Don't know if this will help, but I ran the mime header through a program I have and these are the results. Maybe you could pass this on as well to your security team. Looks like it traveled through eight hops and I think Number 7 may be the most interesting.
I received something similar, and it's long. Part of it is like this:
From - Wed Jan 28 18:10:10 2015 X-Account-Key: account1 X-UIDL: 604180.a,2GCSpWhLNwlrLvhJeboq8shp4xTCRGJ28yAyqv,50= X-Mozilla-Status: 0000 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: email@example.com Received: from reszmta-po-05v.sys.comcast.net (LHLO reszmta-po-05v.sys.comcast.net) (126.96.36.199) by resmail-ch2-501v.sys.comcast.net with LMTP; Wed, 28 Jan 2015 19:39:49 +0000 (UTC) Received: from resimta-po-24v.sys.comcast.net ([188.8.131.52]) by reszmta-po-05v.sys.comcast.net with comcast id lXek1p00V3MS3yQ01XfoBn; Wed, 28 Jan 2015 19:39:48 +0000 Received: from vps.phetracon.co.uk ([184.108.40.206]) by resimta-po-24v.sys.comcast.net with comcast id lXfm1p01q44UviN01XfnSX; Wed, 28 Jan 2015 19:39:48 +0000 X-CAA-SPAM: 00000 X-Authority-Analysis: v=2.1 cv=NdRo1gz4 c=1 sm=1 tr=0 a=OFFf+DprU0xnCjOpph7R9g==:117 a=OFFf+DprU0xnCjOpph7R9g==:17 a=MkLz90pSAAAA:8 a=C_IRinGWAAAA:8 a=GGcpBh7Jt_oA:10 a=9cW_t1CCXrUA:10 a=9iGyhAwwAAAA:8 a=AaNzqAuHAAAA:8 a=YNv0rlydsVwA:10 a=r77TgQKjGQsHNAKrUKIA:9 a=9iDbn-4jx3cA:10 a=cKsnjEOsciEA:10 a=gZbpxnkM3yUA:10 a=hKD2aJX_fzNAg90SUnUA:9 a=Ft8UYL4EG9YA:10 a=0j76WyVU1wIA:10 a=0n8IIrT8qlMA:10 a=4IsA2zOlcNAA:10 a=_G526XGYltIA:10 a=rajsCgNhLDo5NTj3sC8A:9 a=_W_S_7VecoQA:10 a=SAUHNy6hz7JygnwNui0A:9 a=IKIoO-ieCDEA:10 a=Sf_gFPzhefAA:10 Received: from [220.127.116.11] (port=60653 helo=static.18.104.22.168.clients.your-server.de) by vps.phetracon.co.uk with esmtpsa (UNKNOWNHE-RSA-AES256-GCM-SHA384:256) (Exim 4.82) (envelope-from <firstname.lastname@example.org>) id 1YGYSS-0007aW-F8; Wed, 28 Jan 2015 19:39:28 +0000 Message-ID: <585DEBB8B36749FA26236AD6D29DAE30@tzkfm> Reply-To: "lo" <email@example.com> From: "lo" <firstname.lastname@example.org> Subject: You've received a new fax Date: Wed, 28 Jan 2015 22:39:09 +0300 Organization: c MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_10DF_01D03B4B.3B073B20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Windows Live Mail 16.4.3528.331 X-MimeOLE: Produced By Microsoft MimeOLE V16.4.3528.331 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - vps.phetracon.co.uk X-AntiAbuse: Original Domain - comcast.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - intohispeed.com X-Get-Message-Sender-Via: vps.phetracon.co.uk: authenticated_id: email@example.com
Someone keeps trying to change my password. I keep getting texts about a password change request but I didn't make any. I did change my password a few days ago through my profile online and have been getting these texts every since. How can I stop the hacking?
I think the password change messages you are getting may be informing you of the password change you did a couple of days ago. You could PM ComcastDaniels or call Comcast, but unless you know for sure, someone has hacked you, such as, hearing from contacts that you sent just a link to something and it was strange, or hearing from Comcast directly that you are sending a massive amount of emails out, I do not think your account has been hacked. It could be just a glitch in notifying you that a password was changed. I got three notifications last week that a user under my account had changed a password. It was perfectly ok as it was my sister and she had forgotten her password-thus, had to change it.
So, you may not have been hacked-the system is just letting you know a password change was made and it should also tell you when. If it wasn't you, if the date does not match when you changed your password, there is a link where you can let Comcast know, it wasn't you. Hope this helps.
I recently received an email from the "Billing Department" with a subject of: Action Required: Xfinity Account Notifcation. The body of the email stated: (with the Xfinity logo first)
Important Information Regarding Your Account
Dear Valued XFINITY Customer,
During our regular update and verification of the Comcast Online Services, We were unable to process your most recent payment. Did you recently change your phone number or account number ? Keeping your online profile up-to-date is a quick and easy way to help us contact you with important information about your accounts. To avoid an interruption of your services or to reactivate suspended service(s), simply follow the steps below to verify your account. and update your billing information today.
To Verify your account status simply follow the steps. We take your security very seriously
To get started, please click this link Update Your Contact Information. Please provide the correct answer to the following question. Xfinity will not be held responsible for any errors or omissions. Missing or incorrect information.
We apologize for any inconvenience this may cause and appreciate your assistance in helping us maintain the integrity of the entire system. Thank you for being Comcast customer.
Make sure you let Comcast security know. The mime header had a "trace abuse" request so the hosting email server is aware there is a problem. I'll run it through IPNet Info and see what it shows. It appears the server for currentconservation.org was hacked and someone is sending out critters on this address. It went through about six hops, all US based. The security people at Comcast will probably pick up on this. When you include the mime header, it really helps! You are right-do not click on any links.
I received the following email and believe it to be a scam because the "From" email address appears not to be an XFINITY Comcast email and because my online features have not been suspended, as the scam email says.I have not replied in any form to the email. Thank you.