Cox Phishing Email Alert

There are so many phishing scam emails floating around that it would be impossible to send an alert out for all of them. This one is a particular threat for my local customers because Cox is a major internet service provider in our area and because at first glance it appears fairly legitimate. Either way, I want to help people spot these scams and avoid becoming a victim of this billion dollar crime “industry”.

Let’s take a look at this email and see how you can know it is a scam:

1. The “from” address Cox “mynotification880 @cox.net” doesn’t make sense as a legitimate email address that Cox would use. It would be something like “accounts@” “security@” and it wouldn’t have numbers in it. Keep in mind scammers can be creative so a legitimate looking email address here is certainly not the only thing to consider.
2. Since many of these scams are actually coming from other countries, many times the grammar or phrasing of the verbiage of the email is wrong or just strange and there will often be typos.
3. Another giveaway that this is a phishing scam is that the footer words at the bottom of the email do not have a link when you HOVER (not click) your mouse over them. On a legitimate email those words would be website hyperlinks. Again, this part is not the only thing to consider. I have seen many phishing scams where legitimate links have been added in the midst of the dangerous ones to help the email appear safe.
4. Another less obvious element that might help a user recognize this as a scam is the branding. Cox has recently made a change to the look of their digital communication and website. This email still has their old branding look.
5. Finally, the money link: the place where the scammer wants you to click to either download malware or be fooled into entering your login credentials or banking information. If you HOVER (not click!) your mouse over the link it displays a shortened website link to hide it’s real identity. Shortened links are used when the number of characters need to be shorten as in social media posts or for other marketing purposes in legitimate ways as well. But, if we analyze the shortened link in this email using checkshorturl.com, it obviously does not lead to Cox, as seen by the picture below. Do not go to the displayed site even for curiosity’s sake. As a technology expert, I will be reporting it to malware experts so that they can add this website to their threat lists.

What You Should Do

The most effective way you can protect yourself from an email phishing scam is to NEVER click on a link or attachment in an email. The best practice is always to go directly to the website that is associated with the email you receive directly through your web browser. For this email, rather than clicking on anything in the email, I would open my web browser and type www.cox.net in the address bar, log into my account and see if Cox has information I need or action to take. If the email is asking you to do something for your an account you have, you should already be somewhat familiar with getting to that website. A web search may be required to figure out the correct web address for a company you need to go to, but pay close attention that in your search you find the correct one.

What You Can Do

What you can do is report the email to your service provider. If you know how to forward it as an attachment to your provider’s reporting email address (usually provided on their website) their security team appreciates it and will take appropriate action. For Cox users, it is abuse@cox.net. Gmail provide a way through the gmail user interface shown below:

Scammers have been around since the beginning of time, but technology is giving them new tools. It is important to maintain a healthy degree of skepticism to stay safe.