Community Forum

"Confirming your new password" Email from Comcast When I Didn't Change My Password

Highlighted
Frequent Visitor

"Confirming your new password" Email from Comcast When I Didn't Change My Password

Has anybody else received emails from Comcast confirming that you just changed your password when you have not done so?  I received two emails on my mobile device claiming to be from Comcast at exactly the same time with the same message contents.  When I attempted to log in to my account with my mail client on my PC it could not log in.  I switched to web mail access via my browser and after I entered my log in credentials a screen came up saying my account had been compromised and I needed to change my password.  After successful two factor validation I was able to change my password and everything else seems OK.  Comcast says this email was not from them and my account was locked as the result of their detecting invalid attempts to access my account.

 

I looked at the headers from both email messages and examing the full message path I cannot detect where the emails came from anybody but Comcast.  If this was a spear fishing attack it was the most sophisticated one I've seen.  Anybody care to help me out here with an explanation?  Thanks.

Highlighted
Problem Solver

Re: "Confirming your new password" Email from Comcast When I Didn't Change My Password


@TraderRIC wrote:

Has anybody else received emails from Comcast confirming that you just changed your password when you have not done so?  I received two emails on my mobile device claiming to be from Comcast at exactly the same time with the same message contents.  When I attempted to log in to my account with my mail client on my PC it could not log in.  I switched to web mail access via my browser and after I entered my log in credentials a screen came up saying my account had been compromised and I needed to change my password.  After successful two factor validation I was able to change my password and everything else seems OK.  Comcast says this email was not from them and my account was locked as the result of their detecting invalid attempts to access my account.

 

I looked at the headers from both email messages and examing the full message path I cannot detect where the emails came from anybody but Comcast.  If this was a spear fishing attack it was the most sophisticated one I've seen.  Anybody care to help me out here with an explanation?  Thanks.


Did you follow the spam/phishing instructions at https://internetsecurity.xfinity.com/help/report-abuse/

 selecting the Report Spam and Phishing tab and forward the email(s) to abuse @ comcast dot net

Joe V
(not a Comcast employee, just another paying customer)
Highlighted
Frequent Visitor

Re: "Confirming your new password" Email from Comcast When I Didn't Change My Password

Yes, I talked with Customer Security Assurance and they examined the emails while we were talking.  The phone rep said she would be forwarding them to their technical specialists section.