Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
PSA: Phishing Attempt POSING as Comcast.
Old 11-24-2012, 10:23 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,973
PSA: Phishing Attempt POSING as Comcast.

We just had a phishing attempt hit us, if you pay Comcast directly you might want to watch for it. It was an email that said they were unable to bill us and that if we did not update our CC info our service might be cut off. The email could not have mimicked a Comcast message more exactly. The email came from an @comcast.net address and it did not ask for any information, but it did provide a link to update our Comcast account info. I opened the link, and the account info page that came up was an exact replica of the Comcast account info page in every detail. But I knew we were not overdue, we don't pay using CC, so I didn't fall for it.

Again, it's the most convincing attempt I've ever seen.

I cut-n-pasted the entire message and sent it to abuse@comcast.net at their request.

Just a heads up for any other Comcast users out there...
__________________

__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 11-24-2012, 10:44 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Ed_The_Gypsy's Avatar
 
Join Date: Dec 2004
Location: the City of Subdued Excitement
Posts: 5,293
I have been getting some very convincing ones also. I opened one allegedly from one of our credit card companies. Very convincing, BUT...there is no way they could have my e-mail address. Spam bucket.
__________________

__________________
my bumpersticker:
"I am not in a hurry.
I am retired.
And I don't care how big your truck is."
Ed_The_Gypsy is offline   Reply With Quote
Old 11-24-2012, 10:54 AM   #3
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
I'm surprised that comcast's mail server security, and various malware & spam filters didn't catch such a phishing message.

Or was this sent to a non-Comcast email account?

Shields up!
__________________
target2019 is offline   Reply With Quote
Old 11-24-2012, 11:03 AM   #4
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,877
This has become a common scam in the last year, targeting utility companies, telcos, cable service etc. Since most of these companies have a regional monopoly they blast out these emails to everyone in a specific region.

If you get one of these, mouse over the from address. Many time you can tell it is linked back to an address not associated with the company, many go back to .ru, .de etc some place in china. You should never click on any of the links in these email as the pages they take you to may be infected. If you need to verify your account, type the address of the company directly into browser address bar, do not use any link in the email. I don't even use the links I get from legit ones.
__________________
rbmrtn is offline   Reply With Quote
Old 11-24-2012, 11:11 AM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,600
Quote:
Originally Posted by Midpack View Post
... it did provide a link to update our Comcast account info. I opened the link, and ...
As rbmrtn implied, that can be dangerous. I would suggest doing a very thorough check of your machine for malware. It only takes a split second of connection to a bad website for them to install something (not to mention the fact that they now have your IP address listed as a live one).
__________________
Pas de lieu Rhône que nous.
braumeister is online now   Reply With Quote
Old 11-24-2012, 11:35 AM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Midpack's Avatar
 
Join Date: Jan 2008
Location: Chicagoland
Posts: 11,973
Quote:
Originally Posted by rbmrtn View Post
This has become a common scam in the last year, targeting utility companies, telcos, cable service etc. Since most of these companies have a regional monopoly they blast out these emails to everyone in a specific region.

If you get one of these, mouse over the from address. Many time you can tell it is linked back to an address not associated with the company, many go back to .ru, .de etc some place in china. You should never click on any of the links in these email as the pages they take you to may be infected. If you need to verify your account, type the address of the company directly into browser address bar, do not use any link in the email. I don't even use the links I get from legit ones.
I agree and we're very careful. We get emails from Comcast often, and this one was so perfectly devised that it did appear real including all the normal privacy boilerplate. I am guessing a savvy reader could have been fooled by this one...YMMV

Quote:
Originally Posted by braumeister View Post
As rbmrtn implied, that can be dangerous. I would suggest doing a very thorough check of your machine for malware. It only takes a split second of connection to a bad website for them to install something (not to mention the fact that they now have your IP address listed as a live one).
Thanks, very good advice. I ran a malware scan and fortunately turned up nothing. But you're absolutely right to suggest...
__________________
No one agrees with other people's opinions; they merely agree with their own opinions -- expressed by somebody else. Sydney Tremayne
Retired Jun 2011 at age 57

Target AA: 60% equity funds / 35% bond funds / 5% cash
Target WR: Approx 2.5% Approx 20% SI (secure income, SS only)
Midpack is online now   Reply With Quote
Old 11-24-2012, 12:31 PM   #7
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,877
Quote:
Originally Posted by Midpack View Post
I agree and we're very careful. We get emails from Comcast often, and this one was so perfectly devised that it did appear real including all the normal privacy boilerplate. I am guessing a savvy reader could have been fooled by this one...YMMV
Used be to be you spot the fake one by the broken english , grammatical error etc in the email. You can actually save a web page to file ( html ) then edit to your liking and then store that on the bad guys servers, then they send you an email with embedded links that open up the page on their server, looks identical to the real thing.
__________________
rbmrtn is offline   Reply With Quote
Old 11-24-2012, 12:50 PM   #8
Thinks s/he gets paid by the post
 
Join Date: Feb 2007
Posts: 2,423
I get a similar phishing email about our Time Warner Cable account. It says our cable TV service will be interrupted of I don't update our info. We don't have a cable tv account, only internet so I knew it was fake.

I always mouse over the link to check the address. Also, many of your true accounts will address you by name if it's real.
__________________
Married, both 62. DH retired June, 2010. I have a pleasant little part time job.
Sue J is offline   Reply With Quote
Old 11-24-2012, 01:36 PM   #9
Thinks s/he gets paid by the post
obgyn65's Avatar
 
Join Date: Sep 2010
Location: midwestern city
Posts: 4,061
Do they have an "image" you have to check and confirm online before you log in their website with your passowrd, like BoA, ING or Edward Jones websites do ? I check my "image" every time I log in.

Quote:
Originally Posted by Midpack View Post
The email came from an @comcast.net address and it did not ask for any information, but it did provide a link to update our Comcast account info.
__________________
Very conservative with investments. Not ER'd yet, 48 years old. Please do not take anything I write or imply as legal, financial or medical advice directed to you. Contact your own financial advisor, healthcare provider, or attorney for financial, medical and legal advice.
obgyn65 is offline   Reply With Quote
Old 11-24-2012, 01:51 PM   #10
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,099
Quote:
Originally Posted by obgyn65 View Post
Do they have an "image" you have to check and confirm online before you log in their website with your passowrd, like BoA, ING or Edward Jones websites do ? I check my "image" every time I log in.
Whether or not you do have an image to validate that you are on the correct site it is too late to have stopped the site from downloading a keyboard logger or other malware. (Plus, to get to that image you will already have typed in your username)

As rbmrtn points out you should always access sites that have some of your financial information by typing in the site name or using a shortcut or bookmark you have previously set up in your browser.

Financial institutions annoy me when they send e-mails such as "Your statement is ready" and provide a link for you to log on. If they NEVER sent links in e-mails, people wouldn't get into the habit of using links within e-mails.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 11-24-2012, 02:49 PM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
braumeister's Avatar
 
Join Date: Feb 2010
Location: Northern Kentucky
Posts: 8,600
Quote:
Originally Posted by Alan View Post
Financial institutions annoy me when they send e-mails such as "Your statement is ready" and provide a link for you to log on. If they NEVER sent links in e-mails, people wouldn't get into the habit of using links within e-mails.
Alas, most of my account statements come just that way, and it annoys me too.

I have just one that takes a sensible approach, and they always include the following as part of emails that a statement is ready:
Quote:
Notice: To help protect members from potential phishing attempts, Wright-Patt Credit Union does not provide direct links to our website in your eStatement notification. To access your most recent eStatement, newsletter, and copy of WPCU's Privacy Policy, please visit Wright-Patt Credit Union's website and enter your username and password in the member login area at the top of the page. Then click on eStatements from the main menu bar.
__________________
Pas de lieu Rhône que nous.
braumeister is online now   Reply With Quote
Old 11-24-2012, 05:45 PM   #12
Thinks s/he gets paid by the post
 
Join Date: Jul 2005
Posts: 3,862
I'm sure anyone who receives a real email from Comcast or anyone else would be able to duplicate the code and insert their own link into it. Return addresses are super easy to fake. Hovering over the link has usually worked for me. But even better is to access the website in your usual manner, such as a browser favorite.
__________________
Animorph is offline   Reply With Quote
Old 11-24-2012, 06:57 PM   #13
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,318
Last week I was infected by a virus called "system progressive protection" thru an fake email I received from Fedex. It's a rogue security program that pretends as an antivirus program but sneaks into the machine by changing configuration and registry settings and launches a fake scan every time you reboot the machine only to find multiple viruses and spyware. You have to purchase the full version of their software to clean your machine but once you do this they have your CC info.

Fortunately I did not open their website but wasted a few hours removing it from my machine and since they now have my IP address they have since unsuccessfully attempted to load their virus again a few times.
__________________
Corporateburnout is offline   Reply With Quote
Old 11-24-2012, 07:03 PM   #14
Thinks s/he gets paid by the post
obgyn65's Avatar
 
Join Date: Sep 2010
Location: midwestern city
Posts: 4,061
But the BoA website already has my username in the first screen because their website already knows my IP address. When I clicked on ok on this first screen, then my selected image is shown on the second screen and I just have to enter my password to access my account. I guess this is safe, correct ?
Quote:
Originally Posted by Alan

(Plus, to get to that image you will already have typed in your username)
.
__________________
Very conservative with investments. Not ER'd yet, 48 years old. Please do not take anything I write or imply as legal, financial or medical advice directed to you. Contact your own financial advisor, healthcare provider, or attorney for financial, medical and legal advice.
obgyn65 is offline   Reply With Quote
Old 11-24-2012, 07:11 PM   #15
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,099
Quote:
Originally Posted by obgyn65 View Post
But the BoA website already has my username in the first screen because their website already knows my IP address. When I clicked on ok on this first screen, then my selected image is shown on the second screen and I just have to enter my password to access my account. I guess this is safe, correct ?
Another issue is that if you clicked on a link to a bogus BoA site then yes, you would not see your username displayed. But you have already accessed this site so it could attempt to download malware including keyboard loggers. A common trick with a fake site is to have a hot spot that looks like the X to close the window and when you click to close the window it downloads its payload.

Bottom line is, never go to your on-line accounts from a link within an e-mail.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is online now   Reply With Quote
Old 11-24-2012, 07:12 PM   #16
Thinks s/he gets paid by the post
 
Join Date: Nov 2009
Posts: 3,865
Quote:
Originally Posted by Corporateburnout View Post
Last week I was infected by a virus called "system progressive protection" thru an fake email I received from Fedex. It's a rogue security program that pretends as an antivirus program but sneaks into the machine by changing configuration and registry settings and launches a fake scan every time you reboot the machine only to find multiple viruses and spyware. You have to purchase the full version of their software to clean your machine but once you do this they have your CC info.

Fortunately I did not open their website but wasted a few hours removing it from my machine and since they now have my IP address they have since unsuccessfully attempted to load their virus again a few times.
Some of those fake antivirus and fake antispyware programs are a real nuisance to get rid of. A friend of mine got hit with a few of them several years ago and it took hours to clean up the mess. Those programs often disable real programs designed to combat them which makes the task of getting rid of them that much tougher. I had to figure out first how to get my legit programs to run (a system restore to a date before the onset of the first pest), then they found the pests (more than one, it turned out, because once a system gets infected it seems to act as a magnet for other pests), got rid of parts of them, then it took at least 2 reboots for the legit scans (spybot S&D, malwarebytes' free version) to get rid of everything else.
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is offline   Reply With Quote
Old 11-24-2012, 07:30 PM   #17
Thinks s/he gets paid by the post
 
Join Date: Sep 2006
Posts: 1,318
Quote:
Originally Posted by scrabbler1 View Post
Some of those fake antivirus and fake antispyware programs are a real nuisance to get rid of. A friend of mine got hit with a few of them several years ago and it took hours to clean up the mess. Those programs often disable real programs designed to combat them which makes the task of getting rid of them that much tougher. I had to figure out first how to get my legit programs to run (a system restore to a date before the onset of the first pest), then they found the pests (more than one, it turned out, because once a system gets infected it seems to act as a magnet for other pests), got rid of parts of them, then it took at least 2 reboots for the legit scans (spybot S&D, malwarebytes' free version) to get rid of everything else.
I had to reboot my machine in safe mode with networking then installed MalwareBytes which found the viruses but then I had to install an Avast rootkit program to kill it then I had to scan again after a standard reboot.
__________________
Corporateburnout is offline   Reply With Quote
Old 11-24-2012, 09:00 PM   #18
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
Quote:
Originally Posted by Corporateburnout View Post
I had to reboot my machine in safe mode with networking then installed MalwareBytes which found the viruses but then I had to install an Avast rootkit program to kill it then I had to scan again after a standard reboot.
For extra insurance run MS file checker. It will check your protected system files. Cleaning up a system yesterday, I was almost at the finish line but could not fix a system file with various tools. MFC was able to extract and fix the file.
__________________
target2019 is offline   Reply With Quote
Old 11-24-2012, 09:06 PM   #19
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,877
Quote:
Originally Posted by obgyn65 View Post
But the BoA website already has my username in the first screen because their website already knows my IP address. When I clicked on ok on this first screen, then my selected image is shown on the second screen and I just have to enter my password to access my account. I guess this is safe, correct ?
BOA would not know your IP address, you typically have a non routing IP behind a firewall so the internet does not see it. Web sites like BoA will track you via cookies left from your browser session. The problem is, as others have mentioned, is once you hit the fake website it is too late, it has the chance to infect you.
__________________
rbmrtn is offline   Reply With Quote
Old 11-24-2012, 10:42 PM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,886
The rootkits is one reason why I make some image of my HD for restore purposes. Once infected, it might take a long time to remove, if at all. If not possilbe or too much trouble, sometimes just gotta throw in the white flag and restore.
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 03:03 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.