Email Security Blog

Voicemail Phishing: A Cautionary Tale

John Wilson April 9, 2014 Cybercrime
Fallback Featured Image

The other day I received a phone call from an unknown 866 toll-free number. When I answered I was greeted with a recording that instructed me to visit in order to save $200 off my AT&T wireless bill. Eager to save some of my hard-earned money, I did what any paranoid computer security professional would do…I did a whois lookup on As it turned out, the domain was registered to some guy in Sunnyvale, California. Interestingly enough, the registrar was Melbourne IT. This wasn’t some shady fly-by-night registrar; Melbourne IT is one of those premium registrars who provide all sorts of additional brand protection benefits. A quick visit to the website confirmed my suspicions; in order to save $200 I would need to enter my AT&T username and password. No thanks.

The next day, I noticed I had a voicemail from an unknown 800 number. This time I was told I could save $200 by visiting A quick whois lookup showed the domain was registered to that same guy in Sunnyvale, again through Melbourne IT. Visiting the site, I saw a Google “Phishing” warning.

This got me thinking…why on earth would Melbourne IT allow some random clown to register domains that were clearly meant to defraud people? Aren’t they supposed to be all about brand protection?

As I thought about this, I realized the problem. You couldn’t very well stop every new domain registration that contains the string “att”. You’d be crying wolf at,,,,,, etc.

So the moral of today’s story? It’s easier to protect the Verizon brand than it is to protect AT&T. Oh, and you might want to warn your friends and family, just in case they aren’t the type to do a whois lookup before visiting a website advertised by an unsolicited robo-dialer.

Leave a Reply

Your email will not be published. All fields are required.

Checking Email on Phone

March 19, 2019 James Linton

BEC Goes Mobile as Cybercriminals Turn to SMS

Business email compromise (BEC) is a term that encompasses a variety of techniques and tactics…

Agari Blog Image

February 27, 2019 Crane Hassold

Scarlet Widow Bombs Nonprofit Directories to Run BEC Scams

When the Agari Cyber Intelligence Division released our report on London Blue in December, much…

Agari Blog Image

February 14, 2019 Crane Hassold

Scarlet Widow Breaks Hearts and Empties Wallets via Romance Scam Operations

With Valentine’s Day celebrated around the world, today is a day full of love and…

Agari Blog Image

February 5, 2019 Ronnie Tokazowski

BEC Actors Exploiting Gmail “Dot Accounts” for Fun and Profit

Within the Agari Cyber Intelligence Division (ACID), we regularly engage with BEC threat actors using…


December 6, 2018 Crane Hassold

How an Elite Counterintelligence Team Investigates BEC Scams Worldwide

Marriott Hotels, Dunkin Donuts, even the House GOP. During the final quarter of 2018, a…

mobile image