Password Spam

These are phishing emails extorting users for money. It is not an uncommon one at that. Comcast is placing filtration on these types of emails on a daily basis, but unfortunately the scammers keep changing the way the email content is formatted and using various different providers. As mentioned, they are using previous or current passwords that they have obtained through other means. These emails do not indicate that your password was compromised via Comcast, but that your password was overall compromised via third party, outside database breaches, or via an infection on a device you use to sign into your email. If the password in the email is in fact one that you currently have in use for any of your online accounts, please do change those passwords, but do not reply or comply with the email itself. 

The Customer Security Assurance team does actively manage an alerts page to make our subscribers aware of common phishing/scam emails and even phone calls. It can be located at https://internetsecurity.xfinity.com/help/alerts/

Agreed, this is a bit on the disturbing side.

I'm sorry, please bear with me.  I do not see a way to report a malicious email to xfinity?

I would expect you would be interested in looking into the artifacts.  These are emails with users Passwords in the subject.

Instead it's kind of sounding like "It's not us" and passing us to a list of items that mean nothing?

What can we do to somehow help instead?  (he asks as he is seriously preparing to move to another provider).

---

@mlaskie wrote:

Agreed, this is a bit on the disturbing side.

 

I'm sorry, please bear with me.  I do not see a way to report a malicious email to xfinity?

I would expect you would be interested in looking into the artifacts.  These are emails with users Passwords in the subject.

 

Instead it's kind of sounding like "It's not us" and passing us to a list of items that mean nothing?

 

What can we do to somehow help instead?  (he asks as he is seriously preparing to move to another provider).

---

You will get the same emails on any provider after a certain amount of time.  You can report the email to comcast or the FTC (see https://www.xfinity.com/support/articles/phishing-scams) but in reality they already have all the info they need and they are well aware of this scam, it has been going on for over a year.  The issue is that the scammers know that they will get blocked and keep changing so that it is impossible to block or filter them permanently.  I know it sounds like Comcast is passing the buck but every ISP (and company, and even my own private email server with a domain that only I use) get these emails.  Updating the algorithms that filter these to junk only works for a short period of time.  It is a constant battle.

Of course it is impossible to guarantee that your password was not compromised due to Comcast but there have been so many breaches it could have come from anywhere.  As has been mentioned, if you still use that password anywhere you should change it, though it doesn't seem they are trying to log into peoples stuff, just using it as basically a "mail merge" to craft the scam emails.

We're all aware of what the email claims to have on the recipient (very compromising video and other info), when the scam first started it worked very well, obviously shame is a very powerful motivator.  I guess I have to give whomever thought it up a little bit of credit for that at least.

Exact same thing happening here. Multiple emails threatening to ruin my life and reveal (fictitious) X-rated details about me.  The passwords included were real, but very very old and not in use anywhere.

We changed our PWs again, checked on our financials, and are doing our best to ignore the paranoia. It is unnerving though.

Happens 2 or 3 times a year.  Someone sells often ancient password /email combos and the phising starts.  The password they are showing me is at least 5 years out of date.

The wording is all similar (not a USA English speaker) often ties back to India....

Look up setting your email filters.  I now filter any content that mentions BTC, btc, bitcoin as well as senders via Hotmail or outlook.

Same thing has been happening to me. The password part is  definitely disturbing, but the "allegations" they have against me are laughable.  It's somewhat comforting to know this is happening to other people.  I've now received 4 nearly identical email messages in the past 6 days - all from different email addresses (all Oulook except one from Hotmail).  I tried to report it to Xfinity, but there seems to be no way to do that (I talked to 2 different people on the phone who attempted to transfer me to the fraud department where I was on hold for 45 minutes and ultimately hung up).  

---

@spamtarget wrote:

Same thing has been happening to me. The password part is  definitely disturbing, but the "allegations" they have against me are laughable.  It's somewhat comforting to know this is happening to other people.  I've now received 4 nearly identical email messages in the past 6 days - all from different email addresses (all Oulook except one from Hotmail).  I tried to report it to Xfinity, but there seems to be no way to do that (I talked to 2 different people on the phone who attempted to transfer me to the fraud department where I was on hold for 45 minutes and ultimately hung up).  

---

If you want to report them, follow the instructions at this link (this isn't technically phishing but it is the same processs) - https://www.xfinity.com/support/articles/phishing-scams

They likely won't respond, but it provides them data for updating their filters.

How do I post publicly?  I thought I was.

---

@calmjoan wrote: How do I post publicly?  I thought I was.

---

Your post is public. The poorly worded "post publicly" advice in the employee's signature block is intended to encourage customers to post a public message instead of sending a Private message.

Ah, well said. 

And thank you for the information, which I still kind of think they could/should make readily available.

I will reach out to the abuse team.

My family members have been getting these spam emails, a Comcast tech support person said there have been an uptick in these rather disturbing spam emails.  While the passwords of the ones I've seen are real, they are old and incomplete, only the first several characters.  KrebsOnSecurity reported these back in 2018, NH's attorney general's office issued a warning about them this year.

Given the spammers didn't include the full password (if they had the full password, you'd think they'd include it for better 'shock value' as if the content of the email wasn't shocking enough), and if no one with a password of significant length received a full password, I'm almost inclined to think they only have the prefix.

Information regarding these emails:

https://blog.malwarebytes.com/cybercrime/2019/02/sextortion-bitcoin-scam-makes-unwelcome-return/