ANSWERED: Comcast Email Phish or Legit? How to Tell (and rules for posting about your mail)
***Created by our Community Users***
If you receive mail that purports to be from Comcast telling you (the following are only a few of the things these emails will tell you)
1) Your account has been blocked
2) There has been unusual activity on your account
3) To update your account
4) To consent to the Electronic Communications Delivery Policy or your account will be deactivated
5) To upgrade your account
6) Constant Guard had been updated and you need to re-log in
7) Your payment is overdue, sign in to Customer Central to confirm your payment
8) Your email address will be deleted
9) Your bill is ready to be viewed. You may get this even though you do not subscribe to Eco Bill. Comcast does send out emails to EcoBill customers. Bogus emails may say this or something similar:
"Please Read! Important message from Comcast"
Dear Comcast Customer,
Your June, 2019 Comcast billing statement is ready for viewing. To view your bill, please download and extract the attachment. Enter your User Name and Password, and from the next screen select GO from the VIEW YOUR BILL option.
10) You get an email and the From address is XFINITY.User or Comcast.User
11) A mail that purports to be from Comcast which includes an attachment. Example: Download the attachments, complete the payment form to pay your July bill online and get your 50% Discount.
12) To update your credit card information and your service could be suspended if you fail to do so
13) There was an issue with your last payment. You are required to validate your payment information in order to avoid service suspension. Update your payment methods. Update your credit card information as soon as possible.
14) The Constant Guard™ service has updated the Online Security of Comcast Users. In order to get the last update click "Accept Terms Now" bellow and accept the "Terms & Conditions".
15) Security Measure for your Comcast Email
Our Security Department has been receiving complains about your email account and we are sending you this notification before we terminate your account.
16) Dear Comcast Mail User, Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24 hours, we shall suspend your account. CLICK HERE to verify your email account now.
17) Your immediate attention is required. Constant Guard™ has identified that there is a unpaid supplementary fee of $25.00 on your XFINITY Internet Services. [ Login to Customer Central ] You must Log In as the Administrator/Parent account holder. If payment is not completed by [July 03, 2013] - we will be forced to suspend your account indefinitely. We are currently investigating this issue, if it is a system error, you may disregard this message.
18) A DGTFX Virus has been detected in your Comcast folders and threatens to deactivate your email account if you don't send your email address, full name, password and phone number. THERE IS NO SUCH THING AS A DGTFX virus. It’s just a string of letters somebody dreamed up to try and make their phishing campaign more believable. If you do a search for it, the only thing that will turn up in the results are numerous "this is a phishing scam".
19) Failure to do anything else that will result in your service being suspended
20) You have been overcharged by a specific amount which will be listed, I should submit a refund through the email. Comcast does not send out overcharged notices. It will be on your next bill as a credit.
21) Create your Refund Voucher because you were overcharged on your last bill. Will include links for you to use to sign in. Comcast does not have Refund Vouchers. A credit amount will be deducted from your next bill. Comcast does not send emails for refunds.
22) On a specific date an email upgrade will go into effect and that you need to upgrade my account before then. Even if there is an upgrade planned you won't have to update anything. These mails usually have a link for the supposed "upgrade" which if filled out will give scammers access to your account.
23) This is to alert you that you have to store your email information with us so it wont disable your account
we have upgraded our system and therefore we are asking our customers fill there email details on-line
DO NOT CLICK THE LINKS AND PROVIDE THE INFORMATION.
THESE ARE PHISHING ATTEMPTS. YOU WILL BE GIVING COMPLETE STRANGERS ACCESS TO YOUR ACCOUNT.
There is one way to know 100% if the mail is a phishing attempt. If the mail contains links that lead to a page wanting your user name, password or any other personal information /asks in the mail for you provide the info THE MAIL IS NOT FROM COMCAST.
- Be suspicious of any email or phone call that asks for your personal account information, such as user names, passwords, and account numbers. Email, phone calls, text messages, instant messages, or Web logs that appear to come from a reliable source may not always be authentic
Be aware that Comcast will NEVER ask you for password information over the phone or email
Comcast will NEVER ask for billing or payment information through email
whether by a link or in an attachment.
Comcast does NOT send out disconnect/suspension notices for failure to pay via Email or for anything else you fail to do.
Official Comcast mail will never be sent with Xfinity. User or Comcast. User as the sender. THESE EMAILS ARE PHISHING ATTEMPTS/SCAMS.
They won't include attachments for you to open in order to access your account.
Another sign of a phishing attempt is the sender's address. If it contains @ with .2 letters it was sent from a domain outside the United States. An example of this is @uc.cl (which is in a post by a customer who received a phishing attempt from someone using that domain) cl is for Chile.
Each country has a domain code. A good search engine will help you identify the country. Comcast will not send mail from another country domain.
Another thing you can do is look at the headers in the email, which often contain clues that Comcast did not send it. If you don't know how to find the headers, ask us in the forum. Please tell us if you are using Comcast Xfinity Connect (web mail) or an email client. If you use a client we need to know which one you use.
If you use Xfinity Connect (web based) for email access:
Legitimate mail from Comcast will have the Xfinity logo next to mail sent from Comcast.
You can also hover over the From line in the Inbox to see where the email message was sent from. If not Comcast or Xfinity, you know it is not legit.
IF YOU USE AN EMAIL CLIENT THE LOGO WILL NOT APPEAR AS SHOWN IN FIRST IMAGE NOR WILL HOVERING OVER THE FROM LINE REVEAL WHERE THE MAIL WAS SENT FROM.
Also in Xfinity Connect you can hover over the link in the mail and the link URL will appear in your bottom taskbar, usually on the left side. Hovering over the link in an email client will also show the URL. These URL's are a strong indicator the mail is not legitimate.
Learn more about email phishing
Reporting Phishing Issues
Please take the following steps to help us investigate the phishing email you received:
1) Copy the email, including headers, and paste it into a new email.
2) Add the words "phishing email" in the subject so that it can be easily identified by our Customer Security Assurance team.
3) Send to firstname.lastname@example.org for further investigation. (DO NOT FORWARD)
A simple forward will not preserve the headers of the original phish mail. Instead the headers will show YOU as the sender.
IF YOU USE AN EMAIL CLIENT, you can forward the message as an attachment. This can generally be done by opening the mail, clicking a drop down arrow next to Forward and choosing As Attachment.
IF YOU POST THE MAIL YOU RECEIVED DO NOT INCLUDE THE LINK. Many times the links are still active when posted. There are those misguided souls who will click the link just to see what it looks like! Most phishing sites are just that, but a few are also sources of malware.
IF YOU POST THE EMAIL ADDRESS THE MAIL WAS SENT FROM break the link to make it non-clickable. It should look like this email address @ wherever.com/net
IF YOU POST HEADERS OF THE MAIL edit out any user names before @wherever.com/net.
You can also find the most common phishing scams listed on this page https://internetsecurity.xfinity.com/help/alerts/
Most of this can also apply to mail from other companies such as your bank, credit card company, PayPal, online stores where you have an account, other email accounts you have (ex:hotmail, yahoo, gmail), etc.
They won't ask for your log in information via email either.
Tempted to reply to the mail? DO NOT DO IT. By replying you verify that your email address is valid, which gets it put on a spammers list.
Edit to add: there is a new phish mail making the rounds.
Clues that it is not from Comcast:
1) the links have various things in the address. is-a-liberal, is-a-llama, better-than-tv, is-gone, and various nonsense such as dpyaqlahs or other random letters. Comcast does NOT have these things as part of any of their URL's.
2) this statement "your ability to use any services provided by Comcast such as voice, broadband, wireless, adsl, cable, dialup and email might become restricted".
Comcast does not provide adsl and dialup.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer.