multichannel connect
all access

Cable Operators

'Phishing’ Attack Puts Hook in Cox

1/16/2005 7:00 PM Eastern

Cox Communications Inc. officials said they acted swiftly last week to filter out bogus e-mail messages targeting digital-cable customers and “phishing” for consumers’ personal financial information.

The official-looking e-mail bore the “signature” of “James C. Kennedy, CEO.” He is the chairman and CEO of Cox parent company Cox Enterprises Inc. The signature also appeared over the company’s real Atlanta corporate address.

The missive advised digital-service customers that the company was mandated to do a full credit check on subscribers.


It cited “USA Patriot Act (HR3162) and Anti Money-Laundering & Protection Act” as authority for conducting the credit check.

The noticed urged action as soon as possible to avoid service suspension.

Consumers were advised to open the form online, fill in their credit information then click “submit.”

According to the Anti-Phishing Working Group, a global, pan-industrial association formed to battle fraud, this method of identity theft is growing because phishers are able to seduce up to 5% of recipients to voluntarily divulge credit information.

As of the end of November, the period covered by the latest trends report from the group, about 120 brands had been hijacked by phishers.

Financial service companies make up the bulk of the victims, but Internet service providers comprise a growing segment.

According to APWG, in October and November, the biggest rise in attacks was seen against customers of Earthlink Inc. and

The most recent attacks have seen AOL’s “You’ve Got Pictures” feature hijacked. EBay Inc. and PayPal have also been used to try to steal information this month.

The majority of the attack sites are hosted in the U.S. but a growing number are originating from China.

Cox spokesman David Grabert said the e-mails targeting its customers were tracked to overseas servers.

The ISPs that host servers used by the phishers were notified, he added, and at least two confirmed hosts had taken down the servers.


This is the second time Cox customers have been targeted by phishers. That letter bore the same bogus CEO signature, Grabert said.

The company’s Internet abuse and security team spotted the traffic on Monday and began blocking it. The company also placed warnings on its regional Web sites detailing the letter and advising consumers that the company does not ask for information in this way.

Cox renewed its advice that all consumers turn on the spam-filtering feature of their Cox Internet service.

Grabert said the company could not estimate how many e-mail messages got through or how many complaint calls the company may have received from consumers about the information requested by the messages.

The company runs reports on call-center complaints once a week, and Cox officials don’t have a code to track this specific complaint.

Grabert said most of the complaint calls he was aware of were from Cox employees who got the message. Employees are on a different server from consumers, he explained.