AT&T Yahoo users should be on the alert for fake email messages that warn customers they will no longer be able to log in to their email and AT&T billing accounts.
Many people skip right over the sender’s addy and scan the subject line. In this case, the fraudulent title is “Email Verification.”
One slip the con artists made was mentioning that the communication was “Prior to AT&T / Yahoo! Agreement” rather than “In regards to” or “In re” or simply “re:”
Then, the fake email dangles the bait in front of the unwary consumer:
“Starting From the 17th, of June 2019, att.net customers will no longer be able to log in to their email and AT&T billing accounts through email addresses with the following domains: att.net, ameritech.net, bellsouth.net, flash.net,nvbell.net, pacbell.net, prodigy.net,sbcglobal.net, snet.net, swbell.net, and wans.net.”
To avoid this denial of access, customers were directed to verify their email addresses “to confirm if they have been allocated a different domain or not” – with a link to “AT&T Online to Verify your new platform.”
The fake email was signed generically as from AT&T Online Service with an attempt at a copyright notice (that features an intriguing “!, Inc.” as part of the mark). Also of interest was the closing line, “powered by Microsoft Excel.” MS Excel is spreadsheet software used for accounting and has nothing to do with driving customer notification emails.
The link in the phishing email message connects to a fake or phishing Yahoo website that tries to sucker the potential victims by convincing them to enter their usernames and passwords on it. A home-grown computer program copies the userid/pw combos and delivers them to a data dump file, also crafted by the cybercriminals behind the email scam.
The hackers will use other people’s login credentials to try to commit other online crimes.
You can prevent this sort of hack attack by resisting the urge to follow the fake link. Here’s a simple rule to remember when dealing with action-demanding messages that involve your email and website accounts:
DO NOT CLICK ON THE LINKS IN THE FAKE EMAIL MESSAGES!
Instead, log into your online account independently to check for legitimate customer service messages from your service providers.
If you are tricked by one of these phishing scams, follow the link, and offer up your login credentials, run, don’t walk, and change your password immediately – before your Yahoo account is hijacked.
In general, phishing is “a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.”
Since the early days of the internet in the 1990s, online hacking intruders posed as some trusted entity such as a real (or plausibly real) person or a company the mark might conduct business with.
Computer coders are famous for their wicked senses of humor. The term “phish” (pronounced “fish”) means what it sounds like and conjures up the image of an angler throwing a baited hook and line (the phishing email) into the vastness of cyberspace (an innocent user’s email inbox), waiting for a big one to strike.
AOL users were the first class of users targeted by cyberthugs who succeeded in collecting massive amounts of account access information from clueless users. Almost one-third of all data breaches reported in the 2019 Verizon Data Breach Investigations Report involved phishing attacks.
According to AT&T, any of the following tell-tale signs can signal a fraudulent email that needs to be reported and deleted:
- Makes unusual claims about your bill – Unusual alerts that a bill is ready, your account needs to be verified, or that a payment needs to be confirmed.
- Requests personal information or account information.
- Claims a high total balance is due.
- Doesn’t include account number – Legitimate AT&T bill notices typically list your account number or several digits of the account number.
- Links to non-AT&T websites – Hover over the links in the email to see the true destination. The pattern of a malicious site is typically: https://[non-att.com domain]/[random text]/[random text.html]. The links lead to a malware payload website, which changes frequently to circumvent blocking. The links have no affiliation with AT&T and they are compromised websites.
- Includes attachments – Legitimate AT&T bills typically do not include attachments. Fraudulent attachments are in .zip format and many have names beginning with ATT_Payment.
Protect your cyber self by installing virus-detection and security software on all your internet-capable devices. Change online account passwords regularly (30-90 days).
Don’t be fooled by criminal phishers!