Included at the bottom of this post is a modified email that was forwarded to us with the warning that this “Cox” email is a Hoax. Neither Cox — nor any other legitimate organization — will ever ask or insist that you provide your account login details over the Internet. So please, do not respond to such emails “from” Cox.net claiming to require you to enter your user name and password.
But there is an additional risk from these insidious emails. I mentioned that the fake Cox Account warning message copied below is modified — by me. I added “###” throughout the message, marking every place where there was a hotlink; “Cox.net”, the sender email address, the Reply-To address. (You normally see these hotlinks underlined and colored (often blue).
The “Cox.net” hotlink URL even looked* legitimate:
http: // cox dot net /
I added spaces to prevent this U R L from ‘becoming’ a live virus. And that’s the point here; I don’t know what would happen if you clicked on the Cox.net hotlink in the original email, and I do not want to know. At least not at the risk of infecting my computer. It might only be a spoof site, its owner hoping you will indeed enter your Cox account details. It could also be a site which would attempt to plant a “worm” or “Trojan Horse” malware on your computer just by your visiting the website.
So please be careful, even especially, if you decide to post warnings about suspicious emails.
- Make sure that you do not forward a live hotlink of any sort: URL or email address, etc. Any hotlinks should be deactivated or “denatured.”
- If you don’t know how to do that, do not paste a suspicious email into your own hoax warning email or you will be unwittingly propagating the malware risk for the hackers.
- Best Practice: better to just describe the email rather than trying to detoxify the (copy of the) suspicious email.
So fellow e-citizens, be safe, be careful, be aware. Any hotlink in a suspicious email is potentially poison. It’s a nasty e-world out there.
[*FYI, to “look” at the Cox.net hotlink (using Windows), I right-clicked -> ‘copy link link location’, then pasted into a simple text program (wordpad) so I could see the actual URL. I then did a (Google) search on “Cox net” <- just like that, to see what came up. What I found:
- cox.net is a legitimate address suffix, but preceded by https//
- there are also several cox.com addressses
Clearly someone was pretty smart to grab the http (without the S (for “secure socket layer” I think)) Cox.net web address (URL) and have no doubt set up an official looking site. Smart on their part, dumb on Cox’s part not to have locked that URL in a safe place.
There is another giveaway that this is a bogus email: the reply-to email address does not have a legitimate cox.net suffix: “wildblue,net.” The From address is, of course, a hoax; the email was not really sent from ###og1101 at cox.net]
HOAX EMAIL EMAIL MESSAGE “From” COX — hotlinks removed
From: “COX.net” <###firstname.lastname@example.org>
Date: December 7, 2014 at 12:36:00 PM EST
Due to the incessant rate of Spam, we are currently upgrading our ###COX.net with a hard spam protector, as such all ###COX.net users must respond to this email immediately. Failure to comply with the above instruction will immediately render your email ACCOUNT deactivated from our database.
Enter your data here;
COX your friend in the digital age*