Reply
Service Expert
Queen-Evie
Posts: 14,144
Registered: ‎02-04-2004

Comcast Email Phish or Legit? How to Tell (and rules for posting about your mail)

[ Edited ]

*Posted in this forum due to the increase of reports/questions being reported in Billing*

 

If you receive mail that purports to be from Comcast telling you (the following are only a few of the things these emails will tell you)

 

1) Your account has been blocked

2) There has been unusual activity on your account

3) To update your account

4) To consent to the Electronic Communications Delivery Policy or your account will be deactivated

5) To upgrade your account

6) Constant Guard had been updated and you need to re-log in

7) Your payment is overdue, sign in to Customer Central to confirm your payment

8) Your email address will be deleted

9) Your bill is ready to be viewed. You may get this even though you do not subscribe to Eco Bill.

10) You get an email and the From address is XFINITY.User or Comcast.User

11) A mail that purports to be from Comcast which includes an attachment.  Example: Download the attachments, complete the payment form to pay your July bill online and get your 50% Discount.

12) To update your credit card information and  your service could be suspended if you fail to do so

13) There was an issue with your last payment. You are required to validate your payment information in order to avoid service suspension. Update your payment methods. Update your credit card information as soon as possible.

14) The Constant Guard™ service has updated the Online Security of Comcast Users. In order to get the last update click "Accept Terms Now" bellow and  accept the "Terms & Conditions".

15) Security Measure for your Comcast Email

Our Security Department has been receiving complains about your email account and we are sending you this notification before we terminate your account.

16) Dear Comcast Mail User, Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24 hours, we shall suspend your account. CLICK HERE to verify your email account now.

17) Your immediate attention is required. Constant Guard™ has identified that there is a unpaid supplementary fee of $25.00 on your XFINITY Internet Services. [ Login to Customer Central ] You must Log In as the Administrator/Parent account holder. If payment is not completed by [July 03, 2013] - we will be forced to suspend your account indefinitely. We are currently investigating this issue, if it is a system error, you may disregard this message.

18) A DGTFX Virus has been detected in your Comcast folders and threatens to deactivate your email account if you don't send your email address, full name, password and phone number. THERE IS NO SUCH THING AS A DGTFX virus. It’s just a string of letters somebody dreamed up to try and make their phishing campaign more believable. If you do a search for it, the only thing that will turn up in the results are numerous "this is a phishing scam".

19) Failure to do anything else that will result in your service being suspended

20) You have been overcharged by a specific amount which will be listed, I should submit a refund through the email. Comcast does not send out overcharged notices. It will be on your next bill as a credit.

21) Create your Refund Voucher because you were overcharged on your last bill. Will include links for you to use to sign in. Comcast does not have Refund Vouchers.

 

 DO NOT CLICK THE LINKS AND PROVIDE THE INFORMATION.

 

THESE ARE PHISHING ATTEMPTS.

 

There is one way to know 100% if the mail is a phishing attempt. If the mail contains links that lead to a page wanting your user name, password or any other personal information /asks in the mail for you provide the info THE MAIL IS NOT FROM COMCAST.

 

  • Be suspicious of any email or phone call that asks for your personal account information, such as user names, passwords, and account numbers. Email, phone calls, text messages, instant messages, or Web logs that appear to come from a reliable source may not always be authentic

 

Be aware that Comcast will NEVER ask you for password information over the phone or email



Comcast will NEVER ask for billing or payment information through email

 

whether by a link or in an attachment.

 

Comcast does NOT send out disconnect/suspension notices for failure to pay via Email or for anything else you fail to do.

 

 

Official Comcast mail will never be sent with Xfinity.User or Comcast.User as the sender. THESE MAILS ARE PHISHING ATTEMPTS/SCAMS.

 

 They won't include attachments for you to open in order to access your account.

 

 Another sign of a phishing attempt is the sender address. If it contains @ with .2 letters it was sent from a domain outside the United States. An example of this is @uc.cl (which is in a post by a customer who received a phishing attempt from someone using that domain) cl is for Chile.

 

 Each country has a domain code. A good search engine will help you identify the country. Comcast will not send mail from another country domain.

 

 

Another thing you can do is look at the headers in the email, which often contain clues that Comcast did not send it. If you don't know how to find the headers, ask us in the forum. Please tell us if you are using Comcast Xfinity Connect (web mail) or an email client. If you use a client we need to know which one you use.

 

 They won't include attachments for you to open in order to access your account.

 

If you use Xfinity Connect (web based) for email access:

 

Legitimate mail from Comcast will have the Comcast logo next to mail sent from Comcast.

 

Comcast Logo.PNG

You can also hover over the From  line in the Inbox to see where the email message was sent from. If not Comcast or Xfinity, you know it is not legit.

 

IF YOU USE AN EMAIL CLIENT THE LOGO WILL NOT APPEAR AS SHOWN IN FIRST IMAGE NOR WILL HOVERING OVER THE FROM LINE REVEAL  WHERE THE MAIL WAS SENT FROM.

 

Also in Xfinity Connect you can hover over the link in the mail and the link URL will appear in your bottom taskbar, usually on the left side.  Hovering over the link in an email client will also show the URL. These URL's are a strong indicator the mail is not legitimate.



Learn more about email phishing

 

 Reporting Phishing Issues



Please take the following steps to help us investigate the phishing email you received:



1) Copy the email, including headers, and paste it into a new email.



2) Add the words "phishing email" in the subject so that it can be easily identified by our Customer Security Assurance team.



3) Send to abuse@comcast.net for further investigation. (DO NOT FORWARD)

 

A simple forward will not preserve the headers of the original phish mail. Instead the headers will show YOU as the sender.

 

IF YOU USE AN EMAIL CLIENT, you can forward the message as an attachment. This can generally be done by opening the mail, clicking a drop down arrow next to Forward and choosing As Attachment. This will preserve the headers.

 

IF YOU POST THE MAIL YOU RECEIVED DO NOT INCLUDE THE LINK. Many times the links are still active when posted. There are those misguided souls who will click the link just to see what it looks like! Most phishing sites are just that, but a few are also sources of malware.

 

IF YOU POST THE EMAIL ADDRESS THE MAIL WAS SENT FROM break the link to make it non-clickable. It should look like this  email address @ wherever.com/net

 

IF YOU POST HEADERS OF THE MAIL edit out any user names before @wherever.com/net.

 

You can also find the most common phishing scams listed on this page http://constantguard.comcast.net/alerts

 

 

Most of this can also apply to mail from other companies such as your bank, credit card company, PayPal, online stores where you have an account, other email accounts you have (ex:hotmail, yahoo, gmail), etc.

 

They won't ask for your log in information via email either.

 

Tempted to reply to the mail? DO NOT DO IT. By replying you verify that your email address is valid, which gets it put on a spammers list.

 

Edit to add: there is a new phish mail making the rounds.

 

Clues that it is not from Comcast:

 

1) the links have various things in the address. is-a-liberal, is-a-llama, better-than-tv, is-gone, and various nonsense such as dpyaqlahs or other random letters. Comcast does NOT have these things as part of any of their URL's.

 

2) this statement "your ability to use any services provided by Comcast such as voice, broadband, wireless, adsl, cable, dialup and email might become restricted".

 

Comcast does not provide adsl and dialup. They also have no wireless plan.

 

*edit 8/23/2014 to add this one*

 

If you receive the following email, DO NOT RESPOND. Comcast does NOT issue credit vouchers. A credit amount will be deducted from your next bill. Comcast does not send emails for refunds.

 

comcast voucher.PNG

 

 

 



 


Comcast employees must be authorized to post in the forum in an official capacity. Employees posting here have their names in red and are designated as employees. Names not in red are customers.

This is done to protect customers and for assurance that they are dealing with a Comcast employee.
Non-Authorized Employees are allowed to post but cannot state they are employees nor can they allude to being employees.