Search Close
Email Security Blog

Voicemail Phishing: A Cautionary Tale

John Wilson April 9th, 2014 Cybercrime
Fallback Featured Image

The other day I received a phone call from an unknown 866 toll-free number. When I answered I was greeted with a recording that instructed me to visit myattpoints.com in order to save $200 off my AT&T wireless bill. Eager to save some of my hard-earned money, I did what any paranoid computer security professional would do…I did a whois lookup on myattpoints.com. As it turned out, the domain was registered to some guy in Sunnyvale, California. Interestingly enough, the registrar was Melbourne IT. This wasn’t some shady fly-by-night registrar; Melbourne IT is one of those premium registrars who provide all sorts of additional brand protection benefits. A quick visit to the website confirmed my suspicions; in order to save $200 I would need to enter my AT&T username and password. No thanks.

The next day, I noticed I had a voicemail from an unknown 800 number. This time I was told I could save $200 by visiting attdollarpoints.com. A quick whois lookup showed the domain was registered to that same guy in Sunnyvale, again through Melbourne IT. Visiting the site, I saw a Google “Phishing” warning.

This got me thinking…why on earth would Melbourne IT allow some random clown to register domains that were clearly meant to defraud people? Aren’t they supposed to be all about brand protection?

As I thought about this, I realized the problem. You couldn’t very well stop every new domain registration that contains the string “att”. You’d be crying wolf at mattjones.com, battlezone.cc, atthe50yardline.com, 100wattbulb.net,chatter.net, hyatt.com, etc.

So the moral of today’s story? It’s easier to protect the Verizon brand than it is to protect AT&T. Oh, and you might want to warn your friends and family, just in case they aren’t the type to do a whois lookup before visiting a website advertised by an unsolicited robo-dialer.

Leave a Reply

Your email will not be published. All fields are required.

December 6, 2018 Crane Hassold

How an Elite Counterintelligence Team Investigates BEC Scams Worldwide

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

November 28, 2018 Crane Hassold

Why Just Play Defense Against Cybercriminals When You Can Do So Much More?

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

February 22, 2018 John Wilson

Email Phishing Scam Continues to Target College Students

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

February 2, 2018 Agari

Tax season is open – and W-2 scammers are back in force

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

December 7, 2017 John Wilson

The DMARC Mandate: How to Protect Citizens from Cyber Crime

John Wilson is the field Chief Technology Officer at Agari, responsible for researching and utilizing…

mobile image