T-Mobile offers a variety of support channels to serve customers. One of the more popular methods is messaging support through T-Force. T-Force is T-Mobile’s specialized social media support team, and are reached by sending messages to T-Mobile on either Twitter or Facebook.
Those in “the know” about T-Force may also be more aware of when links may look suspicious. Unfortunately it looks like a new form being hosted remotely is scaring a few customers and raising a lot of questions.
According to multiple sources, T-Force, and perhaps other support channels, are now using a third-party company called Khoros to host secure forms for customers to fill out. As shown in an example below, a customer is sent a “Handset Upgrade Form” from T-Force, which leads to a very suspicious looking URL. We’ve redacted any identifying specifics from the chat and the URL to protect identities.
The link, however, is legitimate. Multiple employees have confirmed to us here at The Mobile Report that the form is part of a new service that social teams are using to collect sensitive data. Below is a screenshot of the form the link goes to.
It’s a good thing to have secure forms, because it allows customer service to provide detailed support for a customer’s account without having to personally see and receive private information.
That being said, it’s not clear why T-Mobile isn’t simply hosting this type of form on their own servers. As far as we are aware, the company was doing so previously, with sensitive information forms being hosted on a T-Mobile domain. Having the form go somewhere else, especially to a website most customers have never heard of, is just asking for trouble.
It’s also not exactly comforting that the company hosting the form, Khoros, bills itself as a company that uses AI and automation to comb through “a treasure trove of data”.
“Khoros is combining generative AI with a treasure trove of data, world-class automation, and digital engagement tools to create the perfect support experience.”
https://khoros.com/
We’ve reported in the past that T-Mobile is ramping up their integration of AI, especially on the customer service front. Back in April, we confirmed the company has AI chat bots for employees to use internally, sometimes with hilarious results. Customers also have to “opt-out” of AI data collection, which is set to “on” by default.
Trying out AI internally is one thing, but relaying sensitive data via a third-party company is another. I’m sure the company will say everything is secure, but we all know how that goes with T-Mobile. Then again, perhaps the data is more secure being handled externally.
All that being said, if you encounter a suspicious-looking URL sent from T-Mobile, it’s probably legitimate. Keep your guard up anyway, though.