Published: May 01, 2024 on our newsletter Security Fraud News & Alerts Newsletter.
AT&T customers heed this warning! At the very least, listen up if you were an AT&T customer way back in 2021, or prior to it. You see, that’s when a threat actor going by the name of ShinyHunters posted to an online forum (RaidForums) that they had acquired sensitive information on 71 million AT&T customers. They declared they were posting it up for sale at a whopping $1 million. That information not only included phone numbers, but also social security numbers and birthdates that were supposedly encrypted, but then decrypted and also included in the sale.
What can someone do with all of the information (which also included names and addresses)? As you may guess, it can all be used for text phishing; otherwise known as smishing.
A quick review of smishing…it’s when someone sends a text or SMS message, typically with a link included, that aims to gather more sensitive data from you. Often, the link may take you to a form that asks for payment information. A common smashing attack going around now claims to be from the U.S. Postal Service stating a package could not be delivered and they need payment information in order to do so. Don’t fall for it. Government agencies will not contact you in that way.Â
Additional phishing may come in the form of phone calls or email, so watch out for those too. Don’t click on links or attachments unless you can verify that they are legitimate. If they claim something is wrong or needs to be confirmed in your account, log in to your account directly to make sure. No need to click anything in the incoming message.
Another scam to be on the lookout for with the AT&T data that is out there is SIM Swapping. This is when someone contacts the cellular carrier and convinces them to switch your phone number to them. It happens. With all the data that was accessed in this attack, it’s not so far-fetched to believe it. If they succeed, they can get access to your one-time login codes that get sent via text for your accounts. If you get any message that your number has been moved and it wasn’t moved by you, call your carrier immediately. This applies no matter what cellular provider you use.
As for this particular case, AT&T denies, to this day, that the data belonged to them and there was no evidence they suffered from a data breach. However, all evidence does point to this or one of their third-party providers, so if you were their customer, you’ve been warned.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com
Comments