dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
119

Sunny
Runs from Clowns

join:2001-08-19

Sunny to Paul928

to Paul928

Re: Constant Guard Security Alert?

Paul,

Here is an example of what I sent ComcastSteve. He confirmed it was a "phishing expedition."

Notice the two bolded email domains. I would expect an email from Comcast to come from the comcast.com domain, so I was immediately suspicious.
================================

This morning I got an odd email to one of my Comcast email accounts, one I don't use heavily, just have some political stuff occasionally.

At first glance, I thought the subject was Constant Guard Alert. That struck me as odd since I have not installed Constant Guard.

The title is actually Comcast Guard Alert. Hmmm. It says it is from Comcast@security.com. Another hmmmm.

It has a link it wants me to click. The link is disguised as "Account Reconciliation" which covers the actual link ---> ht tp://butrflydrms213.home.comcast.net

Email headers:

Return-Path: root@wiki.poweroasis.com
Received: from imta31.westchester.pa.mail.comcast.net (LHLO
imta31.westchester.pa.mail.comcast.net) (76.96.62.25) by
sz0115.ev.mail.comcast.net with LMTP; Fri, 15 Jun 2012 21:07:49 +0000 (UTC)
Received: from Ubuntu11x64Svr ([84.92.25.153])
by imta31.westchester.pa.mail.comcast.net with comcast
id Nl7o1j01t3JBZMQ0Xl7oxZ; Fri, 15 Jun 2012 21:07:49 +0000
X-CAA-SPAM: 00000
X-Authority-Analysis: v=2.0 cv=WZ2OmjdX c=1 sm=1
a=p3riUwRaJWU4p/K8+3S3WQ==:17 a=YWNZQc2wkpcA:10 a=HRn4fpiT8EsA:10
a=cVHRbVdmAAAA:8 a=C_IRinGWAAAA:8 a=Baj1MykYeoxCemNOp18A:9
a=p3riUwRaJWU4p/K8+3S3WQ==:117
Received: from root by Ubuntu11x64Svr with local (Exim 4.76)
(envelope-from )
id 1Sfdi5-0006N0-6g
for xxxxxxx@comcast.net; Fri, 15 Jun 2012 22:05:37 +0100
To: xxxxxxx@comcast.net
Subject: Comcast Guard Alert
X-PHP-Originating-Script: 0:send.php
From: comcast@security.com
Content-Type: text/html
Message-Id:
Date: Fri, 15 Jun 2012 22:05:37 +0100
X-Brightmail-Tracker: AAAAAA==
X-Brightmail-Tracker: AAAAAA==

Email message:

Xfinity

Constant Guard Alert

Dear XFINITY Customer,

Please read this entire message.

In an effort to improve our customers' experience,
Comcast has been reviewing some user accounts and sending e-mails that direct customers to an

Account Reconciliation
ht tp://butrflydrms213.home.comcast.net

We appreciate your prompt attention to this important security notice.

Sincerely,

Constant Guard from XFINITY
===========================

Pfish?


NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

said by Sunny:

Paul,

Here is an example of what I sent ComcastSteve. He confirmed it was a "phishing expedition."...

Just because you received a phishing email pretending to be from Comcast, does not mean that the OP did. In fact when the OP went to »amibotted.comcast.net/ , that site confirmed that Comcast had indeed identified his connection as being a bot host:
said by Paul928:

According to that link, I am indeed infected with the ad aware virus or something like that...

Not only that, but the post containing the headers from the OP's email to which you replied clearly shows that the email received by the OP was indeed from Comcast.

Sunny
Runs from Clowns

join:2001-08-19

1 recommendation

Sunny

My post simply gave an example of an email which was a phishing message. Nothing more, nothing less.