Skip to main content
AT&T Community Forums
Announcements

Tutor

 • 

1 Message

Wed, Mar 11, 2015 3:59 AM

Online account hack - fraud via AT&T Next- Fraud department wouldn't speak to me about the account.

Our account was hacked, I received a text from AT&T that our billing information had been changed.
I verified online that the address and email address were changed and we didn't do it. I then called customer service, the lady was very nice.
She said she was changing the address back. I asked her to see if any additional changes had been made to the account, because I was worried about it and we had not made any. She looked and told me that contracts were signed online that week for two lines. Someone online ordered two iPhone 6 phones and had them ship to the "new address" on the account.She then informed me that I needed to talk to the fraud department.
I was then transferred to the fraud department. I told the fraud dept. lady what had occurred, and she informed me that since the account was in my husbands name she could not discuss anything with me. I explained that my husband was out of the country, she told me again that she would not discuss the account with me.
I asked her if there was a way to make sure no further fraud could take place, anything that could be done. She told me to call customer service again, and add a passcode. After that call with the fraud department, I logged back in, and was shocked to see that none of the address or email changes had been entered.
I changed the information back, and then had a passcode added.
It occurred to me that the orders could be tracked online, so I went looking at them. I reviewed the FedEx tracking information. One phone had shipped and the address was a mismatch, so it was being returned to AT&T. The second phone had just been picked up by Fedex. I called customer service again. I explained the situation, and asked if they could contact Fedex and reroute the shipment back to AT&T. The very nice lady told me I needed to talk to the fraud department. I pleaded with her, explaining that they wouldn't speak with me, and I just want to make sure that this criminal didn't get the phone. She understood, and asked to place me on hold, so she could see what she could do. I agreed. She came back a few minutes later. She had found that the first phone had been returned, and she was able to reverse the upgrade on that line. She told me again that we needed to talk to the fraud department. She told me she knew they wouldn't talk to me, so she was going to speak with them about it. After holding for more than five minutes she returned to say that she couldn't get ahold of anyone in the fraud department, they were very busy today. She then placed me on hold one last time while she contacted FedEx to see what she could do. When she returned, she had reroute do the shipment back to AT&T, and was in the process of reversing that upgrade as well. I would like everyone to know what an outstanding job the three ladies of the customer service department did on this.
My issue is with the fraud department. AT&T next program made it easy for a hacker to steal a new phone and not pay anything, sticking the account holder with a monthly phone payment. How is it a complete stranger criminal can hack my account, change everything about it, order new phones... And the Fraud department won't talk to me about making it right. I am an authorized user, I can make changes and buy phones legally on the account. The woman in the fraud department was rude about it, identity theft is traumatic and being told you can't even talk to them about it is Unacceptable. They made a note on the account that I callled about a fraud. My husband won't be back until Friday. He will be calling the fraud department to make sure this is completely handled.
If not for the very helpful customer service department, the 128GB iPhone 6 would deliver tomorrow to the hacker criminal. I am very frustrated, and want it noted for anyone with this issue in the future, that they aren't the only person that account fraud happens to and what I had to deal with, so maybe they can help AT&T act more quickly and keep new phones away from criminals trying to steal them.
Make sure to add a passcode and change your password often.

Responses

Tutor

 • 

3 Messages

4 years ago

My on line account was hacked on March 12.  The thieves somehow accessed by on-line account, changed my email address and home address and my passcode and then added two new authorized users to the account.  I never received a notification of any changes to my account despite having my account flagged for notifications.  I discovered the fraud when my phone and my daughter's phone suddenly had no service on March 13.  I went through all the troubleshooting steps to reactivate the phone.  When that didn't work, I initiated a "chat" session on line.  After about an hour of "chatting", the agent was not able to solve the problem so I called the 800 number.  In the meantime, my daughter, whose phone was also disabled, called my husband's phone to tell him she had been in contact with an AT&T rep who informed her their were multiple changes made to the account on line and that we should contact the fraud dept.  It took several hours to reach the fraud department.  I was able to have a very helpful conversation with an agent named "nick" from Nashville.  He was very helpful and tried so hard to connect me and explained what had happened to my account.   The thieves hacked into my account on line, made all the changes to my account and then (within two hours of hacking my account) proceeded to an authorized AT&T dealer to purchase two Iphone 7's using two upgrades on my number and my daughters.  Nick stayed on the phone with me for at least an hour waiting for the fraud dept and then offered to call my husband's phone as soon as he was able to connect.  Finally, about an hour later, Nick called with the fraud dept on the other line.  But, when Nick hung up, the fraud dept was gone.  When I tried to reconnect, I got a message that the office was closed.  I was, however, very determined resolve the issue because now I was concerned about all my accounts being compromised.  So I kept trying and finally around 8:30 p.m. I reached someone in fraud who was able to disable the phones that were purchased and restore the correct information on my account.  I was told that we would need to go to an AT&T store to have the SIM cards replaced in our phones before they could be activated, which we did the next day.  What happened next was eye-opening.  The rep at the AT&T store showed my the detailed trail of transactions that occurred on my account -- which is what all the authorized representatives are able to see.  Not only is there a timeline of the changes to my account, but there is also a record of where the phones were purchased.  My question to the fruad dept and the agent was why wouldn't someone question these people making the purchases on my account in light of the changes made just hours before of very important information like my email account and address?  Also, why was I never notified of any changes to my account which is also passcode protected? How were they able to make the changes to my passcode and email without any notification?  Something else that is curious about all this is that my son in Philadelphia, who was an authorized user, purchased an upgraded phone from an AT&T store in Philadelphia on February 28.  The thieves went to a store in Brookhaven to purchase the new phones, which is only about 30 minutes from the store my son visited.  My son did not have the password or passcode for the account.  When I mentioned to the fraud dept that I suspected that this "hack" was an inside job, I was told that my home computer could have been hacked; however, I have McAfee security software -- which is what AT&T recommends and I checked my security report which showed no breaches.  So I called the fraud dept back on March 15 to ask what they would do to follow up on the fraud.  I was told they would monitor the IP address and the store where the sale was made.  I asked if the incident would be reported to law enforecement, but the agent said that she did not have that information.  To apparently console me, the fraud dept. agent said that rarely is an account hacked more than once!  Imagine that!  I was not comforted -- only more determined to do something about it.   So my conclusion is that AT&T has some serious flaws in their security system.  First of all, as a result of all this,  AT&T has added another level of security to my account.  My question is why wait until a customer's account is hacked -- why not initiate the securest access for all customers--which involves entering both your password and passcode to access your account?  Also, agents at AT&T corporate stores and authorized dealers should not be permitted to complete transactions for ANYONE without first contacting the primary account holder and they should at the very least check the notes on the account before completing any transactions/changes to the account.  Since I feel that AT&T has not or will not go far enough to apprehend/followup on this fraud, I have registered a complaint with the FCC and the FBI.  I would encourage anyone who has been hacked to do the same.  Perhaps if the authorities hear from more of us, progress can be made.

lizdance40

ACE - Sage

 • 

78.4K Messages

4 years ago

@tmccool

It all starts with access to your email account.  Whatever account your ATT notices go to was the first hacked.  Once they had that information, they also hacked all accounts that send notices to it.

The notice was probably sent to the email, intercepted and deleted before you saw it.  Check your email trash.  

My advice:

1.   Change your email passwords and add 2 step verification.  During this process you will be asked to verify all devices that you authorize to use your email sign in.  When I first did this for my account, it showed a cellphone I had never owned.  

Google.  https://support.google.com/accounts/answer/185839?hl=en

Yahoo.   https://www.lifewire.com/two-step-authentication-yahoo-1174470

2.   Add the extra PIN number to your ATT account.  This should be a unique number no one can guess,not birth dates or SS#.   Save it in a safe place, I have mine in a fake contact on my phone, which syncs to my google contacts.  

3.  Change passwords or PIN numbers once a year.   

 

 

🐾 I don’t work for AT&T or any carrier. Never have, never will. My replies are based on experience and reading content available on the website. If you posted personal information, please edit and remove.

Award for Community Excellence 2020 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Tutor

 • 

3 Messages

4 years ago

Thanks. Already have done all that!
lizdance40

ACE - Sage

 • 

78.4K Messages

4 years ago

@tmccool

Good!  

Im actually impressed that ATT was able to show the complete trail of theft that occurred.  

Posts like these have me very security conscious.  

Especially since all my lines are upgrade eligible. 

 

🐾 I don’t work for AT&T or any carrier. Never have, never will. My replies are based on experience and reading content available on the website. If you posted personal information, please edit and remove.

Award for Community Excellence 2020 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Tutor

 • 

3 Messages

4 years ago

They have the resources to do much more for their customers!

Contributor

 • 

2 Messages

3 years ago

We had a passcode and our account was hacked the same way. Is this an inside job?
lizdance40

ACE - Sage

 • 

78.4K Messages

3 years ago

@Ursulak  

If you have both a password and a unique passcode, it is not possible to hack your account.  

  The passcode is only known to you and anyone you give it to.

I change the passcode regularly and absolutely do not use my SS#.  

 

 

🐾 I don’t work for AT&T or any carrier. Never have, never will. My replies are based on experience and reading content available on the website. If you posted personal information, please edit and remove.

Award for Community Excellence 2020 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Contributor

 • 

2 Messages

3 years ago

Thanks for letting me know.  The fraud department is claiming that the order came through the phone itself.  The are saying through virus or malware.  The phone in question is the line of my mother who only uses the phone for voice.  She did not even use the phone that day.  I was able to find the person at the address through facebook and they claim that they have nothing to do with it and their address was used by the hackers.  I don't think this is hackers but an AT&T employee at the store doing this.  Our account address was changed yet we received no email alerting us on any account change.  The only email we received was a thank you for your order for a brand new iphone and your existing phone was turned off.   So I'm not sure what else to do.  I have filed fraud alerts with the credit bureaus but I'm feeling very uneasy as I don't know  how much of my personal information was exposed.

lizdance40

ACE - Sage

 • 

78.4K Messages

3 years ago

You have a good start by alerting fraud.  If you aren't getting all emails, your email is probably hacked.  By hacking your email, the thief has access to change your password and other information.  

If the address ws changed, that is where the phones were sent and where the thief is picking them up.  Very fishy.   

Im sure ATT has locked the account due to fraud.  

Once fxed, make sure you are the only one authorized and add the PIN code to the My ATT app.  This prevents anyone with access to the phone from getting into the app to place an order.

I admit to a certain amount of healthy paranoia.  I change the PIN code every time it's used in a store.

 

🐾 I don’t work for AT&T or any carrier. Never have, never will. My replies are based on experience and reading content available on the website. If you posted personal information, please edit and remove.

Award for Community Excellence 2020 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
WipedOut

Teacher

 • 

13 Messages

3 years ago

Holy cow, you guys have a fraud department, CSR SAID YOU DID NOT.......I'm confused......

WipedOut

Teacher

 • 

13 Messages

3 years ago

I guess the important question is when you don't have an account to ATT account.....so you have to pay to be a customer.....but what about when you pay without being a customer.  Cap one just emailed me back with a reference number and said I would be able to get the police report after file so I could again make sure the  guy was at least in a few additional database and do my search on his NIC address which those guys rarely think to change.  The fraud I get, it's life.....the allowed idea that they are oke to use the service on my dime .... not ok and not ethical....

lizdance40

ACE - Sage

 • 

78.4K Messages

3 years ago

@WipedOut  You wrote you aren't a customer of ATT.  The fraud was on your credit card.  You have no business contacting ATT.

 

🐾 I don’t work for AT&T or any carrier. Never have, never will. My replies are based on experience and reading content available on the website. If you posted personal information, please edit and remove.

Award for Community Excellence 2020 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
WipedOut

Teacher

 • 

13 Messages

3 years ago

Geez.......attached has no business re-running denied transactions.....if
if they have my money why do I have no business contacting any business who
has my money.
lizdance40

ACE - Sage

 • 

78.4K Messages

3 years ago

I could repost, or just write "Re READ post 43", because I already told you the answer.  Actually, others told you the same thing.  You are a customer of the credit card company involved.  That's where it ends for you.

 

🐾 I don’t work for AT&T or any carrier. Never have, never will. My replies are based on experience and reading content available on the website. If you posted personal information, please edit and remove.

Award for Community Excellence 2020 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
WipedOut

Teacher

 • 

13 Messages

3 years ago

Perhaps you are negating the issue, ATT has zero ability for any person(s) to prove or even mention fraud took place.  This is not as much for my benefit as it is for the company.  Let me ask this if it were your company and your rear on the line at every shareholder meeting to explain profit and losses would you want the shrink/loss/fraud portion of the statement to improve or degrade?  After you answer that, how can it when your customers are the ones causing the loss.  Sure they have already built the network they use but any call they wish to send out of the country is charged by pennies a minute with CLEC's paying on average of 3 cents per minute.  The money is lost so you, their customer now pays.  You're are correct, it doesn't bother me anymore.  Thinking of it this way, you are paying in the end not me.

 

Thanks for the smile 😉

Get started...

Ask a new question