Warning - Fake AT&T Wireless Bill Links to a Virus or Other Malware

We are blocking fake AT&T bills that look very realistic but are dangerous. The links in the email do not go to AT&T. They go to a dangerous executable (.exe) file on a hacked website. Do NOT click the links.

This is a repeat of one of the most realistic-looking email spam campaigns. The email looks like an actual bill from AT&T wireless and shows a large "outstanding balance". It's designed make the recipient panic that there is a huge mistake in their bill and then click on one of the links, thinking they will be going to AT&T's website.

Here is what one of the emails look like:

Fake AT&T Wireless Bill

This spam email is NOT from AT&T. Do NOT click any of the links.

How to Spot this Spam Email

Although this campaign looks pretty good, you can still tell it's spam.

  • It is addressed to "Dear Customer". AT&T would probably address its own customers by their names, not by a generic "Dear Customer". Even if an email addresses you by name, be careful. It could still be a spear-phishing scam.
  • Missing images Look at the social icons below the "Contact Us" closing. Some of the icons did not display. AT&T probably would not be sloppy like that.
  • Suspicious links / All the same If you hover over the links in the email (without clicking on them), your email program or browser will probably show you the web address (URL) where the link would take you. In this email, the "click-me" links all go to the same site, and it's not AT&T. See below.

    Also, the link is to an executable (.exe) file; a program that your machine would try to run and could severely damage your computer or network.

    Keep in mind, though, that spammers can also disguise the links so that when you hover over them, the address you see is different from the one it actually goes to.
 Malware Link in Fake AT&T Wireless Bill

All of the links go to the a malicious program. Do not click on any of them.

How We Are Blocking this Spam

We have analysts that update our database 24/7/365 to keep up with new threats. They identify spam campaigns like this quickly and block them.

Also, we don't filter out spam based only on "click-me" links or Bayesian Heuristics. We use multiple levels of filtering to block campaigns like this one, even as they change over time. That includes "phrase" filters, which block based on long phrases that we know only occur in spam. We almost never block based on individual words, like "Viagra", that are in legitimate emails (like to your doctor).

According to our threat analyst Chad, we are blocking this campaign based on a variety of factors, including the "click-me" links and the complex phrases, protecting our customers from this dangerous threat now and in the future.

For More Info

SpamStopsHere works differently from other anti-spam programs. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.

Our spam review team, along with our proprietary Spamalyzer 3.0, analyzes and blocks email threats for our customers 24/7/365. That's a claim almost no other antispam provider can make.

Click here for more about SpamStopsHere and our 24/7/365 live support

The mark "Viagra" is the property of its owner. This article is for informational purposes. No endorsement by third parties is implied and none should be inferred.