Just had a fun call with an AT&T fraud rep after getting this sketchy text and immediately calling the number, assuming it had to do with a new phone I purchased that hasn’t arrived, and convinced this was a #scam. A thread:
Everything seemed fine, though the questions asked to verify my identity started to veer into unusual territory and felt a little odd. As we went through the questions, it dawned on me: OH NO THIS IS A TIMELY SCAM and I just told them my previous address and other info.
So I frantically began googling the phone number. Go ahead, look it up. EVERY RESULT IS ABOUT IT BEING A SCAM NUMBER. At this point I go full Karen, asking for the rep’s manager’s name and other info about the operation to catch them off guard (lol @ me).
I asked more questions about the verification questions, but was still completely unconvinced. I got the fraud dept main number (which of course they can give even if they aren’t legit, but w/e, was going to verify).
So I hang up and independently verify that the number given (not the one from the text) is the fraud number. I call, but they are closed. OF COURSE. So I call the main customer support number, where I am on hold for what feels like an eternity.
While on hold, I’m still googling and cmd+r’ing my inbox, looking for suspicious login notifications. I find one seemingly legit story w/the phone number, but it’s about a person having their crypto wallet stolen via SIM swap, so I’m unconvinced it’s a legit AT&T number.
Support answers my call, and after a lot of word vomit about “hey I ordered a new phone it’s not here but I think it accidentally got activated but I got this text is it a scam,” the nice agent confirms that IT IS A REAL AT&T NUMBER.
So cool, it isn’t a scam, I still have cell service, and everything is ok. EXCEPT. In infosec, we often suggest that people independently verify phone numbers, links, etc. in texts or emails (I.e., don’t click the link, look it up) in anti #phishing training.
There really wasn’t a good way to do that here. In the case that someone actually is having a sketchy #SIMswap happen, if they look up this number, they might write off the whole thing as a scam and not contact AT&T, giving the real scammer more time with access to their number.
I’m kinda embarrassed that I accused a fraud rep of being a scammer, but everything about this seemed sketchy and I’d rather verify and confirm any day.
wanna guess when it happened?
You can follow @emailyee.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.