Email purporting to be from AT&T claims that the recipient’s email account limit has been exceeded and that the account will be suspended unless it is verified within 24 hours.
The email is not from AT&T. In fact, it is a phishing scam designed to trick AT&T account holders into divulging their account login details to Internet criminals.
Subject: Account Has Exceeded….
AT&T! ACCOUNT VERIFICATION
Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24 hours, we shall suspend your account.
For immediate access, please click on the link below: click here
This email, which claims to be from telecommunications giant AT&T, warns recipients that their email accounts have exceeded their limits and will be suspended if they are not verified within 24 hours. Recipients are instructed to click a link in the email to complete the verification and restore account access.
However, the message is certainly not from AT&T and the claim that accounts will be suspended if not verified is false. The message is a typical email phishing scam that attempts to trick recipients into handing over their account login details to cybercrooks.
Those tricked into clicking the link will be taken to a fraudulent website and asked to provide their login email address and password. Login credentials entered on the bogus site will be collected by phishing scammers and subsequently used to hijack the real email accounts belonging to their victims. Once they have gained access to the compromised accounts, the scammers can lock out the rightful owners and use the account contact list to send out further scam and spam emails. Because these scam emails appear to come from a person they know, recipients may be more inclined to think them legitimate and follow any instructions the scammers have included.
Such phishing scams are extremely common. Be cautious of any message that claims that you must verify, validate or update your account details by clicking a link or opening an attached file. Genuine service providers are very unlikely to request users to provide sensitive information such as passwords via an unsolicited email. It is always safest to access any of your online accounts by entering their address into your browser’s address field rather than by clicking a link or opening an attachment.