Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/21/2011
01:46 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

AT&T Offers Tips On How To Stay Safe From 'Phishing' And 'SMiShing' Scams

Among the tips: Be wary of any email requesting personal and/or financial information

DALLAS, Dec. 21, 2011 /PRNewswire/ -- With the holiday season upon us, more companies are sending customers information about great deals for last-minute shopping. Unfortunately, among those exciting offers comes the threat of illegitimate emails and text messages that try to take advantage of trusting shoppers. In an effort to equip consumers with the tools they need to stay safe, AT&T* offers these tips to stay in-the-know about these scams.

"Phishing" and "SMiShing"

"Phishing" scams, also known as "brand spoofing" or "carding," are tricks Internet scammers use to "fish" for consumers' financial information and password data using fake company emails and websites. The scammers send emails that appear to be from well-known companies, containing links to web pages disguised to look nearly identical to legitimate companies' sites.

These scams can travel beyond your computer. "SMiShing" is a term used to describe phishing carried out via text message. SMiShing uses cell phone text messages to bait you to divulge personal information. You might receive a text that asks you to call an unfamiliar phone number, go to a URL to enter your personal information, or download software to your phone. If you access the URL in the text message or download any software to your device, you may be installing a virus on either your PC or your wireless device.

Tips to Stay Safe Online and On-The-Go

How to Identify Scams:

-- Be wary of any email requesting personal and/or financial information. AT&T does not send email requests to customers asking for personal account or credit card information. Most other reputable organizations do not either. -- If you receive an email message that appears to come from AT&T and asks you to provide your email ID, email password, social security number, or other personal information, do not reply to it and do not provide your account information or password. Simply delete the email or forward it to [email protected] -- If you receive a text message that asks you to call a number you don't recognize or go to a web site to enter personal information, do not select the link embedded in the message. Simply delete the text message. -- To report spam received on your phone, text us the actual spam message to short code 7726 (SPAM) to start an investigation.** -- For other organizations, call before responding to any email that asks for personal information. They should be able to verify with you on the phone whether the email is legitimately from their organization. Tips to Protect Yourself:

-- Be aware that email headers can be forged easily, so the posing sender may not be the real sender. -- In your browser's address bar, make sure that the website's address begins with "HTTPS," and that a lock icon appears. You can click the icon to view security information and certificate details. -- Realize that Internet scammers can create realistic forgeries of websites, so avoid clicking on links in an unsolicited email message. Go directly to the company's website and fill out information there or call the company to verify that they are seeking information from you. Report Fraudulent Emails:

-- Contact the company named in the email to confirm whether it sent the request. Most companies do not ask customers to confirm personal information by sending an email. -- Forward the suspicious email to the Federal Trade Commission at [email protected] -- You can also report the problem to law enforcement agencies through NCL's Fraud Center, www.fraud.org. AT&T offers additional tips and tools on www.att.com/safety. More information is also available through the Federal Trade Commission, Anti-Phishing Working Group, the U.S. Department of Justice, Consumer Action and Consumer Affairs websites.

Quotes

"With more and more communication taking place electronically, it can be difficult to determine what's authentic and what's not," said Charlene Lake, chief sustainability officer and senior vice president of AT&T Public Affairs. "As a technology leader, it's our priority to stay ahead of these dangerous trends and arm consumers with the very latest safety information to ensure their information is protected."

*AT&T products and services are provided or offered by subsidiaries and affiliates of AT&T Inc. under the AT&T brand and not by AT&T Inc.

** Standard data and message rates may apply.

About AT&T

AT&T Inc. (NYSE: T) is a premier communications holding company and one of the most honored companies in the world. Its subsidiaries and affiliates - AT&T operating companies - are the providers of AT&T services in the United States and around the world. With a powerful array of network resources that includes the nation's fastest mobile broadband network, AT&T is a leading provider of wireless, Wi-Fi, high speed Internet, voice and cloud-based services. A leader in mobile broadband and emerging 4G capabilities, AT&T also offers the best wireless coverage worldwide of any U.S. carrier, offering the most wireless phones that work in the most countries. It also offers advanced TV services under the AT&T U-verse' and AT&T |DIRECTV brands. The company's suite of IP-based business communications services is one of the most advanced in the world. In domestic markets, AT&T Advertising Solutions and AT&T Interactive are known for their leadership in local search and advertising.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21510
PUBLISHED: 2021-03-08
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
CVE-2020-27575
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
CVE-2020-27576
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
CVE-2020-27838
PUBLISHED: 2021-03-08
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulner...
CVE-2021-21503
PUBLISHED: 2021-03-08
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.