Reply
Contributor
Posts: 15
Registered: ‎02-22-2008

XFinity constant guard phishing using Comcast hosted page

I've gotten this email twice now in the last month or so.  It claims to be from "xfinity@comcast.net", and directs me to "Account reconciliation".

 

That's all pretty standard, but what is really annoying is that the url for the "Account reconciliation" is: http:// cnm71. home. comcast.net/

 

So, a casual user might look at the link to determine if this is a valid email or not, and see it's hosted on comcast.net, and think "Oh, this must be legit."

 

I visited that link (using my cell phone in case of a drive-by installation attempt) and there is a fairly realistic form asking me to log in using my password.  I can imagine what happens next. :smileywink:

 

Why is comcast letting this happen?  I understand they can't block every phishing email, but why is comcast letting a phishing webpage remain on their own servers?  I've forwarded this email to abuse@comcast.net twice now, and the page is still up.

Networking Expert
kevj
Posts: 4,821
Registered: ‎10-03-2003

Re: XFinity constant guard phishing using Comcast hosted page

I've notified the moderators of this site, so hopefully someone will address it shortly.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I don't work for Comcast...


Help us to help you!!
- respond to requests for info
- post back if your issue is resolved
- mark appropriate posts as solutions


Send feedback to Comcast using the 'feedback' link on this page:
http://www.comcast.com/Corporate/Customers/CustomerGuarantee.html?SCRedirect=true

New Visitor
Posts: 1
Registered: ‎05-29-2008

Re: XFinity constant guard phishing using Comcast hosted page

this is also my second time sending this in. Havent fixed it yet :smileysad:

Service Expert
Queen-Evie
Posts: 14,102
Registered: ‎02-04-2004

Re: XFinity constant guard phishing using Comcast hosted page

[ Edited ]

You don't have to imagine what would be next if you had signed in.

 

Just for fun I decided to use Sandboxie and enter the URL to see what the deal is.

 

The first thing I noticed were a few differences between the fake sign in page and the real Comcast sign in page. I will not detail the differences here. It is not outside the realm of possibilty that those who send these types of mail would see it and correct their mistakes. Just because I spotted the differences does not mean someone else will.

 

For my user name I closed my eyes and hit random letters and numbers on the keyboard. Doing so produced this i8clwz9irkdmjhd

 

Password 1029384756 

 

The totally fake user name and password were not rejected.

 

This is the page that came up. Not everyone will realize this is not from Comcast. Those that fall for it will give their information to the wrong people, who will then use it for themselves.  My account is not suspended. I can still get on the internet and I can get my email. If the account was suspended you would not be able to get to email to see this trash.   Comcast knows how to get in touch with me if there are problems with my account. There is no need to enter all the requested info if an account has been suspended. Credit card numbers, drivers license number, SSN,  have nothing to do with "unusual activity".  I'm also willing to bet that it has been sent to people who don't have a credit card.

fakepage.PNG

 

 



 


Comcast employees must be authorized to post in the forum in an official capacity. Employees posting here have their names in red and are designated as employees. Names not in red are customers.

This is done to protect customers and for assurance that they are dealing with a Comcast employee.
Non-Authorized Employees are allowed to post but cannot state they are employees nor can they allude to being employees.

Contributor
rth88
Posts: 9
Registered: ‎11-06-2012

Re: XFinity constant guard phishing using Comcast hosted page

I just got an email from "xfinity@comcast.net" as well.  In the email I got, the "Account Reconciliation" link directs to http://daveborowski.home.comcast.net/ .

 


I forwarded the email to abuse@comcast.net

Contributor
Posts: 7
Registered: ‎12-01-2003

Re: XFinity constant guard phishing using Comcast hosted page

I have gotten the same thing twice and colled comcast about it some 3 weeks ago. They did nothing
Service Expert
Queen-Evie
Posts: 14,102
Registered: ‎02-04-2004

Re: XFinity constant guard phishing using Comcast hosted page

[ Edited ]

rth88 wrote:

I just got an email from "xfinity@comcast.net" as well.  In the email I got, the "Account Reconciliation" link directs to http://daveborowski.home.comcast.net/ .

 


I forwarded the email to abuse@comcast.net


The link in this post is NO LONGER ACTIVE. "page cannot be displayed" so it has been taken down.

 

ALL OTHERS WHO DECIDE TO POST IN THIS TOPIC:

 

If you post the link break it so it is NOT clickable. Many times the links are active at the time of posting. If they are active your post will be removed.

 

Note: It is preferred that the links not be posted at all.

 

oldrich: Instead of calling do this next time

 

Reporting Phishing Issues

 

 

1) Copy the email, including headers, and paste it into a new email.

 

2) Add the words "phishing email" in the subject so that it can be easily identified by our Customer Security Assurance team.

 

3) Send to abuse@comcast.net for further investigation. (DO NOT FORWARD)

 

A simple forward will not preserve the headers of the original phish mail. Instead the headers will show YOU as the sender.

 

IF YOU USE AN EMAIL CLIENT, you can forward the message as an attachment. This can generally be done by opening the mail, clicking a drop down arrow next to Forward and choosing As Attachment.



 


Comcast employees must be authorized to post in the forum in an official capacity. Employees posting here have their names in red and are designated as employees. Names not in red are customers.

This is done to protect customers and for assurance that they are dealing with a Comcast employee.
Non-Authorized Employees are allowed to post but cannot state they are employees nor can they allude to being employees.

New Visitor
HelloUK
Posts: 1
Registered: ‎11-13-2012

Re: XFinity constant guard phishing using Comcast hosted page

[ Edited ]

Just received a phishing email from xfinity@comcast.net also, the link points to    http://cervini05.home.comcast.net

 

which is obviously NOT legit.  Just want other people to be aware of it.

Service Expert
Queen-Evie
Posts: 14,102
Registered: ‎02-04-2004

Re: XFinity constant guard phishing using Comcast hosted page

[ Edited ]

The link  posted by HelloUK is NO LONGER ACTIVE.

 

Perhaps HelloUK did not see this in the post just above his/hers.

 

ALL OTHERS WHO DECIDE TO POST IN THIS TOPIC:

 

If you post the link break it so it is NOT clickable. Many times the links are active at the time of posting. If they are active your post will be removed.

 

Note: It is preferred that the links not be posted at all.

 

If reporting a link to a home.comcast.net page Comcast does need to know about it. BREAK THE LINK. If still underlined as a link it will at least get page not found when clicked if it is still active.

 

To break the link simply space it out: http://   cervini05 .home.comcast.net



 


Comcast employees must be authorized to post in the forum in an official capacity. Employees posting here have their names in red and are designated as employees. Names not in red are customers.

This is done to protect customers and for assurance that they are dealing with a Comcast employee.
Non-Authorized Employees are allowed to post but cannot state they are employees nor can they allude to being employees.

Contributor
Posts: 7
Registered: ‎12-01-2003

Re: XFinity constant guard phishing using Comcast hosted page

That's not what we want to know.  What we want to know is what is Comcast doing to protect it's customers from this.  I would think that would be your #1 concern.  Apparently not.

Service Expert
Queen-Evie
Posts: 14,102
Registered: ‎02-04-2004

Re: XFinity constant guard phishing using Comcast hosted page

[ Edited ]

oldrich wrote:

That's not what we want to know.  What we want to know is what is Comcast doing to protect it's customers from this.  I would think that would be your #1 concern.  Apparently not.



You will have to wait until someone from COMCAST gives you some answers. All I did was respond the best way I know how, which is LINKS should either not be posted or they should be broken. Posting links which are active is a no-no here. Apparently you are wrong when you think I am not concerned about this. I am also concerned about those links being posted by the clueless and putting others at risk. There are those misguided souls who will click the link just to see what it looks like.  Most phishing sites are just that, but a few are also sources of malware.  THAT is what we are trying to prevent-drive by malware attacks.

 

Carole has already requested a Comcast response.

 

As a Comcast customer I am not privvy to what Comcast does or what they are doing or why they do it.

 

Comcast employees have their names in red and are identified as such. Names not in red are customers.

 

That information is available for anyone to read. If more people did read it first there would be less people wrongly assuming someone is an employee. Specifically there are these 2, which are in the Forum Guidelines section.

 

http://forums.comcast.com/t5/Forum-Guidelines/Official-Administrators/td-p/764808

 

http://forums.comcast.com/t5/Forum-Guidelines/Official-Employees/td-p/764804

 

About the links which are malicious

 

Forum Guidelines state (clickable link) which everyone should read BEFORE making a first post

 

Please Don't



Malicious Content

 

Posting content designed to disrupt or interfere with the operation of another member’s computer is not permitted. This may include, but is not limited to, linking to viruses and linking to pages that hijack browsers. Posting this brand of content will likely lead to the loss of posting privileges.



 


Comcast employees must be authorized to post in the forum in an official capacity. Employees posting here have their names in red and are designated as employees. Names not in red are customers.

This is done to protect customers and for assurance that they are dealing with a Comcast employee.
Non-Authorized Employees are allowed to post but cannot state they are employees nor can they allude to being employees.

Contributor
Posts: 7
Registered: ‎12-01-2003

Re: XFinity constant guard phishing using Comcast hosted page

I did not publish any links and that is not my focus.  What I am interested in is someone trying to steal my personal information, pretending to be Comcast, with Comcast's knowledge, and them doing nothing, zippo, nada about it.  That is unconcionable and unacceptable.  You are a part of Comcast support so -- support us!!

Service Expert
Queen-Evie
Posts: 14,102
Registered: ‎02-04-2004

Re: XFinity constant guard phishing using Comcast hosted page

[ Edited ]

I never said you posted any links. YOU had an objection to my reply about posting them. Your focus was directed at my reply when you said that was not what you are interested in seeing.

 

I also told you the best way to make Comcast aware of the email. Is that the part you object to? Calling about it does no good. It has to be sent so they will have the headers of the mail.

 

Yes, I am a part of Comcast support. So are 100's of other CUSTOMERS who post here. As CUSTOMERS we are limited in what we can do. We certainly cannot speak for Comcast. How do you want me, and other customers, to "support" you?

 

I repeat: A COMCAST EMPLOYEE will have to be the one to give you the answers.

 

 

 



 


Comcast employees must be authorized to post in the forum in an official capacity. Employees posting here have their names in red and are designated as employees. Names not in red are customers.

This is done to protect customers and for assurance that they are dealing with a Comcast employee.
Non-Authorized Employees are allowed to post but cannot state they are employees nor can they allude to being employees.

Contributor
Posts: 7
Registered: ‎12-01-2003

Re: XFinity constant guard phishing using Comcast hosted page

Don't be so testy!  I'm sorry if I offended you, and i'm sorry if I assumed you were a comcast employee.  I don't frequent this board -- you do. Right above your avatar it says you are a  "Service Expert."  Just below it, it indicates you have 10,000+ posts here -- so I assumed that's what you are.  My mistake for assuming things that are not true.  Perhaps you can give me the email address of a person in a responsible position (not a low level flunky) who IS a Comcast emloyee, and who will pay attention to a customer? (if such a person exists in Comcast.)  I have been paying Comcast  on average, more than $200 a month for ten years now for every possible service they offer, and I find their customer service lacking, but they have a near monopoly so I can't just turn them off.

Contributor
Posts: 7
Registered: ‎12-01-2003

Re: XFinity constant guard phishing using Comcast hosted page

And BTW, go back and read your post.  I think I can be forgiven if I thought you were taking me to the woodshed for posting something I did not post, and accusing me of being "clueless."

 

Peace, and have a great day.

Rich

Email Expert
madylarian
Posts: 8,394
Registered: ‎06-30-2003

Re: XFinity constant guard phishing using Comcast hosted page


oldrich wrote:

I did not publish any links and that is not my focus.  What I am interested in is someone trying to steal my personal information, pretending to be Comcast, with Comcast's knowledge, and them doing nothing, zippo, nada about it.  That is unconcionable and unacceptable.  You are a part of Comcast support so -- support us!!


I'm not sure what Comcast can do about it.  They can, perhaps, make the warnings more obvious on the home page, but that would only help people who go there.  Phishing attempts affect most large ISPs, banks, investment houses, financial institutions and email providers.  If I got a warning email from every source that was spoofed by phishers I'd be overwhelmed with them.

 

mady

Honi soit qui mal y pense