Protect yourself from phishing and fake websites

With phishing, a scammer pretends to be a legitimate person or organization to trick you into revealing personal or financial information. That information may include credit card numbers, social security numbers, or passwords.

We want all customers to know that we won’t ask for personal or account information through phone calls, email, or text messages. If you get such a message, you should report it to AT&T Internet Security at abuse@att.net. You can also forward email to the Anti-Phishing Working Group at reportphishing@antiphishing.org or report it to the FTC.

Phishing scams can take many forms. For example:

• You receive an email or text message that seems to come from your bank. The message asks you to confirm your account information by clicking on a link. When you click on the link, it installs a malicious program on your computer or device that captures everything you type, including passwords.
• The link may also take you to a fake website with a homepage that looks like your bank’s. The website asks for information that the real site would never ask for, including your account number, the last eight digits of your debit card number, and your ATM PIN.
• A hacker creates a fake website using a web address that is commonly misspelled. This is called typosquatting. If you mistype a web address, you could land on one of these sites.

Scammers are constantly changing their attacks to include details that will make you believe the scam is real. So, it’s important that you know what to look for. And remember - we won’t ask for information through phone, email, or text messages.

Recognizing phishing and fake websites
The next time you aren't completely confident that you are on a legitimate website or that an email you received is valid, check for these warning signs:

• Uses an incorrect URL - If your bank uses a certain URL and the site you land on uses a different URL, chances are it’s a fake site. Always double check to make sure that the site address is accurate. You can also hover your mouse pointer over a link in the email to verify that the link is directed to the same site that the email came from.
• Uses all caps in email subject lines - Scammers often use capital letters to get your attention. This is something we would never do in our emails, so it's a good sign that the email is a fake.
• Has numerous "undisclosed recipients" - Scammers send out thousands of phishing emails, hoping someone will bite. So if you see that an email is copied to other recipients, watch out. Our customers are individuals, and we treat them that way. Your email goes to you and nobody else.
• Asks for banking information - A real bank would never ask for your bank account information or your debit card and PIN numbers via email. Be wary of any email or site that asks for sensitive information (such as your Social Security number) that is beyond your standard login.
• Asks to confirm sensitive account information – If an email or website asks you to confirm sensitive account information, this is surely a scam.
• Uses a public Internet account - Before you click on any link sent to you by email, look at the sender's email address. If the email is from a public account, but claims to be from your bank or other business, do not trust the email. All myAT&T emails originate from att-mail.com, so if you don't see that address, the email isn't from us. You should also make sure that any email claiming to be from your bank includes your given name in the message, such as Dear William Smith, instead of Dear Valued Customer. Real banks address messages to you by name as a way of confirming your relationship.
• Includes misspelled words - Real companies have staff checking the accuracy of emails and websites. If you see a misspelling or a misuse of the company name, look for other mistakes and clues to confirm your suspicions. And don't enter any of your personal information on the site.
• Isn’t a secure site - Legitimate e-commerce sites use encryption, or scrambling, to help ensure that your payment information remains safe. You can see if a site uses encryption by looking for a lock symbol in the browser window. Clicking on the lock symbol allows you to verify that a security certificate was issued to that site, a sign that it's a legitimate, trusted website. You should also check that the address starts with https:// rather than just http://. Do not enter payment information on any site that isn't secure.
• Displays low resolution images - Scammers usually erect fake sites quickly, and this shows in the quality of the sites. If the logo or text appears in poor resolution, this is an important clue that the site could be phony.

Here are some ways you can avoid being caught in a phishing scam:

• Educate yourself - Read up on the latest scams so you know what to look for. And be familiar with what a phish looks like so you can recognize common tricks when you see them.
• Use common sense - Read your emails carefully, checking to make sure you know the sender. Be suspicious of any email that asks for your personal or financial information. Also, be very cautious when downloading any attachments or files from an email, unless you know and trust the sender.
• Practice smart browsing - Make sure that the website you're visiting is secure before you enter any information. If you have any doubts, enter a fake password, since phony sites will accept false information. To better protect yourself, you may also want to use a search engine to help you navigate since they can catch misspellings and prevent you from landing on fake websites. Also, use a search tool such as McAfee SiteAdvisor, which indicates in your search results whether sites are safe or not.
• Use technology to protect you - Comprehensive security software with anti-phishing technologies, like AT&T Internet Security Suite, can help protect you. Just make sure that your software is up to date with the latest security protections by enabling automatic updates or clicking the Update button on your security software control panel.
• Be vigilant both offline and online - Monitor your bank and credit card statements for any suspicious charges or transfers. And consider changing your passwords regularly. Make sure you create strong passwords that use a combination of letters, numbers, and special characters. Don’t use nicknames, birthdays, or other information that other people may know.