Stolen AT&T Credit-Card Info Used To Launch Phishing Scam

from the be-sure-and-thank-them dept

It's not at all surprising any longer to hear about companies leaking data, or losing it to hackers, so the other day's news that 19,000 customers' credit-card information had been stolen from AT&T wasn't particularly interesting. However, some more information has come to light, showing this wasn't a run-of-the-mill credit-card theft. David Lazarus in the SF Chronicle discovered that the hackers didn't immediately go and try to max out the credit cards, they used the stolen info as the basis for an elaborate phishing attack in an attempt to gather more information -- such as Social Security numbers and dates of birth -- from their victims. A lot of credit-card theft remains a relatively low-level crime, where thieves will just try to buy stuff as long as they can. But these hackers eschewed those short-term gains, instead trying to get enough information to commit more serious identity theft, something that could have much longer-lasting and detrimental effects. The used the stolen information to make the email they sent to victims look much more credible than the average "DEAR SIR, Pleease be updating in your PayPal akount informations" message. Given people's growing suspicion of emails, even legitimate ones, it's an interesting tactic, and one that could become more common.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    PhishingPhounder, Sep 1st, 2006 @ 2:18pm

    About time

    that people started to understand the credit fraud game...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 1st, 2006 @ 4:16pm

    pHlounder...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 1st, 2006 @ 4:17pm

    pHLounder...

    You're a fake.
    I don't believe anything you write, because I don't believe you are really you. :-P

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 1st, 2006 @ 4:20pm

    pHLounder...

    You're a fake.
    I don't believe anything you write, because I don't believe you are really you. :-P

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Hero, Sep 1st, 2006 @ 4:48pm

    Heh @ 2,3, abd 4

    and here I thought the stutter was limited to audible communication.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 1st, 2006 @ 6:41pm

    Re: Heh @ 2,3, abd 4

    rrooffll

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Honest Abe, Sep 2nd, 2006 @ 4:01pm

    Perfect! Now to really protect yourself just leave your name, SS#, DL#, Mother's maiden name, and Bank acct#'s. I'll take real good care of you. ^^

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous (not)Coward, Sep 2nd, 2006 @ 8:02pm

    woah woah woah woah

    "DEAR SIR, Pleease be updating in your PayPal akount informations"

    doesnt any one else realize that there a million typos in 1 sentence. i probably already have a million to, but would u give info to a company that spells words wrong??

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Andrew Strasser, Sep 3rd, 2006 @ 4:06am

    This is new?

    I mean we've had forgers for a very very very long time.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Sep 16th, 2006 @ 5:44pm

    Re

    duh

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Crooked, Jul 14th, 2008 @ 7:24pm

    AT&T

    AT&T is in on the scam. Follow the money. Even if you do
    not have a credit card (if you do cancel it) with them; call and say there has been a mistake in your account and they have sent you a bill for a purchase you did not make.
    First thing they will ask you for, even after giving them
    an account number(make one up); is your social security number.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This