Reporting Spam and Phishing Oddity

I recently sent an “abuse” submission to ATT for which I received a very long diatribe on how I should not have reported to their auspice.
Here is an initial section of the repsonse
Please note that we can only take action on reports that implicate
the AT&T network as a source of abuse. As we are unable to take
any action on reports not involving AT&T’s network, we recommend
that you send those reports directly to the abuse address of the
originating domain or service provider.

Well I guess technically speaking … but I thought the whole point of relaying such incidents was to pass on the information that an “abusive” incident is occurring in their name, so to speak … and with content including my personal account data with ATT

Not to mention I find it odd that the advice is given to engage with the mal-intents… on their home turf

Not sure I fully understand the nature of the abuse. Was this an email or text message or phone call? I’ll assume an email for my comments, but if I was wrong, let me know and I’ll revise…

Email spam needs to be reported to the ISP where the sender has registered their account. Often that cannot be determined by the “From:” address as that can easily be forged, so you must go to the hidden headers to find the entry where the email was first received. If there are URL’s within the message, they too should be interested in an abuse. What I personally do is submit the entire email, including headers to spamcop.net and let them to the heavy lifting and reporting. You won’t necessarily be dealing with the mal-intents themselves, rather their ISP that should revoke their account (but some won’t be bothered).

If AT&T was not the sender’s ISP, but simply delivered the message to you, then they were correct in their response.

If it’s a phishing attempt, then I also send an email including the message as an attachment to the appropriate address of the company being spoofed along with three organizations that specialize in eliminating phishing attempts: phish@phishtank.com, phishing-report@us-cert.gov & reportphishing@antiphishing.org.

2 Likes

That’s weird, considering that I just checked AT&T’s support page for their recommending phishing reporting method (searching for “report phishing”), and the document titled “Identify fake AT&T emails” specifically directs customers to send suspected “malicious” emails to abuse@att.net. I have reported phishing attempts purporting to be from AT&T to this address in the past, and have not received a response like what you received.

If you’re an AT&T customer, I would suggest contacting customer service to point out the contradictory messaging in the response you received. If you’re not an AT&T customer, well, they won’t care.

As Marquelle D. McKean just mentioned, my foray into reporting the spam led me to ATT instruction regarding their abuse@ address … So I did not really take into account any super technical detail on
the who, what, and why, … I simply had a malicious phishing email, purporting to be ATT,
clearly designed to have an unsuspecting recipient enter login details at a fraudulent site/server…
I could easily tell with out much effort that the originating email address was not a legit ATT address, but I still felt it warranted sending this to ATT as the mal-intents clearly had loads of my info**.
And as a customer feel it’s sort of ATT’s job to ferret out the gritty details.

I also used Gmail’s report-phishing link in the 3-dot column … Google did not respond by telling me to send it elsewhere LOL

** which sort of begs a point: Shouldn’t ATT be made aware of the fact that the mal-intents had my exact account information? If they had scanned the content of the spam, they would have discerned that … and should take it seriously so perhaps their response was a bot and no one actually reviewed the submission

Just for reference here is a link to their support page/instructions on the issue

Thanks for clearing that up. I just wasn’t sure what it was, but from your description it was clearly an AT&Tphish that was correctly reported to them.

1 Like

Interesting and a reminder that ‘humans’ might be in charge of their little fiefdoms in large companies, and, then do what they want.
I have for years sent phishing to reportphishing@apwg.org including ALL HEADERS and in subject line: PHISHING. I have no idea if it is making a difference.
But I just had my first ‘hack’ since using Macs since 1984 and after I just returned my rMBP15 2015 to Apple for a battery replacement not longer than 2-3 weeks ago. It went to some service center in Houston.
Received an email from someone stating if I didn’t pay money into a bitcoin account they would release all my dirty pictures and porn (?) to all my friends and relatives. Don’t know how but they did know my admin password for my Mac. They said they used R.A.T. to gain entrance into my Mac a while back and slurped up all my data. Nothing has happened except:
I’ve downloaded most of Patrick Wardle’s Objective-See apps which monitor everything as well as Webroot Virus Malware Scanner. Was already using SetApp’s Clean My Mac X and Malwarebytes and many of Howard Oakley’s apps.
I’m very suspicious of the repair center in Houston where the Mac battery was replaced. Drat it all! Patrick

Very likely to almost assuredly not the repair center at all…this is a standard scam and I’ve gotten many of them. Some even have an old password included in the email in order to “prove” their access to your computer…but scammers use leaked password lists and send out massive numbers of these.

Thank you, Neil
That makes my day better.
Patrick

Have A Nice Day :smiley: No Really! A Nice Day :grinning:

Was that password unique and well protected? If so, I would find that really troubling.

More likely, some drone just looked at the headers and didn’t bother to look at the content of the spam, or the worker simply brain-farted and sent the reply by mistake.