ACCORDING to Malwarebytes, a phishing text impersonating AT&T pretends that a recipient’s rewards points are about to expire and uses urgency to lure victims. The message claims the recipient has 11,430 AT&T reward points that expire on 26 January 2026 and directs them to a shortened link or the AT&T Mobile App Rewards section.
The campaign then leads users to a site designed to look like AT&T, where after a phone number verification a dashboard shows points expiring in two days and prompts the user to select a delivery method for gifts such as Amazon cards, headphones, and smartwatches. The attackers harvest personal details through a “Delivery Information” form and transmit them to a malicious endpoint at att.hgfxp[.]cc via JSON POST to /api/open/cvvInterface.
The report notes the phishing kit mimics att[.]com with real links and uses front-end validation to maximise data capture, underscoring the need for caution when handling unsolicited reward messages.