Translate this page to any language by choosing a language in the box below.

AT&T - AT&T payment confirmation Email Scam - A Scammer is Phishing for Your Identity

Phishing and Vishing Identity Theft Scams
The AT&T - AT&T payment confirmation Scam
Scam or Virus Attachment'

You may have received an email like the one below that looks very authentic, like it came from AT&T, or a phone call about the same subject. In this case, the scammers are even more clever; all of the links in the email appear to be real, valid AT&T links, but there is an attachment; which undoubtedly contains a virus or of malware. Norton Antispam flagged the email and moved it to the junk folder. Usually, these emails are an attempt to get you to enter confidential information (typically a social security number, name, address, bank account information, etc., to allow the scammers to steal your identity and open credit cards in your name.

This email was not sent by AT&T; AT&T is a victim as well. This is referred to as spoofing (making a fake email that looks legitimate, "phishing" (when by email) or "vishing" (when by telephone). If you receive an email similar to the one below, and especially if you have no AT&T account, have not made a payment like that, DO NOT click on the link, and do not enter any information on the forms there.

Remember, no reputable business would send you an email or a phone call requesting your personal account information. Any such email you receive asking for this information should be considered phony and brought to the attention of the business being 'phished'.

Anytime you need to go to a website for your bank, credit card companies or other personal, financial or confidential information; do not follow a link in an email; just type their address in your browser directly (such as www.AT&T.com )

Below are actual phishing emails that started circulating in early 2013.

---

----- Forwarded message -----

att.com | Support | Log In AT&T payment confirmation Dear Valued Customer, Thank you for using AT&T online payments. You submitted the following payment(s) for your account. Payment Method Confirmation Payment Date Amount BankDraft 4K3HJHJN12JSMPO 03/18/2013 $1697.07 For more information about payment please see the attachment. Thank you, AT&T Online Services www.att.com/smallbusiness size=1 width="100%" noshade style='color:#D2D2D2' align=center> Contact Us AT&T Support - quick & easy support is available 24/7. Online Info View our Special Offers to check out our best promotions.   Questions? Questions or comments? Do not reply to this email, as it is automatically generated. Please contact us or Ask a Question using our online self-help tool. Repair| Auto Pay| Paperless Billing| Move Your Service PLEASE DO NOT REPLY TO THIS MESSAGE All replies are automatically deleted. For questions regarding this message, refer to the contact information listed above. 2012. AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. Subsidiaries and affiliates of AT&T Inc. provide products and services under the AT&T brand. Privacy Policy ZPAY_50WZXL

---

What is Phishing?

Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.

Learn More About Phishing

The following documents and websites can help you learn more about phishing and how to protect yourself against phishing attacks.

• Avoiding Social Engineering and Phishing Attacks
• Protecting Your Privacy
• Understanding Web Site Certificates
• Anti-Phishing Working Group (APWG)
• Federal Trade Commission, Identity Theft
• Recognizing and Avoiding Email Scams

Methods of Reporting Phishing Email to US-CERT

• In Outlook Express, you can create a new message and drag and drop the phishing email into the new message. Address the message to phishing-report@us-cert.gov  and send it.
• In Outlook Express you can also open the email message^* and select File > Properties > Details. The email headers will appear. You can copy these as you normally copy text and include it in a new message tophishing-report@us-cert.gov .
• If you cannot forward the email message, at a minimum, please send the URL of the phishing website.

* If the suspicious mail in question includes a file attachment, it is safer to simply highlight the message and forward it. Some configurations, especially in Windows environments, may allow the execution of arbitrary code upon opening and viewing a malicious email message.

For more information about phishing, see this page.

 

---

 

For a comprehensive list of national and international agencies to report scams, see this page.