Security and Anti-Virus

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Service Expert
Queen-Evie
Posts: 12,339
Registered: ‎02-04-2004

Comcast Email Phish or Legit? How to Tell (and rules for posting about your mail)

[ Edited ]

‎03-09-2012 10:22 AM - edited ‎05-21-2013 04:43 PM

If you receive mail that purports to be from Comcast telling you (the following are only a few of the things these emails will tell you)

 

1) Your account has been blocked

2) There has been unusual activity on your account

3) To update your account

4) To consent to the Electronic Communications Delivery Policy or your account will be deactivated

5) To upgrade your account

6) Constant Guard had been updated and you need to re-log in

7) Your payment is overdue, sign in to Customer Central to confirm your payment

8) Your email address will be deleted

9) Your bill is ready to be viewed. You may get this even though you do not subscribe to Eco Bill.

10) You get an email and the From address is XFINITY.User or Comcast.User

11) A mail that purports to be from Comcast which includes an attachment.  Example: Download the attachments, complete the payment form to pay your July bill online and get your 50% Discount.

12) To update your credit card information and  your service could be suspended if you fail to do so

13) There was an issue with your last payment. You are required to validate your payment information in order to avoid service suspension. Update your payment methods. Update your credit card information as soon as possible.

14) The Constant Guard™ service has updated the Online Security of Comcast Users.
In order to get the last update click "Accept Terms Now" bellow and  accept
the "Terms & Conditions".

15) Security Measure for your Comcast Email
Our Security Department has been receiving complains about your email account and we are sending you this notification before we terminate your account.

16) Failure to do anything else that will result in your service being suspended

   

DO NOT CLICK THE LINKS AND PROVIDE THE INFORMATION.

 

THESE ARE PHISHING ATTEMPTS.

 

There is one way to know 100% if the mail is a phishing attempt. If the mail contains links that lead to a page wanting your user name, password or any other personal information /asks in the mail for you provide the info THE MAIL IS NOT FROM COMCAST.

 

  • Be suspicious of any email or phone call that asks for your personal account information, such as user names, passwords, and account numbers. Email, phone calls, text messages, instant messages, or Web logs that appear to come from a reliable source may not always be authentic

 

Be aware that Comcast will NEVER ask you for password information over the phone or email



Comcast will NEVER ask for billing or payment information through email

 

whether by a link or in an attachment.

 

 Comcast does NOT send out disconnect/suspension notices for failure to pay via Email or for anything else you fail to do.

 

 

Official Comcast mail will never be sent with Xfinity.User or Comcast.User as the sender. THESE MAILS ARE PHISHING ATTEMPTS/SCAMS.

 

They won't include attachments for you to open in order to access your account.

 

If you use Xfinity Connect (web based) for email access:

 

Legitimate mail from Comcast will have the Comcast logo next to mail sent from Comcast.

 

Comcast Logo.PNG

You can also hover over the From  line in the Inbox to see where the email message was sent from. If not Comcast or Xfinity, you know it is not legit.

 

IF YOU USE AN EMAIL CLIENT THE LOGO WILL NOT APPEAR AS SHOWN IN FIRST IMAGE NOR WILL HOVERING OVER THE FROM LINE REVEAL  WHERE THE MAIL WAS SENT FROM.

 

If the from address OR the URL has a domain of something along the lines of for example .au it will not be from Comcast.   .au is the Internet country code top-level domain  for Australia. Comcast will not send an email from Australia or any other country. You can enter the domain in your search engine to find out which country it belongs to.

 

Also in Xfinity Connect you can hover over the link in the mail and the link URL will appear in your bottom taskbar, usually on the left side.  Hovering over the link in an email client will also show the URL. These URL's are a strong indicator the mail is not legitimate.

 

 



Learn more about email phishing

 

 Reporting Phishing Issues



Please take the following steps to help us investigate the phishing email you received:



1) Copy the email, including headers, and paste it into a new email.



2) Add the words "phishing email" in the subject so that it can be easily identified by our Customer Security Assurance team.



3) Send to abuse@comcast.net for further investigation. (DO NOT FORWARD)

 

A simple forward will not preserve the headers of the original phish mail. Instead the headers will show YOU as the sender.

 

IF YOU USE AN EMAIL CLIENT, you can forward the message as an attachment. This can generally be done by opening the mail, clicking a drop down arrow next to Forward and choosing As Attachment. This will preserve the headers.

 

IF YOU POST THE MAIL YOU RECEIVED DO NOT INCLUDE THE LINK. Many times the links are still active when posted. There are those misguided souls who will click the link just to see what it looks like! Most phishing sites are just that, but a few are also sources of malware.

 

IF YOU POST THE EMAIL ADDRESS THE MAIL WAS SENT FROM break the link to make it non-clickable. It should look like this  email address @ wherever.com/net

 

IF YOU POST HEADERS OF THE MAIL edit out any user names before @wherever.com/net.

 

You can also find the most common phishing scams listed on this page http://xfinity.comcast.net/constantguard/Alerts/#ThreatInfo

 

 

Most of this can also apply to mail from other companies such as your bank, credit card company, PayPal, online stores where you have an account, other email accounts you have (ex:hotmail, yahoo, gmail), etc.

 

They won't ask for your log in information via email either.

 

Tempted to reply to the mail? DO NOT DO IT. By replying you verify that your email address is valid, which gets it put on a spammers list.

 

Edit to add: there is a new phish mail making the rounds.

 

Clues that it is not from Comcast:

 

1) the links have various things in the address. is-a-liberal, is-a-llama, better-than-tv, is-gone, and various nonsense such as dpyaqlahs or other random letters. Comcast does NOT have these things as part of any of their URL's.

 

2) this statement "your ability to use any services provided by Comcast such as voice, broadband, wireless, adsl, cable, dialup and email might become restricted".

 

Comcast does not provide adsl and dialup. They also have no wireless plan.

 

 

 


 


Comcast employees must be authorized to post in the forum. Employees posting here have their names in red and are designated as employees. Names not in red are customers.

Message 1 of 1 (10,470 Views)