PSA: Robo Call Asks AT&T PIN and Social Security Number

2 minute read
| Tips

I got hit with a phishing attack over the weekend, one that I’ve never encountered or heard of. Here’s what the bad guys are trying to do and what you can do to avoid it.

Phishing Attacks

TMO‘s Dramatic Reenactment of a Phishing Attack

Robo Call Phishes for AT&T PIN and Social Security Number

The call came in from a 1-800 number that didn’t identify itself as being from AT&T. My iPhone is on the AT&T network.

A not-very-good synthesized voice announced my AT&T account had been suspended. The low quality of the synthesized message was my first clue that this was bogus. AT&T has put a lot of effort into making its computers sound close-to-human.

The second clue was the message itself. AT&T would not call me to tell me my account had been suspended. “Call” being the operative word there. But, this phishing attack was fast moving, and I’ve little doubt many people might be taken in.

The robo voice then said something close to, “To reactivate your account, please enter your AT&T PIN number.” It then repeated that sentence every couple of seconds. I imagine the repetition here was purposeful. I was only still on the call to see where it would go, but anyone still on this call because they believed the message might feel great pressure to enter their PIN.

Don’t enter your PIN. No company would ever reach out in this capacity and ask for a PIN, password, or Social Security number. 

Still wanting to see where the call would go, I entered four zeros (which isn’t my PIN, I use 1234…just kidding). I was then asked for the last four digits of my Social Security number. Which, again, no company would ask for in this manner.

I entered 0000 here, too, and was told I would be connected to an agent. That’s when I got excited, because I love messing with humans involved in scams. Alas, my call was “disconnected,” meaning this was the point in the robo call’s programming where it hung up. No human necessary.

Avoiding the Robo Call AT&T Phishing Attack

To avoid this sort of attack, just hang up. Block the number if you need to. I hung on after the first couple of seconds so I could see where it went in case it warranted a PSA.

More importantly, educate your friends and family about such scams, especially if you’re the person they turn to for tech help. The bad guys do this sort of thing because they’re sometimes successful. I’ve had smart people in my life who fell for the “FBI LOCK” on their computer, or the “CALL BECAUSE WE DETECTED MALWARE” scams. “Nigerian princes” trawl email because they sometimes steal money that way.

Share this article and other PSAs like it, and be proactive about helping the people you care about understand these issues. Maybe we can make a tiny dent in this nonsense.

8
Leave a Reply

Please Login to comment
4 Comment threads
4 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
5 Comment authors
Bryan Chaffinwab95BlackCorvidLee Dronick Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
wab95
Member
wab95

Bryan: Yep. Everybody knows that the Nigerian princes are a scam. That’s why I only give my banking info to rich Nigerian widows. Thanks for the PSA. I hadn’t heard of this one before. I’ve had the ‘We detected malware’ call at least four or five times over the past decade; apparently an oldie but still goodie. Four were guys with Mumbai accents (helps to know the region), though one was German, claiming to work for MS, and almost invariably remind me about ‘that time’ they helped with a previous computer problem (power of suggestion; don’t ask if they remember,… Read more »

BlackCorvid
Member
BlackCorvid

T-Mobile here but I get quite a number of calls that are labeled (by T-Mobile presumably) as ‘Scam Likely’ instead of a phone number. I should answer one sometime just to see what is being promoted…

Member
Richard Hyde

Next time enter a plausible PIN and SSC. Even a novice programmer would know your entries were bogus and dump the call. However,thanks for the wRning! 😀

Lee Dronick
Member
Lee Dronick

I too am on AT&T. I have their free Call Protect app installed. It doesn’t catch all such calls, but it flags many of them. You can report calls that get through and that helps build the database.