AT&T Crack Part of a Phishing Operation 96
JohnGrahamCumming writes "According to a story in the San Francisco Chronicle the AT&T store crack was the prelude to a very sophisticated phishing operation. The phishers were aiming to use the information from the store to fool existing customers into divulging SSNs and other personal information." From the article: "'The information that was provided by customers who ordered DSL-related equipment included name, address, e-mail address, phone number, credit card number and credit card expiration,' the memo says, adding that the hacked data didn't include Social Security numbers or birth dates. But the hackers had a scheme to get this extra info. After accessing the customer data, they incorporated it into phishing messages that were promptly sent to AT&T's DSL customers ... Each message included a legitimate order number culled from the AT&T vendor's database to create an illusion of authenticity. Messages also included the recipient's home address and the last four digits of his or her credit card number. "
Affected Customer (Score:5, Informative)
Also, for anyone else, follow in my footsteps: DO NOT GIVE THE PHONE CALLERS ANY PERSONAL INFORMATION. PERIOD. If there is an issue, call your bank number personally on a known verified phone number and have the clerk verify ALL NAMES AND NUMBERS AND REASONS. (I've gotten calls already with people asking for my account information this morning as well from unverified numbers. Its happening).
SSN is needed for credit checking (Score:5, Informative)
The solution is to ban the use of SSN for credit files. Use a number that the consumer controls.
Also, let customers pre-pay monthly. I know how much my monthly cell phone billing is going to be, let me pre-pay and avoid the forced use of credit (which gets reported to the credit agencies).
How did they miss the .org? (Score:4, Informative)
"To update the credit card information details for your order, please select this link," the message instructed, directing people to a "spoof site" with an illegitimate sbcdslstore.org (not
A personal website is one thing -- you might grab the
Well, at least they've learned their lesson and scooped up the other major extensions... as [domaintools.com], of [domaintools.com] yesterday [domaintools.com]. What was that story about a cat, a bag, and a barn door?
Re:Privacy violations rampant (Score:3, Informative)
People respond to this because they are lazy with thier finances, they often don't understand thier student loans, and these people claim to be giving them an awesome deal.
Re:Affected Customer (Score:3, Informative)
If I were you, I would wait a while (for the theif to set up bogus accounts), then check out your credit reports, see if there are fraudulent accounts, and then follow up.
Re:Privacy violations rampant (Score:4, Informative)
Licit is the opposite of illicit. "co" means "between two (or more) parties". "un" is a prefix that denotes a negative (see "United Nations").
Therefore "uncolicitated" must mean "illegal between two parties".
(That whirring noise you hear is Samuel Johnson revving up.)
Re:Something does not compute... (Score:1, Informative)
Several (possible) reasons:
1) Not all Credit Card transactions are settled (ie. the company doesn't take the money) immediatly. That means that at the end of the day, they need to talk to the CC company get the money. That would certainly require your credit card number.
2) In case you decide to cancel your order and want the transaction voided from your credit card.
3) If you later call up and say that someone has been racking up fraudulent charges on your behalf - wouldn't they want to double check with the credit card company later to verify your claim.
There are thousands of bad things that could happen if a company did not keep the most basic records of any monetary transaction.