Philadelphia-based cable, Internet, and phone service provider Comcast has seen an increase in the number of spoof or phishing emails, according to its Constant Guard website. The website reports four new phishing emails that are making the rounds, and that they are crafted to look as if Comcast sent them. On the bright side, Comcast announced today that it has implemented DMARC, which fights against the type of phishing attacks seen here.
Phishing email content
Hackers craft phishing emails so they look as if a specific company or person sent them, and the emails contain language that the hackers hope will scare a user into clicking an embedded link, a link that oftentimes sends the target email recipient to a fake or spoof "company website."
A spoofed website that looks like the real target site, so the user feels comfortable that he or she is in the right place. Once the user is comfortable, then that user will likely enter his or her personal and private information into the provided form to comply with the phishing email instructions, but once the information is entered, a script or installed software steal it, unbeknownst to the user.
Today's reported emails are no different, and use wording to scare customers into complying. They include the following:
Action Required Customer Security Assurance Notice: This email claims to come from the Customer Security team. It claims Comcast's “Ecobill and XFINITY” billing modules are updating and that the customer must renew his or her account; otherwise, Comcast will cancel EcoBill and limit the account.
Comcast Support Team: The email claims to be from Comcast Support, and claims that the customer's payment wasn't processed. It asks about banking details, saying the customer should follow the link to log in and update them so the account will remain open. It is signed by, “Comcast Support Team 2013 Comcast.”
Important Update: Security Center: This comes from, "Comcast Security Center," and claims the customer must subscribe to the Security Center to update his or her Comcast account by clicking the supplied link, or risk account suspension until it is done. The email is signed, “Thank you for being a valued Comcast customer, Sincerely, Comcast Customer Service.”
Verify and Update your COMCAST.NET Email: This phishing email uses an old technique that works so well, its still going strong with the majority of phishers, and it’s been used at least for the last 10 years, although details and company names change each time.
In this case, the phishing email is from “Comcast.net, and is addressed to, “email owner.” It claims that Comcast is updating their systems to, “create more space for new COMCAST.NET email accounts,” because old, unused accounts are being deleted," and that users should "verify and update” their email account and prevent it from being closed. They must, "confirming their identity by sending first and last names, email, username, and passwords to web.upgrd2009(at)live(dot)com.
Spot the phishing email mistakes
Most Comcast users can tell immediately that these emails are fake. However, non Comcast customers, or customers who transferred some time ago might not realize these are fake emails and they might just click the links. To prevent this from happening, keep the following in mind:
Account Information: Comcast does not limit accounts, ask for account information via email or over the phone, or ask customers to update their information via a link in an email. The company does not require a subscription to the Security Center, and only suspends account for non payment of bills, and only after sending a letter via the post office.
Comcast Customer Service: Comcast doesn’t send, “Customer Security Assurance" notices; it doesn't have a “Customer Security Team,” and doesn't sign emails, "Comcast Support Team 2013 Comcast.” Comcast does have a "Comcast Customer Security Assurance Department.”
Billing information: “Ecobill” is spelled wrong – it should be, “EcoBill.” Only signed in customers can manage EcoBill. Comcast uses a streamlined billing module to process payments centrally. If there is a billing issue, or if a check bounces, Comcast will mail a letter via the post office asking the customer to contact the company by phone, and the bank will notify the customer as well.
Phishing techniques are sophisticated, and in some cases, IT techs cannot tell the difference, so don't worry if you've been duped. However, if you have received an email claiming to be from Comcast, double check by calling the company, or reporting it by following the instructions here.
Stay tuned to the latest in Philadelphia Computer news and informaiton by subscribing to updates via your inbox.
Coming this week: Information on the latest 2013 security threats, plus information on how to protect your computers and mobile devices.
Updated Feb. 5, 2013