PSA: Robo Call Asks AT&T PIN and Social Security Number

Phishing Attacks

I got hit with a phishing attack over the weekend, one that I’ve never encountered or heard of. Here’s what the bad guys are trying to do and what you can do to avoid it.

Phishing Attacks
TMO‘s Dramatic Reenactment of a Phishing Attack

Robo Call Phishes for AT&T PIN and Social Security Number

The call came in from a 1-800 number that didn’t identify itself as being from AT&T. My iPhone is on the AT&T network.

A not-very-good synthesized voice announced my AT&T account had been suspended. The low quality of the synthesized message was my first clue that this was bogus. AT&T has put a lot of effort into making its computers sound close-to-human.

The second clue was the message itself. AT&T would not call me to tell me my account had been suspended. “Call” being the operative word there. But, this phishing attack was fast moving, and I’ve little doubt many people might be taken in.

The robo voice then said something close to, “To reactivate your account, please enter your AT&T PIN number.” It then repeated that sentence every couple of seconds. I imagine the repetition here was purposeful. I was only still on the call to see where it would go, but anyone still on this call because they believed the message might feel great pressure to enter their PIN.

Don’t enter your PIN. No company would ever reach out in this capacity and ask for a PIN, password, or Social Security number. 

Still wanting to see where the call would go, I entered four zeros (which isn’t my PIN, I use 1234…just kidding). I was then asked for the last four digits of my Social Security number. Which, again, no company would ask for in this manner.

I entered 0000 here, too, and was told I would be connected to an agent. That’s when I got excited, because I love messing with humans involved in scams. Alas, my call was “disconnected,” meaning this was the point in the robo call’s programming where it hung up. No human necessary.

Avoiding the Robo Call AT&T Phishing Attack

To avoid this sort of attack, just hang up. Block the number if you need to. I hung on after the first couple of seconds so I could see where it went in case it warranted a PSA.

More importantly, educate your friends and family about such scams, especially if you’re the person they turn to for tech help. The bad guys do this sort of thing because they’re sometimes successful. I’ve had smart people in my life who fell for the “FBI LOCK” on their computer, or the “CALL BECAUSE WE DETECTED MALWARE” scams. “Nigerian princes” trawl email because they sometimes steal money that way.

Share this article and other PSAs like it, and be proactive about helping the people you care about understand these issues. Maybe we can make a tiny dent in this nonsense.

8 thoughts on “PSA: Robo Call Asks AT&T PIN and Social Security Number

  • Bryan:

    Yep. Everybody knows that the Nigerian princes are a scam. That’s why I only give my banking info to rich Nigerian widows.

    Thanks for the PSA. I hadn’t heard of this one before.

    I’ve had the ‘We detected malware’ call at least four or five times over the past decade; apparently an oldie but still goodie. Four were guys with Mumbai accents (helps to know the region), though one was German, claiming to work for MS, and almost invariably remind me about ‘that time’ they helped with a previous computer problem (power of suggestion; don’t ask if they remember, simply plant the memory). That’s when I ask what their records show about my computer’s OS, and once they Windows, and I say ‘Na-ah’, we’re done. They’re polished and professional in presentation, I’ll give them that.

    Fresh scams are aplenty. Since this is a tech site, I won’t regale you with the details of my most recent call in the US from someone claiming to be a US Treasury agent (with a thick Mumbai accent) claiming to have an arrest warrant for my making false statements on my income taxes (I played along for the endgame – ultimately ‘US Attorney Genera’s office’ Assistant AG (with a polished Mumbai accent) informed me that I was to go to Office Depot and buy Google Pay cards to make my payments. And drop them at a ‘secure location’. As one does when one owes back taxes to the IRS).

    Bottom line: as you’ve pointed out, no credible company or agency is going to ask you for you PIN, or other guarded info. Full stop.

  • T-Mobile here but I get quite a number of calls that are labeled (by T-Mobile presumably) as ‘Scam Likely’ instead of a phone number. I should answer one sometime just to see what is being promoted…

  • I too am on AT&T. I have their free Call Protect app installed. It doesn’t catch all such calls, but it flags many of them. You can report calls that get through and that helps build the database.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.