Phishing for AT&T Email Accounts
++++++++++++++++++++++++++++++++++++++++++
From: AT&T [mailto:serviceonline@att.net]
Sent: Friday, August 01, 2008 12:46 AM
Subject: AT&T - 1 Message
Important Information Regarding Your AT&T - WEB E-Mail
Dear AT&T Client ,This is your official notification that the service(s) listed below will be deactivated and deleted if not renewed immediately. Previous Notifications have been sent to the Billing Contact assigned to this account.
As the Primary Contact, you must renew the service(s) listed below.
SERVICE: AT&T - WEB E-Mail
Expiration: NOV 8st 2008
What you need to do:
It’s easy to renew your Online AT&T informations by click on the link bellow :
webauth.att.net
- Go to Account Login
- Update/Verify Your Information
Thanks
AT&T 2008
++++++++++++++++++++++++++++++++++++++++++
Investigator Notes:
1. The email was sent without a “To” field so that additional recipients could not be identified.
2. The included link, webauth.att.net, points to a website which is obviously not an AT&T website:
hamco.co.kr/milboard/data/login.html.
3. Spelling and grammatical errors
4. It is rare to see a phishing attempt in order to gain access to email accounts but the damage could be severe if the scammer could get a hold of email accounts which could then be used to change login information and initiate password resets for high risk websites (banks, eBay, Pay Pal, etc. etc.).
Tags: at&t, phishing attempt