Forum Discussion

Crownview's avatar
Crownview
New Contributor III
3 years ago

Strange email "Your account is locked for safety"

We received a strange email "Your account is locked for safety".

Says "had to lock your account because security flagged some odd behavior"

And, "Reset your password at ***.*** and you'll regain access to your account. Change your security questions once you're back in."

Sure sounds like phishing.

Says "Reach us anytime at ***.***/****" but I find no way to initiate chat after logging in at cox.net.

Anyone have any idea?

**edited by moderator for safety*

  • Crownview,

    Thank you for taking the time to post in the Cox Internet Forums. I can verify that this is a phishing email because I've received it myself very recently.

    Please forward the email to phishingreport@cox.net and then delete the original message without accessing any of the fraudulent links included in the email. If you have provided any information at these links please visit www.cox.com to change your password to a unique password you have never used before and check that your webmail settings such as forwarding rules have not been compromised.

    Please see www.cox.com/.../about-fake-cox-emails.html about fake Cox emails.

    Please let me know if you need additional assistance.

    Colleen
    Cox Forums Moderator

  • Crownview,

    Thank you for taking the time to post in the Cox Internet Forums. I can verify that this is a phishing email because I've received it myself very recently.

    Please forward the email to phishingreport@cox.net and then delete the original message without accessing any of the fraudulent links included in the email. If you have provided any information at these links please visit www.cox.com to change your password to a unique password you have never used before and check that your webmail settings such as forwarding rules have not been compromised.

    Please see www.cox.com/.../about-fake-cox-emails.html about fake Cox emails.

    Please let me know if you need additional assistance.

    Colleen
    Cox Forums Moderator

    • Darkatt's avatar
      Darkatt
      Honored Contributor

      I believe it needs to be forwarded as an attachment, so the team can get all the header information. 

    • Crownview's avatar
      Crownview
      New Contributor III
      A thousand apologies for my inclusion of the questionable links here on the forum. In my frustration, I was not fully thinking.
      Last evening I telephoned in to Cox support and a nice lady led me through changing my password etc. which I had tried to do multiple times, but could not seem to satisfy the system. She seemed to indicate that my login had been compromised.
      So I am confused as to whether this alert was, or was not, real.

      I received a second email 7:37PM, shortly after engaging with the agent, as I was attempting to change password. It was basically the same, except added lines about 2FA.

      I have forwarded the first message as html and as raw source to the phishingreport@cox.net address.

      • Bruce's avatar
        Bruce
        Honored Contributor III

        First, the original message is a scam.  Security personal monitor network activity to access user accounts but not "odd behavior" within user accounts.  Besides, how would one define odd behavior within an account?  Is the user ordering too many services?  Is the user updating too much information?  I could keep changing my personal information for 12 hours and Security wouldn't care.

        my login had been compromised.

        Your account could have been compromised if you clicked the links in the original message and followed its instructions.  If you didn't, you may have forgotten your credentials.  How often do you log into the Cox server?

        received a second email

        If you change your password in your account, Cox will send an activity notice of said change.  If you're aware of your change, great, ignore the email.  If you just arbitrarily receive the email and are not aware of any change, something is wrong.  Take action.  You and the nice lady had successfully changed your password, so you received an activity notice.

        2FA is Two-Factor Authentication and is an option.  If you log into a web server, 2FA uses two things to verify your identity, such as a password + a code sent to your cellphone...or...password + fingerprint scan...or...password + security question.  You obviously have the password, but what else you got, chump?

  • CurtB's avatar
    CurtB
    Valued Contributor III

    The links posted are fake.  Either the referenced email is fake or the post is fake.

    You should remove the links.  How to edit your Forum posts

    Edit:  The OP posted links from an email suspected of being a phishing attempt.  That alone is reason not to post suspicious links in a public forum.  A moderator should remove the links.