January 13, 2004
(Computerworld)
AT&T Worldnet Service, AT&T Corp.'s Internet service provider, is warning customers that they may have been targeted by an e-mail scam designed to capture their credit card information.
AT&T spokesman Tom Hopkins said the company learned last Friday that some of its customers had received fraudulent e-mails purporting to be from AT&T Worldnet Service. He said the company then sent e-mails to its customers warning them about the scam.
Hopkins said the e-mails, which contain the subject line "Billing Update Requested (Urgent)" directed customers to a spoofed, or fake, Web site and asked them to supply their credit card information. Hopkins said the sender's e-mail address is either "att.billing@worldnet.att.net," or "billing@worldnet.att.net."
This scam is an example of "phishing," using fraudulent e-mails to trick recipients into clicking through to a Web site that looks like that of a particular company, like AT&T Worldnet, and then duping them into providing their personal information.
Hopkins, who declined to say exactly how many customers had fallen victim to the scam, said AT&T has already taken the bogus Web sites down.
He also said AT&T would never ask for customers' personal data by asking them to click onto a link in an e-mail. Rather, he said, the company would direct customers to AT&T Worldnet's secure member Web site, where they would log in with their user IDs and passwords.
Hopkins added that AT&T is working to protect its customers from similar scams in the future but declined to provide further details, saying scammers could use that information to their advantage.