If you’re one of AT&T’s customers, you might have noticed your inbox is getting blasted with spam messages from sources you haven’t subscribed to. Although the senders present themselves as being from AT&T, clearly, the legitimate company would never send out text messages with the content of this nature. So, what’s going on? Keep on reading as we’re about to shed some light on the issue.
Opening the floodgates to spam
At some point, the issue got so out of hand that people started posting about it on social media. Since the company certainly got the message by now, why does the issue still persist?
To be fair, AT&T has acknowledged it and came out with a response, but it was more along the lines of providing generic advice and cautioning the customers not to interact with the scammers or click on any links they may send you. At the same time, the company also linked to helpful resources on cyber security and how to stay safe online, all while encouraging to report spam of any kind to the nearest company representative.
Looking at what’s underneath the lid, it appears that the fraudsters that are behind it use different phone numbers to proliferate spam, none of which have anything to do with the actual company. On numerous occasions, AT&T has advised their customers to forward such a number to their spam investigation team so they can be alerted about the issue and investigate further.
Based on the content and the origin of the message, they can then determine whether the message in question is indeed fraudulent and alert the appropriate authorities. To prevent any future spam coming from the same source, they are also working with carriers to block the numbers where the spam is coming from. Allegedly, AT&T is also collaborating with hosting providers and domain registrars to bring these fraudulent activities to their attention in an effort to bring down as many web resources controlled by the malicious actors responsible.
Dismantling the fraudulent messages
Those who have decided to take their complaints to social media channels often include a screenshot or a photo of the text message they’ve received, providing cyber security researchers with essential clues to what’s going on and what the fraudsters’ intentions might be.
Unsurprisingly, it turns out there are multiple variations of the same AT&T scam. While some of them are simple “thank you” messages for paying the bill, in others, the scammer may apologize for the recent service quality hiccups. However, all of them share a common denominator – a clickable link that leads to a fraudulent website, which the victims are often lured into clicking by being promised a gift or something similar to make up for the recent issues or as a reward for customer loyalty.
Since it’s believed there are multiple perpetrators behind these spammy messages, the content of the fraudulent web pages can vary as well. However, most appear to be some form of phishing, a tactic designed to steal your sensitive personal data or login credentials and send them straight into the arms of whoever controls the fraudulent form. It can be anything from harvesting your email address all the way to your phone numbers, usernames, and passwords.
Spotting the signs of phishing and staying safe
One thing is for certain: AT&T (and, generally speaking, every legitimate company) will never ask for your login credentials. In case there’s ever an issue with your account, they have the administrative privileges necessary to make the changes themselves without your intervention. On certain occasions, a company may have sustained a breach, in which case it’s industry standard to alert their customers about what happened and prompt them to choose a new password.
Even if this is legitimately the case, clicking on any links you receive via email is not recommended – after all, you never know if whoever emailed you is a legitimate company representative or not. Instead, you should enter the URL directly into your browser’s address bar, thus ensuring that the website you’ll be interacting with to apply whatever changes to your account are legitimate.
Another warning sign that you may be dealing with a phishing attempt is if you get the feeling that someone is pressuring you and trying to instill a sense of urgency. Although legitimate situations may crop up that call for your urgent attention, if you’ve noticed other red flags that might indicate a phishing attempt, you can take this as a warning sign as well.
As a general rule of thumb, you can never be 100% sure that any message in your inbox came from a legitimate sender, so it never hurts to check the “from” field. In case there are any misspellings in it, or you notice the email got sent from a domain you don’t recognize, that’s a telltale sign right there. However, even real email accounts can get compromised, which are then used to distribute fraudulent emails and malware, so vigilance (and not taking things at face value) is key.
Be careful to who you entrust your personal information to
Sometimes, you can be targeted by phishing attempts and spam through no fault of your own. For instance, you may have entered your personal information on a completely legitimate website in the past, which just so happened to have poor security measures in place and consequently got hacked. Your personally identifiable information, although entrusted to a legitimate website or company, is now in the hands of hackers who can sell it to third-party brokers or commit other crimes such as identity theft.
The best way to approach the matter is to stay careful regarding whom you entrust sensitive personal information to and only give it out on a need-to-know basis. In case your PII has already been leaked online, you should remove it from the internet as much as possible. Removing data from data brokers typically involves filling out hundreds of lengthy forms. Therefore, a company like Incogni can be an effective time-saver in your ongoing quest to protect your privacy.
Every time an AT&T spammer gets busted, another comes around to try their luck. Therefore, stopping this kind of spam is easier said than done. Still, you can take the steps necessary to protect your personally identifiable information and learn to recognize the signs of phishing, effectively allowing you to stay safe against any similar scams you might encounter at some point in the future.