ITW logo with text ‘Cybersecurity News You Can Use. We’re always keeping you safer online’ over a dark green abstract background.
  • In this edition: The holidays are prime time for scammers. We’ve got their latest tactics.
  • Does your shopping list involve buying from social media sites? Watch this video first. 
  • Here’s who qualifies for payouts from AT&T as a result of a cyber breach settlement.
HoHo Hoax ITW b

Using Social Media to Do Holiday Shopping? Hold On!

Have you ever bought something from a social media ad that didn’t arrive or wasn’t what you were promised?
Join in if you’d like. Everything you share is anonymous, and we don’t collect any personal information. Your privacy stays yours.

Cybersecurity News You Can Use

Holiday Click Season

Three cyber stories for you as the end-of-year holidays approach: Malwarebytes is reporting on a rash of “Congratulations, you’ve won a $750 Walmart gift card!” messages. These are scams designed to pull you into endless surveys and collect your personal information. The pages look harmless, but they’re just trying to grab details like your name, phone number, and address so they can sell your data or target you with more ads. If you see one of these offers, skip the click. Nope, Walmart isn’t handing out gift cards through random pop-ups.

Scammers are running a massive phishing campaign impersonating well-known travel sites like Booking.com, Expedia, and Airbnb. They send emails asking you to “confirm” your hotel reservation, then send you to a fake website that looks real and tricks you into entering your credit-card information. If you ever get an unexpected message about a reservation, don’t click the link. Go directly to the travel site or app you usually use to check your booking.

And ‘tis the season for fake package delivery notices: Amazon is warning its 300 million customers about scammers faking delivery updates, special deals, and even tech-support calls. The safest move is to shop and track orders only in the Amazon app or website. Never trust links that show up in texts or emails, no matter how real they appear to be.

AT&T Settlement

Reader question: I’m seeing stories about a big payout for AT&T customers because the company suffered a cyber breach. I’m an AT&T customer. What should I do to get paid? 

AT&T suffered two significant data breaches last year. If you were an AT&T customer between 2019 and 2024 and your personal information or call records were exposed, you may qualify for some proceeds from a legal settlement.

Most people can expect payments of several hundred dollars unless they prove they also suffered financial fraud or identity theft. In those cases, payouts could reach $5,000 per incident.

AT&T customers can file a claim online at telecomdatasettlement.com or mail it by December 18. They’ll need their AT&T account information, along with any breach notifications they received via email, text, or regular mail. If you didn’t receive a notification from AT&T but were a customer during those years, call the help line at 833-890-4930 or check that website.

Business Insider says that if you suffered identity theft or financial losses from this breach and intend to claim a larger payout, you’ll need receipts or a fraud report to prove your losses.

ITW logo in dark red with stylized letters and diagonal lines on the left side.
Shield icon with red exclamation mark above the word ‘Report’ and a dropdown arrow.

 

The most important step you can take when you suspect you have received a phish
is to report it to the local ITW Support Team as soon as possible.

This allows them to eliminate the threat from other inboxes as well, quickly. 

Reporting a Phish is made easy: just use the PhishAlarm Phish button