And this kind of thing is why phishing emails still succeed.
Dear Jeremy,
I understand you are interested in [details removed]. We would be more than happy to accomodate [sic] your request, however we cannot do this through email.
At Comcast, we are focused on providing our customers with the most secure high-speed Internet experience. To protect our customers from Internet fraud, we do not request or provide any sensitive customer information via email.
To minimize any inconvenience caused by this policy, we recommend that you use our secure Live Chat channel to chat with an agent immediately. Our agents are available 24 hours a day, 7 days a week. Please click on the link below to chat with an agent who can help resolve your issue right now.
http://www.comcastsupport.com/sdcuser/asp/default.asp
I apologize for the inconvenience and hope you understand that this policy is to protect your valuable customer information.
[generic security/ending stuff]
OK, so they dump their contact forms on the site through email. It'd be nice if if they did a non-real-time messaging through their web site like some other companies. There's the issue that most of the account data is included in the email reply anyways... As for other things, the domain isn't in their main domain for account management (or the one they use for the customer portal). Yea, they probably outsourced it, but they could use support.comcast.com or something similar. And the fact they sent an email asking people to click a link in it. Those two alone are pretty bad. At least it was plain text and not HTML, but I doubt many people would notice the difference.
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
