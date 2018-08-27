I got hit with a phishing attack over the weekend, one that I’ve never encountered or heard of. Here’s what the bad guys are trying to do and what you can do to avoid it.

Robo Call Phishes for AT&T PIN and Social Security Number

The call came in from a 1-800 number that didn’t identify itself as being from AT&T. My iPhone is on the AT&T network.

A not-very-good synthesized voice announced my AT&T account had been suspended. The low quality of the synthesized message was my first clue that this was bogus. AT&T has put a lot of effort into making its computers sound close-to-human.

The second clue was the message itself. AT&T would not call me to tell me my account had been suspended. “Call” being the operative word there. But, this phishing attack was fast moving, and I’ve little doubt many people might be taken in.

The robo voice then said something close to, “To reactivate your account, please enter your AT&T PIN number.” It then repeated that sentence every couple of seconds. I imagine the repetition here was purposeful. I was only still on the call to see where it would go, but anyone still on this call because they believed the message might feel great pressure to enter their PIN.

Don’t enter your PIN. No company would ever reach out in this capacity and ask for a PIN, password, or Social Security number.

Still wanting to see where the call would go, I entered four zeros (which isn’t my PIN, I use 1234…just kidding). I was then asked for the last four digits of my Social Security number. Which, again, no company would ask for in this manner.

I entered 0000 here, too, and was told I would be connected to an agent. That’s when I got excited, because I love messing with humans involved in scams. Alas, my call was “disconnected,” meaning this was the point in the robo call’s programming where it hung up. No human necessary.

Avoiding the Robo Call AT&T Phishing Attack

To avoid this sort of attack, just hang up. Block the number if you need to. I hung on after the first couple of seconds so I could see where it went in case it warranted a PSA.

More importantly, educate your friends and family about such scams, especially if you’re the person they turn to for tech help. The bad guys do this sort of thing because they’re sometimes successful. I’ve had smart people in my life who fell for the “FBI LOCK” on their computer, or the “CALL BECAUSE WE DETECTED MALWARE” scams. “Nigerian princes” trawl email because they sometimes steal money that way.

Share this article and other PSAs like it, and be proactive about helping the people you care about understand these issues. Maybe we can make a tiny dent in this nonsense.