“It looks very much like the team at World Business List are active again, sending out forms to millions of businesses, inviting them to get their entry in World Business List, where ‘Updating is free of charge!’ [NB – Update February 2019 – We’ve been advised that in some cases people are getting up to seven emails a day in an attempt to get people to click on the links. If these people are filling up your inbox, scroll to the bottom of this article for the emails to report them for phishing and spam]
If you have received one of these please do not fall for this. Delete it immediately.
For those unfamiliar with the ‘modus operandi’ of this particular outfit, what they do is as follows.
Firstly, they send out waves of blanket emails to businesses across the world (we’ve had reports this week from Australia, Canada, USA and Ireland’) with a .pdf attachment inviting them to fill in their details to gain an entry in the World Business List.
The form looks like this;
As you can see, it’s carefully constructed to confuse and mislead.
For any businesses that get ensnared by this and fill the form in, what they usually fail to realise is that they are being hooked into a three-year agreement which will cost them €2985 in return for which they will receive an entry on an obscure website that has very few visitors and almost zero visibility.
In other words, it’s a rip off.
The form is carefully constructed to confuse the eye and uses a combination of cramped text and capital letters to hide the fact that you are signing to allow them to bill you €995 a year for the next three years.
They also seem to conveniently ignore the usual niceties like the mandatory 14 day cooling off period which accompanies distance selling, by stating in their small print that the contract starts eight days after you sign it, not after they receive it or even publish it.
In short, sign it and you are in a legally binding agreement to give them almost €3,000 for fresh air.
So, if you have inadvertently signed and returned the form then;
- If it’s within 8 days of your signature email them to cancel and send a copy in writing by registered or recorded mail
- If it’s after the eight day period but within the 14 days remind them of the distance selling obligations and still ask for a cancellation
- If it’s after 14 days then read this article for what happens to people who don’t pay them
The aim of this article is to point out to businesses across the world that this seemingly simple agreement is nothing of the sort. It’s NOT a free directory and it’s not a free service. It’s a very expensive backlink.
Let’s be clear, what they are doing here is not illegal. It is, however, immoral and the pain and misery that it heaps on small businesses caught by this, most of whom can ill afford this much money, it shocking.
What to do if you receive an email from World Business List
Most businesses, fortunately, are catching this early and it’s starting to appear in more and more spam folders.
Given that it purports to be a legitimate business email however, there is every chance it can end up in the inbox or worse still, on the machine of an office junior who thinks that filling this in is actually a valuable thing to do for your business.
Preventing this would be great if at all possible and there is one way we could help stop this. We could all report it as spam.
The email passes pretty much all the email threat detectors apart from Hybrid Analysis which, whilst giving it a clean bill of health, does warn about the .pdf that a “Possible heap spraying attempt detected” and that “RdrCEF.exe” issued more than 3000 memory allocations”. This came from a very helpful correspondent, who wrote to me recently about this scam.
Further, they outlined their plan of action for the email and as it’s absolutely the right thing to do I thought I’d share it here.
“I have reported the spam email to SpamCop (https://www.spamcop.net/) and the Federal Trade Commission (https://www.consumer.ftc.gov/articles/0038-spam). In addition, just in case it was a phishing attempt I reported it to the Anti-Phishing Working Group, Inc. (https://apwg.org/), the United States Computer Emergency Readiness Team (https://www.us-cert.gov/report-phishing), and Action Fraud (https://www.actionfraud.police.uk/report-phishing).”
In short, they have reported this scam email to pretty much every authority available and whilst this may not be effective with just one report, if everyone decided to do this then they would soon stop them sending these.
If you do report them then you may be asked for either the email or the email headers to allow them to trace the senders.
You can get this as follows on Outlook;
- In Outlook, whilst the email is showing in your reader pane, click File>Properties.
- When the Properties box pops up, you will see the message headers in a box at the bottom;
- You can see the ‘Internet Headers’ which is what they will need to identify the sender.
So, if you get one of these emails, report it now!