Important Security Advisory: AT&T Incident and Preventative Measures

As a trusted partner in cybersecurity and safety, we at Intermedia are dedicated to keeping you informed about potential threats and how to protect yourself. Today, we want to highlight a recent incident involving AT&T and emphasize the importance of vigilance in the face of cyber threats. It’s important to note that this incident did not involve Intermedia’s systems or services. We are simply sharing this information to help you stay protected.

The AT&T Incident

AT&T recently reported a significant security incident where call and text message logs were stolen from their vendor, Snowflake. This breach affects most, if not all, of AT&T’s cellular customers, with records taken from May 1, 2022, to October 31, 2022, and on January 2, 2023. Although the actual content of the calls and texts was not compromised, the stolen metadata includes information about who communicated with whom. Scammers can exploit this data to impersonate trusted individuals and trick you into revealing personal information.

How Scammers Exploit Stolen Data

The stolen metadata can be used in “phishing” scams, where attackers manipulate Caller ID information to make it appear as though a trusted contact is reaching out to you. They can then convincingly deceive you into providing sensitive information or money by pretending to be someone you know.

What is Phishing?

Phishing is a type of cyber-attack where attackers attempt to trick individuals into divulging sensitive information, such as usernames, passwords, credit card numbers, or other personal details. These attacks often come in the form of deceptive emails, texts, or phone calls that appear to be from legitimate sources, such as banks, online services, or even acquaintances.

There are several common types of phishing attacks:

Email Phishing: This involves sending fraudulent emails that appear to come from reputable sources. The email typically contains a message urging the recipient to click on a link or download an attachment, leading to a fake website designed to steal their information.
Spear Phishing: A more targeted form of phishing, spear phishing involves attackers sending personalized messages to specific individuals or organizations. These messages often include personal details to make them more convincing.
Smishing (SMS Phishing): This type of phishing uses text messages to lure victims into clicking on malicious links or providing personal information.
Vishing (Voice Phishing): Vishing involves phone calls where attackers impersonate legitimate entities, such as banks or government agencies, to extract personal information from the victim.

Phishing scams rely on social engineering techniques to exploit human psychology. Attackers often create a sense of urgency or fear to prompt immediate action without giving the victim time to think critically about the request.

Protecting Yourself and Your Organization

To safeguard yourself and your organization from potential scams resulting from this incident, follow these recommendations:

Be cautious of Caller ID information. Caller IDs can be easily spoofed, so do not rely solely on them to verify a caller’s identity.
Verify sensitive requests. If you receive a call or text asking for money, passwords, or other confidential information, hang up and call back using a number you know to be genuine. Consider utilizing secure communication methods, such as encrypted messaging apps like Signal.
Be wary of requests for personal information. Legitimate organizations will not ask for personal, account, or credit card details via text or call.
Ignore texts from unfamiliar senders. Do not respond to or click on links in texts from unknown numbers.
Stay updated. Regularly check for updates and advice from trusted sources, such as the Federal Communications Commission (FCC) and your mobile provider, about avoiding frauds and scams.

Ongoing Efforts to Combat Cybercrime

Intermedia invests heavily in delivering highly secure products, services, and 24/7 system monitoring. This commitment extends to keeping consumers informed about potential security threats.

Please continue to check our social channels and website/blog for additional information on system security and protection, including Intermedia-hosted security webinars, security checklists, security videos, and more. We are dedicated to helping you stay safe and vigilant in the face of cyber threats.