Phishing? Or real email?

We are all increasingly aware of how dangerous the dark ocean of the worldwide web can be. The possibility that evildoers are trolling the waters in which we swim with the goal of hooking our personal information lurks in every message we receive, no matter how innocent looking it is. Two key rules we are admonished to follow for protection are 1) not to respond to emails asking us to go to a link and enter our password information and 2) to scrutinize even the most official looking email for small errors which would be an indication that they were forgeries. It was with this in mind that I read an 'important security notice' from ATT , one of the ISPs I have an account with. The security notice told me that due to recent issues with customers' passwords being deciphered because they were too simple, I had to go to my account before February 15th and change my password to something more complex or my accounts would be disabled. Notably, this email included my name and an 'account number'. The links in it appeared to go directly to ATT. But I was suspicious for two reasons. One was the tone of the message; if you do not act we will disable your account. That's a common element of phishing messages- the threat if no action is taken. The other was that the salutation of the message had a typo. It was, it said, sincerely from "You AT&T Worldnet Customer Care Team". The missing "r" seemed like the only flaw in what was otherwise a clever and carefully written email.

The day this message arrived was a chaotic one, and so it was that I didn't act on the email. Early the next day, I was troubled to find two new copies of the email in my box. It is not uncommon for spammers to hit a possible target multiple times, so this encouraged me to believe that the original was spam. On closer examination, though, I was horrified to note that these emails, again with my name and the account number, had actually been addressed to two separate 'subaccount' emails attached to the main 'trlboss' account. That meant, I thought, that whoever had sent the messages had figured out who I was and had tied three of my account addresses together, not a good sign. The fear that someone was already gathering information on me stirred immediate action. I logged into the AT&T website. The site included a section where service bulletins and notices about scams are posted. Looking there, I didn't see any evidence of a phishing scam similar to mine. That meant it was either really new, limited to someone targeting me, or perhaps a legitimate message. The last possibility encouraged me to go through the Member Services section of the website, logging into my accounts, and looking for evidence there of some notice to 'change my password by February 15th'. I did not see a thing.

Several hours passed because I had work to do despite my anxiety. So it was not until late after noon that I called the AT&T Customer Service number to talk with a real person about the problem. My wait time, I was told, was approximately five minutes. I put the phone on "speaker" and suffered through the awful music and cheery announcements. Finally a man came on the line and inquired as to my problem. I did my best to explain it, citing the three messages, the personal information included, and the admonition to change my password. He listened through most of my description but then broke in to say, "yes, this is a service bulletin we sent you" about changing your password for your security. I told him that I was very relieved to hear that. I also said that I would have been less mistrustful of the messages had it not been for the typo. He apparently had a copy of the notice onscreen because he immediately said "oh yes, that's not correct. I am so sorry." I thanked him and said I hoped he would be able to pass the word up the line to whatever "team" was in charge of the messages so that they could solve the problem. Otherwise, I noted, some folks would likely dismiss the messages as spam and be upset when their accounts were disabled. "I understand completely. Yes, you are correct," he agreed.
I hung up the phone glad that I was not being electronically stalked. And I went about my business. This morning I opened my email. I got another warning bulletin addressed to my fourth subaddress from "You AT&T Customer Care Team". I guess I've done my part.