From AOL to Verizon: phishing attacks rise but scam victims are down
A recent warning about an email phishing campaign went out to Verizon subscribers. Originating from a cybersecurity firm that sells protection solutions, it detailed a par for the course phishing attack where clicking on a link in an email could lead to compromised Verizon account data and SIM swap or port-out scams.
With the rise of two-factor authentication, carriers nowadays have to deal with a growing number of such scams, ranging from good ol' phishing with an email or app link, through smishing by SMS, or vishing by voice mail, with no communication avenue left unturned by hackers.
The victims of phishing scam, however, are falling in number as carriers try to keep abreast of malicious actors.
Phishing for personal data goes back to AOL times
Remember when access to the Internet was synonymous with little CD packages marked with the AOL logo? You shouldn't, as that was so many moons ago, yet one of the first phishing attacks happened in those wild AOL times.
Junk AOL mail gave millions access to Internet and phishing scams
Instead of trying hard to explain what the Internet is with clumsy ads like the one below, the company sent more than a billion CDs with free Internet access and software trials, placing them in people's mail and even in boxes of cereal in one of the greatest junk mail examples of all time.
The strategy worked, however, notching a phenomenal 10% response rate and was the first effort that got Mom and Pop online in mass numbers. Unfortunately, with the first access to the Internet came the first scam efforts as well.
In the years when the Internet commercial above blasted on TV, hackers presented themselves as AOL employees on the company's infamous AOL Instant Messenger or email services, and stole a number of account logins.
It took a few years for them to start mimicking official Internet addresses of companies and their websites in 2003, trying to steal information and gain account access. Thus, the type of phishing scam against Verizon subs in Fortra's alert is now more than two decades old, and carriers have not been standing still.
Verizon, AT&T, or T-Mobile phishing scams are a cat and mouse game
Despite the rising number of phishing attacks and their increased sophistication aimed at bypassing filters, the number of their victims is actually dropping.
The same goes for carrier scams, despite the highly publicized cases of data breaches and phishing warnings from cybersecurity companies. Verizon, AT&T, or T-Mobile subscribers just seem more educated on the matter than before and are harder to fool.
Questions about suspicious activity are one of the most common postings in carrier threads on Reddit, for instance, and the crowdsourced wisdom quickly comes to the rescue of the potential phishing attack victim.
In fact, people are so jaded by the constant warnings about the danger of phishing or SIM swaps and port-outs that they look with suspicion at any carrier message, even legitimate ones:
A part of it is because carriers have done a good job educating their subscribers about the nature of phishing attacks, how to recognize them, and what to do once they suspect they have been targeted.
What to do about a phishing scam on T-Mobile, Verizon, or AT&T
Verizon and the other major US carriers have dedicated phishing attack education tools that make recognizing and fighting scams relatively easy. They also run a report program for any subscriber who suspects they might be a victim of phishing attacks.
While the rules on what to do in a regular email phishing are clear - don't click on any suspicious link that doesn't lead to the official Verizon, T-Mobile or AT&T sites - Verizon has put together examples how to recognize a smishing (SMS phishing) or vishing spam and delete it. The usual suspicious sources and unsolicited sender rules apply, along with bad grammar and shady links:
- Marked as urgent.
- Vishing attacks might say that they’ve identified fraud on your credit card or that you’re in trouble with the IRS.
- Unprompted calls from customer service asking for personal data.
- Web or email addresses mimicking official ones.
- Unsolicited email attachments.
- Generic greetings, bad grammar, and weird phrases.
As per what to do if one has already clicked on the link in the email or tapped on the text message to go to unauthorized login pages, Verizon advises the following steps:
- Ignore the login request and shut down the browser.
- Don't key in passwords or personal information until and alert IT if available.
- Change passwords and other login info for the affected service.
- Monitor your financials or credit report for unauthorized transactions.
- Update to the latest OS and security software version and do a scan.
In addition, all carriers have cybersecurity services and report numbers to turn to in case of a suspicion or account breach.
How to report phishing scams to Verizon
- Forward suspicious mails to phishing@verizon.com, adding your name, account number, and phone number.
- Forward suspicious messages to S-P-A-M (7726).
- Contact Verizon’s Mobile Secure at *611 if subscribed.
Reporting phishing scams to T-Mobile
- Forward phishing email to fmsupport@t-mobile.com.
- Forward suspicious texts to 7726 (S-P-A-M on the keypad) as is.
- Use Scam Shield app to report phishing attempts.
Reporting phishing scams to AT&T
- Forward suspicious emails claiming to be from AT&T to abuse@att.net, others to reportphishing@antiphishing.org or the FTC.
- Forward suspicious texts to 7726 (SPAM).
As usual, after you’ve reported the email, text message, or voicemail you suspect to be a phishing attempt, delete them and don’t click on links or open anything from them.
Things that are NOT allowed: