dslreports logo
 story category
AT&T Hack Part of Larger ID Theft Scam
19,000 accounts 'immediately' used in phishing attempt

The San Francisco Chronicle's David Lazarus has more on the AT&T hacking incident reported earlier this week. AT&T's press release on the issue didn't tell the whole story, he says, noting that internal documents obtained by the Chronicle "show that the security breach was only the first step in a more elaborate scam that involved bogus e-mail being sent to AT&T customers that attempted to trick them into revealing additional info that could be used for widespread fraud or identity theft."

The memo obtained by the Chronicle also notes that it wasn't AT&T's systems that were hacked, but "an AT&T vendor that operates an order processing computer" for the online DSL store. Once the info for those 19,000 users was obtained, it was "immediately" put to use in the scam, the paper states.
"The messages, ostensibly from "SBCdslstore.com," told recipients that "we recently tried to charge your credit card for your SBCdslstore.com order and it was rejected by the bank because it has no complete information. Each message included a legitimate order number culled from the AT&T vendor's database to create an illusion of authenticity. Messages also included the recipient's home address and the last four digits of his or her credit card number."
AT&T tells the chronicle that while they did not mention the phishing aspect of the scam in their press release, individual customers were e-mailed and warned about the scam.

Most recommended from 26 comments



linicx
Caveat Emptor
Premium Member
join:2002-12-03
United State

2 recommendations

linicx

Premium Member

Geez!

The best way to dodge the bullet is to NOT reply to any email that asks for personal information. If you think it's legit, call the bank or company you do business with; put a personal password on it. If you think it isn't, hit the delete button.

The people who perpetuate this kind of attacks target corporations with a large database of consumer information. They count on human nature to believe their *trusted* scheme.