The problem lies in the way AT&T handles its customer alerts via text messages, as it’s very easy for cybercriminals to mimic. Computer programmer who discovered the flaw and reported it to the company. AT &T is making use of plethora for short codes, due to which its customers unable to distinguish between the legitimate and phishing messages. Some of the messages start in all capital letters: “AT&T FREE MSG” and at other times the messages are in all lowercase: “At&T Free MSG” The company declined to comment on this issue.
Source: https://thehackernews.com/2015/01/spoof-phone-messages.html