Why in the hell did the phone company send me an email asking me to update my contact information?
1. You sent me the email so you have my email address.
2. You're the phone company so I bet you know my phone number.
What the hell else do you want?
/end rant
- L.A.
- 09-23-2013, 11:12 AM
- hd
- 09-23-2013, 11:46 AM
could be phishing?
- hotindallas
- 09-23-2013, 01:33 PM
It's a phishing attempt. Delete it.
- hd
- 09-23-2013, 01:40 PM
I usually get a text from AT&T, any emails have always looked suspicious to me so I just delete w/o opening. By opening it, you may allow viruses or whatever to infect your pc, and some of you know how much infections can hurt?......................... ..... Don't you?
- L.A.
- 09-23-2013, 03:12 PM
The full header was this:
From AT&T Mon Sep 23 10:08:20 2013
X-Apparently-To: myemailaddressswbell.net via 98.138.213.197; Mon, 23 Sep 2013 17:08:22 +0000
Return-Path: <bo-b6bg2w0bfs8s93au1tp8pbzcuvqetv @b.e.att-mail.com>
Received-SPF: pass (domain of b.e.att-mail.com designates 63.236.76.123 as permitted sender)
X-Originating-IP: [63.236.76.123]
Authentication-Results: mta1042.sbc.mail.bf1.yahoo.com from=e.att-mail.com; domainkeys=pass (ok); from=e.att-mail.com; dkim=pass (ok)
Received: from 207.115.36.38 (EHLO nlpi166.prodigy.net) (207.115.36.38)
by mta1042.sbc.mail.bf1.yahoo.com with SMTP; Mon, 23 Sep 2013 17:08:22 +0000
X-Originating-IP: [63.236.76.123]
Received: from mta823.e.att-mail.com (mta823.e.att-mail.com [63.236.76.123])
by nlpi166.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id r8NH8KUI021311
for <myemailaddress@swbell.net>; Mon, 23 Sep 2013 12:08:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e.att-mail.com;
s=20111007; t=1379956100; x=1395594500;
bh=1TBBbCUJ0LdQn9qDnXnJQTc/QsPYnGhKaTo8cQ2PQMo=; h=From:Reply-To;
b=QJ7B5ztxi/mbYcwOcI4RDsHj6YLHjKaTRuBC4XID ua3JzvC09IPLMFmHIF5vmCJO2
TcyMlenRFGyTTIcoYbQDtowdlUqcg+ 0DKge3g/JmJnhMyo9yRuQ7NIFgDioCS/M1Bo
qgYONZHxlJicqUgoFaYA7H2bJzmnA1 7WKz0M/svo=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=200505; d=e.att-mail.com;
b=XvMxQvIdM6bJ9YiQiFzTClz44eNd 2WQXqihiwUQuBxEoDqqEuqATRE7uzA Pze8ZZnXQ8S2YCRki+ID4Zm7NxhDro oYKEGUyRV25XsysnBVrkcpza1Uk+es/AIUPlqT9rq9mwvsHtO7ilSCXkT6p57 tMsc7Gr/nEPswV2vrp5urA=;
h=Date:Message-ID:List-Unsubscribe:From:To:Subject:MI ME-Version:Reply-To:Content-type;
Date: Mon, 23 Sep 2013 17:08:20 -0000
Message-ID: <b6bg2w0bfs8s93au1tp8pbzcuvqetv .47045467.20@mta823.e.att-mail.com>
List-Unsubscribe: <mailto:rm-0b6bg2w0bfs8s93au1tp8pbzcuvqet v@e.att-mail.com>
From: "AT&T" <att@e.att-mail.com>
To: myemailaddress@swbell.net
Subject: ACTION REQUIRED: please update your contact numbers
MIME-Version: 1.0
Reply-To: "AT&T" <support-b6bg2w0bfs8s93au1tp8pbzcuvqetv @e.att-mail.com>
Content-type: multipart/alternative; boundary="=b6bg2w0bfs8s93au1tp 8pbzcuvqetv"
Content-Length: 16900
Looks legit to me....idk
From AT&T Mon Sep 23 10:08:20 2013
X-Apparently-To: myemailaddressswbell.net via 98.138.213.197; Mon, 23 Sep 2013 17:08:22 +0000
Return-Path: <bo-b6bg2w0bfs8s93au1tp8pbzcuvqetv @b.e.att-mail.com>
Received-SPF: pass (domain of b.e.att-mail.com designates 63.236.76.123 as permitted sender)
X-Originating-IP: [63.236.76.123]
Authentication-Results: mta1042.sbc.mail.bf1.yahoo.com from=e.att-mail.com; domainkeys=pass (ok); from=e.att-mail.com; dkim=pass (ok)
Received: from 207.115.36.38 (EHLO nlpi166.prodigy.net) (207.115.36.38)
by mta1042.sbc.mail.bf1.yahoo.com with SMTP; Mon, 23 Sep 2013 17:08:22 +0000
X-Originating-IP: [63.236.76.123]
Received: from mta823.e.att-mail.com (mta823.e.att-mail.com [63.236.76.123])
by nlpi166.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id r8NH8KUI021311
for <myemailaddress@swbell.net>; Mon, 23 Sep 2013 12:08:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e.att-mail.com;
s=20111007; t=1379956100; x=1395594500;
bh=1TBBbCUJ0LdQn9qDnXnJQTc/QsPYnGhKaTo8cQ2PQMo=; h=From:Reply-To;
b=QJ7B5ztxi/mbYcwOcI4RDsHj6YLHjKaTRuBC4XID ua3JzvC09IPLMFmHIF5vmCJO2
TcyMlenRFGyTTIcoYbQDtowdlUqcg+ 0DKge3g/JmJnhMyo9yRuQ7NIFgDioCS/M1Bo
qgYONZHxlJicqUgoFaYA7H2bJzmnA1 7WKz0M/svo=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=200505; d=e.att-mail.com;
b=XvMxQvIdM6bJ9YiQiFzTClz44eNd 2WQXqihiwUQuBxEoDqqEuqATRE7uzA Pze8ZZnXQ8S2YCRki+ID4Zm7NxhDro oYKEGUyRV25XsysnBVrkcpza1Uk+es/AIUPlqT9rq9mwvsHtO7ilSCXkT6p57 tMsc7Gr/nEPswV2vrp5urA=;
h=Date:Message-ID:List-Unsubscribe:From:To:Subject:MI ME-Version:Reply-To:Content-type;
Date: Mon, 23 Sep 2013 17:08:20 -0000
Message-ID: <b6bg2w0bfs8s93au1tp8pbzcuvqetv .47045467.20@mta823.e.att-mail.com>
List-Unsubscribe: <mailto:rm-0b6bg2w0bfs8s93au1tp8pbzcuvqet v@e.att-mail.com>
From: "AT&T" <att@e.att-mail.com>
To: myemailaddress@swbell.net
Subject: ACTION REQUIRED: please update your contact numbers
MIME-Version: 1.0
Reply-To: "AT&T" <support-b6bg2w0bfs8s93au1tp8pbzcuvqetv @e.att-mail.com>
Content-type: multipart/alternative; boundary="=b6bg2w0bfs8s93au1tp 8pbzcuvqetv"
Content-Length: 16900
Looks legit to me....idk
- Luke Skywalker
- 09-23-2013, 07:45 PM
The full header was this:looks are deceiving. this is not legit...
From AT&T Mon Sep 23 10:08:20 2013
X-Apparently-To: myemailaddressswbell.net via 98.138.213.197; Mon, 23 Sep 2013 17:08:22 +0000
Return-Path: <bo-b6bg2w0bfs8s93au1tp8pbzcuvqetv @b.e.att-mail.com>
Received-SPF: pass (domain of b.e.att-mail.com designates 63.236.76.123 as permitted sender)
X-Originating-IP: [63.236.76.123]
Authentication-Results: mta1042.sbc.mail.bf1.yahoo.com from=e.att-mail.com; domainkeys=pass (ok); from=e.att-mail.com; dkim=pass (ok)
Received: from 207.115.36.38 (EHLO nlpi166.prodigy.net) (207.115.36.38)
by mta1042.sbc.mail.bf1.yahoo.com with SMTP; Mon, 23 Sep 2013 17:08:22 +0000
X-Originating-IP: [63.236.76.123]
Received: from mta823.e.att-mail.com (mta823.e.att-mail.com [63.236.76.123])
by nlpi166.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id r8NH8KUI021311
for <myemailaddress@swbell.net>; Mon, 23 Sep 2013 12:08:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=e.att-mail.com;
s=20111007; t=1379956100; x=1395594500;
bh=1TBBbCUJ0LdQn9qDnXnJQTc/QsPYnGhKaTo8cQ2PQMo=; h=From:Reply-To;
b=QJ7B5ztxi/mbYcwOcI4RDsHj6YLHjKaTRuBC4XID ua3JzvC09IPLMFmHIF5vmCJO2
TcyMlenRFGyTTIcoYbQDtowdlUqcg+ 0DKge3g/JmJnhMyo9yRuQ7NIFgDioCS/M1Bo
qgYONZHxlJicqUgoFaYA7H2bJzmnA1 7WKz0M/svo=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=200505; d=e.att-mail.com;
b=XvMxQvIdM6bJ9YiQiFzTClz44eNd 2WQXqihiwUQuBxEoDqqEuqATRE7uzA Pze8ZZnXQ8S2YCRki+ID4Zm7NxhDro oYKEGUyRV25XsysnBVrkcpza1Uk+es/AIUPlqT9rq9mwvsHtO7ilSCXkT6p57 tMsc7Gr/nEPswV2vrp5urA=;
h=Date:Message-ID:List-Unsubscribe:From:To:Subject:MI ME-Version:Reply-To:Content-type;
Date: Mon, 23 Sep 2013 17:08:20 -0000
Message-ID: <b6bg2w0bfs8s93au1tp8pbzcuvqetv .47045467.20@mta823.e.att-mail.com>
List-Unsubscribe: <mailto:rm-0b6bg2w0bfs8s93au1tp8pbzcuvqet v@e.att-mail.com>
From: "AT&T" <att@e.att-mail.com>
To: myemailaddress@swbell.net
Subject: ACTION REQUIRED: please update your contact numbers
MIME-Version: 1.0
Reply-To: "AT&T" <support-b6bg2w0bfs8s93au1tp8pbzcuvqetv @e.att-mail.com>
Content-type: multipart/alternative; boundary="=b6bg2w0bfs8s93au1tp 8pbzcuvqetv"
Content-Length: 16900
Looks legit to me....idk Originally Posted by L.A.
- OldGrump
- 09-23-2013, 07:55 PM
Luke, tell us what to look for.
What stands out the me is the bogus ATT addresses.
What else tipped you off?
What stands out the me is the bogus ATT addresses.
What else tipped you off?
- L.A.
- 09-23-2013, 08:55 PM
Here is one from ATT that I know is legit. Not too sure of the differences:
From AT&T Online Services Mon Aug 12 16:48:09 2013
X-Apparently-To: myemailaddress@swbell.net via 98.138.213.222; Mon, 12 Aug 2013 23:48:12 +0000
Return-Path: <att-services.cn.1743094703@emaildl .att-mail.com>
Received-SPF: none (domain of emaildl.att-mail.com does not designate permitted sender hosts)
X-Originating-IP: [144.160.112.12]
Authentication-Results: mta1023.sbc.mail.bf1.yahoo.com from=emaildl.att-mail.com; domainkeys=neutral (no sig); from=emaildl.att-mail.com; dkim=pass (ok)
Received: from 207.115.36.49 (EHLO nlpi177.prodigy.net) (207.115.36.49)
by mta1023.sbc.mail.bf1.yahoo.com with SMTP; Mon, 12 Aug 2013 23:48:12 +0000
X-Originating-IP: [144.160.112.12]
Received: from tlpi046.enaf.dadc.sbc.com (egssmtp01.att.com [144.160.112.12])
by nlpi177.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id r7CNmAnq011947
for <myemailaddress@swbell.net>; Mon, 12 Aug 2013 18:48:11 -0500
Received: from tsprd471 (tsprd471.dadc.sbc.com [135.31.27.98])
by tlpi046.enaf.dadc.sbc.com (8.14.4/8.14.4) with ESMTP id r7CNm9bd004372
for <myemailaddress@swbell.net>; Mon, 12 Aug 2013 18:48:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=emaildl.att-mail.com;
s=egs02; t=1376351290;
bh=X9B5mEaT0kaydA5AhhCvmOIGzII ev9lyoWj/stjBvC8=;
h=From:To:Message-ID:Subject:MIME-Version:Content-Type;
b=yphfwyA/yOPDe8LNkYjMD2G9m5gZYgyq79F5k2 YVg2R89OSGLxKtUohkJVCUxoQ0h
GjNKfrWYWiIAZQFwLBKx8rQHKf4YTG U/FHASkUkY4ZhpmHg4Gybu2oingMxg9I 8KLY
zHexTbG/QcnlqtOqH5YzDUeewUZRmUH6Elt1Uy 38=
Date: Mon, 12 Aug 2013 18:48:09 -0500
From: AT&T Online Services <att-services.cn.1743094703@emaildl .att-mail.com>
To: myemailaddress@swbell.net
Message-ID: <10806784.2166431376351289934.J avaMail.websphe@tsprd471>
Subject: Your AT&T online bill is ready to be viewed
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_214352_3318752.13763512 89929"
Content-Length: 17751
From AT&T Online Services Mon Aug 12 16:48:09 2013
X-Apparently-To: myemailaddress@swbell.net via 98.138.213.222; Mon, 12 Aug 2013 23:48:12 +0000
Return-Path: <att-services.cn.1743094703@emaildl .att-mail.com>
Received-SPF: none (domain of emaildl.att-mail.com does not designate permitted sender hosts)
X-Originating-IP: [144.160.112.12]
Authentication-Results: mta1023.sbc.mail.bf1.yahoo.com from=emaildl.att-mail.com; domainkeys=neutral (no sig); from=emaildl.att-mail.com; dkim=pass (ok)
Received: from 207.115.36.49 (EHLO nlpi177.prodigy.net) (207.115.36.49)
by mta1023.sbc.mail.bf1.yahoo.com with SMTP; Mon, 12 Aug 2013 23:48:12 +0000
X-Originating-IP: [144.160.112.12]
Received: from tlpi046.enaf.dadc.sbc.com (egssmtp01.att.com [144.160.112.12])
by nlpi177.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id r7CNmAnq011947
for <myemailaddress@swbell.net>; Mon, 12 Aug 2013 18:48:11 -0500
Received: from tsprd471 (tsprd471.dadc.sbc.com [135.31.27.98])
by tlpi046.enaf.dadc.sbc.com (8.14.4/8.14.4) with ESMTP id r7CNm9bd004372
for <myemailaddress@swbell.net>; Mon, 12 Aug 2013 18:48:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=emaildl.att-mail.com;
s=egs02; t=1376351290;
bh=X9B5mEaT0kaydA5AhhCvmOIGzII ev9lyoWj/stjBvC8=;
h=From:To:Message-ID:Subject:MIME-Version:Content-Type;
b=yphfwyA/yOPDe8LNkYjMD2G9m5gZYgyq79F5k2 YVg2R89OSGLxKtUohkJVCUxoQ0h
GjNKfrWYWiIAZQFwLBKx8rQHKf4YTG U/FHASkUkY4ZhpmHg4Gybu2oingMxg9I 8KLY
zHexTbG/QcnlqtOqH5YzDUeewUZRmUH6Elt1Uy 38=
Date: Mon, 12 Aug 2013 18:48:09 -0500
From: AT&T Online Services <att-services.cn.1743094703@emaildl .att-mail.com>
To: myemailaddress@swbell.net
Message-ID: <10806784.2166431376351289934.J avaMail.websphe@tsprd471>
Subject: Your AT&T online bill is ready to be viewed
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_214352_3318752.13763512 89929"
Content-Length: 17751
- Lana_kane
- 09-23-2013, 11:55 PM
Here is one from ATT that I know is legit. Not too sure of the differences:Return paths are different ...
From AT&T Online Services Mon Aug 12 16:48:09 2013
X-Apparently-To: myemailaddress@swbell.net via 98.138.213.222; Mon, 12 Aug 2013 23:48:12 +0000
Return-Path: <att-services.cn.1743094703@emaildl .att-mail.com>
Received-SPF: none (domain of emaildl.att-mail.com does not designate permitted sender hosts)
Date: Mon, 12 Aug 2013 18:48:09 -0500
From: AT&T Online Services <att-services.cn.1743094703@emaildl .att-mail.com>
To: myemailaddress@swbell.net
Message-ID: <10806784.2166431376351289934.J avaMail.websphe@tsprd471>
Subject: Your AT&T online bill is ready to be viewed
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_214352_3318752.13763512 89929"
Content-Length: 17751 Originally Posted by L.A.
Date format is also different ...
The full header was this:Subjects are obviously different but as op stated why would the phone company ask you for your phone number in a contact to you when they would know who's account the email is linked to. That's my guess ...
From AT&T Mon Sep 23 10:08:20 2013
X-Apparently-To: myemailaddressswbell.net via 98.138.213.197; Mon, 23 Sep 2013 17:08:22 +0000
Return-Path: <bo-b6bg2w0bfs8s93au1tp8pbzcuvqetv @b.e.att-mail.com>
Received-SPF: pass (domain of b.e.att-mail.com designates 63.236.76.123 as permitted sender)
Date: Mon,K
From: "AT&T" <att@e.att-mail.com>
To: myemailaddress@swbell.net
Subject: ACTION REQUIRED: please update your contact numbers
MIME-Version: 1.0
Reply-To: "AT&T" <support-b6bg2w0bfs8s93au1tp8pbzcuvqetv @e.att-mail.com>
Content-type: multipart/alternative; boundary="=b6bg2w0bfs8s93au1tp 8pbzcuvqetv"
Content-Length: 16900
Looks legit to me....idk Originally Posted by L.A.
- Luke Skywalker
- 09-24-2013, 08:42 AM
Good catch lana.
But that's not all.
The b=(gbbly gook) is an encrypted cookie. If you have the tools to decrypt it, you would know why. Not easy for the layman.
But that's not all.
The b=(gbbly gook) is an encrypted cookie. If you have the tools to decrypt it, you would know why. Not easy for the layman.
- hd
- 09-24-2013, 08:49 AM
About a year or so ago after I got ATT Uverse, I rec'd and email I thought was from ATT. Had their logo and look official, I almost opened it and thought why would they email me when could text to my phone. I called ATT and asked their tech dept and they did say it was probably scamming which is what i figured.
If you look at the email address where it came from, that will give it away that it's not official. What was showing on mine had no ATT.com in the address where it came from. If there is any question about it, it's best just to call the number on your statement.
If you look at the email address where it came from, that will give it away that it's not official. What was showing on mine had no ATT.com in the address where it came from. If there is any question about it, it's best just to call the number on your statement.
- Lana_kane
- 09-24-2013, 09:50 AM
Good catch lana.Ty for the 411 Luke, I don't know much about computer codes, I just saw some obvious differences ... Lol
But that's not all.
The b=(gbbly gook) is an encrypted cookie. If you have the tools to decrypt it, you would know why. Not easy for the layman. Originally Posted by lukeskywalker7667
- Exec_Enchant
- 09-25-2013, 09:32 PM
- L.A.
- 09-25-2013, 09:35 PM
Thanks all. I initially was just trying to be funny thinking how dumb it was for Uverse to ask me to update contact info since they obviously had it.
My laziness has finally paid off as I never clicked on anything in the email.
Again..thanks for all of your insight!
My laziness has finally paid off as I never clicked on anything in the email.
Again..thanks for all of your insight!