Forum Discussion

Crownview's avatar
Crownview
New Contributor III
6 years ago

detected suspicious activity ... or not

We have received (so far) 2 emails from Cox claiming that "We've detected suspicious activity on your Cox.net email account xyz@cox.net [and zyx@cox.net] and believe this email address password may be compromised or your computer may be infected with Malware. If you do not recognize this email account, it may have been created without your knowledge."  We regularly scan our Mac with MalwareBytes, and other utilities, seeing NO malware here. The email goes on to say that we should change our password(s). Is anyone else getting these things? Is there any way to get through the bureaucracy to find just what "suspicious" activity they are seeing?

Or is it just one of those annoyances ...

  • Pam613's avatar
    Pam613
    6 years ago

    These emails were not scam. Someone got into my email & changed my password lockng me out. Cox should have a different way of sending notification to change your password other than sending it to your hacked email. One someone gets in they have all your info including your acct #.

  • Mick536's avatar
    Mick536
    New Contributor III

    What "suspicious activity" is what I want to know.  It's my account. Tell me what some malefactors are doing to it. Secondly, this is the email address of the account holder.  Why doesn't Cox recognize it?  It's how they've reached me for 20 years.

    If there are no malefactors, then Cox is in the "fake news" business. That's not company you want to keep.

    • tajkkj's avatar
      tajkkj
      New Contributor III

      Yeah, I'd like to know, too. Apparently, a large number of Cox e-mail customers have gotten this message from Cox. My first thought was this was a phishing attempt, but the note had the last 4 digits of my account number. I called Cox support, and as I was waiting for a CSR, there was an automated message stating that call volumes were very high, and that a number of accounts were showing suspicious activity, and an e-mail had been sent to the account holders as a warning with a requirement to change the password or be locked out after 24 hours.

      So, it appears there has been a true, and significant attack on Cox e-mail customers. But, Cox, we'd all like to know more details. How long has this breach been going on, and when did Cox first detect it? I think Cox needs to make an official announcement stating what happened, what customer information was compromised or stolen, and what Cox is doing to prevent future incidents like this.

      In light of the massive data breaches this year, I'm expecting Congress to get involved, and perhaps start holding corporate executives accountable for any negligence on the part of their companies.

  • Snowflake12's avatar
    Snowflake12
    New Contributor

    It is legitimate. H confirmed with a Cox help person in Cox chat. The link in cox's email does call up the user profile page.

  • roy3805's avatar
    roy3805
    New Contributor II

    This happened to me when I was torrenting from thepiratebay.

    • Swanem's avatar
      Swanem
      New Contributor

      Um... Wow. Call yourself out. And VPNs are cheap .

  • wheels2014's avatar
    wheels2014
    New Contributor

    got same and when i went to try to change password as told was told "info" was missing from my account and I can't get online help or chat to work. Will try phone help??

    • socal_transplan's avatar
      socal_transplan
      Contributor III

      Good luck with that! No phone, no access online. Basically...no email. Try to change password get"an error has occurred." Well, hell yeah!  Cause we've been hacked again!

      puss poor communications for a communications company!

    • wub's avatar
      wub
      New Contributor

      Yeah, I had a similar experience.  Logged in to my Cox account, logged out and the "change password possible suspicious activity" immediately appeared in my inbox.  I could not change my password, because I don't have another email address, and the password change page won't accept input unless an alternate email address is provided.  I spent an hour on the phone with a very helpful person at tech support, but this is still not resolved.  The good news is even after they lock me out of my account, I still have about 90 days before they wipe all my account info, or so I'm told.

      My guess is that the requirement for a backup email address is relatively new, and this is how they have chosen to enforce it.

  • yak's avatar
    yak
    Contributor III

    I got it too.  I agree with the forum user who said "Poor taste to notify us thru email since it was email that was compromised" (thanks WiderMouthOpen).  I read over the original notification several times before going to MyProfile.  Will someone ever tell us what actually happened? 

  • JKAZ's avatar
    JKAZ
    New Contributor

    Both I and my Father in law got it too.  I started a lengthy chat with support, and he claimed it's part of a transition to a new system.  He seemed fairly clueless what was going on, but recommended password change.  But I also got a message on my account about my Autopay credit card expiring, and the system showed the card expired 11 months ago, but I know my Cox payment has been going through fine.  I think their system is all screwed up, and it is annoying enough to change the passwords on all devices accessing my email that I will just wait and see how this plays out.  If I don't lose access to my email and they make no further announcements, I'm leaving well enough alone.

  • Pam613's avatar
    Pam613
    Contributor II

    I'm getting them too & I changed my password and now can no longer send mail

    • Becky's avatar
      Becky
      Moderator
      The Cox Network Security team actively monitors Cox.net user accounts for suspicious activity that may indicate a Cox.net User ID and password have been compromised. To confirm such an email is valid, go to www.cox.com, log in through the My Account drop down box, select the drop down again, and then click "Email Notification History" on the left side of the page. If you receive such an email, please reset your Cox.net password to something brand new; something you have never used as a Cox password. The following Cox password requirements apply:
      • Must be between 8 and 24 characters long
      • Must include both letters and numbers
      • Must not include any form of the word password
      • Must not include customer's user ID
      • May include special characters: !@#$%^*()
      • Is case sensitive, so SaMpLe24 is different than sample24
      After resetting your password, log out of your account and then log back in with the new password on all devices. -Becky, Cox Support Forums Moderator
      • socal_transplan's avatar
        socal_transplan
        Contributor III

        first of all, i see no "email notification history." i tried this yesterday and got different dropdown info, found it & it said "no history."  all i can do today is "change email"  where i get the notification that "We're sorry, an unexpected error has occurred. Please try again. If you need help, contact Customer Support or Live Chat for assistance." yesterday that was a joke.  i am currently waiting for level 2 today.  as it still won't let me change my password.

        so, if i must change password, why can't i?

    • socal_transplan's avatar
      socal_transplan
      Contributor III

      if you are using a mil program you have to change the password in that too, remember

  • Future_Ent's avatar
    Future_Ent
    New Contributor

    Sorry I'm late to this party.

    The emails you are getting are SCAM to get your information NEVER NEVER NEVER reply to these emails or click on any of its links.  Either deleted them (permanently, not just to the trash folder) or forward it to the security address on the COX website.

          https://www.cox.com/residential/support/reporting-spam-phishing-and-virus-abuse.html

    I get at least 10 of these a week from COX.  

    One way you can check if it is legit is to look at the links address.  Outlook, allows me to display the link address just by hovering the mouse pointer over the link WITHOUT clicking it. Must fake links have a weird looking address with lots of letters that do not spell anything. 

    I hope this helps

    Julian

    • Pam613's avatar
      Pam613
      Contributor II

      These emails were not scam. Someone got into my email & changed my password lockng me out. Cox should have a different way of sending notification to change your password other than sending it to your hacked email. One someone gets in they have all your info including your acct #.