Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 137 - August 2012 (2nd Edition) - Page 16

Fake AT&T Bill Emails Point To Malware

Issue 137 Start Menu

Previous Article            Next Article

Email purporting to be from phone service provider AT&T claims that the recipient's bill is ready for viewing. The recipient is urged to click a Login button to access the bill online.

Brief Analysis
The email is not from AT&T and it is not a genuine bill notification. Links in the message open a compromised website that automatically redirects users to other websites that harbour malware in the form of the Blackhole exploit kit.

Bookmark and Share
Detailed analysis and references below example.

Scroll down to submit comments
Last updated: August 7, 2012
First published: August 7, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Subject: Your AT&T Bill is ready to be viewed

Your online bill is ready to be viewed

Dear Valued Customer,

A new bill for your AT&T account is ready.

Any payments completed after your bill period expires will not be shown in the bill amount listed directly below. If you have made a recent payment, please refer to the current balance on the Account Overview and the Bill & Payments pages.

Service | Account ending in | Bill Amount | Due Date
Home Phone | {Let:0 | $830.65 | 08/06/2012

Log in to online account management to view your bill and bill notices, maintain your email account or make a payment. If you are not registered for online account management, you must do so to view and print your bill and bill notices at Log in to online account management to view your bill, maintain your email account or make a payment.

[Link Removed]

Thank you for choosing AT&T. We value your business and look forward to serving you!

Thank you
AT&T Online Services

Contact Us
AT&T Support - quick & easy support is available 24/7.

Moving Soon?
Saty Connected with AT&T. Visit us online

ATandT Malware Emails

Detailed Analysis
This email, which appears as though it was sent by multinational telecommunications giant AT&T, claims that new bill for phone service is ready for viewing online. The email instructs recipients to click a "Log In" button to access AT&T's online account management system to view the bill.

However, the email is not from AT&T and is not a genuine bill notification. The email is part of a criminal campaign to trick users into allowing malware to be installed on their computers. Those who click the "Log In" button in the email will be taken not to the AT&T website as they expect, but rather to a compromised website that further redirects them to a page that harbours a version of the Blackhole exploit kit. BlackHole is a web application used by criminals to exploit browser vulnerabilities as a means of downloading and installing trojans and other types of malware.

This attack is quite sophisticated, and according to Websense Security Labs, more than 200,000 of the fake emails may have already been distributed. The email comes complete with seemingly legitimate AT&T graphics and formatting. Those responsible for the attack hope that users, concerned at receiving a bill for such a large amount of money, will click the link without due forethought.

This campaign is very similar to earlier malware attacks including an April 2012 attack that consisted of fake bill emails claiming to be from Verizon Wireless. The Verizon variant also directed victims to compromised websites that contained the Blackhole exploit kit.

If you receive one of these bogus bill notification emails, do not click on any links or open any attachments that it may contain. When checking online accounts, it is always safest to access the account by entering its web address into your browser rather than by clicking links in an email. Also, always ensure that the latest security updates for your browser and operating system are installed on your computer and that you have up-to-date antivirus and anti-malware protection.

Bookmark and Share References
Malware warning: Your AT&T bill is ready to be viewed
Fake AT&T email Installs Malware
Paypal 'You Sent a Payment' Malware Emails
Bogus Verizon Wireless Bill Email Points to Malware

Previous Article            Next Article

Issue 137 Start Menu

Pages in this issue:
  1. Anti Text-Driving Message - Car Wedged Under Truck Image
  2. Nationwide Phishing Scam Emails
  3. Faux Image - Double Sunset on Mars
  4. Microsoft Cyber-Crime Department Phishing Scam
  5. Does A Photo Depict A Puppy Being Forced to Drink Vodka?
  6. Post Circulating Claims Hotel Made Disabled US Veteran Crawl Down Stairs
  7. AFL vs NRL - Wrongdoings of Australian Members of Parliament Hoax
  8. Phishing Scam
  9. Another Facebook Sick Baby Hoax - Baby With Brain Cancer
  10. Circulating Opinion Piece - 'Democratic, Republican Liberal-Progressive's Worst Nightmare'
  11. Fake Three (Or Seven) Headed Snake Image
  12. Misleading Health Advice Email - 'Mayo Clinic on Aspirin and Heart Attacks'
  13. Facebook Survey Scam - Free Argos Gift Card
  14. 'Email Deactivation Warning' Phishing Scam
  15. Anti-Obama Youtube Video Compiles Multiple Conspiracy Theories
  16. Fake AT&T Bill Emails Point To Malware
  17. Messages Claim Coca Cola to be Banned In Bolivia
  18. 'Free Apple Product' Text Message Survey Scam
  19. Circulating Warning - Facebook May Close Down Animal Rescue Account'
  20. 2012 FIFA World Cup Online Lottery Advance Fee Scam
  21. Email Claiming US Gold Medal Gymnast Gabrielle Douglas Faces Lifetime Ban Used to Spread Malware
  22. Bigpond Security Service Phishing Scam
  23. Wrestling Star John Cena is NOT Dead
  24. Hoax - NASA Predicts Total Blackout of Planet in Dec 2012
  25. Wrestling Star Undertaker is NOT Dead
  26. Colin And Chris Weir Donation Programme Advance Fee Scam
  27. US EPA Regulations Force Power Plant Closures
  28. 'View Facebook Followers' Scam Targets Twitter Users
  29. Lloyds TSB 'New Banking Authentication' Phishing Scam
  30. Faux Image - Pilots Protesting Chemtrails
  31. Telstra Bill Account Update Phishing Scam
  32. McDonald's Signboard Supporting Chick-Fil-A
  33. ABSA 'Authorized EFT Payment Received' Phishing Scam
  34. Hoax Picture - Obama Holding Phone Upside Down
  35. 'eBay Item Not Received' Phishing Scam Email
  36. Wells Fargo 'Security Check' Phishing Scam
  37. False Warnings - 'Cleaning out Friends List' Questions on Facebook Contain Viruses or are Posted by Hackers