Back to top


Click here to go back

Email: Phishing or Legit?

Posted by Admin Posted on Mar 07 2016


Email: Phishing or Legit?




If you receive mail that purports to be from your email service provider telling you any of the following, it is more than likely a Phishing scam (the following are only a few of the things these emails will tell you).




If you look further down, below this list, there is more information and tips to help you discern if an email is legitimate or not. (I especially found the very last 2 lines, regarding hovering, to be most helpful).




1) Your account has been blocked


2) There has been unusual activity on your account


3) To update your account


4) To consent to the Electronic Communications Delivery Policy or your account will be deactivated


5) To upgrade your account


6) Your payment is overdue, sign in to Customer Central to confirm your payment


7) Your email address will be deleted


8) Your bill is ready to be viewed.  Bogus emails may say this or something






."Please Read! Important message from <your email service provider>"




Dear <your email service provider> Customer,


Your June, 2012 <your email service provider> billing statement is ready for viewing. To view your bill, please download and extract the attachment. Enter your User Name and Password, and from the next screen select GO from the VIEW YOUR BILL option.




10) You get an email and the From address is <your email service provider>.User 11) A mail that purports to be from your email service provider which includes an attachment. Example: Download the attachments, complete the payment form to pay your July bill online and get your 50% Discount.


12) To update your credit card information and your service could be suspended if you fail to do so.


13) There was an issue with your last payment. You are required to validate your payment information in order to avoid service suspension. Update your payment methods. Update your credit card information as soon as possible.


14) <Your email service provider> has updated the online security contract. In order to get the last update click "Accept Terms Now" bellow and accept the "Terms & Conditions".


15) Our Security Department has been receiving complains about your email account and we are sending you this notification before we terminate your account.


16) Dear <your email service provider> User, Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24 hours; we shall suspend your account. CLICK HERE to verify your email account now.


17) Your immediate attention is required. Our billing department has identified that there is an unpaid supplementary fee of $25.00 on your Internet Services. [Login to Customer Central] You must Log In as the Administrator/Parent account holder. If payment is not completed by [July 03, 2013] - we will be forced to suspend your account indefinitely. We are currently investigating this issue, if it is a system error, you may disregard this message.


18) A DGTFX Virus has been detected in your email folders and threatens to deactivate your email account if you don't send your email address, full name, password and phone number.


THERE IS NO SUCH THING AS A DGTFX virus. It’s just a string of letters somebody dreamed up to try and make their phishing campaign more believable. If you do a search for it, the only thing that will turn up in the results are numerous "this is a phishing scam".


19) Failure to do anything else that will result in your service being suspended


20) You have been overcharged by a specific amount which will be listed; I should submit a refund through the email.


21) Create your Refund Voucher because you were overcharged on your last bill. Will include links for you to use to sign in.


22) On a specific date an email upgrade will go into effect and that you need to upgrade my account before then. Even if there is an upgrade planned you won't have to update anything. These mails usually have a link for the supposed "upgrade" which if filled out will give scammers access to your account.


23) This is to alert you that you have to store your email information with us so it won’t disable your account we have upgraded our system and therefore we are asking our customers fill their email details online so as not to render their email account to be disabled thank you for your help resolving this matter.


You can verify/modify your email information here by clicking link below:


24) <Your email service provider> will undergo unscheduled system Maintenance today in order to improve your account. Please "told to click link here" to


Update Your Mailbox. Your account will be inactive if this survey is not completed.












There is one way to know 100% if the mail is a phishing attempt. If the mail contains links that lead to a page wanting your user name, password or any other personal information /asks in the mail for you provide the info.




Be suspicious of any email or phone call that asks for your personal account information, such as user names, passwords, and account numbers. Email, phone calls, text messages, instant messages, or Web logs that appear to come from a reliable source may not always be authentic.




Be aware that legitimate email service providers will NEVER ask you for password information over the phone or email.




They will NEVER ask for billing or payment information through email whether by a link or in an attachment.




They will NOT send out disconnect/suspension notices for failure to pay via Email or for anything else you fail to do.




Official <Your email service provider> mail will never be sent with <Your email service provider>.User as the sender.








They won't include attachments for you to open in order to access your account.




Another sign of a phishing attempt is the sender address. If it contains @ with .2 letters it


was sent from a domain outside the United States. An example of this is (which is in


a post by a customer who received a phishing attempt from someone using that domain) cl


is for Chile. Each country has a domain code. A good search engine will help you identify the country. Most email service providers will not send mail from another country domain.




Another thing you can do is look at the headers in the email, which often contain clues that


your email service provider did not send it. If you don't know how to find the headers, ask your provider or inquire in their forum.




You can also hover over the From line in the Inbox to see where the email message was sent


from. If not Comcast or Xfinity, you know it is not legit.




Also hovering over the link in an email client will also show the URL. These URL's are a strong indicator the mail is not legitimate.