03-09-2012 10:22 AM - edited 11-01-2013 04:19 PM
If you receive mail that purports to be from Comcast telling you (the following are only a few of the things these emails will tell you)
1) Your account has been blocked
2) There has been unusual activity on your account
3) To update your account
4) To consent to the Electronic Communications Delivery Policy or your account will be deactivated
5) To upgrade your account
6) Constant Guard had been updated and you need to re-log in
7) Your payment is overdue, sign in to Customer Central to confirm your payment
8) Your email address will be deleted
9) Your bill is ready to be viewed. You may get this even though you do not subscribe to Eco Bill.
10) You get an email and the From address is XFINITY.User or Comcast.User
11) A mail that purports to be from Comcast which includes an attachment. Example: Download the attachments, complete the payment form to pay your July bill online and get your 50% Discount.
12) To update your credit card information and your service could be suspended if you fail to do so
13) There was an issue with your last payment. You are required to validate your payment information in order to avoid service suspension. Update your payment methods. Update your credit card information as soon as possible.
14) The Constant Guard™ service has updated the Online Security of Comcast Users. In order to get the last update click "Accept Terms Now" bellow and accept the "Terms & Conditions".
15) Security Measure for your Comcast Email
Our Security Department has been receiving complains about your email account and we are sending you this notification before we terminate your account.
16) Dear Comcast Mail User, Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24 hours, we shall suspend your account. CLICK HERE to verify your email account now.
17) Your immediate attention is required. Constant Guard™ has identified that there is a unpaid supplementary fee of $25.00 on your XFINITY Internet Services. [ Login to Customer Central ] You must Log In as the Administrator/Parent account holder. If payment is not completed by [July 03, 2013] - we will be forced to suspend your account indefinitely. We are currently investigating this issue, if it is a system error, you may disregard this message.
18) Failure to do anything else that will result in your service being suspended
DO NOT CLICK THE LINKS AND PROVIDE THE INFORMATION.
THESE ARE PHISHING ATTEMPTS.
There is one way to know 100% if the mail is a phishing attempt. If the mail contains links that lead to a page wanting your user name, password or any other personal information /asks in the mail for you provide the info THE MAIL IS NOT FROM COMCAST.
Be aware that Comcast will NEVER ask you for password information over the phone or email
Comcast will NEVER ask for billing or payment information through email
whether by a link or in an attachment.
Comcast does NOT send out disconnect/suspension notices for failure to pay via Email or for anything else you fail to do.
Official Comcast mail will never be sent with Xfinity.User or Comcast.User as the sender. THESE MAILS ARE PHISHING ATTEMPTS/SCAMS.
They won't include attachments for you to open in order to access your account.
If you use Xfinity Connect (web based) for email access:
Legitimate mail from Comcast will have the Comcast logo next to mail sent from Comcast.
You can also hover over the From line in the Inbox to see where the email message was sent from. If not Comcast or Xfinity, you know it is not legit.
IF YOU USE AN EMAIL CLIENT THE LOGO WILL NOT APPEAR AS SHOWN IN FIRST IMAGE NOR WILL HOVERING OVER THE FROM LINE REVEAL WHERE THE MAIL WAS SENT FROM.
If the from address OR the URL has a domain of something along the lines of for example .au it will not be from Comcast. .au is the Internet country code top-level domain for Australia. Comcast will not send an email from Australia or any other country. You can enter the domain in your search engine to find out which country it belongs to.
Also in Xfinity Connect you can hover over the link in the mail and the link URL will appear in your bottom taskbar, usually on the left side. Hovering over the link in an email client will also show the URL. These URL's are a strong indicator the mail is not legitimate.
Reporting Phishing Issues
Please take the following steps to help us investigate the phishing email you received:
1) Copy the email, including headers, and paste it into a new email.
2) Add the words "phishing email" in the subject so that it can be easily identified by our Customer Security Assurance team.
3) Send to email@example.com for further investigation. (DO NOT FORWARD)
A simple forward will not preserve the headers of the original phish mail. Instead the headers will show YOU as the sender.
IF YOU USE AN EMAIL CLIENT, you can forward the message as an attachment. This can generally be done by opening the mail, clicking a drop down arrow next to Forward and choosing As Attachment. This will preserve the headers.
IF YOU POST THE MAIL YOU RECEIVED DO NOT INCLUDE THE LINK. Many times the links are still active when posted. There are those misguided souls who will click the link just to see what it looks like! Most phishing sites are just that, but a few are also sources of malware.
IF YOU POST THE EMAIL ADDRESS THE MAIL WAS SENT FROM break the link to make it non-clickable. It should look like this email address @ wherever.com/net
IF YOU POST HEADERS OF THE MAIL edit out any user names before @wherever.com/net.
You can also find the most common phishing scams listed on this page http://constantguard.comcast.net/alerts
Most of this can also apply to mail from other companies such as your bank, credit card company, PayPal, online stores where you have an account, other email accounts you have (ex:hotmail, yahoo, gmail), etc.
They won't ask for your log in information via email either.
Tempted to reply to the mail? DO NOT DO IT. By replying you verify that your email address is valid, which gets it put on a spammers list.
Edit to add: there is a new phish mail making the rounds.
Clues that it is not from Comcast:
1) the links have various things in the address. is-a-liberal, is-a-llama, better-than-tv, is-gone, and various nonsense such as dpyaqlahs or other random letters. Comcast does NOT have these things as part of any of their URL's.
2) this statement "your ability to use any services provided by Comcast such as voice, broadband, wireless, adsl, cable, dialup and email might become restricted".
Comcast does not provide adsl and dialup. They also have no wireless plan.
Comcast employees must be authorized to post in the forum in an official capacity. Employees posting here have their names in red and are designated as employees. Names not in red are customers.
This is done to protect customers and for assurance that they are dealing with a Comcast employee.
Non-Authorized Employees are allowed to post but cannot state they are employees nor can they allude to being employees.
©2011 Comcast | Investor Relations | Press Room | Corporate Blog | Privacy Statement | Visitor Agreement | Comcast.com Feedback | Site Map