07/16/2024
from a VOIP vendor we use at work about the AT$T breach:
AT&T recently announced a significant incident involving the theft of call and text message logs from their workspace hosted by their vendor, Snowflake. This situation affects most, if not all, of AT&T"s cellular customers, with records taken from May 1, 2022, to October 31, 2022, and on January 2, 2023. While the actual content of the calls and texts was not exposed, the stolen metadata includes details about who called or texted whom. Scammers can use this information to impersonate trusted individuals and trick you into sharing personal information.
This type of stolen data can lead to “phishing” scams. For example, attackers might manipulate Caller ID information to make it look like a trusted contact is calling or texting you. They can then convincingly deceive you into providing sensitive information or money by pretending to be someone you know.
To safeguard yourself and your organization from potential scams resulting from this incident, please consider the following recommendations:
Be cautious of Caller ID information. Caller IDs can be easily spoofed, so do not rely solely on them to verify a caller"s identity;
Verify sensitive requests. If you receive a call or text asking for money, passwords, or other confidential information, hang up and call back using a number for the requestor that you know to be genuine. Consider utilizing secure communication methods, such as encrypted messaging apps like Signal, when doing so;
Be wary of requests for personal information. Legitimate organizations will not ask for personal, account, or credit card details via text or call;
Ignore texts from unfamiliar senders. Do not respond to or click on links in texts from unknown numbers;
Stay updated. Regularly check for updates and advice from trusted sources, such as the Federal Communications Commission (FCC) and your mobile provider, about avoiding frauds and scams
