"Confirming your new password" Email from Comcast When I Didn't Change My Password
Has anybody else received emails from Comcast confirming that you just changed your password when you have not done so? I received two emails on my mobile device claiming to be from Comcast at exactly the same time with the same message contents. When I attempted to log in to my account with my mail client on my PC it could not log in. I switched to web mail access via my browser and after I entered my log in credentials a screen came up saying my account had been compromised and I needed to change my password. After successful two factor validation I was able to change my password and everything else seems OK. Comcast says this email was not from them and my account was locked as the result of their detecting invalid attempts to access my account.
I looked at the headers from both email messages and examing the full message path I cannot detect where the emails came from anybody but Comcast. If this was a spear fishing attack it was the most sophisticated one I've seen. Anybody care to help me out here with an explanation? Thanks.