A good dose of skepticism may be just the thing when a bad guy is trying to trick you into sharing information in order to steal money or items. This slide show can help you better understand the “Man in the Middle” scam. This is where bad guys fool you into giving them an authorization code that’s been sent to you from a company. Then they use the code to fool the company, pretending they are you.

HTML Editor Component
*Contents may not have visible height


In the “Man in the Middle” scam, the bad guy literally puts himself between you and a company where you have an account. In that middle position, he can convince the company he is you – and convince you he is the company.

To begin the scam, the bad guy already has your account information, including the phone number associated it. He logs into your account and then wants to steal from you or the company by making changes, ordering items or moving money. When he submits the request, the company may text an authorization code – or one-time PIN – to your phone. But you don’t know it’s coming.

The bad guy calls your phone number and pretends to be the company. He may offer you a prize or describe an issue related to your account, such as a shut-down of service or purchase of items. He says to resolve the issue, he needs the code you just received. That code is the authorization code you didn’t know about. Do not share the code.

If you give him the authorization code, he has what he needs to complete the transaction.

A bad guy may also use this technique if he doesn’t have your password. If he has your user name and phone number, he can simply click “forgot password.” He then calls you and uses the same trick to get you to share the new authorization the company sent you. Once he has it, he has access to your account.

Here’s how you can better protect yourself from the “Man in the Middle” scam.

  • Be skeptical. Don’t believe them and don’t engage in a conversation.
  • Hang up. Hang up the call. It’s not rude, it’s smart. Then call the customer service number on your bill to see if the prize or issue is true.
  • Do not share information with people you do not know. Someone calling you like this is not someone you know, no matter how convincing they sound. Do not share PINs, passcodes or passwords even if they appear to be calling you from the company number. That’s called spoofing, and you can learn more about that on this Cyber Aware blog.
  • Protect devices: Protect your information at the very beginning. Keep your device anti-virus and malware protection software current and updated. This will help prevent bad guys from getting any personal information in the first place.
  • Use multiple authentication: Turn “on” any additional security measures on accounts, including security passcodes and authentication methods. Added measures such as these increase protection and help you control access to your accounts
  • Change your account information. The bad guy probably already had access to your account. Go in right away and update your password and security settings. Contact the company to ask about additional security measures or monitoring for your account.

If you believe a caller is trying to scam you, hang up. If you suspect you are a target of fraud on your AT&T mobile phone account, you can report it to our Fraud team here. If you suspect fraud on another account, call the customer service number on your bill for help.

These steps will help you identify “Man in the Middle” scams and better protect your personal information.