dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3049
share rss forum feed


Ender3rd

join:2001-07-15
Connecticut

4 edits

Email from Cox with embedded links --- SCAM?

I received an email this evening from Cox_Communications@updates.cox.com

It looks like a scam to me. The subject is "Take a Brief Cox Survey for a Chance to Win $500!"

I never click links embedded in email, but I do float the cursor over them to see where they actually go. The displayed link looks like this:

"https://www.coxdigitaltownhall.com/R.aspx?"

...but it actually directs you to this:

"http://updates.cox.com/cgi-bin3/DM/y/hvX"

Why would the displayed link embedded in the email indicate a secure server when actually it is pointing to an unsecured server? Why would I be sent to an update site to participate in a survey?

Looks like an obvious scam, but I would imagine many might click away and give up all kinds of information.

Will one of the Cox participants in this forum check into whether this is a valid Cox initiative?

--
My Jeep is not an SUV. Your SUV is not a Jeep.


Net_Neutral

join:2009-01-29

4 edits

All sorts of people have their fingers on this one

Registrant:
Andrew Reid
1750 - 1111 West Georgia St
Vancouver, British Columbia V6E 4M3
Canada

Registered through: Domain White Pages
Domain Name: COXDIGITALTOWNHALL.COM
Created on: 18-Apr-06
Expires on: 18-Apr-10
Last Updated on: 28-Jan-08

Administrative Contact:
Warlick, Franklin cei_cis_dns_admin@cox.com
Cox Communications
1400 Lake Hearn Drive Ne
Atlanta, Georgia 30319
United States
4048458645 Fax -- 4042693007

Technical Contact:
Reid, Andrew andrew@visioncritical.com
1750 - 1111 West Georgia St
Vancouver, British Columbia V6E 4M3
Canada
6046471980 Fax --

Domain servers in listed order:
UDNS1.ULTRADNS.NET
UDNS2.ULTRADNS.NET

@:~$ dig updates.cox.com +short
208.70.139.25
@:~$ dig coxdigitaltownhall.com +short
74.200.17.10
@:~$ dig -x 208.70.139.25
 
; <<>> DiG 9.5.1-P2 <<>> -x 208.70.139.25
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61274
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
 
;; QUESTION SECTION:
;25.139.70.208.in-addr.arpa.    IN      PTR
 
;; ANSWER SECTION:
25.139.70.208.in-addr.arpa. 42568 IN    PTR     hf1http1.na.epidm.net.
 
;; AUTHORITY SECTION:
139.70.208.in-addr.arpa. 42568  IN      NS      ns1.bigfootinteractive.com.
139.70.208.in-addr.arpa. 42568  IN      NS      ns.bigfootinteractive.com.
 
;; ADDITIONAL SECTION:
ns1.bigfootinteractive.com. 127921 IN   A       66.7.58.148
 
;; Query time: 86 msec
;; SERVER: 172.16.1.1#53(172.16.1.1)
;; WHEN: Thu Aug  6 23:30:36 2009
;; MSG SIZE  rcvd: 152
 

whois 208.70.139.25

OrgName: Epsilon Interactive LLC
OrgID: EIL-16
Address: 11 West 19th Street
Address: 9th Floor
City: New York
StateProv: NY
PostalCode: 10011
Country: US


CoxJimR
Premium,VIP
join:2002-01-17
Atlanta, GA
reply to Ender3rd

said by Ender3rd:

Why would the displayed link embedded in the email indicate a secure server when actually it is pointing to an unsecured server? Why would I be sent to an update site to participate in a survey? ...

Will one of the Cox participants in this forum check into whether this is a valid Cox initiative?

It IS valid. We use the coxdigitaltownhall.com domain to conduct consumer surveys. The email software changes the URL to updates.cox.com to track clickthroughs (response rate) from the email.

I'm not sure on the secure vs. non-secure site. I would assume you eventually get to the secure version on the redirect. I'll mention it to the research folks across the hall.

- Jim
--
Want the most out of BBR? Visit our help page: »members.cox.net/coxengr/bbr_help Are you a Cox employee? Please read this before posting: »members.cox.net/coxengr/bbr_cox


Ender3rd

join:2001-07-15
Connecticut
reply to Ender3rd

Thanks to both of you for taking a look at this. I will loosen my tinfoil hat a bit! I just get suspicious any time a displayed link differs from the actual embedded link. Not having clicked on it, I am sure you are correct CoxJimR that it bounces around a bit and ends up on the secure site.

Thanks again!
--
My Jeep is not an SUV. Your SUV is not a Jeep.



anon_

@cox.net

My tinfoil hat sent me here also (g) ... got the same survey e-mail and used safe search to check out updates.cox.com. Saw the link to the dslreports page re: this cox survey.

Thanks to those who checked this out and to the cox guy who responded. Will wait to see about the secure / nonsecure question.

Looks like I need to register with dslreports to be able to post other than anon. sorry.

Cox HSI user



No_Strings
Premium,MVM,Ex-Mod 2008-13
join:2001-11-22
The OC
kudos:6

You don't need to register, but we're always happy to have new members.



CoxJimR
Premium,VIP
join:2002-01-17
Atlanta, GA
reply to Ender3rd

The Cox Digital Town Hall is a secure site. If you don't get that, please send me an IM with links you have been given or any other details.



Ender3rd

join:2001-07-15
Connecticut

1 recommendation

The link embedded within the email appeared to do exactly what you indicated it would do. After a very brief pause at "updates" it quickly directed me to the Cox Digital Town Hall secure site for survey participation.

Thanks for following up on this CoxJimR.

Regards,

Ender
--
My Jeep is not an SUV. Your SUV is not a Jeep.