Forum Discussion

Bill_B's avatar
Bill_B
New Contributor II
9 years ago

COX Blocked Efforts to Report Phishing E-mail

I regularly receive phishing e-mail purporting to be from USAA, Wells Fargo, etc.  These are "well done" scams that even keep in correct links to the company privacy sites, while they have other scam links.  I have tried to report them to the respective companies and to COX, but COX repeatedly blocks them with the error message the files are too large; clearly an incorrect statement. I would like to be able to forward the e-mail as attachments or at least send the headers from the incoming e-mail, but they will not go through.

Previous attempts on chat with COX claims they don't need the report because the blocking means they already know it is a scam.  Well, if that is true, then why didn't they block the incoming messageto me, and I presume untold numbers of others who may not be as diligent as I in not clicking on the malicious links?

Does anybody have any ideas?

3 Replies

Replies have been turned off for this discussion
  • Tecknowhelp's avatar
    Tecknowhelp
    Valued Contributor II

    First, never listen to chat. 

    Second, from the headers, do you know from where the phishing attempt is originating from? If it's from a Cox IP, then it should be sent to abuse@cox.net  (using guidelines below) and to phishingreport@cox.net with the headers as a attachment. If it not from a Cox IP, then I "think" you only send it to phishingreport@cox.net

    Third, see here for Abuse Submission Guidelines;

    Abuse Submission Guidelines

    The following are the basic submission guidelines to send issues to abuse@cox.net.

    • When forwarding the email, do not attach additional files. Forward the email exactly how you received it.
    • Do not attach additional files to the email. For security reasons, attachments will not be opened. Provide evidence by copying and pasting from your log files or email headers.
    • Do not send emails larger than 64 KB (kilobytes) in size (approximately 800 lines).
    • Send emails in plain text format. HTML and Rich Text are difficult to process.
    • Remove extraneous information (such as non-Cox IP addresses) from the report.
    • Do not include trace routes, ping results, or WHOIS information.
  • Bill_B's avatar
    Bill_B
    New Contributor II

    Thanks Tecknowhelp,

    Thanks for the suggestions.  Unfortunately, they don't seem to help.  Allow me to explain a little further (better?) and maybe you can give some additional guidance.

    First, the the chat I "listened" to, was whoever is at the other end of the COX chat line that pops up whenever you get on their web site for help.  I agree, they didn't seem to know what they were "talking" about.

    Second, I have now learned (figured out) how to check the IP address against those that are COX.  That is useful for sending to the "right" address,but my problem is I an unable to send the concern to ANY address.  I have tried sending the incoming e-mail as a forward and as an attachment.  I have tried just pasting the headers into a new message and sending that that.  I have tried sending the messages to COX (abuse and phishing) and to just the related security elements of the spoofed companies (in accordance with their security directions on their web sites).

    In every case I am frustrated by COX because they reject the e-mail. The rejection error states the message is "too large", when it clearly is not, being well under the 64KB limit suggested below.  The suggestion from COX was that the message was being rejected because they "knew" it was SPAM or phishing, hence they didn't want it in their system nor did they need it to research.

    OK, I can maybe understand that a bit, but if it is true, why did they allow it to come to me in the first place.  I am diligent and do NOT click on that stuff, but many of these messages are pretty well done and I'm sure some folks DO click on the false links.  Plus, just because COX know this particular message is in the system, the spoofed company may not.  And, naturally, I foolishly think someone may like to take action to try to kill some of this nonsense.

    So, the bottom line is how can I get these notifications through to COX and the spoofed companies?

    Thanks again for your efforts to provide some clarity for me.

  • Bill B, 

    Are you sending the email from webmail, a mobile device or a third party email client? Are you having problems sending other messages? Also, when sending to abuse@cox.net are you including a signature?