Results 1 to 9 of 9
  1. #1
    New Lounger
    Join Date
    Jan 2010
    Olympia, WA
    Thanked 0 Times in 0 Posts

    Links may look real, but they might be false!

    I write the following for anyone who might be unaware.

    A few weeks ago I received the following e-mail: (Be careful, the link shown is active but false)

    _______________ Copied message follows ___

    Dear Comcast Member,

    The credit card we have on file for your Comcast Internet service was declined when we attempted to bill you on 11/30/2012 for your most recent service fees. For this reason, your service could be suspended.

    Please visit our Account Information page:

    Update your credit card information as soon as possible. Once your credit card information is updated, you will be charged immediately, as soon as payment is received. Thank you for your prompt attention to this matter. We look forward to continuing to serve you.

    ************************* E-mail ID: 2837462876 Online Session PID: 83473332 *************************

    Sincerely, Comcast Customer Care

    ______________ End of copied message ______________________________________

    Looking at the link it looks like it is a link to . But.. it isn't. Using an online service at

    one soon learns that the actual domain you go to is , a domain owned by Horner
    Amy. also gives the following information:
    Domain Name: PB6.BIZ
    Domain ID: D52324187-BIZ
    Sponsoring Registrar: EURODNS SA
    Sponsoring Registrar IANA ID: 1052
    Registrar URL (registration services):
    Domain Status: clientTransferProhibited
    Registrant ID: EDS_R9850753
    Registrant Name: Horner Amy
    Registrant Address1: 1991 W PHILADELPHIA AV
    Registrant City: OLEY
    Registrant Postal Code: 19547
    Registrant Country: United States
    Registrant Country Code: US
    Registrant Phone Number: +1.2202928288
    Registrant Email:
    Administrative Contact ID: EDS_A9850753
    Administrative Contact Name: Horner Amy
    Administrative Contact Address1: 1991 W PHILADELPHIA AV
    Administrative Contact City: OLEY
    Administrative Contact Postal Code: 19547
    Administrative Contact Country: United States
    Administrative Contact Country Code: US
    Administrative Contact Phone Number: +1.2202928288
    Administrative Contact Email:
    Billing Contact ID: EDS_BILLING
    Billing Contact Name: Julien Franck
    Billing Contact Organization: EuroDNS S.A.
    Billing Contact Address1: 2, rue Leon Laval
    Billing Contact City: Leudelange
    Billing Contact State/Province: -
    Billing Contact Postal Code: L-3372
    Billing Contact Country: Luxembourg
    Billing Contact Country Code: LU

    Reverse Whois: "Horner Amy" owns about9 other domains

    And there you have it. Sneaky, aye!

    I forwarded the message on to

    I guess the question becomes, If I can find the information regarding Horner Amy why don't the powers to be do the same, then under a court order monitor the activities of the perpetrator and if any illegal transfer of funds takes place slap them with a large fine, shut them down and announce that in the news. I realize that international boundaries are involved and it will take cooperation between governments. But, hey! Isn't Luxembourg a friendly nation? Plus, one can assume that Horner Amy is a real person living in Oley. Zip code 19547


    As commented by mrjimphelps: "I rarely click on a link without first putting my cursor on it and see what shows up in the lower left corner of the browser window. "
    scaisson: "I set up to view email in text view only. This way, I see the real http link, not the false one. "

    Please note. The http link which showed up in the lower left corner of the browser is identical to the link I showed above. It included the You would think that the link points to comcast. It DOESN'T. By viewing the message in text only it would still be identical to the URL I gave above. That is the reason I titled my post, "Links may look real, but they might be false! " You cannot always trust the link shown in the status bar or in the text view.

    Here is another link. It looks like a link to paypal. It is NOT. : ( I added spaces between the www and the .paypal to make the link non active )

    http://www 3918483
    Last edited by z-rod; 2012-12-27 at 00:32. Reason: possible misunderstanding

  2. Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

    Excel 2013: The Missing Manual

    + Get this BONUS — free!

    Get the most of Excel! Learn about new features, basics of creating a new spreadsheet and using the infamous Ribbon in the first chapter of Excel 2013: The Missing Manual - Subscribe and download Chapter 1 for free!

  3. #2
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Thanked 209 Times in 201 Posts
    It's really slick the way they set up their web address: "//". The part you notice is "". Most people wouldn't even have noticed that the actual URL is "".

    I rarely click on a link without first putting my cursor on it and see what shows up in the lower left corner of the browser window. Still, I might not have caught this one.
    Last edited by mrjimphelps; 2012-12-13 at 17:10.

  4. #3
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Thanked 930 Times in 851 Posts
    I hope Comcast takes it seriously after you forwarded the email to them. Don't hold your breath though..
    Have a Great Day! Ted

    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)

    Complete PC Specs: By Speccy

  5. #4
    Lounge VIP
    Join Date
    Apr 2011
    Thanked 134 Times in 115 Posts
    You are absolutely right to report it, but as Ted says, I wouldn't hold my breath.

    The address in Oley is genuine, but I don't know if the name is. The Luxembourg link is due to the registrar used (EuroDNS), which appears to be a genuine registrar. The host that pb6 [dot] biz resolves to is located in Texas, run by Westhost.

    One interesting thing is the domain pb6 [dot] biz was registered on 30th November this year. If it, or the host, is used for malicious purposes there has been little time for anyone to react.

    Interestingly, notwithstanding the expectation that Comcast may not react too swiftly, the url in your original post generates a 404 page error (when loaded on a virtual machine running linux). i.e. the page is not resolved - maybe somebody has taken action, or maybe, the bad guys fouled up in the first place.
    In God we trust; all others must bring data.

    - William Edwards Deming. 1900 - 1993

  6. #5
    3 Star Lounger
    Join Date
    Jan 2001
    Marietta, Georgia, USA
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Medico View Post
    I hope Comcast takes it seriously after you forwarded the email to them. Don't hold your breath though..
    I get several of these types of emails EVERY week. They are automatically flagged as JUNK MAIL by Thunderbird. I used to forward these to the company whose web address was being spoofed, but I don't really have time any more.
    Rick Groszkiewicz
    Life is too short to drink bad wine (or bad coffee!)

  7. #6
    3 Star Lounger
    Join Date
    Mar 2010
    Thanked 32 Times in 25 Posts
    I use Thunderbird email client. I set up to view email in text view only. This way, I see the real http link, not the false one.
    It is human, at times, to overlook and click on the false http link. With text view only, it helps me to avoid that.
    When I need to view it in html form, I have to do extra clicks, access the menu. I'm lazy as a habit. The extra work will 'wake' me up, when I'm absent minded.

  8. #7
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    California & Arizona
    Thanked 495 Times in 455 Posts
    Easy to get fooled by one of those false Comcast emails, or any others for that matter.
    It's always better to go directly to the site via your browser to logon, rather than click on an email link.
    Invest a little time and energy in a well thought out BACKUP regimen and you will have minimal down time, and headache.

    Windows 8.1, 64 bit
    Motherboard: DX58SO2*Chipset: X58 Express/Intel ICH10*BIOS: SOX5820J.86A.0888.2012.0129.2203*Processor: Intel Core i7 CPU X 990
    GPU: Nvidia GTX 580*Memory: Corsair 12 GB, 4x3@1600*PSU: Corsair HX1000*Hard drives: REVO X2 160GB*OCZ VERT X3 120GB*5 mechanical storage drives (12 TB) total.

  9. #8
    Silver Lounger mrjimphelps's Avatar
    Join Date
    Dec 2009
    Thanked 209 Times in 201 Posts
    "Horner Amy" owns about9 other domains
    I wonder if "Amy Horner" is related to "Little Jack Horner".

  10. #9
    Star Lounger
    Join Date
    Apr 2010
    Bath, UK
    Thanked 3 Times in 3 Posts
    Probably the most common email scam, the False Link one.

    Always check the end of the domain, just before the forward-slash (in this case .biz/) for the true domain.
    Having a '.com' in the middle is an easy foil, but its the 'dot' AFTER the 'com' that also points to the fake domain ending.

    Another trick (and more insidious) is a link with in it, which points directly to a ZIP file which will execute directly on your machine.

    Always check links thoroughly, and as another user said, Plain Text is a bit more secure (no hiding nasty code in pretty pictures).
    And as another user said, never use links in emails, always manually go to the website to log in, even if the email is from a company you know to be ok.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts