|
Cellular forums Home > Archive > Cingular cell phone service > September 2006 > Priscilla...They're Phishing !! Re: Verizon wired lines shrinking, over 1 Million Cancel
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Priscilla...They're Phishing !! Re: Verizon wired lines shrinking, over 1 Million Cancel
|
|
| jgrove24@hotmail.com 2006-09-28, 10:33 pm |
|
jgrove24@hotmail.com wrote:
> RM v2.0 wrote:
>
> Looks like that reputation took a hit:
>
> "Hackers have obtained the credit card details of almost 19,000 online
> shoppers from telecoms giant AT&T. The US company said it had notified
> shoppers at its online store of the security breach, which affected
> people buying high-speed DSL internet items. Security was breached at
> the weekend, the company said, and online stores were quickly shut down
> in response.
> ....
> "We recognise that there is an active market for illegally obtained
> personal information," said Priscilla Hill-Ardoin, the company's chief
> privacy officer"
>
> SBC's first blunder was appointing someone named Priscilla as CPO...JG
Phishing expedition at heart of AT&T hacking:
When AT&T said in a press release this week that "unauthorized persons
illegally hacked into a computer system and accessed personal data"
from thousands of DSL customers, it wasn't telling the whole story.
Internal company documents show that the security breach was only the
first step in a more elaborate scam that involved bogus e-mail being
sent to AT&T customers that attempted to trick them into revealing
additional info that could be used for widespread fraud or identity
theft.
"We haven't seen anything like this before," acknowledged Walt Sharp,
an AT&T spokesman.
......
The company said for public consumption that hackers had "accessed
personal data, including credit card information, from several thousand
customers who purchased DSL equipment through the company's online Web
store."
It said the electronic break-in occurred last weekend and that AT&T
technicians discovered the security breach "within hours." The company
said its online DSL store was immediately shut down.
It also said AT&T quickly notified major credit card companies and is
"working with law enforcement to investigate the incident and pursue
the perpetrators."
What AT&T didn't say in its press release is that the stolen info for
an unknown portion of about 19,000 customers was immediately put to use
as part of an unusually deceptive phishing scam.
Phishing is an online con job in which a message is purportedly sent
from a legitimate company -- PayPal, eBay and banks are common ruses.
The message typically requests that the recipient click on a link and
provide sensitive info as part of routine account maintenance or to
process a transaction.
In reality, the message is a hoax, intended to fool unwary Internet
users into handing over credit card numbers, Social Security numbers
and other keys to the identity-theft kingdom.
An urgent memo was sent to AT&T insiders Tuesday around the same time
the company's press release was issued. It's a good deal more
forthcoming about the incident.
The memo (a copy of which has made its way to my hands) says the
security breach occurred Saturday not within AT&T's own system but at
"an AT&T vendor that operates an order processing computer" for the
online DSL store.
"The information that was provided by customers who ordered DSL-related
equipment included name, address, e-mail address, phone number, credit
card number and credit card expiration," the memo says, adding that the
hacked data didn't include Social Security numbers or birth dates.
But the hackers had a scheme to get this extra info. After accessing
the customer data, they incorporated it into phishing messages that
were promptly sent to AT&T's DSL customers.
The messages, ostensibly from "SBCdslstore.com," told recipients that
"we recently tried to charge your credit card for your SBCdslstore.com
order and it was rejected by the bank because it has no complete
information."
Each message included a legitimate order number culled from the AT&T
vendor's database to create an illusion of authenticity. Messages also
included the recipient's home address and the last four digits of his
or her credit card number.
"To update the credit card information details for your order, please
select this link," the message instructed, directing people to a "spoof
site" with an illegitimate sbcdslstore.org (not .com) Web address.
Once at the official-looking spoof site, message recipients were
instructed to provide confidential data that the hackers hadn't found
in the AT&T vendor's database, including Social Security numbers and
birth dates.
AT&T's press release this week made no mention of the phishing aspect
of the scam. But the company's internal memo warns employees to be on
the lookout for phony e-mail.
"Impacted customers may receive an e-mail that appears to be from AT&T
but is actually from the unauthorized person requesting additional
personal information such as Social Security number, driver's license
number, date of birth or other credit card information," it says.
AT&T's Sharp said individual customers were warned of the phishing
threat in e-mail this week from AT&T.
"We don't know how many people received the phishing e-mails," he said.
"We indicated (to customers) that there was an apparent phishing
expedition going on that was linked to this incident and was not from
AT&T."
Sharp said the company's press release omitted this aspect of the
situation because "the focus was to let people know they need to get
ahold of their credit card companies and that we're prepared to offer
free credit monitoring."
He declined to comment on whether the security breach originated
domestically or overseas (many such hack attacks have been traced to
Eastern Europe). He also declined to comment on which law enforcement
agencies are involved.
Sharp said there are no leads in the case at this time.
| |
| Steven J. Sobol 2006-09-28, 10:33 pm |
| In article <1159477059.223107.270990@d34g2000cwd.googlegroups.com>, jgrove24@hotmail.com wrote:
>
> jgrove24@hotmail.com wrote:
>
> Phishing expedition at heart of AT&T hacking:
>
> When AT&T said in a press release this week that "unauthorized persons
> illegally hacked into a computer system and accessed personal data"
> from thousands of DSL customers, it wasn't telling the whole story.
So what the hell does this have to do with Verizon? Or Sprint? Wait, it
has nothing to do even with Cingular. Apparently, JG, you haven't figured
out that DSL isn't wireless phone service. Can you even spell DSL?
Yes, the AT&T situation was horrible. So what - doesn't make a damned
difference on a bunch of cellphone newsgroups.
Go post in comp.dcom.xdsl where this is actually on-topic, idiot.
--
Steve Sobol, Professional Geek ** Java/VB/VC/PHP/Perl ** Linux/*BSD/Windows
Apple Valley, California PGP:0xE3AE35ED
It's all fun and games until someone starts a bonfire in the living room.
|
|
|
|
|