Stolen AT&T Credit-Card Info Used To Launch Phishing Scam

from the be-sure-and-thank-them dept

It's not at all surprising any longer to hear about companies leaking data, or losing it to hackers, so the other day's news that 19,000 customers' credit-card information had been stolen from AT&T wasn't particularly interesting. However, some more information has come to light, showing this wasn't a run-of-the-mill credit-card theft. David Lazarus in the SF Chronicle discovered that the hackers didn't immediately go and try to max out the credit cards, they used the stolen info as the basis for an elaborate phishing attack in an attempt to gather more information -- such as Social Security numbers and dates of birth -- from their victims. A lot of credit-card theft remains a relatively low-level crime, where thieves will just try to buy stuff as long as they can. But these hackers eschewed those short-term gains, instead trying to get enough information to commit more serious identity theft, something that could have much longer-lasting and detrimental effects. The used the stolen information to make the email they sent to victims look much more credible than the average "DEAR SIR, Pleease be updating in your PayPal akount informations" message. Given people's growing suspicion of emails, even legitimate ones, it's an interesting tactic, and one that could become more common.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    PhishingPhounder, 1 Sep 2006 @ 2:18pm

    About time

    that people started to understand the credit fraud game...

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 1 Sep 2006 @ 4:16pm

    pHlounder...

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 1 Sep 2006 @ 4:17pm

    pHLounder...

    You're a fake.
    I don't believe anything you write, because I don't believe you are really you. :-P

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 1 Sep 2006 @ 4:20pm

    pHLounder...

    You're a fake.
    I don't believe anything you write, because I don't believe you are really you. :-P

    link to this | view in thread ]

  5. identicon
    Anonymous Hero, 1 Sep 2006 @ 4:48pm

    Heh @ 2,3, abd 4

    and here I thought the stutter was limited to audible communication.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 1 Sep 2006 @ 6:41pm

    Re: Heh @ 2,3, abd 4

    rrooffll

    link to this | view in thread ]

  7. identicon
    Honest Abe, 2 Sep 2006 @ 4:01pm

    Perfect! Now to really protect yourself just leave your name, SS#, DL#, Mother's maiden name, and Bank acct#'s. I'll take real good care of you. ^^

    link to this | view in thread ]

  8. identicon
    Anonymous (not)Coward, 2 Sep 2006 @ 8:02pm

    woah woah woah woah

    "DEAR SIR, Pleease be updating in your PayPal akount informations"

    doesnt any one else realize that there a million typos in 1 sentence. i probably already have a million to, but would u give info to a company that spells words wrong??

    link to this | view in thread ]

  9. identicon
    Andrew Strasser, 3 Sep 2006 @ 4:06am

    This is new?

    I mean we've had forgers for a very very very long time.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 3 Sep 2006 @ 7:26pm

    Re:

    wow u dont get wut he meant when he said that do you?

    link to this | view in thread ]

  11. identicon
    Paul`, 4 Sep 2006 @ 2:54am

    Re:

    ... Are you serious? He was saying that that is the usual crap these scammers spout, and that adding a credit card number makes an email allot more credible.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 16 Sep 2006 @ 5:44pm

    Re

    duh

    link to this | view in thread ]

  13. identicon
    Crooked, 14 Jul 2008 @ 7:24pm

    AT&T

    AT&T is in on the scam. Follow the money. Even if you do
    not have a credit card (if you do cancel it) with them; call and say there has been a mistake in your account and they have sent you a bill for a purchase you did not make.
    First thing they will ask you for, even after giving them
    an account number(make one up); is your social security number.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.