Your AT&T wireless bill is ready to view

A lot of spam and Phishing campaigns rely upon tricking the recipient into thinking they’ve received a billing error, from an otherwise legitimate source.  The latest of these claim to be from ATT Wireless, and arrive with realistic sending addresses and subject lines, such as:

Subject:     Your AT&T wireless bill is ready to view

From:     “AT&T Customer Care” <>

In reality, the sending addresses are spoofed, and these are instead sent by previously infected computers and hijacked servers, but that fact is not readily apparent to the typical email user.

What makes these types of emails so convincing is that the spammers are doing a much better job than they used to in terms of making these faked billing emails appear legitimate, such as this example we’ve seen a lot of lately:

Your ATT Bill Is Ready To View

Your ATT Bill Is Ready To View

From the perspective of the spammer, the key to success with these emails is generating a reaction from the recipient.

Since many, or even most ATT customers, will simply skim read their bills and then delete the email, the spammer needs to bait the message in a way that will generate immediate action from the reader.

The most common method to achieve this with such fake billing emails is to greatly exaggerate the amount due. For instance the email above states:

Your monthly wireless bill for your account is now available online.
Total Balance Due: $1728.94

Since a great many wireless users have either experienced billing errors in the past, or heard about others who have, this is a very effective technique for tricking the reader into immediately logging into their account, presumably in order to straighten out the billing problem.

And that is exactly the action the spammer/hacker is hoping to elicit, because the links provided in this email do not take the visitor to a legitimate ATT Wireless site. Instead, all hyper-links contained in the spoofed bill lead to a fake login site under the control of the cyber criminals behind these campaigns.

Logging into the spammers site will then pass your valid ATT Wireless account login to the spammers who can then take control of your account.

As a matter of self-protection, if you ever receive a billing notice for an unexpected and unusually large amount:

  • First consider whether the notice is on time based on your usual billing date. Spammers have no way of knowing your particular billing cycle, so most often these bogus notices will arrive at the wrong time of the month.
  • Next, look to see if the email includes enough account specific information to be valid. In the example above, the email references an random “account number” relying on the fact that most users don’t actually know their account number on sight. By contrast, most legitimate bills are going to also include your name and/or username, and in the case of wireless companies, the phone number associated with the account as well.

Even if you are relatively sure a notice is valid, rather than following links provided within the email itself, which are easily faked and obfuscated, it’s always much safer to visit your account by typing the vendor’s website address into your browser manually, or by following a link you’ve previously saved to your “bookmarks” or “favorites” list with your browser itself.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , , ,

Comments are closed.