Comcast customers beware

[ahurtt]

Just to warn everybody who might use comcast out there, I received a very official looking (but not quite official enough to fool me) email, even having a comcast.net return address on it, regarding some security info. It directs you to this site:

http://61.172.1.171/tsweb/secure/comcast/comcast/index.php

Note that in addition to credit card info they ask for such things as SSN and Issuing state. . .Obviously a phisherman at work here. Please spam the bejeezus out of this asshat. Oh, and here is the APNIC whois entry:

http://www.apnic.net/apnic-bin/whois.pl?searchtext=61.172.1.171
This shows it is originating from somewhere in Beijing, China.
Here is the contact information for network admins to complain about this spammer if you get this email:
http://www.apnic.net/apnic-bin/whois.pl?searchtext=CH93-AP&form_type=advanced

 

[compnovice]

OMG... the Nigerians have outsourced their business to China....

 

[FoBoT]

no way! spam?

 

[ahurtt]

Originally posted by: FoBoT
no way! spam?

Yeah, normally it would go directly in the trash without a second thought, but this one looked like the phisher actually went to some effort to make it look really official. It looked official enough to make me actually open and read the email so I just thought I could warn people while at the same time ATOT could have fun entering derogatory things into the bogus "security info" form this guy set up.

 

[JeffreyLebowski]

haha, I like the ATM PIN number option. If anyone is stupid enough to fall for that, they deserve it.

 

[Zolty]

There was a error(s)

Your Credit Card is not valid. Please try again.

Oh no, I tried all my credit cards and the are giving erros

 

[altonb1]

Originally posted by: ahurtt

Originally posted by: FoBoT
no way! spam?

Yeah, normally it would go directly in the trash without a second thought, but this one looked like the phisher actually went to some effort to make it look really official. It looked official enough to make me actually open and read the email so I just thought I could warn people while at the same time ATOT could have fun entering derogatory things into the bogus "security info" form this guy set up.

I got this and forwarded it to ABUSE@COMCAST.NET. i got a reply advising that it does not appear to originate from an IP inside Comcast.net.

I emailed them AGAIN and advised that I KNEW it didn't come from Comcast, but since it looked like it COULD be legit and it had Comcast's name all over it, I thought a corporate response from Comcast might help the company's support team from getting clobbered with angry/upset customers.

The site that it links to was pretty well done. The site LOOKS like it could be a Comcast site AND the standard "View my Bill"-type links on the page still directed you to the real Comcast page.

The only downside was the page took a long time to load. ...and that may be as a direct result of people getting scammed.

 

[Sqube]

Impressive effort, I will say that. But there's something about not seeing Comcast.com in the address bar that automatically makes me wary as hell.

Plus the fact that all companies are forever telling you that they'll never ask for your credit card information, etc etc.