moonpuppy
join:2000-08-21
Glen Burnie, MD | Where did it come from?
US or foriegn site?
Plus, using real order and CC numbers makes this fish VERY hard to spot.
Very good job on the scammer's part. |
|
brobertsleo
join:2006-03-01
Sterling Heights, MI | I agree, using real order and CC numbers would definently make it hard to spot the fish. I wouldn't be surprised if many people fell into their trap. Good move for the scammers, sad that it had to happen though. |
|
bogey780
join:2004-03-19
Here
| Real pros. They moved fast realizing AT&T would catch it soon. Probably took preventative measures to keep from being traced. We'll probably never catch them.
They really need to make this type of thing a severe felony where you're guaranteed a life of had prison life. |
|
verolom
join:2002-03-23
Eagleville, PA | Oursourcing is great!
It saves money, it streamlines your business allowing you to concentrate on your strenghts, and, oh... |
|
Shamayim
I already have a Messiah.
Premium
join:2002-09-23
1 edit | Encrypt! encrypt! encrypt!
I'll repeat this comment again and again until I'm blue in the face or it happens, whichever comes first....
Legislation needs to be enacted requiring customer info databases to be encrypted. So that when they are stolen they are useless to the thieves. FELONY penalties for any hacked company that failed to encrypt.
--
"tick...tick...tick..."
»www.jtf.org/
|
|
T1 Rocky
join:2002-11-15
Dallas, TX
 ·Time Warner Cable
| reply to moonpuppy
SSL
When we signed up for dsl, they wanted my social security number which I refused to give to the salemans suprise. They took my account anyway and said someone would call back to confirm some security info but never did. I'm glad I didn't give it up now.  |
|
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| reply to moonpuppy
Re: Where did it come from?
said by moonpuppy  :Plus, using real order and CC numbers makes this fish VERY hard to spot. Only if your not looking for the first thing you should be looking for, emails asking for personal information.
--
Early to rise, early to bed;
Makes a man healthy but socially dead. |
|
Derch
Premium
join:2004-10-16
Tulsa, OK
·Cox HSI
 ·AT&T U-Verse
 ·Cricket Broadband
 ·AT&T DSL Service
| Government needs to step in.
I think the government should worry more about security breaches at companies than Net Neutrality. These breaches affect more people and will cost more.
The FCC and or congress needs to start hearings and place CIO's and CTO's on the stand so that they can be held accountable. |
|
djtim21
It's all good
Premium
join:2003-12-22
Buffalo Grove, IL
clubs:
| reply to Shamayim
Re: Encrypt! encrypt! encrypt!
said by Shamayim :I'll repeat this comment again and again until I'm blue in the face or it happens, whichever comes first.... Legislation needs to be enacted requiring customer info databases to be encrypted. So that when they are stolen they are useless to the thieves. FELONY penalties for any hacked company that failed to encrypt. I believe that the intruders had access to the database, they didn't get a "copy" of it. I am just going by the original story from earlier this week. Encryption would have nothing to do with this, since they already got past the front door.
Of course I'm assuming allot here, but this sounds like a keylogger, break and take. The "scammers" just grabbed a bunch of info and put it to work as soon as they started getting info.
This also sounds like they had a plan in place before they grabbed the info. This was a smart robbery, not just your "Ohh...I've got some information who do I sell it to".
--
"All that is necessary for the triumph of evil is that good men do nothing.” - Edmund Burke |
|
pa_grape
Premium
join:2006-07-24
Columbus, OH | reply to bogey780
Re: Where did it come from?
I completely agree! Lets take the scammers out of society for good. If and when they are ever caught, lock them up for good. Otherwise they will just get out and commit another scam. |
|
Quantum
Resistance Is Futile
Premium
join:2004-02-05
Colorado Springs, CO
clubs:
·Qwest.net
| Go back to cold hard cash
Whenever some kind of transaction involves money, there is always all kinds of identification proof that are required, e.g. SS#, CC#, Bank Account #.
These numbers have become so everyday mundane numbers, given to pretty much any company that asks for it, that in my opinion these numbers have lost their importance.
Because these numbers have lost their real importance, some might wonder whether it wouldn't be better for people to revert to paying cash or paper checks for their transactions.
I wouldn't mind one less headache, from everyday life. Having to be careful of my credit, my SS # or what not is quite time consuming, if you ask me.
Its Friday, I'm in a ranting mood.
--
Signature file missing. |
|
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
·Qwest.net
1 edit | reply to brobertsleo
Interesting contrast
Do you notice something. The recent boners pulled by the VA were shouted from the mountain tops as examples of the incompetence of the present administration, The "news" services rolled out the usual talking heads to pontificate on the whichness of why but when a civilian company like AT&T, or one of their out sourced flunkies looses this kind of personal information it is treated as just a news story. Even though in the case of the AT&T story there was an attempt to use the information in a phishing scam.
The stolen VA laptop which carried the Veteran's personal data was all encrypted and once it was recovered the FBI determined none of data was accessed. This doesn't excuse the VA, The worker had permission to work from his home, but had I been that person I would have insisted the VA install a safe in my house to keep this laptop, and any other sensitive information in or I wouldn't have taken the laptop out out the VA office where I worked.
I have worked with Medical records for 30 odd years and anytime I hear of such personal data getting out into the jungle. it really bothers me because the vast majority of us take exquisite care of the data we process.
--
The older I get the more I prefer the company of my dogs over that of man kind. |
|
Michieru2
zzz zzz zzz
Premium
join:2005-01-28
Miami, FL
| ...
Can someone please tell me why are these accounts even accessible online? They should be only accessible from inside the business itself in a offline network. If it was a online store a manual connection to the offline network could be made transferring the accounts for the day and making this ID theft even lower at random hours of the day.
Why is AT&T trusting a vendor for customer information?
Why is AT&T passing customer information with a vendor?
As for these scammers I would love to break there necks if I ever get a hold of one. They do nothing more than cause people misery, and they continue simply out of greed. |
|
owenhome
keeper of the magic blue smoke
Premium
join:2002-07-13
Bentonville, AR
| Liars!
AT&T didn't get hacked in to! They are doing all this themselves to make up for what they won't be able to make off of us with that bogus fee! They know they won't get away with it, just like Verizon, so they had to come up with something else. So they take all of our personal information and use it for phishing attacks. They have to do it that way because if they just used our billing and payment information and flat stole from us, it would be too easily tracked back to them. This way, they can make us all think it's some back-water criminal!
See? Damn thieves!!!
J/K of course. But I wouldn't put it past them.
--
Never argue with a fool, people might not know the difference. |
|
linicx
Caveat Emptor
Premium
join:2002-12-03
United State
·CenturyLink
| Geez!
The best way to dodge the bullet is to NOT reply to any email that asks for personal information. If you think it's legit, call the bank or company you do business with; put a personal password on it. If you think it isn't, hit the delete button.
The people who perpetuate this kind of attacks target corporations with a large database of consumer information. They count on human nature to believe their *trusted* scheme.
--
Mac: No windows, No gates, Apple inside |
|
Jonbo298
join:2004-01-12
Council Bluffs, IA | reply to T1 Rocky
Re: SSL
God forbid a company wants to verify its you signing up for service and not someone using your name to do it. |
|
fiberguy
My views are my own.
Premium
join:2005-05-20
| reply to bogey780
Re: Where did it come from?
Yup... let's bring those Russians to the U.S. and charge them with a felony.
If you look at the histroy of many of these hacks/cracks (hope the P.C. police on both sides are happy) come from other countries... alot of them are in Russia.
--
"Wipe out the national deficit over night... Tax the stupid!" - about 50 gMail invites available. PM if you'd like one. |
|
fiberguy
My views are my own.
Premium
join:2005-05-20
1 edit | reply to Jonbo298
Re: SSL
God forbid that customers understand the law and their rights as in not having to give up their social security number.
Learn of what you speak before you try to slam someone else.
Let me give you a quick lesson/example. It's AGAINST THE LAW for cable, in CA, to even ASK for the SSN.
You have every legal right to withhold your SSN number in, my guess, 95% of the people who ask for it - EVEN LOANS! Your SSN is and always was intended to administer your Social Security Account.. period.. not your phone company, not your cable, gas, electric, car loans, credit cards, and every other yahoo that wants it.
God forbid is right. That's what your state issued ID is for.
--
"Wipe out the national deficit over night... Tax the stupid!" - about 50 gMail invites available. PM if you'd like one. |
|
stufried
Premium
join:2003-10-13
·Verizon BroadbandA..
| The problem is that the SSN is already too compromised to do any good. Until 2001, these numbers were sold in commercial database files. Those files still around on many investigative databases.
State IDs are not standardized. We need to create a public id for people with some sort of rotating verification key (not just a PIN). Here is a simple (but not perfect idea).
When I put a fraud alert on my file, I could not get new credit without them calling me, but that only last 90 days. I am in the process of drafting a request to make it permenant, but this is deliberately made too difficult to get. I would like to put the additional requirement that I have to be called on my mobile phone before credit is granted.
I'd then like that mobile number and mail number in a hardened file that requires something like a letter to be sent to my previous address of record with a code that has to be punched in somewhere before it could be changed.
Our current system is too compromised. We need to invest in something more secure and we need to move it out several generations (rather than in minor increments). |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| An email that says "Do not trust email"
"AT&T tells the chronicle that while they did not mention the phishing aspect of the scam in their press release, individual customers were e-mailed and warned about the scam."
I see some problems with AT&T's solution to notification.
1. How can AT&T be sure a spam filter won't interfere with delivery of their notification?
2. How could AT&T be sure that some of it's customers wouldn't decide that of the 2 emails in question that the AT&T email was the bogus one? Particulary when there were no mention of the threat in the press.
3. Sending email is not the solution to bogus email. |
|
