
New Member
•
2 Messages
Fake account & usurpated mail address ?
Hello guys,
Thomas, i'm from France & i've no account or telephone subscription to AT&T, but i'm receiving emails from AT&T for a subscription that i didn't (the mails are legits, i rode the headers & they're really from AT&T). I think somebody use my email address for registering to AT&T services.
Above, headers from the last mail from AT&T :
Delivered-To: [email scrubbed]: by 2002:abe:fb85:0:b0:35b:783f:c430 with SMTP id z127csp1023037vlh;Fri, 10 Mar 2023 07:17:07 -0800 (PST)X-Google-Smtp-Source: AK7set+ONJSLcxo8GacmuclR161vnsuP+c+ixDoiHx9lvGuMwDwrZgDGSQhQy3HqUmFJi6EnPO1kX-Received: by 2002:a05:6830:26e0:b0:690:c284:f16c with SMTP id m32-20020a05683026e000b00690c284f16cmr1081554otu.11.1678461426713;Fri, 10 Mar 2023 07:17:06 -0800 (PST)ARC-Seal: i=1; a=rsa-sha256; t=1678461426; cv=none;d=google.com; s=arc-20160816;b=MjXWvveLY/LDT1wCHF/UliW6ARSXumbQWm9MjpBoMZ28k0vQ5e0KPlbdQgGeD/GJp87xzzTImnQCZMQiZwvDQ77NGni6uuuMCc7Yyvtmx3gY1NOSqez9WRO1jlVZLTtygsHmQ8Lo/abob9gve7mMTdFxTp+KWUF/QNHNFJ/V9OXvFfyPlAVJC06FVIodlbUw8zuSQ7uRk6TIGy/FRaP9/yFBr87sBXM6i8R1oQU3m9WbnnDcdY7cT7ryhZA/Ik7cDkVLXeQcV95wYP7vFzaZiLdTZ5LI/xG7mDnsBRus75+rufJfysdqTfaCpjamxS+6tJ27/qNJmDwrWzrd2OGKwA==ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;h=mime-version:subject:message-id:to:from:date:dkim-signature;bh=Yl+iyrKIOprF0UI8lcSLQfi64SFauJFketG7m075ZXM=;b=zGdRiwEGboVvlJHBXzGvRuabD+6aZs7k1DjW4RJ77zTCk3ofd2VHax6zzFdlBrbl1VmrHIFYw5CDr7FF0WnBSd35LNBsgfPW4qPTfI+znfoSDZ4UWvCeoj1GJUEJh/f7PZX2XXi8pY4JrL/YtNWPloKMIexc/+shREWDee822sT43IOXD+FeWORKCsxzgWoMQzu3wAT594owIyBl+cT1uUiaZqMJ1jeU5vP1uKo2ooLTpOrCV5UIYVlNdj3pBKKWZtUyRV0NuiKd5Lf/gISd0COLyE4Ui6F5+O8Jq++Wzujf6M4wMFYxmlvpSXyT8yZwOSjVX4eMpPD+xmv9QtFazw==ARC-Authentication-Results: i=1; mx.google.com;dkim=pass (test mode) header.i=@emailff.att-mail.com header.s=egs03 header.b="lF8coY/S";spf=pass (google.com: domain of [email scrubbed] designates 144.160.128.152 as permitted sender) smtp.mailfrom=[email scrubbed];dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=att-mail.comReturn-Path: <[email scrubbed]>Received: from egssmtp03.att.com (egssmtp03.att.com. [144.160.128.152])by mx.google.com with ESMTPS id 7-20020a9d0687000000b0068bd3c5600asi257809otx.127.2023.03.10.07.17.06for <[email scrubbed]>(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);Fri, 10 Mar 2023 07:17:06 -0800 (PST)Received-SPF: pass (google.com: domain of [email scrubbed] designates 144.160.128.152 as permitted sender) client-ip=144.160.128.152;Authentication-Results: mx.google.com;dkim=pass (test mode) header.i=@emailff.att-mail.com header.s=egs03 header.b="lF8coY/S";spf=pass (google.com: domain of [email scrubbed] designates 144.160.128.152 as permitted sender) smtp.mailfrom=[email scrubbed];dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=att-mail.comReceived: from egs-westus2-prod-app-vm-01.az.3pc.att.com ([135.170.33.82]) by egssmtp03.att.com (8.15.2 BerkeleyDB.5.2/8.15.2) with ESMTP id 32AFH5Gl004289 for <[email scrubbed]>; Fri, 10 Mar 2023 07:17:05 -0800
Does the domain att-mail.com belong to AT&T ?
Above all the mails (except the 2 first - sorry i though they were spam) :
Best regards,
Thomas

Best regards,
Thomas
PS : i sent a report to abuse@ , the request number (and subject) is :
Re: Email address spoofing (or human error) [030423-154029-40744-00]
ATTHelp
Community Support
•
225.6K Messages
9 months ago
We're here to get to the bottom of these emails for you, @th0mas1979!
If you believe that someone used your email to set up an account, you can report an unauthorized AT&T account or service.
If you know it's wireless you will need to call us at 877.844.5584 If it's digital phone, internet, or U-verse® TV accounts, call 888.471.4576.
Let us know if you have any other questions or concerns. Thank you for visiting the AT&T Community Forums!
CalebP, AT&T Community Specialist
0
0
th0mas1979
New Member
•
2 Messages
9 months ago
I just realise that the number you gave me is located in the USA. I'll not pay a transatlantic call for your incapacity to secure your system. It's not normal that a malicious person could open an account on AT&T network with an usurpated email address.
With the GDPR you MUST give me an access to my information : i could suppress my email address from this account. But I can't. Because your procedure is secure after an account has been created (i can access to an account only with a U2F / confirmation by SMS, BUT i can create a fake account with an usurpated email : eazy-peazy).
Do i send a mail to a famous ePaper/security e-zine to explain this problem ? Or you'll do the necessary to remove MY email address from this account?
Regards.
Thomas G.
(edited)
0
0