Stolen AT&T Credit-Card Info Used To Launch Phishing Scam

from the be-sure-and-thank-them dept

Fri, Sep 1st 2006 2:03pm — Carlo Longino

It's not at all surprising any longer to hear about companies leaking data, or losing it to hackers, so the other day's news that 19,000 customers' credit-card information had been stolen from AT&T wasn't particularly interesting. However, some more information has come to light, showing this wasn't a run-of-the-mill credit-card theft. David Lazarus in the SF Chronicle discovered that the hackers didn't immediately go and try to max out the credit cards, they used the stolen info as the basis for an elaborate phishing attack in an attempt to gather more information -- such as Social Security numbers and dates of birth -- from their victims. A lot of credit-card theft remains a relatively low-level crime, where thieves will just try to buy stuff as long as they can. But these hackers eschewed those short-term gains, instead trying to get enough information to commit more serious identity theft, something that could have much longer-lasting and detrimental effects. The used the stolen information to make the email they sent to victims look much more credible than the average "DEAR SIR, Pleease be updating in your PayPal akount informations" message. Given people's growing suspicion of emails, even legitimate ones, it's an interesting tactic, and one that could become more common.

13 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

PhishingPhounder, 1 Sep 2006 @ 2:18pm

About time
that people started to understand the credit fraud game...
[ link to this | view in chronology ]
Anonymous Coward, 1 Sep 2006 @ 4:16pm

pHlounder...
[ link to this | view in chronology ]
Anonymous Coward, 1 Sep 2006 @ 4:17pm

pHLounder...
You're a fake.
I don't believe anything you write, because I don't believe you are really you. :-P
[ link to this | view in chronology ]
Anonymous Coward, 1 Sep 2006 @ 4:20pm

pHLounder...
You're a fake.
I don't believe anything you write, because I don't believe you are really you. :-P
[ link to this | view in chronology ]
Anonymous Hero, 1 Sep 2006 @ 4:48pm

Heh @ 2,3, abd 4
and here I thought the stutter was limited to audible communication.
[ link to this | view in chronology ]
Anonymous Coward, 1 Sep 2006 @ 6:41pm

Re: Heh @ 2,3, abd 4
rrooffll
[ link to this | view in chronology ]
Honest Abe, 2 Sep 2006 @ 4:01pm

Perfect! Now to really protect yourself just leave your name, SS#, DL#, Mother's maiden name, and Bank acct#'s. I'll take real good care of you. ^^
[ link to this | view in chronology ]
Anonymous (not)Coward, 2 Sep 2006 @ 8:02pm

woah woah woah woah

"DEAR SIR, Pleease be updating in your PayPal akount informations"

doesnt any one else realize that there a million typos in 1 sentence. i probably already have a million to, but would u give info to a company that spells words wrong??
[ link to this | view in chronology ]
- Anonymous Coward, 3 Sep 2006 @ 7:26pm
  
  Re:
  wow u dont get wut he meant when he said that do you?
  [ link to this | view in chronology ]
- Paul`, 4 Sep 2006 @ 2:54am
  
  Re:
  ... Are you serious? He was saying that that is the usual crap these scammers spout, and that adding a credit card number makes an email allot more credible.
  [ link to this | view in chronology ]
Andrew Strasser, 3 Sep 2006 @ 4:06am

This is new?
I mean we've had forgers for a very very very long time.
[ link to this | view in chronology ]
Anonymous Coward, 16 Sep 2006 @ 5:44pm

Re
duh
[ link to this | view in chronology ]
Crooked, 14 Jul 2008 @ 7:24pm

AT&T
AT&T is in on the scam. Follow the money. Even if you do
not have a credit card (if you do cancel it) with them; call and say there has been a mistake in your account and they have sent you a bill for a purchase you did not make.
First thing they will ask you for, even after giving them
an account number(make one up); is your social security number.
[ link to this | view in chronology ]