[rjrex]

Just received an EMAIL from Comcast (NOT) requesting me to use a provided link to verify my card number/bank account. The link required my Comcast ID and Password.
I called Comcast (1-800-comcast to verify there was in fact a problem with my automatic payment.

Comcast internet department told me to delete EMAIL as this is a SCAM.

[ajbrown]

This is a very common technique know as phishing (http://en.wikipedia.org/wiki/Phishing). It is not a Comcast issue per se it is an issue with underlying protocols of Internet email.

Anyone can send an email and make it look like it was sent by ANYONE. You should never trust the From: line of an email.

With any email you should be suspicious of links or any attachments and be sure it really came from a trusted source.

Looks like you did the right thing....

[Russ_Boston]

As a general rule: NEVER trust a link in an e-mail. If you think the e-mail is valid then use your browser to go the real site (www.comcast.com in this case), sign in, and follow the path they provide to change PW or username or accounts etc.

I know you can't change the title of this thread but this is not a Comcast scam.

[tony]

Quote:

Originally Posted by Russ_Boston

I know you can't change the title of this thread but this is not a Comcast scam.

I can. Thanks for catching this.

[Pturner]

I received a similar email, allegedly from Google (NOT), asking me to verify my gmail account password. Yeah right. I deleted it immediately. Beware. Seems the phishers are out in force.

[golf2140]

I received an e-mail claiming they were from Chase Bank. It was a scam.

[Hancle704]

I continue to receive a variety of emails from different people in the White House all claiming they are doing great things. Are these scams???

[billethkid]

and especially emails.
Those who do are either uninformed or rolling their dice (being polite on purpose!).

Even the simplest request form one of the too many solicitors...just verify your address. Stock answer: If you have my phone number my address is not too far away. I give NO information out over the phone....NONE.
When they hear hat they usually give up or get hung up on.

btk

[jannd228]

just hold the cursor over the email it will tell you the email address of the person who sent it to you, do not open if you do not know the address or it is from outside the US if possible clear your spam box once one starts to spam and phish you will get a lot of them

[ajbrown]

Quote:

Originally Posted by jannd228

just hold the cursor over the email it will tell you the email address of the person who sent it to you, do not open if you do not know the address or it is from outside the US if possible clear your spam box once one starts to spam and phish you will get a lot of them

It is important to understand you CANNOT verify the sender of an email by looking at the message unless you are using encryption technologies such as S/Mime to sign messages.

It does not matter what the shows up in your email client. The headers including FROM: can be completely made up to look like the came from ANYONE.

[jannd228]

Quote:

Originally Posted by ajbrown

It is important to understand you CANNOT verify the sender of an email by looking at the message unless you are using encryption technologies such as S/Mime to sign messages.

It does not matter what the shows up in your email client. The headers including FROM: can be completely made up to look like the came from ANYONE.

but on some email clients you can hold the cursor over the senders name and it will show you the email address, I have my own domain so all emails that come to me I use the method I stated, I also can do the same on a yahoo email account that I have, if the email address is one I don't recognize or has fr or it or something else at the end of it I just click to delete and NEVER open an email from someone you don't know with an attachment

if you are using social media (facebook) watch out for spammers who post about great deals on IPads etc, FB catches most of these before they come through but every once in awhile they don't, also on FB before you friend someone check out who else you know, lots of trolls on FB, same think with events you are invited to

btw the villages has a FB like page, lots of info but not as well defined as what I read here

just my opinion, taught it to school teachers was a tech teacher

[ajbrown]

Quote:

Originally Posted by jannd228

but on some email clients you can hold the cursor over the senders name and it will show you the email address, I have my own domain so all emails that come to me I use the method I stated, I also can do the same on a yahoo email account that I have, if the email address is one I don't recognize or has fr or it or something else at the end of it I just click to delete and NEVER open an email from someone you don't know with an attachment

I enjoy INTERNET security banter (not as much as golf carts but ). I may not be understanding what you mean, so I will try to clarify what I meant.

As an example if I have a Comcast email account and I log into Comcast to get my messages. I see I have 10 email messages. I see I have a message from my Dad with the subject, check this out.

I see the sender in Comcast inbox is AJs Dad, I hold my mouse over AJs Dad and it shows the sender email address as aj_dad@comcast.net.

It sure looks like it came from dad. My point is all of that information can be made up, it could have come from anyone and anywhere in the world.

[Russ_Boston]

Exactly right AJ - There are solutions to the type of thing you mention but as most of you know they can cost a corporation hundreds of thousands of $. Even as a corporation we struggle with this and our security budget is well over 1M per year.

I'm not saying to ignore all your e-mail. But if it says something like: "hey check this out" or "Your account may have been compromised - please click this link to reset your account" or....

You should not use the e-mail, or social media, or 3G/4G phone to correct. As I mentioned earlier just go to the source web site and use the proper logon facilities that you know you've used in the past to see if there is an issue. Anything else and you are just asking for trouble.

[jannd228]

thanks Russ, just a teacher you phrased it better