AT&T SMS Message Offering “Rewards” Is a Scam.
A new phishing campaign, discovered by Malwarebytes Labs, targets AT&T customers with text messages about their bonus points expiring. Users are urged to redeem their points as soon as possible by clicking the link, which is actually designed to collect sensitive personal information.
AT&T rewards scammers who trick people into giving up personal information.
Victims of this scam received SMS messages with “Points Expiration Notifications,” urging them to redeem the points on their AT&T accounts before they expired. The message specified the specific number of points and the expiration date, along with two “recommended redemption methods”:
-
AT&T Rewards Center: [short link]
-
AT&T Mobile App: Rewards Section
As Malwarebytes discovered, the shortened link directs users to https://att.hgfxp[.]cc/pay/, a fake website with AT&T branding, titles, menus, and links to the real AT&T domain. Users are prompted to enter their phone number to confirm their account, after which a warning appears stating that their points will expire soon. Below, redemption options are listed, including an Apple Watch Series 9, Sony WH-1000XM4 wireless headphones, and Amazon gift cards.
To receive the reward and arrange delivery, victims are asked to enter additional personal information, which is then transmitted directly to the scammers. Malwarebytes notes that these forms are checked in real time and feature error highlighting, making users less likely to suspect fraud.
Signs of rewards scams
This scam uses social engineering techniques —such as creating a sense of urgency and fear of missing out—to trick victims into contacting it. While it appears quite credible and uses a multi-step approach to gain users’ trust, it does have some clear red flags. The message is sent from a regular phone number, not a short code often used for automated messages, and the sender is not listed as a known AT&T contact. The conversation also features multiple recipients and a standard greeting. (You will receive a genuine message from AT&T.)
Furthermore, the shortened URL leads to a website not owned by AT&T. While the page has realistic branding and working links, it also contains a number of typos, grammar, and spelling errors. Malwarebytes found that if you click the link on different days, the link’s expiration date on the site changes.
As always, avoid clicking links in unsolicited text messages. AT&T has a loyalty program, but to manage your rewards, you should go directly to the portal through the website or app.