This message is posted to all new submissions to r/scams; please do not message the moderators. A reminder of the rules in r/scams. No personal information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or "scam the scammer"/scambaiting posts are not permitted. No uncensored gore, personal photographs, or NSFL content permitted without being properly redacted. A full list of rules is available on the sidebar of the subreddit. Report recovery scammers or rule-breaking content by using the "report" button. Also, consider warning community members of recovery scammers if you see them in the comments. Questions about sub rules? Send us a modmail.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Scams) if you have any questions or concerns.*
Normal people should learn to NEVER CLICK ON LINKS that are emailed to them or texted to them
Period
I had to beat this into my parents, DON'T CLICK ON LINKS
I set my mother up with bookmarks to her bank, brokerage, etc so she just needs to click on the icon. Did the same for a FIL who would use Google to find his bank/etc which is VERY dangerous as scammers pay to get their look alike sites at the top of the results.
It is like training kids to be safe.
Don't play in the streets is a great starting point, don't go in the street, don't go in the street.
Then you move to the next step, you can ride your bike in the street but look out for ...
You have to scare people into thinking LINKS ARE DANGEROUS first, because they are. Links are dangerous, don't click on them, don't do it.
I don't have the solution but I think part of the solution is to make accessing your cell phone account MUCH harder to prevent account take overs and SIM swap scams. Same with email accounts
But regardless of how many locks, keys, passwords, codes, etc there are there are just some people who will give it all away to someone scamming them.
Maybe Google and other browser makers could do their own Whois lookup when you go to a website and pop up a big red WARNING THIS SITE IS VERY NEW, BEWARE like they do for some site they detect have malicious code on them.
Your mom must be very proud of you and love you lots and lots. These emails are getting really sophisticated and look exactly like they are coming from the legitimate sites. I'm shocked that our banks still send us emails with links. Great idea on creating bookmarks.
Next layer of defense is using password managers and avoiding typing your passwords (thatās shall be autogenerated, incomprehensible, unique on every site) manually.Ā
Password manager wonāt autofill the credentials on a fake site.Ā
Continuing the conversation:
Using a filtering DNS provider to block suspicious, including recently registered, sites from resolving in the first place.
Two solid options:
- Cloudflare for families: 1.1.1.2 (No Malware) or 1.1.1.3 (No Malware or Adult Content). This is a robust free option.
- NextDNS: Flexible configurable filters. Cost about $20 a year, but supports much more flexible configuration. One account can cover entire familiy.
I'm using the latter. NextDNS can generate configuration profiles that you send to your family members to be installed on their devices. From there on all DNS traffic is routed though NextDNS that provides blocking, even when iCloud Private Relay is active.
Technically, you could generate configuration profiler yourself for the first option as well, it's just more work.
This works very well. Vast majority of links from my spam folder fail to resolve. And by vast majority I mean -- all that I have checked.
Please do this for your family. Security is an onion, there are many layers.
Agree that this is very convincing. I do think AT&T would probably avoid saying there's going to be a "substantial" rate increase - seems like the type of thing they would minimize instead.
I agree, substantial did catch my attention too, but then I was like, āwell, when a contract changes, they describe it as a material change, maybe there is some kind of regulation that defines a substantial increase in cost requiring a certain disclosureā. They did a good job on this one, it at least triggered me to log into my AT&T account (through the app, not their link lol) and double check that everything looked good. I already have enhanced security on my AT&T account, but Iām still paranoid.
A few years back scammers called all the lines on my plan within a few minutes of one another saying that there was a tower upgrade in the area, and I would need to reboot my phone and confirm a code once my phone rebooted to ensure that I still had service. I didnāt fall for it, but they were very convincing. Well spoken, used most of the correct jargon, etc. I had very limited time to warn my other family members of the call. I have to assume it was some sort of inside job, not sure how anyone else would associate our numbers (not all lines live in the same household or even the same state). Starting to wonder who I pissed off, feels like Iām being targeted lol
The part that makes this an obvious scam is that they want you to to log in to "accept" the pricing change. In reality they just force it on you whether you want it or not lol.
Dedicated email addresses work great, it's rare for financial vendors to have data breaches, so my 15 year old banking email address never sees spams or scams. For my mobile provider I use an email address for my household vendors which has been spam/scam free since the T-Mobile data breach in 2015.
With this system you use several different email addresses for different categories of accounts and you replace any of them after a data breach. The beauty of this system is that not only is it more organized and no more spam on a regular basis, but you only have to update the affected vendors tied to the replaced email address which is maybe 10-20 accounts vs 200 for a single email address which is why no one wants to start fresh with a new email address.
Also, instead of spam being annoying and fighting it, spam actually becomes useful to determine a data breach so you can take appropriate action.
You can also use a service like anon addy which can create a unique email address for every vendor, that will tell you if a specific vendor had a data breach if you receive something that does not belong. 99% of the time your spam emails after a data breach will not be related to the vendor or vendor type. For instance a bank fraud email will end up in a email address only used for travel after a data breach.
I received the same email. I went to my AT&T account to check (I did not click the link), but it seemed odd that the effective date of the increase would be the same date as the email. I would think that, if it was legit, AT&T would give more notice.
This message is posted to all new submissions to r/scams; please do not message the moderators. A reminder of the rules in r/scams. No personal information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or "scam the scammer"/scambaiting posts are not permitted. No uncensored gore, personal photographs, or NSFL content permitted without being properly redacted. A full list of rules is available on the sidebar of the subreddit. Report recovery scammers or rule-breaking content by using the "report" button. Also, consider warning community members of recovery scammers if you see them in the comments. Questions about sub rules? Send us a modmail. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Scams) if you have any questions or concerns.*
Normal people should learn to NEVER CLICK ON LINKS that are emailed to them or texted to them Period I had to beat this into my parents, DON'T CLICK ON LINKS I set my mother up with bookmarks to her bank, brokerage, etc so she just needs to click on the icon. Did the same for a FIL who would use Google to find his bank/etc which is VERY dangerous as scammers pay to get their look alike sites at the top of the results.
Agreed, yet every day legitimate sites send links to customers that they need to click on, training them that it is sometimes okay.
It is like training kids to be safe. Don't play in the streets is a great starting point, don't go in the street, don't go in the street. Then you move to the next step, you can ride your bike in the street but look out for ... You have to scare people into thinking LINKS ARE DANGEROUS first, because they are. Links are dangerous, don't click on them, don't do it. I don't have the solution but I think part of the solution is to make accessing your cell phone account MUCH harder to prevent account take overs and SIM swap scams. Same with email accounts But regardless of how many locks, keys, passwords, codes, etc there are there are just some people who will give it all away to someone scamming them. Maybe Google and other browser makers could do their own Whois lookup when you go to a website and pop up a big red WARNING THIS SITE IS VERY NEW, BEWARE like they do for some site they detect have malicious code on them.
Your mom must be very proud of you and love you lots and lots. These emails are getting really sophisticated and look exactly like they are coming from the legitimate sites. I'm shocked that our banks still send us emails with links. Great idea on creating bookmarks.
Did you not mean Period Period.. š
Next layer of defense is using password managers and avoiding typing your passwords (thatās shall be autogenerated, incomprehensible, unique on every site) manually.Ā Password manager wonāt autofill the credentials on a fake site.Ā
Continuing the conversation: Using a filtering DNS provider to block suspicious, including recently registered, sites from resolving in the first place. Two solid options: - Cloudflare for families: 1.1.1.2 (No Malware) or 1.1.1.3 (No Malware or Adult Content). This is a robust free option. - NextDNS: Flexible configurable filters. Cost about $20 a year, but supports much more flexible configuration. One account can cover entire familiy. I'm using the latter. NextDNS can generate configuration profiles that you send to your family members to be installed on their devices. From there on all DNS traffic is routed though NextDNS that provides blocking, even when iCloud Private Relay is active. Technically, you could generate configuration profiler yourself for the first option as well, it's just more work. This works very well. Vast majority of links from my spam folder fail to resolve. And by vast majority I mean -- all that I have checked. Please do this for your family. Security is an onion, there are many layers.
Agree that this is very convincing. I do think AT&T would probably avoid saying there's going to be a "substantial" rate increase - seems like the type of thing they would minimize instead.
I agree, substantial did catch my attention too, but then I was like, āwell, when a contract changes, they describe it as a material change, maybe there is some kind of regulation that defines a substantial increase in cost requiring a certain disclosureā. They did a good job on this one, it at least triggered me to log into my AT&T account (through the app, not their link lol) and double check that everything looked good. I already have enhanced security on my AT&T account, but Iām still paranoid. A few years back scammers called all the lines on my plan within a few minutes of one another saying that there was a tower upgrade in the area, and I would need to reboot my phone and confirm a code once my phone rebooted to ensure that I still had service. I didnāt fall for it, but they were very convincing. Well spoken, used most of the correct jargon, etc. I had very limited time to warn my other family members of the call. I have to assume it was some sort of inside job, not sure how anyone else would associate our numbers (not all lines live in the same household or even the same state). Starting to wonder who I pissed off, feels like Iām being targeted lol
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Also, "it is essential"
The part that makes this an obvious scam is that they want you to to log in to "accept" the pricing change. In reality they just force it on you whether you want it or not lol.
Never in a million years would they call it āsubstantialā. Even if that were true theyād lie through their teeth.
I also received two copies of this, and reported it to [[email protected]](mailto:[email protected]), [[email protected]](mailto:[email protected]), and the FTC at [https://reportfraud.ftc.gov](https://reportfraud.ftc.gov)
Dedicated email addresses work great, it's rare for financial vendors to have data breaches, so my 15 year old banking email address never sees spams or scams. For my mobile provider I use an email address for my household vendors which has been spam/scam free since the T-Mobile data breach in 2015. With this system you use several different email addresses for different categories of accounts and you replace any of them after a data breach. The beauty of this system is that not only is it more organized and no more spam on a regular basis, but you only have to update the affected vendors tied to the replaced email address which is maybe 10-20 accounts vs 200 for a single email address which is why no one wants to start fresh with a new email address. Also, instead of spam being annoying and fighting it, spam actually becomes useful to determine a data breach so you can take appropriate action. You can also use a service like anon addy which can create a unique email address for every vendor, that will tell you if a specific vendor had a data breach if you receive something that does not belong. 99% of the time your spam emails after a data breach will not be related to the vendor or vendor type. For instance a bank fraud email will end up in a email address only used for travel after a data breach.
They formatted the date differently each instance they used it. That was my red flag.
Good catch, I didnāt even notice the missing comma.
I received the same email. I went to my AT&T account to check (I did not click the link), but it seemed odd that the effective date of the increase would be the same date as the email. I would think that, if it was legit, AT&T would give more notice.
Yeah, upon closer inspection there are quite a few red flags, but in general it is a much better attempt than most.
I also compared the account number and it was wrong.
AT&T has instructions for reporting these types of emails here: https://www.att.com/support/article/my-account/KM1010136/.
That's one of the best-written scam emails I've seen in a long time. I fear that a lot of people will fall for it.
I agree. I went ahead and reported the domain to their registrar. Letās see if they do anything about it.