It wasn’t enough for hackers who hit AT&T’s DSL equipment sales Web site to simply make off with some customer information; they’ve been using those stolen names, e-mail addresses, and credit card numbers to launch especially convincing phishing attacks against those victims. The phishing site set up by the hackers incorporates this stolen customer data in an effort to convince AT&T customers to divulge additional sensitive information, including Social Security numbers. AT&T has already alerted 19,000 customers of the potential phishing attack. The phishing scam was setup like this: Attackers sent AT&T customers e-mails advising them that their recent credit card transaction at the SBC DSL store was rejected because of incomplete information on their account. Customers were then directed to the bogus Sbcdslstore.org URL  (the actual URL is sbcdslstore.com) to update their account information, including birth date and Social Security number. AT&T states explicitly on its AT&T Yahoo help page that the company does not request credit card, Social Security number, or other sensitive personal information through e-mail. The phishing scam adds insult to injury for AT&T customers, particularly because the stolen data used to personalize the phish made the e-mail seem fairly convincing. All users are to distrust and beware of any emails from any companies asking for personal data.

Related Posts

This entry was posted on Saturday, September 2nd, 2006 at 8:02 am and is filed under Email Phishing.