contract you agreed upon when signing.
The best course of action for your business is to ignore and immediately delete this or any similar emails. Your organization won’t just lose money. There’s no telling where your organization’s information will end up in the first place. Fraudsters could use any data collected to target your business with more dangerous social engineering schemes that could cost you more than just 1,000 Euros.
The official European Business Registry Association (EBRA) has also issued an alert clarifying that there is no relation between the two organizations.
“Over the past years, we have received several complaints about a company – EU Business Register (or EBR) – demanding enterprises to pay for annual subscriptions to a marketing database,” the notification reads. “The EBR is not a registration authority and does not maintain any database of companies. For such reasons, EBR cannot and will not demand any payment to companies to be entered into a database.”
Learn more about how Bitdefender’s Antispam technologies can detect and block spam campaigns so your organization won’t fall prey to cyber threats.