It is indeed fishy. I got two of those yesterday, and others were reported in the forums.

Please edit your message (click Options, Edit Reply) and remove the phishing link.

Also, please see http://forums.comcast.com/t5/Security-and-Anti-Virus/Comcast-Email-Phish-or-Legit-How-to-Tell-and-ru... for more informtion, including instructions for reporting the message to Comcast Security.

Comcast should be embarrassed. Not only are they allowing their systems to be used at will by phishing scams, the scammers are actually impersonating Comcast security to implement their nefarious activities! Simplifying the method for reporting phish and other abuses would be a major step Comcast could take.

Every other ISP, email provider, all banks and credit card companies, Ebay, Amazon, and various other business should also be emabarrased. However, you are incorrect in stating they are allowing their systems to be used for these scams.  They are not allowing it. The scammers create fake websites which look REAL. There is no way for Comcast, etc. to police everyone using the internet and prevent them from doing whatever it is they want to do in their efforts to scam and phish. If I was inclined to do so I could create a fake site that looks real.

I have never gotten any fake Comcast alerts. What I do get are alerts from Bank of America, Ebay, PayPal, Citibank-none of which I do business with. These are in my msn mail on a regular basis.

I don't expect Comcast to have the resources to be aware of all the phishing schemes that are going on.  As Internet user's we all need to exercise caution and know how to identify potentially malicious situations.

As far as Comcast's role is concerned, I do find their support areas cluttered and less than intuitive.  Maybe a bit more time spent developing support/contact pages with a first-time visitor's perspective in mind (easy to find, not all crammed into one, etc) as opposed to an "insider's" perspective, would be helpful.  I'm a computer support/helpdesk technician by trade and finding what I needed was not particularly straighforward for even me.

Hi thundering5,

You may find the following link helpful to you - maybe even find your email included:

http://xfinity.comcast.net/constantguard/Alerts/

---

thundering5 wrote:

I don't expect Comcast to have the resources to be aware of all the phishing schemes that are going on.  As Internet user's we all need to exercise caution and know how to identify potentially malicious situations.

 

As far as Comcast's role is concerned, I do find their support areas cluttered and less than intuitive.  Maybe a bit more time spent developing support/contact pages with a first-time visitor's perspective in mind (easy to find, not all crammed into one, etc) as opposed to an "insider's" perspective, would be helpful.  I'm a computer support/helpdesk technician by trade and finding what I needed was not particularly straighforward for even me.

---

I, and a lot of others, agree with you on that. The help pages used to be user-friendly, it was easy to find information and was a much better page over-all.

Then they decided to go with a "new improved" look. They got half of it right-NEW. Improved, not so much.

The burden is on the CUSTOMER to find the answers they seek. If you are lucky you will type in a search term and get the results that apply to your questions. If unlucky you have to keep entering various search terms until you get the right combination of the terms and you get the answer.

As for the information about phishing and how to tell if a mail is from Comcast and the latest scams that is scattered all over the place on Comcast pages. The post I created -which someone provided the link for in this topic-put all that info in one place. To bad it's available only here as a forum post.

I still draw a distinction between what Comcast could do and what banks, etc. could do to prevent phish and abuse. Banks do not run their own ISP and so the scam attempts are completely external, However, Comcast is an ISP and they have a lot more information available internally. Comcast knows, for instance, what emails they send out. Also, Comcast stores all email (both counterfeit and genuine) on their servers. 

Comcast should provide better features to help secure their systems. My bank includes authentication information in their emails to me so I have some assurance that the email is genuine. Comcast has not even taken that relatively simple step. Many people would believe that a Comcast email coming thru the Comcast system would actually be from Comcast. Comcast could do a better job.

---

Blue_Two wrote: ... Comcast should provide better features to help secure their systems. My bank includes authentication information in their emails to me so I have some assurance that the email is genuine. ...

---

What would you have them do, exactly?

Comcast already has an excellent authentication mechanism in their "Verified Email" logo (see http://customer.comcast.com/help-and-support/internet/comcast-verified-email/). Unfortunately, users forget to check for the logo. And the logo is only available through the webmail portal, so email client programs do not benefit.

What would be terribly nice is if a working group of email stakeholders got together and came up with a way for all mail clients, web portal or email program, to automatically verify the identity of any sender who cares to purchase the necessary credentials. Maybe optionally highlight authenticated senders in green, others in red? But that would require Comcast to cooperate with Verizon, Apple with Microsoft, etc, etc, down a very long list.

I'm sure it could be done, but I'm not holding my breath.

The info the bank sends me is more in the line of shared information that only me and the bank knows. Of course, it only makes sense if the email system is https.

A back-of-the-envelope design would put a "Verify Comcast" button on the webmail bar that appears when you open emails. The button would compare the email in your inbox with the email Comcast sent and give you a thumbs up (if they are the same) or thumbs down (if it is changed or not from Comcast). 

---

Blue_Two wrote:

 

 A back-of-the-envelope design would put a "Verify Comcast" button on the webmail bar that appears when you open emails. The button would compare the email in your inbox with the email Comcast sent and give you a thumbs up (if they are the same) or thumbs down (if it is changed or not from Comcast).

---

 

---

BruceW wrote:

Comcast already has an excellent authentication mechanism in their "Verified Email" logo (see http://customer.comcast.com/help-and-support/internet/comcast-verified-email/). Unfortunately, users forget to check for the logo. And the logo is only available through the webmail portal, so email client programs do not benefit.

---

 

 

 

---

BruceW wrote:

What would be terribly nice is if a working group of email stakeholders got together and came up with a way for all mail clients, web portal or email program, to automatically verify the identity of any sender who cares to purchase the necessary credentials. Maybe optionally highlight authenticated senders in green, others in red? But that would require Comcast to cooperate with Verizon, Apple with Microsoft, etc, etc, down a very long list.

 

I'm sure it could be done, but I'm not holding my breath.

---

It was designed many years ago, it's called PEM -- Privacy Enhanced Mail. There's also PGP. These both allow digital signatures to be included in emails, so that the identity of the sender can be verified.

But they've never found widespread adoption. Most mail clients don't have built-in support for them, you need to use add-ons. There's no infrastructure for key checking, like there is for websites and DNSSEC.

I only personally know of one instance when an email user used encryption, he was a network engineer.

As far as the logo (or any stock image), they are easily copied. If the logo is in the body of the email, or at the top of the screen, most people would not notice the difference.