Back in April we saw that fake AT&T notifications were doing the rounds, informing recipients that they could view their bills online by following a link. The same type of spam email has recently been sent out to over 200,000 internauts, Websense reports.
While this particular version has pretty much the same title as the one sent out in April, there are some differences between the two as far as the contents are concerned.
“Any payment complaint after your bill period expires will not be shown in the bill amount listed directly bellow. If you have made any recent payment, please refer to the current balance of the Account Overview and the Bill & Payments pages,” reads the newer email entitled Your online bill is ready to be viewed
“Log in to online account management to view your bill and bill notices, maintain your email account or make a payment. If you are not registered for online account management, you must do so to view and print your full bill and bill notices at [apparently an att.com link],” it continues.
Similar to the old one, it attempts to lure victims to a malicious website that hosts the Blackhole exploit kit.
AT&T customers are advised to be on the lookout for such emails. They look legitimate, but the links they carry hide all sorts of websites designed to serve malware.
So, how can we tell apart fake notifications from real ones?
For one, the fakes always address the recipient with “Dear Customer” or “Dear Valued Customer,” instead of the user’s name.
Secondly, the phony emails are usually filled with mistakes. Scam artists are trying to improve their game, but there are few spam messages that don’t contain at least one spelling mistake.
Finally, the links from genuine messages always point to the official website and not some address that simply contains the valid URL, such as “att-com.domain.com.”