The Latest in IT Security

Comcast users phished by Constant Guard spam lure

24
May
2012

Naked Security reader Simcha Jessel sent us a tip about a new phishing scam targeting customers of Comcast XFINITY cable internet service.

Jessel became aware of the scam after the scammers used his Gmail address to send the scam to their intended victims. It is unclear whether his Gmail was hacked or just forged in the email headers, both are common practices for phishers.

The emails read in part:

“Dear Comcast Customer,
The Constant GuardT service has updated the Online Security of Comcast Users. To link your account to our new update you just need to re-login your account using the secure link bellow. The link will redirect you to our update login page. Simply login your account and the account will automaticly be updated.”

The link pointed at a TinyURL which redirected victims to a compromised higher education institution website in India. Like many other sites that are compromised to host phishing pages, this one appears to have been compromised through vulnerable FrontPage server extensions.

Yes, I said FrontPage. The old Microsoft Office package used for building and publishing web sites. Microsoft discontinued support for FrontPage publishing extensions in 2006 and they have been the source of many web site vulnerabilities over the last 15 years.

The fake page is an identical copy of the real Comcast XFINITY login page, and surprisingly includes a fully functional TRUSTe logo which may lend further credibility to the site.

XFINITY phishing page

I’ve highlighted issues with services like TRUSTe before and even contacted the company for comment on what they are doing to limit fraud and ensure its seal means something. It has been over five months and I have yet to receive a reply from the company.

Always be suspicious of unsolicited emails you receive asking you to login and verify information, especially if they contain links to the site in question. If you believe it may be legitimate, be sure to open a new tab in your browser and visit the site directly to confirm the veracity of the message.

Leave a reply


Categories

SUNDAY, SEPTEMBER 26, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments