Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/21/2011
01:46 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AT&T Offers Tips On How To Stay Safe From 'Phishing' And 'SMiShing' Scams

Among the tips: Be wary of any email requesting personal and/or financial information

DALLAS, Dec. 21, 2011 /PRNewswire/ -- With the holiday season upon us, more companies are sending customers information about great deals for last-minute shopping. Unfortunately, among those exciting offers comes the threat of illegitimate emails and text messages that try to take advantage of trusting shoppers. In an effort to equip consumers with the tools they need to stay safe, AT&T* offers these tips to stay in-the-know about these scams.

"Phishing" and "SMiShing"

"Phishing" scams, also known as "brand spoofing" or "carding," are tricks Internet scammers use to "fish" for consumers' financial information and password data using fake company emails and websites. The scammers send emails that appear to be from well-known companies, containing links to web pages disguised to look nearly identical to legitimate companies' sites.

These scams can travel beyond your computer. "SMiShing" is a term used to describe phishing carried out via text message. SMiShing uses cell phone text messages to bait you to divulge personal information. You might receive a text that asks you to call an unfamiliar phone number, go to a URL to enter your personal information, or download software to your phone. If you access the URL in the text message or download any software to your device, you may be installing a virus on either your PC or your wireless device.

Tips to Stay Safe Online and On-The-Go

How to Identify Scams:

-- Be wary of any email requesting personal and/or financial information. AT&T does not send email requests to customers asking for personal account or credit card information. Most other reputable organizations do not either. -- If you receive an email message that appears to come from AT&T and asks you to provide your email ID, email password, social security number, or other personal information, do not reply to it and do not provide your account information or password. Simply delete the email or forward it to [email protected] -- If you receive a text message that asks you to call a number you don't recognize or go to a web site to enter personal information, do not select the link embedded in the message. Simply delete the text message. -- To report spam received on your phone, text us the actual spam message to short code 7726 (SPAM) to start an investigation.** -- For other organizations, call before responding to any email that asks for personal information. They should be able to verify with you on the phone whether the email is legitimately from their organization. Tips to Protect Yourself:

-- Be aware that email headers can be forged easily, so the posing sender may not be the real sender. -- In your browser's address bar, make sure that the website's address begins with "HTTPS," and that a lock icon appears. You can click the icon to view security information and certificate details. -- Realize that Internet scammers can create realistic forgeries of websites, so avoid clicking on links in an unsolicited email message. Go directly to the company's website and fill out information there or call the company to verify that they are seeking information from you. Report Fraudulent Emails:

-- Contact the company named in the email to confirm whether it sent the request. Most companies do not ask customers to confirm personal information by sending an email. -- Forward the suspicious email to the Federal Trade Commission at [email protected] -- You can also report the problem to law enforcement agencies through NCL's Fraud Center, www.fraud.org. AT&T offers additional tips and tools on www.att.com/safety. More information is also available through the Federal Trade Commission, Anti-Phishing Working Group, the U.S. Department of Justice, Consumer Action and Consumer Affairs websites.

Quotes

"With more and more communication taking place electronically, it can be difficult to determine what's authentic and what's not," said Charlene Lake, chief sustainability officer and senior vice president of AT&T Public Affairs. "As a technology leader, it's our priority to stay ahead of these dangerous trends and arm consumers with the very latest safety information to ensure their information is protected."

*AT&T products and services are provided or offered by subsidiaries and affiliates of AT&T Inc. under the AT&T brand and not by AT&T Inc.

** Standard data and message rates may apply.

About AT&T

AT&T Inc. (NYSE: T) is a premier communications holding company and one of the most honored companies in the world. Its subsidiaries and affiliates - AT&T operating companies - are the providers of AT&T services in the United States and around the world. With a powerful array of network resources that includes the nation's fastest mobile broadband network, AT&T is a leading provider of wireless, Wi-Fi, high speed Internet, voice and cloud-based services. A leader in mobile broadband and emerging 4G capabilities, AT&T also offers the best wireless coverage worldwide of any U.S. carrier, offering the most wireless phones that work in the most countries. It also offers advanced TV services under the AT&T U-verse' and AT&T |DIRECTV brands. The company's suite of IP-based business communications services is one of the most advanced in the world. In domestic markets, AT&T Advertising Solutions and AT&T Interactive are known for their leadership in local search and advertising.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20203
PUBLISHED: 2021-02-25
An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS s...
CVE-2021-3406
PUBLISHED: 2021-02-25
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
CVE-2021-20327
PUBLISHED: 2021-02-25
A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node....
CVE-2021-20328
PUBLISHED: 2021-02-25
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in inte...
CVE-2020-27543
PUBLISHED: 2021-02-25
The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception.