Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.

5,637,906

members

7

online now

1,815,643

discussions

Back to Top

Fake Xfinity Comcast Phishing Mail

Posted by
Regular Contributor

Message 1 of 21
7,351 Views

This is the second month I've gotten a fake email pretending to be from Xfinity and trying to phish for my info.  This is fake, right?  My account is totally up to date and paid.

 

 

Subject: Comcast: New Message From Comcast
From: Comcast <xfinity@mail.g.comcast.net>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
X-Antivirus: AVG for E-mail 10.0.1411 [2092/3981]
X-AVG-ID: ID45B42A68-3BDEEFCA

<html>
<DIV>
<img src="http://hh7.net/Sep/hh7.net_13195611811.gif" width="223" height="85">
<head>
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Comcast</title>
<div id="yiv1341300953" style="width: 440; height: 347">
  <table cellSpacing="0" cellPadding="13" width="450" border="0">
    <tr>
      <td height="70"><font face="Arial" size="2" family="SANSSERIF">Dear Valued
      Member,<br>
      <br>
      We were unable to process your most recent payment. Did you recently
      change your bank, phone number or credit card?<br>
      <br>
      To ensure that your service is not interrupted, please update your billing
      information today by Clicking
      <span id="lw_1181859669_0">
      <a target="_blank" rel="nofollow"href="http://handshakes.dzoic.com/includes/sbicons/send.php">Click Here</a></span>. . We're available 24 hours a day, 7 days a week.<br>
      <br>
      If you have recently updated your billing information, please disregard
      this message as we are processing the changes you have made.<br>
      <br>
      Sincerely,<br>
      <br>
      Billing Center Team<br>
      <br>
    

20 REPLIES
Posted by
Security Expert

Message 2 of 21
7,330 Views

Go here and look at second one on the list under Top  Phishing Scams

 

http://xfinity.comcast.net/constantguard/Alerts/

 

Yes, it is phishing mail.

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Regular Contributor

Message 3 of 21
7,326 Views

Thanks.  I am so sick of scammers.

Posted by
Problem Solver

Message 4 of 21
7,316 Views

--

 

Sorry for the inconvenience. I have escalated this issue and someone will be in contact with you soon.




Community Icon
I am a Retired Official Comcast Employee, and I no longer actively support the forum.
Official Employees are from multiple teams within Comcast: Product, Support, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am an Retired Official Comcast Employee.
Official Employees are from multiple teams within Comcast.
We ask that you post publicly so people with similar questions may benefit.
Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
Retired Comcast Employee.
Please post so people with similar questions may benefit.
Was your question answered?
Mark it as a solution!solution Icon


Thanks
-Keisha-
Posted by
Regular Contributor

Message 5 of 21
7,310 Views

I didn't click the links in it.  Just pasted what I could here and deleted it.  But I've been noticing that I think this is the second month I've gotten this same email. 

Posted by
Security Expert

Message 6 of 21
7,307 Views

@ Carrigon,

 

If it happens again, I would suggest following the directions for How to Report Phishing Issues:

 

http://security.comcast.net/get-help/report-a-security-threat-or-scam.aspx

 

Close to bottom of page in left hand column!

A veteran - whether active duty, retired, national guard, or reserve - is someone who, at one point in his or her life, wrote a blank check made payable to The 'United States of America', for an amount of 'up to and including my life.'




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Regular Contributor

Message 7 of 21
7,303 Views

Thanks.  I really didn't even think to check there.  I usually just delete the junk, but this one bugged me.

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 8 of 21
5,629 Views

What is really concerning about this, other than the threat if you respond to it, is how do they get our email addresses - it appears obvious to me that someone has accessed a Comcast database with our email addresses - there is no way anyone could just randomly guess mine.

 

I forwarded the phishing email to Comcast and got no comment/response back from them.  Yes, it is on their web page as one of the top phishing scams with a bunch of others.  Apparently this happens all the time.  News to me.

Posted by
Security Expert

Message 9 of 21
5,614 Views

fdon wrote:

What is really concerning about this, other than the threat if you respond to it, is how do they get our email addresses - it appears obvious to me that someone has accessed a Comcast database with our email addresses - there is no way anyone could just randomly guess mine.

 

I forwarded the phishing email to Comcast and got no comment/response back from them.  Yes, it is on their web page as one of the top phishing scams with a bunch of others.  Apparently this happens all the time.  News to me.


I doubt that Comcast's email database was compromised, I suspect it is something more simple. It's called alphabet spam. The spammers start with aa@comcast and move on through letter by letter, usually using a program to generate the next email address in the sequence.

TANSTAAFL!!







Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 10 of 21
5,601 Views

I suppose I should defer to your expertise since you are a "security expert," but as I point out in my post, the likelihood of someone putting together the letters and numbers in my email address is small.  I mean really small.  But, theoretically possbile if someone performs literally millions of permutations of letters and numbers.  As I say, this is theoretically possible.  And, it certainly may be how they did generate it.  I don't know that much about the extent of the effort people go to so that they can steal from people this way, but I guess if it pays off, people will do it.  Thanks for the comments.

Posted by
Security Expert

Message 11 of 21
5,599 Views

I had a run on a yahoo account a while back where they had multiple email addresses in the send line

my email address at yahoo at the time was CajunTek (don't use that anymore so I don't care).

So I not only got the email to me as CajunTek at yahoo.com but also cajuntex, cajun.tek, caj.un tek and so on for about 40 email address, I suspect most of these bounced.

TANSTAAFL!!







Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Email Expert

Message 12 of 21
5,573 Views

fdon wrote:

I suppose I should defer to your expertise since you are a "security expert," but as I point out in my post, the likelihood of someone putting together the letters and numbers in my email address is small.  I mean really small.  But, theoretically possbile if someone performs literally millions of permutations of letters and numbers.  As I say, this is theoretically possible.  And, it certainly may be how they did generate it.  I don't know that much about the extent of the effort people go to so that they can steal from people this way, but I guess if it pays off, people will do it.  Thanks for the comments.


Spammers have programmers too and they pay well for programs that do this.  While it may seema daunting task to a human, it would be nothing to a computer.  Further, phishing attempts are aimed at pretty much every @domain.  I get the same ones to addresses at Comcast, Yahoo, Gmail and my domain addresses.

 

mady

>


Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Service Expert

Message 13 of 21
5,552 Views

Another way the spammers can get an email address:

 

Forums such as this one where some people use their Comcast user account/email name as their forum screen name.  It's easy enough for a spammer to pick out some user names and put @comcast.net next to the name.

 

Some will be sent to real addresses, others will bounce back.

 

It's also possible a forum name could be the Comcast user name for someone else. Instead of you getting the mail another person does.

 

 

 




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 14 of 21
5,440 Views

Amen to that! I really think that a new "...For Dummy's" book needs to be written for the modern age of computing. Not mean to be crass, I just think that there are so many new exploitation possibilities to watch for these days.

 

Like this one - don't use your email or login *anywhere* that it will be available in a public facing way! This may not seem like such a big deal, but like the poster said, hackers don't need the help to be able to screen scrape all this info for free Smiley Sad

 

I just finished my certification in Certified Ethical Hacking and I am amazed at the tools that are freely available for the bad guys. Then they make a ton of money selling the info they get, again for free.

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.

Message 15 of 21
5,424 Views

One of the reasons I was/am so concerned about the phish to my Comcast email account is that I have protected it as best I can from abuse.  It is relatively spam free even though I have had it for years.  (Knock on wood.)  I am careful how I use it, careful who I give it to.  I have another couple accounts I use for other purposes so that the Comcast account doesn't get out there.

 

Every once in a while, though, I start receiving a bunch of spam.  It is hard to know if someone you communicated with sold it, passed it to business partners, or what.  And then it is hard to know whether to respond to the spam where they give you the option to opt out of receiving more.

 

I will say thanks to Comcast for providing Norton security software for free with their internet service, I know it has saved me from worse more than once...

Posted by
Regular Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Message 16 of 21
4,890 Views

I too woke up to this message:

 

0c325506ac= email support ID

Hello Valued Xfinity customer,
XFINITY ALERT
PLEASE DO NOT REPLY, THIS E-MAIL ADDRESS IS USED BY AUTOMATED SOFTWARE AND IS NOT MONITORED

Constant Guard identified one or more of your computers may be infected with a bot.
You might have already seen an Alert from XFINITY informing you about bot activity.

PIease see attached file for more details and follow directions to avoid interruption of service.

We appreciate your prompt attention to this important security notice.
continue the use of the suction bell. Diagnosis of Primary . In cases in which there is a history of an incubation period of from three to five weeks, when the sore is indurated, persistent, and indolent, and attended with bullet-buboes in the groin, the diagnosis of primary is not
Best Regards,
Customer Care

 

These things just waste my time!

Posted by
Service Expert

Message 17 of 21
4,886 Views

Comcast does send out legitimate mail about possible bot infections.

 

The one you received most likely is fake because of this

 

PIease see attached file for more details and follow directions to avoid interruption of service.

 

All the other bot infection emails I've seen posted do NOT mention an attachment. Since attachments can be a source of infection it is best to ignore the mail and don't open the attachment. It sounds as if you are one of the smart ones who knows this.

 

This is a sample of the REAL mail from Comcast. Note that it does not have an attachment. Thank you for posting. I will add the fake bot alert to my Phish or Legit posts later today.

 




Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Security Expert

Message 18 of 21
4,794 Views
Posted by
Security Expert

Message 19 of 21
4,801 Views

Cozmo50  I removed your post because it contains an active phishing link

 

Please see my response below.

 

 

The problem is the sender and the link varies. They stop one, another starts.

TANSTAAFL!!







Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon

Posted by
Frequent Visitor

Message 20 of 21
4,792 Views

I think deleting the email works a lot better than simply removing the link.  Of course I would never click on that link.  I just wanted you people to be aware of the problem.  Your chat line went unanswered so I decided to try the forum in hopes that you would be interested.  You told me my computer needs cleaned up... are you kidding?  First of all, I'm using Comcast's security and the problem came to me via email.  Nothing to do with the "cleanliness" of my computer.   When will Comcast actually get serious about responding to customer concerns?  You just don't get it, do you Cajun Tek? 

Posted by
Security Expert

Message 21 of 21
4,792 Views

Oh I get it ok... And I think Comcast is quite serious (I have RR and ATT accounts as well and they don't respond at all to these things. Comcast at least trys.

 

Like I said The purveryors of this phish change the sending address and the links. It's very hard for anyone to stop completely.

TANSTAAFL!!







Community Icon
I am not a Comcast employee, I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help. For information on the program click here.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee. I am a paying customer just like you!
I am an XFINITY Forum Expert and I am here to help.
We ask that you post publicly so people with similar questions may benefit.

Was your question answered? Mark it as an accepted solution!solution Icon
Community Icon
I am not a Comcast employee.

Was your question answered?
Mark it as a solution!solution Icon