That AT&T ‘Rewards’ Text Is a Scam
A new phishing campaign identified by Malwarebytes Labs targets AT&T customers with text messages about expiring rewards points. Users are advised to claim their rewards as soon as possible by clicking on the included link, which is actually designed to collect sensitive personal information.
AT&T Rewards Personal Information Phishing Scams
Targets of this scam received text messages containing a “Rewards Expiration Notice” inviting them to redeem points in their AT&T account before their scheduled expiration. The message includes a specific points balance and expiration date as well as two “recommended redemption methods”:
As Malwarebytes discovered, the short link sends users to https://att.hgfxp[.]cc/pay/, a spoofed website with AT&T branding, headers, menus and links to the real AT&T domain. Users are asked to enter their phone number to verify their account, resulting in a warning screen saying their points are about to expire. Further down, you can see trade-in options including an Apple Watch Series 9, Sony WH-1000XM4 wireless headphones, and Amazon gift cards.
In order to claim a reward and arrange delivery, victims are then asked to enter more personal information, which is passed directly to the fraudsters. Malwarebytes notes that forms are validated in real time and highlight errors so users are less likely to suspect fraud.
Rewards Scam Red Flags
This scam relies on social engineering tactics, such as a sense of urgency and fear of missing out, to entice targets to engage. And while it has a somewhat credible appearance as well as a multi-step approach to building user trust, it also presents some clear red flags. The text is from a regular phone number rather than a short code, often used for automated messages, and the sender does not appear as a recognized AT&T contact. The thread also includes multiple recipients and a generic greeting. (A legitimate message from AT&T will be sent directly to you.)
What do you think of it so far?
Then there is the shortened URL that leads to a website. not owned by AT&T. While the page features realistic branding and working links, it also has a number of typos and grammatical and formatting errors. Malwarebytes found that if you click the link on different days, the expiration date on the site changes.
As always, do not click on links in unsolicited text. AT&T has a rewards program, but you need to go directly to that portal via the web or app to manage your rewards.
