Got this from AT&T today:
Dear AT&T Internet Service Member:
We have recently noticed an increase in the number of “phishing” emails being reported among both our members and other Internet services. These emails attempt to obtain your personal or account information by falsely posing as a reputable company, such as AT&T, and ask you to reply by verifying your account information.
As general policy, we do not ask members to supply or verify Member ID and/or password information in email communications.
While it is necessary to send our members occasional email messages requesting updates to their personal or payment information, those requests will always direct you to a secure AT&T site, like the Member Center, that requires you to authenticate by logging in to access your account information and make changes. (Secure sites are designated by an ‘s’ after the “http” in the address bar and a lock icon at the bottom of the screen.) We will not ask you to reply to an email message with this information.
Should you receive a request to provide this information by replying to an email, do NOT replyto it and do NOT provide your account information or password.
If you have any doubt of a message’s authenticity, you can forward the email to email@example.com.
More tips on how to identify and avoid phishing scams can be found at www.att.com/safety.Simply type the URL in your navigation bar.
We hope you find this information helpful. Thank you for being a part of our online community!
Your AT&T Internet Services Customer Care Team