Fake Comcast phishing email - beware
stonej
If you get a email from Comcast Cable saying that you have to update
your profile within 72 hours, if you fail to do so within that 72 hours
your account will be terminated. This e-mail is a very professional
looking email, almost had me fooled. After you read the first page
message it, at the bottom of the page it will bring you to another
page, at this page you fill out your information, again a very good
looking page. It looks like a comcast cable website. Where they made
there mistakes is they ask for your credit card pin numbers and your
Social Security Numbers and suff like that. The e-mail address it comes
from is update.comcast.net which is a Comcast e-mail address. So please
don't fall for this, even if you just give them your credit card
information, you could do yourself great harm and heart ache!!!! These
people are scum of the earth and prey on the old and the people who
just don't know any better, because they rush them to make a bad
decision because there are going to close there account in 72 hours. So
here is a little info to help if you, if you got this e-mail like I did
DELETE it.
Feelgood@spamex.com Dr Feelgood
Did you notify Comcast?
Drew T
and your Social Security Numbers and suff like that."
This wasn't a 'mistake', it's their goal.
Drew
"stonej" <sto...@mail.lib.msu.edu> wrote in message
news:1150713390.6...@r2g2000cwb.googlegroups.com...
Rick Merrill
I would suggest forwarding it to ab...@comcast.net , indulging in the
fantasy that Comcast will help track down and prosecute the buggers!
Feelgood@spamex.com Dr Feelgood
> On Mon, 19 Jun 2006 13:29:53 -0400, Rick Merrill
> <rick0....@NOSPAMgmail.com> wrote:
>
>> I would suggest forwarding it to ab...@comcast.net , indulging in
>> the fantasy that Comcast will help track down and prosecute the
>> buggers!
>
> domain that is rotated among a whole host of IP addresses, some of
> which may reside on hijacked computers, others of which are probably
> hosted outside of the US. The spam was most likely sent through
> another hijacked computer. Good luck.
>
> It is kind of funny the way people all of a sudden get all excited
> about a Comcast phish email. Big deal. On any one day I get at
> least 4-5 phishes from banks, credit cards, eBay and PayPal accounts
> I don't own. So why should I worry when I get a Comcast phish with
> the same "verify your account or else" language that all the others
> have?
>
> mady
It can be a big deal if you consider that these schemes do work or there
would not be a market for them. Don't many of us have or know of elderly or
otherwise challenged users that can be duped every day? This happens but is
not so publicly announced. The only way to stop this and other scams like
banking and credit card hoaxes is to make it known to all. There are plenty
of spots on TV about identity theft because it also effects the banking
system but not enough is done to fully inform the grannies that are victims
lost in cracks.
RB
>I think it's great that all this stuff is making the
>news, whether TV, radio, newspapers, forums,
>whatever ...
>
>If I ever got anything from Comcast, I would
>definitely inform them ... & I would expect them
>to check it out ...
>
>Spread the word ... the more, the better ...
>
>Sj
Some basic rules;
No legit business, bank or credit union will ever ask for account
info, passwords or credit card info by email. If one does and can be
verified that they inititated the action then terminate your
association with them.
Never ever give information up unless you initiated the action, such
as an online purchase ( airline tickets) or other action that requires
information and again only if you initiated the contact.
Only deal with known reputable companies. If something goes wrong you
need to be able to get back to them to resolve the issue.
Many of us use Debit Cards. Consider using a true Credit Card for
online or telephone purchases. Transactions with your debit card come
straight out of your account. If you have a problem you may recover
your loss but will still be without those funds for some length of
time. You stand a better chance of recovery when using a Credit Card.
These few things will help to keep you out of trouble.
RB
Rick Merrill
One more thing: never dial a phone number that you received in an email!
(this is the latest phish ploy!)
Feelgood@spamex.com Dr Feelgood
Do you mean to say that NSA are also fisherman? Don't use the phone until
there is software that can be used to guarantee privacy. Use a throw away
TracFone if you really want to remain anonymous.
Dr Feelgood
"stonej" <sto...@mail.lib.msu.edu> wrote in message
news:1150713390.6...@r2g2000cwb.googlegroups.com...
I finally started getting these last night and again this afternoon.
These are not professional looking at all. for one thing the font is way
off from anything any real ISP would use. ( Trebuchet MS ) These come
from Denmark and the ISP acknowledges abuse reports in English. The
abuse addresses are ab...@kundenserver.de & ab...@schlund.com Also
send a copy to ab...@comcast.net and make sure to paste the original
header into the abuse report e-mail. The link address is a yahoo cc but
I couldn't get their abuse address to work.
OrgName: Inktomi Corporation
OrgID: INKT
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
NetRange: 68.142.192.0 - 68.142.255.255
CIDR: 68.142.192.0/18
NetName: INKTOMI-BLK-4
NetHandle: NET-68-142-192-0-1
Parent: NET-68-0-0-0-0
If you get one look at the header and if it has a kundenserver.de
address in the header the two abuse addresses I listed are correct. I'm
sure these idiots will soon move on to another ISP if they don't get
arrested first.
S1500
Comcast <http://www.comcast.com>
It has come to our attention that your Comcast Verification details records are
expired. This requires that you update your Comcast Profile records immidiatley.
Failure to update your records will turn out in account termination. Please
update your records within 48 hours. Once you have updated your account records,
your Comcast account will not be terminated and will continue as normal. Failure
to update will result in Terms of Service violations, termination of service or
future billing problems.
Please click here to continue. <http://www.updates-ssl-cgi.com/>
Couldn't find jack for a domain registrar.
Dr Feelgood
"S1500" <s1...@comcast.net> wrote in message
news:vNGdnart_8Lk-QbZ...@comcast.com...
> Just got it:
>
> Comcast <http://www.comcast.com>
>
> It has come to our attention that your Comcast Verification details
> records are
> expired. This requires that you update your Comcast Profile records
> immidiatley.
> Failure to update your records will turn out in account termination.
> Please
> update your records within 48 hours. Once you have updated your
> account records,
> your Comcast account will not be terminated and will continue as
> normal. Failure
> to update will result in Terms of Service violations, termination of
> service or
> future billing problems.
Was there some good reason for posting the link?
I hope you know you could get in trouble for posting a phishing link
should someone report you to Comcast.
Dr Feelgood
"mady" <madyl...@hotmail.com> wrote in message
news:j14n92lm022pvglsp...@4ax.com...
> On Thu, 22 Jun 2006 22:48:05 -0500, S1500 <s1...@comcast.net> wrote:
>
>>Just got it:
>
>>Please click here to continue. <removed active phishing link>
>
>>Couldn't find jack for a domain registrar.
I had no problem finding it. What a shame the idiot bringing this group
down to her level won't see it unless someone else repost it.
Tee site should be down shortly as I was able to contact customer care
at yahoo.com where it's hosted.
OrgName: Inktomi Corporation
OrgID: INKT
Address: 701 First Ave
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
NetRange: 68.142.192.0 - 68.142.255.255
CIDR: 68.142.192.0/18
NetName: INKTOMI-BLK-4
NetHandle: NET-68-142-192-0-1
Parent: NET-68-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 2004-03-24
Updated: 2005-08-26
RAbuseHandle: NETWO857-ARIN
RAbuseName: Network Abuse
RAbusePhone: +1-408-349-3300
RAbuseEmail: networ...@cc.yahoo-inc.com
OrgAbuseHandle: NETWO857-ARIN
OrgAbuseName: Network Abuse
OrgAbusePhone: +1-408-349-3300
OrgAbuseEmail: networ...@cc.yahoo-inc.com
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: netblo...@yahoo-inc.com
# ARIN WHOIS database, last updated 2006-06-22 19:10
S1500
Doc. Don't get your panties in a bunch. Keep on rockin' net.cop!
Dr Feelgood
>I was showing to the group the example of the subject I just got in the
>mail, Doc. Don't get your panties in a bunch. Keep on rockin' net.cop!
So you are willing to pay any damages caused by anyone clicking the
active phishing link you provided?
It's simply common sense not to post an active spam or phishing link to
any public place.
Would you post a known virus to a binary newsgroup or include it in an
e-mail?
It is so easy to remove the link and replace with text showing the link
has been removed as I did there is simply no excuse for posting one.
Ask yourself why the OP thought this was so professional looking and how
he knew what information they were asking for.People that don't know or
understand these things are liable to click on dangerous links. For all
you know there could be self loading malware at the end of that link.
They could have the page setup to gather information to hack into an
unprotected user's computer. Not everyone on the internet knows about
all of the possibilities and how to protect themselves from all of the
dangerous things that are out there.
Don't get YOUR panties in a bunch and resort to personal attack over a
friendly warning.
< insert appropriate jibe line here> :)
Anthony Marsh
Luckily I use Courier and don't click on URLs or open HTML files.
Unfortunately in this day and age, noticing misspellings and poor
grammar is not prima facie proof that it is a scam, but it is enough to
alert one.