“There’s a problem with the way AT&T sends out customer alerts via text message: They’re too easy to mimic,” Jose Pagliery reports for CNN.
“With little effort, a scammer could send you alerts that look just like the real thing. Click on a link and the hacker will grab your login credentials — or fool you into giving up your credit card too,” Pagliery reports. “It’s yet another phishing scheme. But instead of email, hackers can target you with texts.”
“The problem stems from AT&T not making its real alerts look legitimate enough, said Dani Grant, the computer programmer who noticed the flaw. ‘If the official texts look like phishing, it’s impossible for the customer to distinguish between what’s phishing and what’s not,’ she said,” Pagliery reports. “”
Read more in the full article here.
[Thanks to MacDailyNews Reader “Lynn Weiler” for the heads up.]
It’s simple, don’t click on links in SMS texts.
What’s official about text anyway? The same complaint could be said about other mobile carriers, so why point out AT&T only?
because Sprint paid them to?
there is no journalism in the traditional, dictionary sense…there are only payments. CiaNN, the harlot queen of newspeak.
That’s why you don’t pay your bill by clicking on a link you get with email or text. I have AT&T bookmarked. Or you just type in ATT.com
There’s an app for that.
Mine is on auto-pay. I continue to get alerts with monthly bill, but I can ignore them, unless the amount looks wrong.
Hey, Dani, your statement is ridiculous.
I am not sure how you would make an “official text” look like a “phishing text.” But phishing texts are always going to mimic the “official” texts. That is what they do…along with a link to take you to a fake login page to capture your information.
An official, legitimate text should not lead directly to a login page. If companies learn to avoid that and people learn not to click on such links…who am I kidding?
yourself, as usual.
I told AT&T to never text me for anything. They would often do it while I was driving (hypocrites) and it was distracting. Shockingly they have actually respected my wishes. So, If I get a fake AT&T text I will just ignore it. I wouldn’t be stupid enough to follow a link from an unknown sender anyway.