PSA: Phishing Attempt POSING as Comcast.

[Midpack]

We just had a phishing attempt hit us, if you pay Comcast directly you might want to watch for it. It was an email that said they were unable to bill us and that if we did not update our CC info our service might be cut off. The email could not have mimicked a Comcast message more exactly. The email came from an @comcast.net address and it did not ask for any information, but it did provide a link to update our Comcast account info. I opened the link, and the account info page that came up was an exact replica of the Comcast account info page in every detail. But I knew we were not overdue, we don't pay using CC, so I didn't fall for it.

Again, it's the most convincing attempt I've ever seen.

I cut-n-pasted the entire message and sent it to abuse@comcast.net at their request.

Just a heads up for any other Comcast users out there...

 

[Ed_The_Gypsy]

I have been getting some very convincing ones also. I opened one allegedly from one of our credit card companies. Very convincing, BUT...there is no way they could have my e-mail address. Spam bucket.

 

[target2019]

I'm surprised that comcast's mail server security, and various malware & spam filters didn't catch such a phishing message.

Or was this sent to a non-Comcast email account?

Shields up!

 

[rbmrtn]

This has become a common scam in the last year, targeting utility companies, telcos, cable service etc. Since most of these companies have a regional monopoly they blast out these emails to everyone in a specific region.

If you get one of these, mouse over the from address. Many time you can tell it is linked back to an address not associated with the company, many go back to .ru, .de etc some place in china. You should never click on any of the links in these email as the pages they take you to may be infected. If you need to verify your account, type the address of the company directly into browser address bar, do not use any link in the email. I don't even use the links I get from legit ones.

 

[braumeister]

... it did provide a link to update our Comcast account info. I opened the link, and ...

As rbmrtn implied, that can be dangerous. I would suggest doing a very thorough check of your machine for malware. It only takes a split second of connection to a bad website for them to install something (not to mention the fact that they now have your IP address listed as a live one).

 

[Midpack]

This has become a common scam in the last year, targeting utility companies, telcos, cable service etc. Since most of these companies have a regional monopoly they blast out these emails to everyone in a specific region.

If you get one of these, mouse over the from address. Many time you can tell it is linked back to an address not associated with the company, many go back to .ru, .de etc some place in china. You should never click on any of the links in these email as the pages they take you to may be infected. If you need to verify your account, type the address of the company directly into browser address bar, do not use any link in the email. I don't even use the links I get from legit ones.

I agree and we're very careful. We get emails from Comcast often, and this one was so perfectly devised that it did appear real including all the normal privacy boilerplate. I am guessing a savvy reader could have been fooled by this one...YMMV

As rbmrtn implied, that can be dangerous. I would suggest doing a very thorough check of your machine for malware. It only takes a split second of connection to a bad website for them to install something (not to mention the fact that they now have your IP address listed as a live one).

Thanks, very good advice. I ran a malware scan and fortunately turned up nothing. But you're absolutely right to suggest...

 

[rbmrtn]

I agree and we're very careful. We get emails from Comcast often, and this one was so perfectly devised that it did appear real including all the normal privacy boilerplate. I am guessing a savvy reader could have been fooled by this one...YMMV

Used be to be you spot the fake one by the broken english , grammatical error etc in the email. You can actually save a web page to file ( html ) then edit to your liking and then store that on the bad guys servers, then they send you an email with embedded links that open up the page on their server, looks identical to the real thing.

 

[Sue J]

I get a similar phishing email about our Time Warner Cable account. It says our cable TV service will be interrupted of I don't update our info. We don't have a cable tv account, only internet so I knew it was fake.

I always mouse over the link to check the address. Also, many of your true accounts will address you by name if it's real.

 

[obgyn65]

Do they have an "image" you have to check and confirm online before you log in their website with your passowrd, like BoA, ING or Edward Jones websites do ? I check my "image" every time I log in.

The email came from an @comcast.net address and it did not ask for any information, but it did provide a link to update our Comcast account info.

 

[Alan]

Do they have an "image" you have to check and confirm online before you log in their website with your passowrd, like BoA, ING or Edward Jones websites do ? I check my "image" every time I log in.

Whether or not you do have an image to validate that you are on the correct site it is too late to have stopped the site from downloading a keyboard logger or other malware. (Plus, to get to that image you will already have typed in your username)

As rbmrtn points out you should always access sites that have some of your financial information by typing in the site name or using a shortcut or bookmark you have previously set up in your browser.

Financial institutions annoy me when they send e-mails such as "Your statement is ready" and provide a link for you to log on. If they NEVER sent links in e-mails, people wouldn't get into the habit of using links within e-mails.

 

[braumeister]

Financial institutions annoy me when they send e-mails such as "Your statement is ready" and provide a link for you to log on. If they NEVER sent links in e-mails, people wouldn't get into the habit of using links within e-mails.

Alas, most of my account statements come just that way, and it annoys me too.

I have just one that takes a sensible approach, and they always include the following as part of emails that a statement is ready:

Notice: To help protect members from potential phishing attempts, Wright-Patt Credit Union does not provide direct links to our website in your eStatement notification. To access your most recent eStatement, newsletter, and copy of WPCU's Privacy Policy, please visit Wright-Patt Credit Union's website and enter your username and password in the member login area at the top of the page. Then click on eStatements from the main menu bar.

 

[Animorph]

I'm sure anyone who receives a real email from Comcast or anyone else would be able to duplicate the code and insert their own link into it. Return addresses are super easy to fake. Hovering over the link has usually worked for me. But even better is to access the website in your usual manner, such as a browser favorite.

 

[Corporateburnout]

Last week I was infected by a virus called "system progressive protection" thru an fake email I received from Fedex. It's a rogue security program that pretends as an antivirus program but sneaks into the machine by changing configuration and registry settings and launches a fake scan every time you reboot the machine only to find multiple viruses and spyware. You have to purchase the full version of their software to clean your machine but once you do this they have your CC info.

Fortunately I did not open their website but wasted a few hours removing it from my machine and since they now have my IP address they have since unsuccessfully attempted to load their virus again a few times.

 

[obgyn65]

But the BoA website already has my username in the first screen because their website already knows my IP address. When I clicked on ok on this first screen, then my selected image is shown on the second screen and I just have to enter my password to access my account. I guess this is safe, correct ?

(Plus, to get to that image you will already have typed in your username)
.

 

[Alan]

But the BoA website already has my username in the first screen because their website already knows my IP address. When I clicked on ok on this first screen, then my selected image is shown on the second screen and I just have to enter my password to access my account. I guess this is safe, correct ?

Another issue is that if you clicked on a link to a bogus BoA site then yes, you would not see your username displayed. But you have already accessed this site so it could attempt to download malware including keyboard loggers. A common trick with a fake site is to have a hot spot that looks like the X to close the window and when you click to close the window it downloads its payload.

Bottom line is, never go to your on-line accounts from a link within an e-mail.

 

[scrabbler1]

Last week I was infected by a virus called "system progressive protection" thru an fake email I received from Fedex. It's a rogue security program that pretends as an antivirus program but sneaks into the machine by changing configuration and registry settings and launches a fake scan every time you reboot the machine only to find multiple viruses and spyware. You have to purchase the full version of their software to clean your machine but once you do this they have your CC info.

Fortunately I did not open their website but wasted a few hours removing it from my machine and since they now have my IP address they have since unsuccessfully attempted to load their virus again a few times.

Some of those fake antivirus and fake antispyware programs are a real nuisance to get rid of. A friend of mine got hit with a few of them several years ago and it took hours to clean up the mess. Those programs often disable real programs designed to combat them which makes the task of getting rid of them that much tougher. I had to figure out first how to get my legit programs to run (a system restore to a date before the onset of the first pest), then they found the pests (more than one, it turned out, because once a system gets infected it seems to act as a magnet for other pests), got rid of parts of them, then it took at least 2 reboots for the legit scans (spybot S&D, malwarebytes' free version) to get rid of everything else.

 

[Corporateburnout]

Some of those fake antivirus and fake antispyware programs are a real nuisance to get rid of. A friend of mine got hit with a few of them several years ago and it took hours to clean up the mess. Those programs often disable real programs designed to combat them which makes the task of getting rid of them that much tougher. I had to figure out first how to get my legit programs to run (a system restore to a date before the onset of the first pest), then they found the pests (more than one, it turned out, because once a system gets infected it seems to act as a magnet for other pests), got rid of parts of them, then it took at least 2 reboots for the legit scans (spybot S&D, malwarebytes' free version) to get rid of everything else.

I had to reboot my machine in safe mode with networking then installed MalwareBytes which found the viruses but then I had to install an Avast rootkit program to kill it then I had to scan again after a standard reboot.

 

[target2019]

I had to reboot my machine in safe mode with networking then installed MalwareBytes which found the viruses but then I had to install an Avast rootkit program to kill it then I had to scan again after a standard reboot.

For extra insurance run MS file checker. It will check your protected system files. Cleaning up a system yesterday, I was almost at the finish line but could not fix a system file with various tools. MFC was able to extract and fix the file.

 

[rbmrtn]

But the BoA website already has my username in the first screen because their website already knows my IP address. When I clicked on ok on this first screen, then my selected image is shown on the second screen and I just have to enter my password to access my account. I guess this is safe, correct ?

BOA would not know your IP address, you typically have a non routing IP behind a firewall so the internet does not see it. Web sites like BoA will track you via cookies left from your browser session. The problem is, as others have mentioned, is once you hit the fake website it is too late, it has the chance to infect you.

 

[easysurfer]

The rootkits is one reason why I make some image of my HD for restore purposes. Once infected, it might take a long time to remove, if at all. If not possilbe or too much trouble, sometimes just gotta throw in the white flag and restore.

 

[ERD50]

Bottom line is, never go to your on-line accounts from a link within an e-mail.

Yes, and even more precaution is in order.

Don't allow automatic loading/display of emails. An html email can have links to websites, and 'bad guys' include a link that is tied to your email address. Merely allowing the email to display these links tells the bad guy that you open emails, and that they have a 'live' email address. They will send you more spam.

I'm surprised that there aren't more of these attempts that look as good as this one. It isn't that hard to make them look authentic, and the 'hit rate' would be better. I think I reported one a while back where they phished Amazon, it had links to the real amazon site, the tip off for me was that they didn't address us by name, which the real amazon emails do.

-ERD50

 

[audreyh1]

Bottom line is, never go to your on-line accounts from a link within an e-mail.

+1

I get plenty of phishing emails supposedly from legit well known businesses and sometimes with which I have a relationship such as PayPal.

I usually hover over the link in the email to view the URL, and yep, it's often going somewhere else.

Some companies say they'll always use your full name in the email.

 

[target2019]

How Apple and Amazon Security Flaws Led to My Epic Hacking

I was thinking of this article when I posted earlier in the thread. The latest Wired magazine has a more-detailed article.

At this time I think we are subject to problems at the client end (meaning me and you) as well as at the head end (meaning the companies we deal with).

 

[Alan]

How Apple and Amazon Security Flaws Led to My Epic Hacking

I was thinking of this article when I posted earlier in the thread. The latest Wired magazine has a more-detailed article.

At this time I think we are subject to problems at the client end (meaning me and you) as well as at the head end (meaning the companies we deal with).

I'm still annoyed at Amazon after what they did to me earlier this year. I noticed 6 charges on my CC from Amazon, all just under $10. When I called to find out what they were I talked to a guy from their fraud department who told me that someone called Louise had created an account using my CC, and he sent me an e-mail confirming that the purchases were fraudulent and that the account had been closed. (Penfed then reversed the charges and cancelled my CC).

As I said to the guy at Amazon, how can this happen? Why would you let someone else use my CC without at least an e-mail to me to confirm that they have my permission? This was not a clever bit of fraud, or a software security hole, it was simply someone like a waitress (or waiter) copying down the details of my CC and then using it on-line.

 

[scrabbler1]

I had to reboot my machine in safe mode with networking then installed MalwareBytes which found the viruses but then I had to install an Avast rootkit program to kill it then I had to scan again after a standard reboot.

I forgot to include that I had to reboot in Safe Mode just to be able to run System Restore, then download Malwarebytes (which was not on the system originally), then run it and Spybot S&D multiple times (including more reboots)...........UGH it took a long time to figure this out and run everything!