Looks Fake But...

Discussion in 'The Lounge' started by Anon-e88bcb5f0b, Aug 26, 2022.

  1. Anon-e88bcb5f0b

    Anon-e88bcb5f0b Anonymized

    I received an email from "AT&T" about confirming an order that looks suspicious:

    1. Email came from: att-services.cn.1416090185@genericdl.att-mail.com (hmmm... dot cn, genericdl, att-mail.com??)
    2. Links to sign in or check details: http://edp.att.com/9c6799d (non-secure website address)
    3. I logged into AT&T using my own bookmark, and there is no open order for anything.

    But here's my question. When I clicked either of the two email links (#2 above) - it brings me to an AT&T logon page with a legitimate-looking web address:

    https://signin.att.com/dynamic/iamLRR/LrrController?IAM_OP=login&appName=m10707&loginSuccessURL=https://oidc.idp.clogin.att.com/mga/sps/oauth/oauth20/authorize?nonce=an6hOLxwqW&redirect_uri=https%3A%2F%2Fwww.att.com%2Fisam%2Fsps%2Foidc%2Frp%2Fconsumerfed%2Fredirect%2FolamOP&response_mode=form_post&alt_dest=https%253A%252F%252Fwww.att.com%252Folam%252FpassthroughAction.myworld%253FactionType%253DProfileNextGenCss%2526ban%253D153442648%2526docType%253DSingleCSS%2526source%253DIUSs000000000000E%2526wtExtndSource%253DEmail-SMS&scope=openid+authenticationTypes&response_type=id_token&state=acH7CfEAG4&client_id=m10707

    The "https://signin.att.com/..." part concerns me. I thought one can't just spoof a secure ("https") website? Anyhoo, I didn't dare put in my real credentials, but am still mighty curious. Any ideas?
     
    Last edited: Aug 26, 2022
    Anon-e88bcb5f0b, Aug 26, 2022
    #1
  2. Anon-e88bcb5f0b

    Anon-e88bcb5f0b Anonymized

    Just called AT&T and the email is actually legit. Why the links first take me to a non-secure site before bouncing over to AT&T's secure log-in page is still a mystery. The "order" was merely an automatic extension of my current discount for another year.
     
    Anon-e88bcb5f0b, Aug 26, 2022
    #2
  3. joffa

    joffa Major Geek's Official Birthday Announcer

    When I read your first post I was going to suggest you call AT & T to find out what is going on but you have already done that. When a similar email hits my inbox I always call the company involved and not by any phone number or link within the email. I look for their number from a public source.
    I just got an email from Amazon Prime saying they are debiting my account for US$312 for another year subscription. It said if the information is incorrect to call a number and they would reverse the charge. Instead I called my bank first and there was no transaction and then I called Amazon by their National 1300 number (which was different to the email number but similar) and told them about the scam and they agreed it was a scam.

    Hmmm....seems like the AT & T website could do with some security work :rolleyes::eek:

    Good that you got to the bottom of it :cool:
     
    joffa, Aug 26, 2022
    #3
    DavidGP and Zebra Last like this.
  4. Eldon

    Eldon Major Geek Extraordinaire

    One can never be too careful.
    A few years ago I recieved an email from Perkins Coie. The attachement was malicious. I contacted said company and was informed their email adddress was hacked.

    1200+ lawyers! :eek:
    https://www.perkinscoie.com/en/
     
    Eldon, Aug 26, 2022
    #4
    DavidGP likes this.

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds