Email Security Blog

Voicemail Phishing: A Cautionary Tale

John Wilson April 9, 2014 Cybercrime
Fallback Featured Image

The other day I received a phone call from an unknown 866 toll-free number. When I answered I was greeted with a recording that instructed me to visit in order to save $200 off my AT&T wireless bill. Eager to save some of my hard-earned money, I did what any paranoid computer security professional would do…I did a whois lookup on As it turned out, the domain was registered to some guy in Sunnyvale, California. Interestingly enough, the registrar was Melbourne IT. This wasn’t some shady fly-by-night registrar; Melbourne IT is one of those premium registrars who provide all sorts of additional brand protection benefits. A quick visit to the website confirmed my suspicions; in order to save $200 I would need to enter my AT&T username and password. No thanks.

The next day, I noticed I had a voicemail from an unknown 800 number. This time I was told I could save $200 by visiting A quick whois lookup showed the domain was registered to that same guy in Sunnyvale, again through Melbourne IT. Visiting the site, I saw a Google “Phishing” warning.

This got me thinking…why on earth would Melbourne IT allow some random clown to register domains that were clearly meant to defraud people? Aren’t they supposed to be all about brand protection?

As I thought about this, I realized the problem. You couldn’t very well stop every new domain registration that contains the string “att”. You’d be crying wolf at,,,,,, etc.

So the moral of today’s story? It’s easier to protect the Verizon brand than it is to protect AT&T. Oh, and you might want to warn your friends and family, just in case they aren’t the type to do a whois lookup before visiting a website advertised by an unsolicited robo-dialer.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 25, 2019 Crane Hassold

Bitcoin: The Next Evolution in BEC Cash Out Methods?

Historically, business email compromise (BEC) threat actors have used wire transfers as a means to…

Agari Blog Image

April 18, 2019 Ronnie Tokazowski

Do You Know Where Your W-2 Is? Probably Where You Left It

It’s like clockwork. Every year around tax time security vendors (even us!) push out warnings…

Agari Blog Image

April 4, 2019 Crane Hassold

Evolving Tactics: London Blue Starts Spoofing Target Domains

In December, the Agari Cyber Intelligence Division (ACID) published a report on a business email…

Agari Blog Image

March 27, 2019 Ronnie Tokazowski

Why iTunes? A Look into Gift Cards as an Emerging BEC Cash Out Method

One of the trends that has been slowly creeping up across the BEC threat landscape…

Checking Email on Phone

March 19, 2019 James Linton

BEC Goes Mobile as Cybercriminals Turn to SMS

Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics…

mobile image