Discussion:
Phishing scams with Comcast address
(too old to reply)
Frank
2024-11-02 14:09:37 UTC
Permalink
Mrs Frank has been getting emails with Comcast address to do something
like this:

" ---------- Original Message ----------
From: Comcast inc <***@comcast.net>
To: Mrs ***@comcast.net
Date: 08/28/2024 12:14 PM EDT
Subject: Synchronize Your Mail service
Dear User,

We recently changed our service network. Due to your service newtork we
will like you to comply to the new terms and agreement to avoid closure
of account.

ACCEPT AND AGREE"

I told her it was probably fake but she had to call Comcast to get it
from them.
Allodoxaphobia
2024-11-02 19:08:54 UTC
Permalink
Post by Frank
Mrs Frank has been getting emails with Comcast address to do something
...... Due to your service newtork we will like you to comply to the
new terms and agreement to avoid closure of account.
And you never questioned the faux 'english' and mis-spelling that was employed?

We haven't seen any email like this. But a couple of weeks back we did
get a Very Good Looking email stating that our auto payment was declined
by 'the bank' with a request to update the credit card info -- complete
with Comcast logos & images, email header, email footer, etc.
Inspecting the scammer's email headers "gave proof to the lie".
Frank
2024-11-02 23:03:19 UTC
Permalink
Post by Allodoxaphobia
Post by Frank
Mrs Frank has been getting emails with Comcast address to do something
...... Due to your service newtork we will like you to comply to the
new terms and agreement to avoid closure of account.
And you never questioned the faux 'english' and mis-spelling that was employed?
We haven't seen any email like this. But a couple of weeks back we did
get a Very Good Looking email stating that our auto payment was declined
by 'the bank' with a request to update the credit card info -- complete
with Comcast logos & images, email header, email footer, etc.
Inspecting the scammer's email headers "gave proof to the lie".
I noticed the misspelling after posting here.

Spam I get usually comes from gmail and accounts never heard of but not
comcast.net. It also goes to the junk file on Thunderbird I use but
wife uses Comcast account directly.

Wife continues to get them.
Allodoxaphobia
2024-11-03 00:10:46 UTC
Permalink
Post by Frank
Post by Allodoxaphobia
Post by Frank
Mrs Frank has been getting emails with Comcast address to do something
...... Due to your service newtork we will like you to comply to the
new terms and agreement to avoid closure of account.
And you never questioned the faux 'english' and mis-spelling that was employed?
We haven't seen any email like this. But a couple of weeks back we did
get a Very Good Looking email stating that our auto payment was declined
by 'the bank' with a request to update the credit card info -- complete
with Comcast logos & images, email header, email footer, etc.
Inspecting the scammer's email headers "gave proof to the lie".
I noticed the misspelling after posting here.
Spam I get usually comes from gmail and accounts never heard of but not
comcast.net. It also goes to the junk file on Thunderbird I use but
wife uses Comcast account directly.
Wife continues to get them.
I'd like to see the email headers. The From: field is easy to spoof.
The chain of Received: headers (among others) would be revealing.
Obfuscate any of _your_personal_ info found in the headers.
VanguardLH
2024-11-03 07:28:21 UTC
Permalink
Post by Frank
Mrs Frank has been getting emails with Comcast address to do something
" ---------- Original Message ----------
Date: 08/28/2024 12:14 PM EDT
Subject: Synchronize Your Mail service
Dear User,
We recently changed our service network. Due to your service newtork we
will like you to comply to the new terms and agreement to avoid closure
of account.
ACCEPT AND AGREE"
I told her it was probably fake but she had to call Comcast to get it
from them.
Without an exhibit showing the headers, no idea from where the e-mail
originated. The *client* generates the From header, so it can be
whatever the sender wants.

You could copy the raw source of the message here, but would have to
redact any personal info before posting here. However, even you know
this was not a legit Comcast message.
Cosmo Kramer
2024-11-10 22:17:51 UTC
Permalink
Post by Frank
Mrs Frank has been getting emails with Comcast address to do something
" ---------- Original Message ----------
Date: 08/28/2024 12:14 PM EDT
Subject: Synchronize Your Mail service
Dear User,
We recently changed our service network. Due to your service newtork we
will like you to comply to the new terms and agreement to avoid closure
of account.
ACCEPT AND AGREE"
I told her it was probably fake but she had to call Comcast to get it
from them.
The best antispam method I've found is to use an email address that is
extremely difficult for the spammers and scammers to guess.

Something like "***@comcast.net" ought to do it.
Retirednoguilt
2024-11-11 16:06:43 UTC
Permalink
Post by Cosmo Kramer
Post by Frank
Mrs Frank has been getting emails with Comcast address to do something
" ---------- Original Message ----------
Date: 08/28/2024 12:14 PM EDT
Subject: Synchronize Your Mail service
Dear User,
We recently changed our service network. Due to your service newtork we
will like you to comply to the new terms and agreement to avoid closure
of account.
ACCEPT AND AGREE"
I told her it was probably fake but she had to call Comcast to get it
from them.
The best antispam method I've found is to use an email address that is
extremely difficult for the spammers and scammers to guess.
I got the same e-mail recently. The give-away for me was that it landed
in the inbox of an e-mail account I'd never provided to Comcast. I
expect them to contact me in keeping with the contact information I've
provided to them in my profile.
VanguardLH
2024-11-11 18:16:37 UTC
Permalink
Post by Retirednoguilt
Post by Cosmo Kramer
Post by Frank
Mrs Frank has been getting emails with Comcast address to do something
" ---------- Original Message ----------
Date: 08/28/2024 12:14 PM EDT
Subject: Synchronize Your Mail service
Dear User,
We recently changed our service network. Due to your service newtork we
will like you to comply to the new terms and agreement to avoid closure
of account.
ACCEPT AND AGREE"
I told her it was probably fake but she had to call Comcast to get it
from them.
The best antispam method I've found is to use an email address that is
extremely difficult for the spammers and scammers to guess.
I got the same e-mail recently. The give-away for me was that it landed
in the inbox of an e-mail account I'd never provided to Comcast. I
expect them to contact me in keeping with the contact information I've
provided to them in my profile.
The sender of an e-mail can put whatever they want in the To header.
That is a client-added header. When the client sends an e-mail, it
builds an aggregate list of recipients from the To, CC, and BCC headers
to use in a list of RCPT-TO commands it sends to the server. However,
spammers will use clients that compile whatever RCPT-TO commands the
spammer wants without regard to what are in the To, CC, and BCC fields.

Some (few) e-mail providers will check the From header in a sent e-mail
matches on the account through which the e-mail gets sent. Spammers
don't use those since they want to hide. No SMTP server validates the
list of RCPT-TO commands it received from the client matches on the To,
CC, and BCC headers which were added by the client, and sent within the
DATA command.

For example, a spammer could specify just 1 recipient in the To header,
but their client could issue umpteen RCPT-TO to a slew of recipients.
None of the recipients will see the list of RCPT-TO commands the sending
server got from the client, so the recipient doesn't know to how many
recipients a message was received. The recipient may not even be
specified in the To or CC headers the recipient sees. E-mail was built
on a trust model, and why it is easily abused.
Grant Taylor
2024-11-11 21:28:18 UTC
Permalink
Post by VanguardLH
The sender of an e-mail can put whatever they want in the To header.
They can (try to) send with whatever they want in the To: et al.
headers. But there's no guarantee that the receiving server will accept it.
Post by VanguardLH
Some (few) e-mail providers will check the From header in a sent
e-mail matches on the account through which the e-mail gets sent.
I am aware of some (larger) providers doing this. But I've never felt
the compulsion to do this on email servers that I administer. Abuse,
which spam is just one type, was never sufficient to justify the
increased complexity. Especially considering that our server's added a
Received: header including the message ID. I could then correlate the
message ID with the account used to authenticate and send the message in
the event of receiving a complaint.
--
Grant. . . .
Grant Taylor
2024-11-11 21:22:45 UTC
Permalink
It is extremely unlikely that such an address will be guessed. But it
is just as extremely likely that it can be scraped from somewhere, say
Usenet.
--
Grant. . . .
VanguardLH
2024-11-12 07:04:25 UTC
Permalink
Post by Grant Taylor
It is extremely unlikely that such an address will be guessed. But it
is just as extremely likely that it can be scraped from somewhere, say
Usenet.
Plus anyone to whom Cosmo gives that obtuse e-mail address could abuse
his trust by selling it to marketing firms who could be spammers. Once
it's out there, you lose control over it. Tis why I use aliases which
are uniquely assigned to each sender (so I know who might've betrayed my
trust), and the alias can be killed. They don't get to know my real
e-mail address, so it cannot "accidentally" or maliciously released to
someone else nor can they abuse the alias for long before I kill the
alias, and, poof, they're forever gone since the alias no longer exists.
Better than defining a bunch of server- or client-side rules or
anti-spam filters to get rid of abusers and spammers.
Grant Taylor
2024-11-12 14:32:27 UTC
Permalink
They don't get to know my real e-mail address, so it cannot
"accidentally" or maliciously released to someone else nor can they
abuse the alias for long before I kill the alias, and, poof, they're
forever gone since the alias no longer exists. Better than defining
a bunch of server- or client-side rules or anti-spam filters to get
rid of abusers and spammers.
I largely agree.

Though will keep the alias, er alternate address, in my mail server
configuration with a curt message suggesting a long walk on a short pier.

I still use server side rules to file messages in the folder associated
with the email address that was used.
--
Grant. . . .
Cosmo Kramer
2024-11-12 15:45:34 UTC
Permalink
It is extremely unlikely that such an address will be guessed. But it
is just as extremely likely that it can be scraped from somewhere, say
Usenet.
I only use the "***@comcast.net" with trusted
businesses like my bank, investment house, irs, and social security.
I've done it this way for about 10 years and no one has sold it...yet.

But there's no fuckin' way I'd give it to a car dealer.
VanguardLH
2024-11-13 02:09:58 UTC
Permalink
Post by Cosmo Kramer
It is extremely unlikely that such an address will be guessed. But it
is just as extremely likely that it can be scraped from somewhere, say
Usenet.
businesses like my bank, investment house, irs, and social security.
I've done it this way for about 10 years and no one has sold it...yet.
But there's no fuckin' way I'd give it to a car dealer.
Or to a coupon web site. That'll get you highly spammed.

Loading...