My on line account was hacked on March 12. The thieves somehow accessed by on-line account, changed my email address and home address and my passcode and then added two new authorized users to the account. I never received a notification of any changes to my account despite having my account flagged for notifications. I discovered the fraud when my phone and my daughter's phone suddenly had no service on March 13. I went through all the troubleshooting steps to reactivate the phone. When that didn't work, I initiated a "chat" session on line. After about an hour of "chatting", the agent was not able to solve the problem so I called the 800 number. In the meantime, my daughter, whose phone was also disabled, called my husband's phone to tell him she had been in contact with an AT&T rep who informed her their were multiple changes made to the account on line and that we should contact the fraud dept. It took several hours to reach the fraud department. I was able to have a very helpful conversation with an agent named "nick" from Nashville. He was very helpful and tried so hard to connect me and explained what had happened to my account. The thieves hacked into my account on line, made all the changes to my account and then (within two hours of hacking my account) proceeded to an authorized AT&T dealer to purchase two Iphone 7's using two upgrades on my number and my daughters. Nick stayed on the phone with me for at least an hour waiting for the fraud dept and then offered to call my husband's phone as soon as he was able to connect. Finally, about an hour later, Nick called with the fraud dept on the other line. But, when Nick hung up, the fraud dept was gone. When I tried to reconnect, I got a message that the office was closed. I was, however, very determined resolve the issue because now I was concerned about all my accounts being compromised. So I kept trying and finally around 8:30 p.m. I reached someone in fraud who was able to disable the phones that were purchased and restore the correct information on my account. I was told that we would need to go to an AT&T store to have the SIM cards replaced in our phones before they could be activated, which we did the next day. What happened next was eye-opening. The rep at the AT&T store showed my the detailed trail of transactions that occurred on my account -- which is what all the authorized representatives are able to see. Not only is there a timeline of the changes to my account, but there is also a record of where the phones were purchased. My question to the fruad dept and the agent was why wouldn't someone question these people making the purchases on my account in light of the changes made just hours before of very important information like my email account and address? Also, why was I never notified of any changes to my account which is also passcode protected? How were they able to make the changes to my passcode and email without any notification? Something else that is curious about all this is that my son in Philadelphia, who was an authorized user, purchased an upgraded phone from an AT&T store in Philadelphia on February 28. The thieves went to a store in Brookhaven to purchase the new phones, which is only about 30 minutes from the store my son visited. My son did not have the password or passcode for the account. When I mentioned to the fraud dept that I suspected that this "hack" was an inside job, I was told that my home computer could have been hacked; however, I have McAfee security software -- which is what AT&T recommends and I checked my security report which showed no breaches. So I called the fraud dept back on March 15 to ask what they would do to follow up on the fraud. I was told they would monitor the IP address and the store where the sale was made. I asked if the incident would be reported to law enforecement, but the agent said that she did not have that information. To apparently console me, the fraud dept. agent said that rarely is an account hacked more than once! Imagine that! I was not comforted -- only more determined to do something about it. So my conclusion is that AT&T has some serious flaws in their security system. First of all, as a result of all this, AT&T has added another level of security to my account. My question is why wait until a customer's account is hacked -- why not initiate the securest access for all customers--which involves entering both your password and passcode to access your account? Also, agents at AT&T corporate stores and authorized dealers should not be permitted to complete transactions for ANYONE without first contacting the primary account holder and they should at the very least check the notes on the account before completing any transactions/changes to the account. Since I feel that AT&T has not or will not go far enough to apprehend/followup on this fraud, I have registered a complaint with the FCC and the FBI. I would encourage anyone who has been hacked to do the same. Perhaps if the authorities hear from more of us, progress can be made.
↧
