Malware warning: Your AT&T bill is ready to be viewed

Malware warning: Your AT&T bill is ready to be viewed

Summary: Cybercriminals are pushing fake AT&T e-mails in the hopes you'll think you forgot to pay your bill. This is a scam: the links inside do not point to AT&T but a website that tries to put malware on your computer.

SHARE:
Malware warning: Your AT&T bill is ready to be viewed

Scammers are pushing out malware by trying to trick users into thinking their AT&T bill is ready. Usually with the subject "Your AT&T bill is ready to be viewed" the spam claims you owe the telecom hundreds of dollars, but really you're just at risk of getting your computer infected by the Blackhole exploit kit.

The e-mail is part of a massive phishing campaign. Websense, which first discovered it, has already detected more than 200,000 fake e-mails masquerading as billing information from the giant American communication services provider.

Here's the e-mail's main body:

Your online bill is ready to be viewed

Dear Valued Customer,

A new bill for your AT&T account is ready.

Any payments completed after your bill period expires will not be shown in the bill amount listed directly below. If you made a recent payment, please refer to the current blaance on the Account Overview and the Bill & Payments pages.

Service | Account ending in | Bill Amount | Due Date
Home Phone | {Let:0 | $830.65 | 08/06/2012

Log in to online account management to view your bill and bill notices, maintian your email account or make a payment. If you are not registered for online account management, you must do so to view and print your bill and bill notices at www.att.com/managemyaccount. Log in to online account management to view your bill, maintain your email account or make a payment.

[Log in button]

Thank you for choosing AT&T. We value your business and look forward to serving you!

Thank you,
AT&T Online Services
www.att.com

Contact Us
AT&T Support - quick & easy support is available 24/7.

As you can see in the screenshot above, it's actually a decent fake. Two things should throw you off right away, however: the amount you supposedly owe and the fact that the links don't point to where they claim to.

"ThreatScope analysis, part of our CSI service, shows that the malware is part of the Cridex family," a Websense spokesperson said in a statement. "It drops files into the Application Data and Temp folders, and then injects code into other processes running on the computer, for example Internet Explorer and Adobe Reader. After this, it accesses a Bot network where the attacker can instruct the malware to take further actions."

As a general word of caution, never blindly click on links in e-mails. If you need to check or pay an electronic bill, manually go to the company's Web site.

See also:

Topics: Security, Malware, Telcos, Tech Industry

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Sprint and Verizon, too

    I have seen Sprint and Verizon bill phishing as well. Journalist? No. Blogger, maybe. Where is the follow through before publishing?
    Teran
  • att fake

    good looking out
    preferred user