Fake Email or “Phishing”
Sending fake emails is one of the most common scams, so it’s important to know what to look for.
What is "Phishing"?
Scammers use fake emails, also called phishing, brand spoofing or carding, to “fish” for information.
These fake messages can look real, but link to fake websites. The website may look like a trusted, well-known company, too, but it’s all a trick to get your information – such as Social Security number or bank and credit card account numbers.
A more aggressive fake email may invade your computer with malicious software (malware) or a virus as soon as you open the email.
What to Look For
Check these warning signs when you are not sure of an email:
- Urgency: Phishing emails often need an immediate response or action.
- Your name/email is not in the “to” field: Scammers send out thousands of phishing emails, hoping someone will bite.
- Asks for sensitive or banking information: A real bank would never ask for your Social Security number, bank account information or your PIN in an email.
- Uses a public internet account: If the email is from a public account, such as Yahoo or Gmail, but claims to be from your bank or other business, do not trust the email.
- Is not a secure site: The website will be missing the lock symbol at the bottom of the screen and will not include an “s” after “http” in the web address.
- Incorrect URL: Check to make sure the site address is accurate. Crooks may create a fake website with a slight misspelling in the business name to catch you.
- Poor spelling and grammar: Cybercriminals often don’t catch spelling errors in an email.
- All caps: Scammers often use capital letters to get your attention.
- Displays low resolution images: Scammers usually build fake sites quickly using forged company logos, signatures and styles, and this shows in the lower quality of the sites.
- Includes small pieces of your personal information: Some personal information may be included. This is typically general information the scammers got from another source.
How to Help Protect Yourself
- Use common sense. Read emails carefully, checking to make sure you know the sender.
- Only open emails from a sender you know and trust. This goes for attachments and links, too.
- Go directly to a company’s published website if asked to fill out information. Do not use a link provided in an email.
- Double check the message: Look for false “from” and “subject” lines, spelling errors and grammar mistakes.
- Ensure that a website is secure by checking to see whether there is an “s” after the http in the address (https://) and a lock icon at the bottom of the screen – both are indicators that the site is secure. Never enter payment information on a site that isn't secure.
- Be vigilant. Monitor your bank and credit card statements for any suspicious charges or transfers.
If you wonder whether an email is legitimate, contact the company named in the email by using a phone number or email you found through a trusted source. Most companies do not ask customers for information through email.
If you do come across what looks to be a phishing attempt related to your AT&T account, help yourself and others by contacting the Fraud Department @ 800-337-5373. You can also forward an email to the Anti Phishing Working Group or report it to the FTC.
Then, delete the email immediately and do not open any attachments. AT&T Internet Services makes every effort to block fraudulent messages from reaching our customers, and we will continue working diligently to ensure that your experience with us is both safe and enjoyable.
For tips on how to protect businesses from phishing, visit the Cybersecurity for Business page.
If you have a general comment or question, not related to AT&T or your AT&T account, please share it here.
A Growing Concern
Phishing is an increasingly popular scam, growing in incidence more than 10% from 2015 to 2016, according to the Anti-Phishing Working Group, a coalition of government and industry organizations.
Reminder for AT&T Customers
We remind consumers and businesses to be aware of phishing and advise them to use caution if they receive any email requesting personal and/or credit card account information. AT&T does not send email requests to customers asking for personal account or credit card information.
If you receive an email message that appears to come from AT&T and asks you to provide your email ID, password, Social Security number or other personal information, do not reply to it. Simply delete the email or forward it to firstname.lastname@example.org.
Social Media Phishing Techniques
We have become an increasingly connected society, with many options for “social” interaction. While some of this interaction is for personal use, people are increasingly using social channels to promote ideas or services, network and job hunt. Do you ever stop and wonder if your “social” life is secure?
Hear from our AT&T data security analysts as they discuss methods that attackers use to target people on job-hunting social media sites.