Massive phishing scam hits AT&T customers

Websense has detected a massive phishing campaign targeting AT&T customers, sending in-excess of 200,000 fake emails that are masquerading as billing information.

The phishing emails pretending to be from the American communication services provider were unearthed by Websense on Thursday. The fake emails look to scam consumers containing bogus claims that they owe AT&T hundreds of dollars.

The email also reportedly houses a malicious link that lets the scams author's infect victims' machines.

"Clicking on the link in the bogus message sends the user to a compromised web server that redirects the browser to a Blackhole exploit kit. As a result, malware is downloaded onto the computer that is currently not detected by most anti-virus products, according to VirusTotal," read Websense's blog.

"ThreatScope analysis shows that the malware is part of the Zeus family. It drops files into the Application Data and Temp folders, and then injects code into other processes running on the computer, for example Internet Explorer and Adobe Reader. After this, it accesses a bot network where the attacker can instruct the malware to take further actions."

The new scam is one of many phishing campaigns currently operating. Earlier in June F-Secure security chief Mikko Hypponen warned that the use of phishing emails has become a staple source of income for cyber criminals, during a press tour of the company's labs.