Is the email "ACTION REQUIRED: update your comcast.net settings soon" Legit?

---

@TomPMRI wrote:

I received an email from xfinity@emails.xfinity.com today that asked me to click on a link to "Update your settings."  When I did, my browser presented me with the following message:

 

This Connection Is Not Private

This website may be impersonating “emails.xfinity.com” to steal your personal or financial information. You should go back to the previous page."

 

I did call Xfinity support and was told that they see no record of this email being sent out.  I have received other emails with this address (the updated Comcast Customer Privacy Policy was sent this way).   So, is this legit, or is someone phishing for Xfinity's customers' information?  If it's the former, then why is Xfinity sendoug out non-private links to its customers?

 

 

---

It is not legitimate.  Whenever you get an email like this hover your mouse over the link and look in the lower left corner and you should see where the link points to.

To report this go to https://internetsecurity.xfinity.com/help/report-abuse/ and scroll down to the Report Spam and Phishing Emails tab.

I also received this email this evening.

Here is the text that is included in the email referred to above (bolding in the message is theirs, not mine):

From 9/24/2019–10/1/2019, we're making changes to improve security for Comcast.net email accounts.

As a result of these changes, you'll need to update your outgoing email server settings for the email address xxxxxxxxxxxxx@comcast.net to avoid compromising your customer login credentials when using a third-party email app such as Outlook.

If you do not update your settings your customer login credentials may be vulnerable to certain security issues. You'll also no longer be able to send emails through a third-party app.

These updates will only take a few minutes. Click below for step-by-step instructions.

Hovering over the 'Update your settings' button reveals a URL that looks like this:

(https://)  emails.xfinity.com/pub/cc?_ri_=(very long string of mixed charaters appended here)

The From address is:  xfinity@emails.xfinity.com

The Reply to address is: reply@emails.xfinity.com

I have the same question.  Got the same email today and immediately moved it to Spam.  But I am not sure.

I got the same email last night. Is there a legit Xfinity person who can confirm one way or another???

---

@BruceW wrote:

---

@ggeinec wrote: ... As a result of these changes, you'll need to update your outgoing email server settings ... (https://)  emails.xfinity.com/pub/cc?_ri_=(very long string of mixed charaters appended here) ... From address is:  xfinity@emails.xfinity.com ... Reply to address is: reply@emails.xfinity.com

---

That looks legitimate. If you can check the message in webmail, look for the Xfinity Verified logo -- see https://www.xfinity.com/support/articles/comcast-verified-email. Any legitimate email from Comcast/Xfinity should have the logo when viewed at https://connect.xfinity.com/.

---

Unfortunately my email client downloaded the message to my PC when I opened it a couple of days ago it no longer exists in my Comcast webmail inbox.

Isn't there someone at Comcast who can vouch for the legitimacy of this email? One would think with something like this that will affect a lot of users a lot of folks there would be aware of it.

Thanks!

---

@stevetefft wrote:

I got the same email last night. Is there a legit Xfinity person who can confirm one way or another???

---

I did confirm it, but you know that now.

Yes, these are legitimate.  We're asking users to ensure they are using secure connection methods when sending email using a third party client:

https://www.xfinity.com/support/articles/update-your-xfinity-email-settings

The URL has instructions for many common mail clients.

I can pass that request on to the folks that design these communications.

Thanks for your response.

And thanks for providing the direct link to the page with instructions for how to update our email settings.

We are conditioned that it is a good security practice to NEVER click on links in emails and to instead type in URLs that we know are legitimate.

Given that, I expect many of us would be more comfortable being told where we can go on the Comcast site to find instructions on how to update our email settings so we can login to the site knowing we are going to a legitimate page.

Would it be possible to include such instructions along with the button in future email messages of this type?

Thanks!

---

@CCAntiSpam wrote:
Sorry for the confusion. That action focused on IMAP/POP, this one is on SMTP. I know there's some overlap with the instructions.

---

It should be posted an pinned here, then. 

Thanks--I've also received those emails but a search today of my Comcast.net online account did not show them and & I could find no info on the Xfinity site; I'm glad I was suspicious--will report & delete

@jgt_Sarasota These are legitimate, please read the whole thread.