AT&T Cold Calls You, Demands 4 Digits Of Your SSN, Disconnects Your Phone

Dustin paid the price for following Consumerist’s advice and never giving personal information to people who call and claim to be from your phone company or your gas company or your bank. Someone called Dustin claiming to be AT&T and demanding that he confirm the last 4 digits of his SSN. Dustin honestly thought, as we would, that it was a meth-addict trying to get his SSN.

Turns out, the weirdo on the other line was really from AT&T and proceeded to disconnect Dustin’s phone. Oh well. The rule still stands. Don’t tell strangers who randomly call you your SSN or part of your SSN (it can be used to reset passwords) or your mother’s maiden name or, really, anything about you. Tell AT&T you’ll call them back, then call their switchboard.

“Hi, this is Bob from AT&T, I just need to confirm your address and ask you for the one piece of information I’m missing so I can empty your bank accounts, ha ha ha,” is the oldest trick in the book.

Read Dustin’s email inside.

Hi Consumerist,

At 9:30 this morning I received a phone call from someone claiming to be from AT&T/Cingular. They said my bill had been sent back and they needed to verify my address. I started saying my address, but the CSR interrupted and asked for the last 4 digits of my SSN. Coincidentally this is the info needed to reset a lost password, etc, within their website info. When I made the appropriate ‘balking’-type grunt, the CSR insisted that it was only the last 4 digits of my SSN. At this point they were definitely sounding like methed-out identity thieves (MOIDs) who had stole my wireless bill. While I’m not sure what could be accomplished with my phone #, address, and last 4 digits of my SSN,

I’m not going to presume what a MOID could come up with. I asked them to contact me by email, which the CSR replied “We can’t do that”. I said I had to go and hung up.

Next time I tried to make a call, it turns out my phone had been disconnected and I would have to call them on a landline to get it turned back on. This process was relatively painless and took me about 5 minutes. My bill had got sent back to them because at some point my apartment number had somehow disappeared from the address on file. The CSR on this call apologized and said they should have sent me a text message before calling me. However, I still would have been suspicious there as well — what difference does a random text message make?

So, in conclusion, when AT&T (the new Cingular (the new AT&T)) loses your address in their files, they cold-call you like a MOID would and disconnect your line if you don’t give them the personal info they demand. Luckily, I wasn’t trapped under a snow bank or something.


AT&T should know better. You did the right thing, Dustin.

Consumerist asked AT&T for more information about their policy on cold calling customers and asking for personal information. We also asked if they had any information on preventing ID theft. AT&T chose not to respond to our inquiry.—MEGHANN MARCO

(Photo: cmorran123)


Edit Your Comment

  1. Wormfather says:

    But, but, but, what happens when you call AT&T and a meth addict is their CSR.


    Now I’m having a “What About Bob” moment.

  2. snazz says:

    Sprint has done something similar to me twice. In each occurrence, i told the rep that i didnt feel comfortable giving that stuff over a cold call. I asked him what department needed my information and that I would call the main Sprint CS number and speak to someone there. Both times, I was told who to get in touch with, I called the number I knew and fixed whatever issue.

  3. Hawkins says:

    Mr. Snazz’ approach seems to be the correct one.

    Mr Wormfather’s point about drug-addled CSRs is valid. I will now make it a policy to ask the CSR, pleasantly, if they’re high, at the beginning of the call.

  4. castlecraver says:

    Exact same thing happened to me about two months ago. When I balked at giving out my last 4, the CSR happily suggested that I call back to their main switchboard and select “billing” to have the issue resolved. I did, and took care of the issue without any trouble.

  5. enm4r says:

    @snazz: The one time I received a cold call was from my mutual fund provider, and they actually called and told me about the address problem, and then provided the number to call back. They didn’t expect me to give out the info on a cold call, and I wouldn’t have, but I was impressed by the way it was handled from the start.

  6. Wormfather says:

    @enm4r: But if they’re giving you the number to call, they could be giving you any number. But then again a meth addict wouldnt think that far in advance (I know, I need to let it go)

  7. Buran says:

    Time for an executive email carpet bomb?

  8. OnceWasCool says:

    It is a crying shame what is happening with companies like ATT/Cingular. They get all drunk with power setting in meetings and come up with dumb ideas.

  9. Shadowman615 says:

    Well I guess it’s good to write down the name/ID of the person calling *just in case* it actually is AT&T. Then you can at least attach a real person to the complaint.

  10. wyckedone says:

    How could the CSR really expect someone to trust a cold call like that? They should do something like “Please call the customer service line within 48 hours” instead. At least know who you are talking to that way.

  11. banned says:

    As unfortunate as it is, like he says, it was a 5 minute inconvenience. Hardly worth mentioning. Really, AT&T gave him the courtesy of a call. When I worked for T-Mobile, they didn’t call, just disconnected the line. It is a fraud prevention measure and it works rather well. I’m sure the 5 minute inconvenience far outweighs somebody stealing your identity, giving a fake address, and putting a password on the account which can, depending on where you live, cost you an entire days drive to and fro to the closest corporate store to straighten it all out.

  12. toddkravos says:

    or – better yet – for address problems they could use the USPS system that is available to large corporations to do address checks.

    the company i work for uses it all the time to validate return mail ‘issues’ and ATT/Congulair -whatever they are called this year is certainly large enough to have this at thei disposal.

  13. djanes1 says:


    I think it was Elisa?

  14. doodbugboodles says:

    I have dealt with SBC, Cingular and AT&T. I hated SBC, Cingular at least was better than Sprint and the new AT&T is horrible as far as I am concerned when it comes to customer service.

  15. enm4r says:

    @Wormfather: This is true, they could just be giving the number, but I do distinctly remembering the “you can verify this number on your previous statements or by going to the website.”

    To a certain extent, the very fact that they said that will probably convince most people that it’s a legit number, but the fact that they’re dealing with huge amounts of money, full SSN, etc, I think the approach they took was the right one from the onset.

    I’ll give a clever meth addict enough credit to give their callback number, that already puts him in the top percentile of meth addicts. But the day I learn of a meth addict in such need of money that he sets up a toll free number and uses a callback scheme that tells people to verify the number, hoping that they wont, I’ll donate to his cause.

  16. ptkdude says:

    It’s all well and good that he didn’t give out any bit of his SSN, but I’m not entirely believing his story here because of one thing:

    When AT&T cuts off your cellphone, you can still use it to make any calls you want; as long as you want to call them (or 911, of course). They would not have actually disconnected his phone, they would have “hotlined” it. That means anytime he tries to make a non-911 call, the switch will automatically reroute the call into an AT&T VRU, which will allow him to reach an agent. AT&T/Cingular/BellSouth Mobility/SBC Wireless has been hotlining phones for years.

  17. Wormfather says:

    @enm4r: Yeah, I guess it’s easier to just snatch a purse.

  18. djanes1 says:


    When I tried to call my friend after my phone had been disconnected, I got a recording saying this phone number could no longer be used, and to call their 1800 number from a landline. I didnt try calling 911.

  19. Nytmare says:

    My calls to 911 keep getting routed to Cayenne. But that’s just not my style, man.

  20. phypennwl says:

    @djanes1: I think it would’ve been funnier if you did try to call 911. Though the resulting story might’ve been better for Fark than for Consumerist.

  21. TechnoDestructo says:


    Makes sense. I had Virgin mobile do something similar to me (under different circumstances). It is a pretty certain way to confirm the identity of the caller. (Unless his MOITs can redirect his phone calls)

  22. bossco says:

    I think the ATT guy should have at least offered a call back number for the customer before shutting off the phone. From past experience I would suggest that if your DON’T get you utility bill on time, you might get suspicious someone snatched it from your mail or it got lost in the system. It might be proactive to call your utility company to report that you never received a bill before something gets turned off.

  23. Bay State Darren says:

    @nytmare: Just how often do you need to dial 911? If it’s often enough, you might wanna really look into fixing that.

  24. :/ Seems like classic Cingular / AT&T moments to me…

  25. krunk4ever says:

    The text message most likely would’ve told you to call customer support to confirm your address. You don’t really ever send your address or even your SSN (last 4 digits) over text message.

  26. jmoneystl says:

    I just had Bright House cable internet installed (Orlando, FL). When he was all finished, the contractor showed me the form to sign and I gave it a once over and signed it. He then said to put the last 4 digits of my social on a line at the bottom that was labeled “ID” or something ambiguous like that. I did it. Only now do I realize how stupid that was. I guess I figured the last 4 weren’t that powerful. But why would he even need them? The cable was already installed. Sigh.

  27. hoo_foot says:

    I had Comcast do something similar–cold call me and demand a credit card number to pay for a late bill. When I told the rude CSR that I would take care of through their website or their 1-800 number, she got extremely huffy. When I pointed out that I had no way of knowing if she was an identity thief or just Comcast, she sounded suprised. She apologized and gave me a direct number to the billing department to resolve the issue.

    I still wonder how many credit card numbers this CSR was able to coerce out of people before I questioned her tactics. This was clearly the first time in her career that it happened as it caught her so off-guard.