- Bargaineering - http://www.bargaineering.com/articles -

Don’t Be Phished Like An Internet N00b

I received an email today from Comcast about how they recently changed their policy regarding accounts:

Comcast takes the security of our customers personal and account information very seriously. As part of our ongoing effort to ensure the security of our customers information, we have recently enhanced the security of the Comcast.com account management system.

As a result of these recent enhancements, if a Comcast.com account is inactive for 180 days, it is removed from our system.

In order to keep your Comcast.com account active, please log in today with your user name and password: www.comcast.com/login.

First off, anytime someone emails me to log into my account, I never click any links in the email. Never ever. I don’t care if it’s some stupid account on some random free email account that you wouldn’t care gets stolen. The fact of the matter is that thieves know that people use the same username and password on multiple accounts so a free email account could yield a free bank account as well. Lastly, I can just go to Comcast.com directly and login there to confirm whatever.

Secondly, if this is legit, Comcast is ridiculously stupid because they should check to see if the account is connected to an active customer account (it is). If it is, then ignore this stupid little rule because they’re obviously “active” because they’re paying for service! If it’s not connected, then I suppose you can request that someone log in every 180 days (though the chances of a non-Comcast subscriber caring about their Comcast account is exactly zero).

Moral of the story – Companies may be stupid and make legitimate but dumb requests, but don’t be a dummy and get phished.

FYI, the email I received, according to the headers, was legitimately sent from a comcastonline.com’s server but…

Seriously Comcast, you gave me 2034982304938 reasons to think it was a phishing email (all they missed was the link going to thisisacomcastphishingemail.com).