AT&T Hack Part of Larger ID Theft Scam
19,000 accounts 'immediately' used in phishing attempt
The San Francisco Chronicle's David Lazarus has more
on the AT&T hacking incident reported earlier this week
. AT&T's press release on the issue didn't tell the whole story, he says, noting that internal documents obtained by the Chronicle "show that the security breach was only the first step in a more elaborate scam that involved bogus e-mail being sent to AT&T customers that attempted to trick them into revealing additional info that could be used for widespread fraud or identity theft."
The memo obtained by the Chronicle also notes that it wasn't AT&T's systems that were hacked, but "an AT&T vendor that operates an order processing computer"
for the online DSL store. Once the info for those 19,000 users was obtained, it was "immediately"
put to use in the scam, the paper states.
"The messages, ostensibly from "SBCdslstore.com," told recipients that "we recently tried to charge your credit card for your SBCdslstore.com order and it was rejected by the bank because it has no complete information. Each message included a legitimate order number culled from the AT&T vendor's database to create an illusion of authenticity. Messages also included the recipient's home address and the last four digits of his or her credit card number."
AT&T tells the chronicle that while they did not mention the phishing aspect of the scam in their press release, individual customers were e-mailed and warned about the scam.
| |fiberguyMy views are my own.Premium
Re: SSL God forbid that customers understand the law and their rights as in not having to give up their social security number.
Learn of what you speak before you try to slam someone else.
Let me give you a quick lesson/example. It's AGAINST THE LAW for cable, in CA, to even ASK for the SSN.
You have every legal right to withhold your SSN number in, my guess, 95% of the people who ask for it - EVEN LOANS! Your SSN is and always was intended to administer your Social Security Account.. period.. not your phone company, not your cable, gas, electric, car loans, credit cards, and every other yahoo that wants it.
God forbid is right. That's what your state issued ID is for.
"Wipe out the national deficit over night... Tax the stupid!" - about 50 gMail invites available. PM if you'd like one.
said by fiberguy:We already have a national ID system......it's called a Passport.
If anyone wants a point AGAINST a nation ID, look at the blown-out SSN fiasco we are faced with today and how THAT number was abused.
said by fiberguy:While the passport is mostly used for travel outside the country, it is more than that. When you fill out an I-9 form, it is better than an ID card (driver's license) and SS card or birth certificate.
If we "already had a national ID system" then there would be no debate in congress on needing a "national ID card" now would there?
Do you have any idea how many people in the U.S. actually HAVE a passport? You know, that document that lets you travel outside the country?
BTW, over 10 million were issued in 2005. Passports are good for 10 years (5 if you are under 18.)
EDIT: and Congress is debating this because they need something to crow about, another pork project and a vote to keep their jobs for the next election.
said by fiberguy:Look at an I-9 form. A passport does the job of a driver's license and birth certificate when determining eligibility to work in this country. Just because you have a driver's license, doesn't mean you can work in this country.
A passport is better than a driver's license, SS or birth cirt? No they aren't. Who told you that garbage? PLESAE tell me where on the form is says "passport desired"... all forms of ID are just as acceptable as the next.
said by fiberguy:Because this country puts so much stake in the state ID's, most people, including you, don't see a need for a passport. Beginning 1/1/2008, you need a passport to go to Mexico or Canada (right next door.)
10 million? What's the total population of the country? now figure out the percentage.
said by fiberguy:I can show it to a police officer and he has all the information he needs to run a check on me. My Maryland license doesn't even have my SS# on it. All he needs is my name and date of birth and he can find my DL number if he needs it.
No.. a passport is not a nation ID card. And SOME members of congress want debate because they want more control over the people of the states.
The ONLY 2 things a driver's license does over a passport (within the country) is allow you to drive and establish an address. The latter is not even that reliable in many cases.
A system is already in place, time to use it.
| |Combat ChuckToo Many CannibalsPremium
Re: Where did it come from?
said by moonpuppy:Only if your not looking for the first thing you should be looking for, emails asking for personal information.
Plus, using real order and CC numbers makes this fish VERY hard to spot.
Early to rise, early to bed;
Makes a man healthy but socially dead.
| |ShamayimI already have a Messiah.Premium
Encrypt! encrypt! encrypt! I'll repeat this comment again and again until I'm blue in the face or it happens, whichever comes first....
Legislation needs to be enacted requiring customer info databases to be encrypted. So that when they are stolen they are useless to the thieves. FELONY penalties for any hacked company that failed to encrypt.
| |djtim21It's all goodPremium
Lake Villa, IL
Re: Encrypt! encrypt! encrypt!
said by Shamayim:I believe that the intruders had access to the database, they didn't get a "copy" of it. I am just going by the original story from earlier this week. Encryption would have nothing to do with this, since they already got past the front door.
I'll repeat this comment again and again until I'm blue in the face or it happens, whichever comes first....
Legislation needs to be enacted requiring
customer info databases to be encrypted
. So that when they are stolen they are useless to the thieves. FELONY penalties for any hacked company that failed to encrypt.
Of course I'm assuming allot here, but this sounds like a keylogger, break and take. The "scammers" just grabbed a bunch of info and put it to work as soon as they started getting info.
This also sounds like they had a plan in place before they grabbed the info. This was a smart robbery, not just your "Ohh...I've got some information who do I sell it to".
"All that is necessary for the triumph of evil is that good men do nothing. - Edmund Burke
| |dbaResistance Is FutilePremium
Colorado Springs, CO
Go back to cold hard cash Whenever some kind of transaction involves money, there is always all kinds of identification proof that are required, e.g. SS#, CC#, Bank Account #.
These numbers have become so everyday mundane numbers, given to pretty much any company that asks for it, that in my opinion these numbers have lost their importance.
Because these numbers have lost their real importance, some might wonder whether it wouldn't be better for people to revert to paying cash or paper checks for their transactions.
I wouldn't mind one less headache, from everyday life. Having to be careful of my credit, my SS # or what not is quite time consuming, if you ask me.
Its Friday, I'm in a ranting mood.
Signature file missing.
| |linicxCaveat EmptorPremiumReviews:
Geez! The best way to dodge the bullet is to NOT reply to any email that asks for personal information. If you think it's legit, call the bank or company you do business with; put a personal password on it. If you think it isn't, hit the delete button.
The people who perpetuate this kind of attacks target corporations with a large database of consumer information. They count on human nature to believe their *trusted* scheme.
Mac: No windows, No gates, Apple inside