A few weeks ago I recieved a voice message from someone claiming to be from the Comcast High Speed Internet Security Assurance Center. The message didn’t leave any details expect the call back number, 856-324-2025. I wondered why the security group was calling me, and why they didn’t have a toll free number. 856 is in NJ, and I only found one related forum posting with the same number. There were some forum posts with a similar number, but they were for DMCA Violations.
I decided to call the regular comcast help number (888-824-8103), and I questioned if my account was flagged for abuse and if they knew this number was legit. The support agent had to talk to his manager, and then he said to ignore the message, and if I were to get disconnected, to call back. I asked again if he could search his knowledge base to see if the number is in the system, but he couldn’t perform this type of global search.
Since I was still curious what the message was about, I attempted to call them everyday for two weeks. All I got from that number was an answering machine, and I left several messages. Finally today, someone called me back to explain what the message was about. The person didn’t ask for any identification of who I was, so that continued to make me suspicious. The agent said that I was flagged for network abuse, using 380gb in the month of November. This number was a bit above my normal traffic based upon my local network traffic logs, but I wondered why I wasn’t flagged before. He said that they only take the top percentage each month, and it of course varies per month. Fair enough answer, but then he said something interesting. He said that now that we talked, my account would be re-activated. My account was never disabled, but I decided to play along, and I immediatelly bitched at him for my account being disabled for so long. I said I called everyday, and left messages each time, and nobody called back until now, two weeks later. I then stated that it was unacceptabled to have my account off for so long, while being kept in the dark, with me continously attempting to contact them. He understood the complaint, but he didn’t offer any rebates or discounts.
He didn’t ask why I used that much traffic, he just said to try to lower the consumption. For those of you that are curious, all the traffic is legit, as I download raw network dumps and hdd images from various honeypots I have setup in various countries. I did understand last month being more, because I downloaded 60gb worth of 22C3 videos, and 80gb of md5 rainbow tables.
From the first voice message, and through when we actually talked, I kept in mind that the person might be a phisher. Based upon what he did and didn’t say, I think it was legit. So I guess that means the security assuance center is unprofessional, and probably overworked since it took them so long to get back to me.
The holidays are coming up, so everyone have fun and stay safe. Remember to never disclose too much information until you know the source is legit, as there are many phishers and social engineers out there.