Malware warning: Your AT&T bill is ready to be viewed

Cybercriminals are pushing fake AT&T e-mails in the hopes you'll think you forgot to pay your bill. This is a scam: the links inside do not point to AT&T but a website that tries to put malware on your computer.

Malware warning: Your AT&T bill is ready to be viewed

Scammers are pushing out malware by trying to trick users into thinking their AT&T bill is ready. Usually with the subject "Your AT&T bill is ready to be viewed" the spam claims you owe the telecom hundreds of dollars, but really you're just at risk of getting your computer infected by the Blackhole exploit kit.

The e-mail is part of a massive phishing campaign. Websense, which first discovered it, has already detected more than 200,000 fake e-mails masquerading as billing information from the giant American communication services provider.

Here's the e-mail's main body:

Your online bill is ready to be viewed

Dear Valued Customer,

A new bill for your AT&T account is ready.

Any payments completed after your bill period expires will not be shown in the bill amount listed directly below. If you made a recent payment, please refer to the current blaance on the Account Overview and the Bill & Payments pages.

Service | Account ending in | Bill Amount | Due Date
Home Phone | {Let:0 | $830.65 | 08/06/2012

Log in to online account management to view your bill and bill notices, maintian your email account or make a payment. If you are not registered for online account management, you must do so to view and print your bill and bill notices at Log in to online account management to view your bill, maintain your email account or make a payment.

[Log in button]

Thank you for choosing AT&T. We value your business and look forward to serving you!

Thank you,
AT&T Online Services

Contact Us
AT&T Support - quick & easy support is available 24/7.

As you can see in the screenshot above, it's actually a decent fake. Two things should throw you off right away, however: the amount you supposedly owe and the fact that the links don't point to where they claim to.

"ThreatScope analysis, part of our CSI service, shows that the malware is part of the Cridex family," a Websense spokesperson said in a statement. "It drops files into the Application Data and Temp folders, and then injects code into other processes running on the computer, for example Internet Explorer and Adobe Reader. After this, it accesses a Bot network where the attacker can instruct the malware to take further actions."

As a general word of caution, never blindly click on links in e-mails. If you need to check or pay an electronic bill, manually go to the company's Web site.

See also: