AT&T Wireless is being brandjacked by spammers in a new phishing campaign. The
messages are made to look like billing notifications from the cellular provider, and tell the recipient they have a balance due of $1000 or more. They also include a link for them to click to view and pay their bill. They are obviously hoping to reach enough people who get curious or angry enough to click it.
“If people are AT&T Wireless customers, they would be pretty outraged. We can imagine that a lot of people click on the malicious links.” Avi Turiel, director of product marketing with Commtouch, told Infosecurity. “They look very authentic, but when you mouse over the links, every one of those leads to compromised websites.”
The links lead to compromised websites. Once the recipient lands on one, it immediately attempts to download malware using exploits in Adobe Flash Adobe Reader, and if successful, the malware connects to a remote server and download even more malware.
AT&T’s just one of the many companies that get brandjacked by spammers every year. Among the most popular targets are Paypal, UPS, the United States Postal Service, and just about any bank you can think of. Online banking logins are in high demand by phishers. Sometimes they use the info they steal to clean out bank accounts, but often they sell it to other cybercriminals. There are entire websites and forums that are dedicated to nothing but the buying and selling of stolen passwords, credit card numbers, bank account numbers, and other personal info. Sometimes these sites also connect spammers with botnet herders looking to rent out a piece of their zombie network to them for rock bottom prices.
AT&T Wireless customers who get one of these fake notices should ignore them. To check your balance, call them, or open your browser and go to the website directly. Don’t click on any of the links in the message.