How I (A Pessimistic, Spam Aware Person) Almost Got Scammed for My AT&T Account
How My AT&T Almost Got Scammed (and I'm SUPER cautious)
Today, less than an hour ago, I was almost scammed by a person with my AT&T account information. The reason I feel compelled to share about this? Because there was SO MUCH “partial information” that seemed valid. I firmly believe a scam sounding this valid would’ve worked on most people. That’s what makes it scary!
Before you think I’m unaware, the person had my AT&T account info, my username, my home address (that part still freaks me out), and immediately gave me a story that sounded very convincing, with (fake) employee identification. The phone call came from a local number, so I had little reason to think of anything too suspicious.
Part 1: The Convincing Story
The person over the phone immediately identified himself as a member of the “AT&T fraud department” and said that they saw multiple charges to my account purchasing four separate devices. “Two apple watches, an iPad, and Air Pods.” They were “reaching out because they saw the four separate transactions as opposed to one or two orders, and that my account was temporarily suspended to protect from further fraud.”
At this point, the only things that struck me as odd was that I was contacted on my phone (so how would that work if my account was suspended?) and “Why didn’t I get an email?”
So I asked about the email, and he said “these frauds immediately change account information so no notifications will be sent out.”
Hmmm, that definitely seemed possible. So I continued on the conversation…….
Part 2: My Big Mistake (Don't Worry, I Saved It!) & How You Can Avoid It
This is where I made my big mistake. The fraud person said they needed to update my account so no additional fraud could occur, and they could then take my account off suspension. He offered to “send me a text to confirm I was the actual account owner.”
So he texted. And I gave that code to him.
I GAVE MY TWO-FACTOR AUTHENTICATION TO A PHONE NUMBER THAT CALLED ME.
That is a major no-no. What I SHOULD’VE done here, is hung up and immediately called AT&T myself.
The conversation continued, and at this point the person confirmed my home address (still scary to me), and requested a second code. AND I GAVE IT TO THEM. Because if they needed one, why not two? Again, during this time I was questioning specifics about the fraud, and the answers came immediately. I asked things including “Where did this fraud occur?” The answer was immediately New Hampshire (we are in Michigan), and they also apologized for the time inconvenience but they just wanted to keep my account secure as a valued customer.”……then came the real red flag (even though the texts should’ve been red flags.)
Part 3: How I Saved My Account and the Questions I Asked
The person over the phone asked for my online 4-digit pin. That was where I drew the line and asked, “Shouldn’t YOU have that information?” ….the immediate response was to confirm that I wasn’t the fraud…..but THEY called ME.
So I asked to speak to a supervisor. And the person did. The “supervisor” reviewed my account information with me and assured me that I could go into an AT&T store if I didn’t feel comfortable over the phone. That is where they almost got me, and where I believe MANY people would fall risk to this scam. I nearly did.
My Next (IMPORTANT) Questions, “Okay, can you set up an appointment for me at a store so I don’t have to wait there?” I said I was traveling, which I was. The “supervisor” responded that “travel was an issue” and I needed to do it at my “home” store. That meant “he would need to do it over the phone.” Since he didn’t talk to a store, that was it for me believing this was real. But one final chance, because if my account had fraud charges, I wanted to know. I asked him to send me an email authenticating this conversation. Note: What I was Looking for was specifically an email from a human named “email@example.com” The ending is SUPER important because that’s what the internal authentication would look like. Not extended emails which include att. And that’s when he said he would “be unable to because he needed to confirm my passcode.” And I said that doesn’t make sense, you have my email. I asked again for the name and employee number. Then I hung up. I could’ve saved myself at least 20 minutes if I would’ve skipped right to my next step….
Part 4: How I Actually Secured My Account
After hanging up, I immediately called the AT&T Customer Service line and told them what had happened. I said, “I’m pretty sure I messed up and almost got scammed, and I gave them my two-factor authentication.” I said this to make it clear that my account was in imminent danger. The actual customer service member quickly asked if I’d given my four-digit pin. I said, “no that’s when I hung up and called here to double check.” He confirmed that refusing to give my pin had saved me, but that I should still change all of login info. He helped me do so over the phone. This was real because I personally called the customer service line myself.
Then, I asked about the “original fraud” (which was part of the scam call.) Enough correct information had been told to me by the scammer to me that still deep down I questioned if the previous call was legit.
This customer service rep looked at my account and said there were no recent charges to my account. I asked about the apple watches etc and he said, “no, there are no recent charges.” He then confirmed that no additional “authorized users” had been added to the account during this time. He told me that’s a common way scammers can maintain access.
The interesting thing? I had to do the two-factor authentication with him too! The difference is that I called the AT&T line myself and knew the number was legitimate.
This service member then asked if I wanted to speak with the fraud department to confirm nothing else was going on. And I did, and that representative confirmed that I was very close to being compromised and that not giving my pin number saved me. She confirmed my new info was correct and that there had been no “fraudulent charges” and she took note of the situation because it had sounded so legitimate. She also requested that 4 digit pin, but again this was the same call which I made. So thank you to those two employees, because I didn’t remember their names due to me being so freaked out and embarrassed.
Long Story Short: If you are called about any fraud charges? Hand up and call back the actual customer service line right away.
Please share this, because I believe that just about anyone could fall for this type of scam. There was so much “truth” to the conversations that I was extremely close. And I mean it that I’m a skeptical person. So please, stay safe!
share below photo to help others too!
follow Budgets & Kale here
Hi, my name is Rachel Smith. I’m a personal finance nerd, Aldi connoissuer, book lover, yoga enthusiast, and budgeting wiz. I was born and raised in Anchorage, Alaska but currently call Michigan home. I want to help people with their finances and eating healthy on a tight budget (no matter what your cost-of-living area is!)