AT&T Crack Part of a Phishing Operation

JohnGrahamCumming writes "According to a story in the San Francisco Chronicle the AT&T store crack was the prelude to a very sophisticated phishing operation. The phishers were aiming to use the information from the store to fool existing customers into divulging SSNs and other personal information." From the article: "'The information that was provided by customers who ordered DSL-related equipment included name, address, e-mail address, phone number, credit card number and credit card expiration,' the memo says, adding that the hacked data didn't include Social Security numbers or birth dates. But the hackers had a scheme to get this extra info. After accessing the customer data, they incorporated it into phishing messages that were promptly sent to AT&T's DSL customers ... Each message included a legitimate order number culled from the AT&T vendor's database to create an illusion of authenticity. Messages also included the recipient's home address and the last four digits of his or her credit card number. "

Yep.

[Renraku]

I saw a comment either on Fark or Slashdot about a someone that placed an order with AT&T to order a friend the power supply for their modem or router or whatever it was.

A few days later they received an email asking for their SSN and other personal information that they shouldn't have been asking for. Of course they didn't fall prey to it, but it contained the order number and order details of the order they had placed! Its the ultimate phishing scam. They can now be virtually indistinguishable from the AT&T people. All it takes is a few people to screw up.