dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3568

Ender3rd
join:2001-07-15
Connecticut
·Frontier FiberOp..

4 edits

Ender3rd

Member

Email from Cox with embedded links --- SCAM?

I received an email this evening from Cox_Communications@updates.cox.com

It looks like a scam to me. The subject is "Take a Brief Cox Survey for a Chance to Win $500!"

I never click links embedded in email, but I do float the cursor over them to see where they actually go. The displayed link looks like this:

"https://www.coxdigitaltownhall.com/R.aspx?"

...but it actually directs you to this:

"http://updates.cox.com/cgi-bin3/DM/y/hvX"

Why would the displayed link embedded in the email indicate a secure server when actually it is pointing to an unsecured server? Why would I be sent to an update site to participate in a survey?

Looks like an obvious scam, but I would imagine many might click away and give up all kinds of information.

Will one of the Cox participants in this forum check into whether this is a valid Cox initiative?
Net_Neutral
join:2009-01-29

4 edits

Net_Neutral

Member

All sorts of people have their fingers on this one

Registrant:
Andrew Reid
1750 - 1111 West Georgia St
Vancouver, British Columbia V6E 4M3
Canada

Registered through: Domain White Pages
Domain Name: COXDIGITALTOWNHALL.COM
Created on: 18-Apr-06
Expires on: 18-Apr-10
Last Updated on: 28-Jan-08

Administrative Contact:
Warlick, Franklin cei_cis_dns_admin@cox.com
Cox Communications
1400 Lake Hearn Drive Ne
Atlanta, Georgia 30319
United States
4048458645 Fax -- 4042693007

Technical Contact:
Reid, Andrew andrew@visioncritical.com
1750 - 1111 West Georgia St
Vancouver, British Columbia V6E 4M3
Canada
6046471980 Fax --

Domain servers in listed order:
UDNS1.ULTRADNS.NET
UDNS2.ULTRADNS.NET

@:~$ dig updates.cox.com +short
208.70.139.25
@:~$ dig coxdigitaltownhall.com +short
74.200.17.10
@:~$ dig -x 208.70.139.25
 
; <<>> DiG 9.5.1-P2 <<>> -x 208.70.139.25
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61274
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
 
;; QUESTION SECTION:
;25.139.70.208.in-addr.arpa.    IN      PTR
 
;; ANSWER SECTION:
25.139.70.208.in-addr.arpa. 42568 IN    PTR     hf1http1.na.epidm.net.
 
;; AUTHORITY SECTION:
139.70.208.in-addr.arpa. 42568  IN      NS      ns1.bigfootinteractive.com.
139.70.208.in-addr.arpa. 42568  IN      NS      ns.bigfootinteractive.com.
 
;; ADDITIONAL SECTION:
ns1.bigfootinteractive.com. 127921 IN   A       66.7.58.148
 
;; Query time: 86 msec
;; SERVER: 172.16.1.1#53(172.16.1.1)
;; WHEN: Thu Aug  6 23:30:36 2009
;; MSG SIZE  rcvd: 152
 

whois 208.70.139.25

OrgName: Epsilon Interactive LLC
OrgID: EIL-16
Address: 11 West 19th Street
Address: 9th Floor
City: New York
StateProv: NY
PostalCode: 10011
Country: US

CoxJimR
Premium Member
join:2002-01-17
Atlanta, GA

CoxJimR to Ender3rd

Premium Member

to Ender3rd
said by Ender3rd:

Why would the displayed link embedded in the email indicate a secure server when actually it is pointing to an unsecured server? Why would I be sent to an update site to participate in a survey? ...

Will one of the Cox participants in this forum check into whether this is a valid Cox initiative?

It IS valid. We use the coxdigitaltownhall.com domain to conduct consumer surveys. The email software changes the URL to updates.cox.com to track clickthroughs (response rate) from the email.

I'm not sure on the secure vs. non-secure site. I would assume you eventually get to the secure version on the redirect. I'll mention it to the research folks across the hall.

- Jim

Ender3rd
join:2001-07-15
Connecticut
·Frontier FiberOp..

Ender3rd

Member

Thanks to both of you for taking a look at this. I will loosen my tinfoil hat a bit! I just get suspicious any time a displayed link differs from the actual embedded link. Not having clicked on it, I am sure you are correct CoxJimR that it bounces around a bit and ends up on the secure site.

Thanks again!

anon_
@cox.net

anon_

Anon

My tinfoil hat sent me here also (g) ... got the same survey e-mail and used safe search to check out updates.cox.com. Saw the link to the dslreports page re: this cox survey.

Thanks to those who checked this out and to the cox guy who responded. Will wait to see about the secure / nonsecure question.

Looks like I need to register with dslreports to be able to post other than anon. sorry.

Cox HSI user

No_Strings

join:2001-11-22
The OC

No_Strings

You don't need to register, but we're always happy to have new members.

CoxJimR
Premium Member
join:2002-01-17
Atlanta, GA

CoxJimR to Ender3rd

Premium Member

to Ender3rd
The Cox Digital Town Hall is a secure site. If you don't get that, please send me an IM with links you have been given or any other details.

Ender3rd
join:2001-07-15
Connecticut
·Frontier FiberOp..

1 recommendation

Ender3rd

Member

The link embedded within the email appeared to do exactly what you indicated it would do. After a very brief pause at "updates" it quickly directed me to the Cox Digital Town Hall secure site for survey participation.

Thanks for following up on this CoxJimR.

Regards,

Ender