E-Mail Scam Targets Comcast Subs

The U.S. Secret Service is investigating a bogus e-mail message and false Web site that appeared in late January — apparently part of a scam to trick Comcast Corp. high-speed cable-modem users into revealing their account and password information.

The ploy started with an e-mail sent to a small number of Comcast data customers on Jan. 28. Configured to look like an official Comcast service message, it stated that the MSO was making service upgrades and asked the customers to go to a Web site. Once there, they were asked to enter their e-mail address and password.

While the Web site was a close copy of Comcast's own customer-service portal, it was not legitimate and was, in fact, hosted by another Internet-service provider, according to Comcast spokeswoman Sarah Eder.

Tipped of by sub

A Comcast customer became suspicious after receiving the e-mail, and called the MSO for more information.

"Within 25 minutes we shut it off," Eder said. "We worked with the ISP to shut down that site and then we went and pulled all of the [bogus] e-mail off of our servers that was going to various customers."

The MSO then notified the Secret Service, which is investigating the incident. No arrests have been made yet, according to agency spokesman Brian Marr.

Better known for its duties in protecting the president, the Secret Service also is charged with investigating financial crimes, including identity theft, computer fraud and telecommunications fraud.

While elaborate, the scam does not appear to have been particularly effective. Comcast has no indication that any customers targeted actually provided their password information, Eder said.

Repeat offense

This isn't the first time such a scam has targeted Comcast users. Eder said there was another incident in late November that was "similar in scope." In that case, the MSO was able to shut down the phony Web site as well, she said.

It also appears Comcast is the scam's only cable target. When contacted, other MSOs — including Time Warner Cable, Charter Communications Inc. and Cox Communications Inc. — said they had not encountered any similar scam attempts.

Comcast does have a message on its Web portal warning customers to be wary of giving out their account passwords.

"Part of our education effort around this is to tell customers that we never request a password, and that if a customer is ever asked for their password they should be suspicious and that they should notify Comcast," Eder said.