AT&T Text Messages are a simple way for AT&T to communicate with its customers. The texts, however, are much too simple and easily duplicated, which presents a big problem for AT&T customers.
Due to the simple technology of text messages, there is no way to authenticate the identity of the sender. Also, the body of these text messages contains only a brief message that can be mimicked by hackers and scammers. Consumers could be receiving bogus text messages that have links leading to dummy websites, which then steal the customers’ information.
Essentially, it’s a classic phishing scheme akin to the ones we’ve seen in our email inboxes.
Computer programmer Dani Grant discovered the breach of security when she received a text message from AT&T. “If the official texts look like phishing, it’s impossible for the customer to distinguish between what’s phishing and what’s not,” she said in a recent interview with CNN Money.
Because AT&T’s text messages originate from a “short code” rather than a verifiable phone number, customers have no way of knowing exactly who is trying to alert them. Short codes are four or five digit numbers that can send and receive texts, and can be acquired by anyone – not just cell phone companies.
Furthermore, the links within these text messages are not always obvious links to AT&T’s official site. While AT&T will sometimes use the link “att.com” – clearly a link to their official website – sometimes they will use the URL “dl.mymobilelocate.com.” This creates confusion for the consumer: how is a customer to know if a strange URL will lead back to AT&T’s website, or some dummy site that a hacker created?
Dani Grant went ahead and created her own false website, as well as a fake text message to see if these official AT&T texts could be duplicated. As it turns out, her text message is identical to AT&T’s official alert. Grant then reported this error to AT&T as a security flaw, though they have declined to comment on the matter.
There is no easy solution to this problem. Cell phone companies prefer to use SMS for their alerts because it is inexpensive and has a broad scope in terms of reaching their customers. Clearly, this method of texting is open to security threats, though, so consumers should insist on greater security measures to be taken by their mobile carriers.
Remember, don’t be fooled by all “official” text messages from your service provider, because these messages could be coming from a clandestine source. Carefully monitor messages, and delete when it seems “phishy.” By practicing prudence when interacting over SMS, you can protect yourself from scammers.