And this kind of thing is why phishing emails still succeed.
Dear Jeremy,
I understand you are interested in [details removed]. We would be more than happy to accomodate [sic] your request, however we cannot do this through email.
At Comcast, we are focused on providing our customers with the most secure high-speed Internet experience. To protect our customers from Internet fraud, we do not request or provide any sensitive customer information via email.
To minimize any inconvenience caused by this policy, we recommend that you use our secure Live Chat channel to chat with an agent immediately. Our agents are available 24 hours a day, 7 days a week. Please click on the link below to chat with an agent who can help resolve your issue right now.
http://www.comcastsupport.com/sdcuser/asp/default.asp
I apologize for the inconvenience and hope you understand that this policy is to protect your valuable customer information.
[generic security/ending stuff]
OK, so they dump their contact forms on the site through email. It'd be nice if if they did a non-real-time messaging through their web site like some other companies. There's the issue that most of the account data is included in the email reply anyways... As for other things, the domain isn't in their main domain for account management (or the one they use for the customer portal). Yea, they probably outsourced it, but they could use support.comcast.com or something similar. And the fact they sent an email asking people to click a link in it. Those two alone are pretty bad. At least it was plain text and not HTML, but I doubt many people would notice the difference.
Got some big stuff out of the way on Friday, which was nice. Network stayed up too, which I'm happy about. I got a new switch in my office too, which will hopefully be nice. It means I can test stuff easier at least. So you know that email I mentioned a couple days ago? Today I got another one, which was much better. The link was even plaintext. I'm amazed - maybe they do have someone who knows what they're doing there. :) So today apparently Internap's Fisher Plaza facility in Seattle lost power. Apparently it's not the first time either. Word is they may have been doing construction on one floor. Oops. In other outage news, Verizon just had a second major cable cut occurance in a week. Apparently each time has been multiple cables in diverse locations too. Sounds like someone's upset with them for some reason. And speaking of people being upset with other people, sometimes there are good reasons. You'd think they'd do some basic sanity checking... Tonight went well. Nick and I went to go look at TVs, but he didn't buy anything. He'll probably update his site though... After that went home, and my brother came home and had a friend over and we watched Windtalkers. Good movie. Now I'm gonna go try to get on a decent sleep schedule for the weekend.
So today I'm looking through email and see an email from one of the loan companies with something about a 1098-E (1098 is interest you paid for those who don't pay attention to taxes). Didn't think much of it other than I'll reference it in a couple weeks. Then I figured, wait a second, that address doesn't look quite right. I figured can't be, nobody would be that stupid. Yep, they outsourced and had the company send out the email directly. And yep, follow that link and the first thing they ask for is SSN and to answer a CAPCHA. I'm pretty certain it's legit based on the fact it went to a unique address for them, but as a matter of principal... I wonder if they link to them on their web site. If not I think I may have to call them and ask for a real one and if they refer to the email only say I got one that looks like a fraud. I seriously hope nobody actually uses that link, but unfortunately most people probably do. :(
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
