06-06-2013 9:36 AM
Subject of email:
WARNING NOTICE from the AT&T Internet Services Security Center
This email is to advise you that your account may have been compromised. We recommend changing the passwords on your account(s). In case of active misuse the account will have the password invalidated. Be sure to select a password not used previously.
I've spoken with a few different people at AT&T. We've reset the password each time. Reset the security questions. Last thing we tried was to download the McAfee security suite. It was installed on our computers and no threats found. We have all Mac computers.
Something is not right with our account. Any help would be appreciated.
06-06-2013 11:40 AM - edited 06-06-2013 12:01 PM
Is AT&T confirming that this message actually is coming from AT&T? It's quite possible it didn't. I got a message this morning supposedly from "Snet Security Department.." with the subject line "department of snet" about my email account. I pasted it below. The word "Login" was a link to a website that was a variation on the word snet, and there’s no way I was going to click on it. I can tell from the wording and incorrect capitalization of SNET that this is a phishing expedition from someone most likely in China, Nigeria, Russia or one of the former Societ republics who have no idea that SNET is an abbreviation. Folks at AT&T would certainly get it right! . Did your message provide a link to click on? If it did, I hope you didn't.
The bogus message:
This is only a notification. You do NOT need to respond.
Your account has been deactivated and will be deleted from our user registration database in approximately 90 days. This delay is necessary to discourage users from engaging in fraudulent activity. To satisfy terms agreed to in the Yahoo! Finance Terms of Service, personal information for users subscribed to Yahoo! Finance Premium Services will be kept by Yahoo! for at least 3 years after the subscription date. If you did not request this action please Login and activate your account.
Snet! Member Services
06-06-2013 12:06 PM
Yes, they confirmed it came from them although they (my first contact and whoever they spoke to in Level/ Tier 2) said they could see no reason why we were getting the message.
I'm familiar with phishing emails with hidden urls in otherwise "normal looking" links. Each link in the email was an ATT link and they also linked each of our sub accounts.
BTW- we changed the passwords and security questions on each sub account too. (Luckily only 7)
06-13-2013 8:01 AM
Right on time... received the warning message........again....... yesterday the 12th. Exactly 6 days after the last time (on the 6th).
ATT support says there is nothing on their end that could cause this problem. They believe we have a virus or malware on our computers. While possible, we're all Mac OS, so the chance is very slim.
Even so, we've run two different anti-virus programs on each computer (no threats found). And the newer computers on the network that run the latest OS have built in virus/ malware protection.
While I would be relieved to find out it's something we're missing on our end, I can't help but think I'm chasing my tail when the real issue is with ATT somewhere and will "magically" correct itself at some point.
9 times and counting since 3/262013.
06-18-2013 2:33 PM - edited 06-18-2013 3:08 PM
"Leanne" who is a Customer Advocate called to discuss our issue. She called Yahoo who told her that our issue is most likely caused by having too many emails stored on the server.
Allegedly, we have 4,000 emails stored on the server. I checked the account in question and did not see anywhere close to 4,000. One thousand maybe.... maybe... if you combine inbox, spam, trash etc.
Since we use mail clients, the only folders used on the webmail are inbox, spam and trash.
I've updated our email client to remove from the server, emails over 1 week old (was set to "never").
Today is the 6th day since the last lock-out (so far so good), so we'll see in the next week or so if this solved the problem.
06-26-2013 6:55 AM
Final Update (hopefully):
Another week has passed and we have not received the security warning email from ATT since that last time on the 12th.
So either: the problem fixed itself, the call from Leanne forced the fix or deleting the emails on the server cured it.
I'm happy with any of those as long as it's gone.
08-13-2013 1:00 PM
Well... I had high hopes, but now, after a couple of months, the problem is back again. Just had to reset the password again and, when I had access to the account, I saw we received the hacking/ compromised email.
Back to the drawing board.
08-14-2013 1:12 PM
We received your private message and one of our managers will be reaching out to you shortly.
08-26-2013 3:07 PM
Talked with a rep from ATT who researched our problem and could not figure it out so he escalated the problem. The only answer they had was that the account was now unlocked (of course, since I reset the password). When asked if they knew why, this is what I received:
We got locked out....... again..... over the weekend. This makes 11 times since 3/26/2013 that we've been locked out because of an alleged "hacking" of our information.
To be completely honest I am unsure as it is a Yahoo issue and the best way to find out would be to continue to contact the Yahoo team.
08-28-2013 12:40 PM - last edited on 08-28-2013 1:37 PM by Phil-101
For those interested...... I spoke to Regina at Yahoo Support. She could see no reason why our account was being flagged as compromised or hacked. e.g. no suspicious activity, no random IP log-ins, no mass emails being sent etc.
She "reset the flag and rebuilt the box" and said she thought this would fix our issue, but it was hard to know for sure because we weren't currently locked out. She also could not help further because it's a "Free email"- of course we get this "free email" with our "paid" DSL service.......
She emailed me a link where I could get further help if our account gets locked out again. The idea is to contact them while we're locked out.
[Edited to comply with Guidelines]