Paul,
Here is an example of what I sent ComcastSteve. He confirmed it was a "phishing expedition."
Notice the two bolded email domains. I would expect an email from Comcast to come from the comcast.
com domain, so I was immediately suspicious.
================================
This morning I got an odd email to one of my Comcast email accounts, one I don't use heavily, just have some political stuff occasionally.
At first glance, I thought the subject was Constant Guard Alert. That struck me as odd since I have not installed Constant Guard.
The title is actually Comcast Guard Alert. Hmmm. It says it is from Comcast@security.com. Another hmmmm.
It has a link it wants me to click. The link is disguised as "Account Reconciliation" which covers the actual link ---> ht tp://butrflydrms213.home.comcast.net
Email headers:
Return-Path: root@wiki.poweroasis.com
Received: from imta31.westchester.pa.mail.comcast.net (LHLO
imta31.westchester.pa.mail.comcast.net) (76.96.62.25) by
sz0115.ev.mail.comcast.net with LMTP; Fri, 15 Jun 2012 21:07:49 +0000 (UTC)
Received: from Ubuntu11x64Svr ([84.92.25.153])
by imta31.westchester.pa.mail.comcast.net with comcast
id Nl7o1j01t3JBZMQ0Xl7oxZ; Fri, 15 Jun 2012 21:07:49 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=2.0 cv=WZ2OmjdX c=1 sm=1
a=p3riUwRaJWU4p/K8+3S3WQ==:17 a=YWNZQc2wkpcA:10 a=HRn4fpiT8EsA:10
a=cVHRbVdmAAAA:8 a=C_IRinGWAAAA:8 a=Baj1MykYeoxCemNOp18A:9
a=p3riUwRaJWU4p/K8+3S3WQ==:117
Received: from root by Ubuntu11x64Svr with local (Exim 4.76)
(envelope-from )
id 1Sfdi5-0006N0-6g
for xxxxxxx@comcast.net; Fri, 15 Jun 2012 22:05:37 +0100
To: xxxxxxx@comcast.net
Subject: Comcast Guard Alert
X-PHP-Originating-Script: 0:send.php
From: comcast@security.com
Content-Type: text/html
Message-Id:
Date: Fri, 15 Jun 2012 22:05:37 +0100
X-Brightmail-Tracker: AAAAAA==
X-Brightmail-Tracker: AAAAAA==
Email message:
Xfinity
Constant Guard Alert
Dear XFINITY Customer,
Please read this entire message.
In an effort to improve our customers' experience,
Comcast has been reviewing some user accounts and sending e-mails that direct customers to an
Account Reconciliation
ht tp://butrflydrms213.home.comcast.net
We appreciate your prompt attention to this important security notice.
Sincerely,
Constant Guard from XFINITY
===========================
Pfish?