Skip to main content
Accessibility Resource Center Skip to main content
Have a phone you love? Get up to $500 when you bring your phone.
cancel
Showing results for 
Search instead for 
Did you mean: 
Accept your agreement to receive your device
Sh4
Novice

Today we added a Smart Family line to our account for our child.  I received an e-mail with the subject of, "[name], Your order is almost complete."  The body of the e-mail says, "Accept your agreement to receive your device."  In it is a link that says, "Complete your order >".  That link points ww1.ecrmomclverizonwireless.com, which is not a Verizon site as best I can tell.  That site displays "related searches" that have nothing to do with my account and lead me to third parties.  It seems that it's a phishing attack but the Reply-To e-mail is [email address removed per the Verizon Terms of Service], which is a valid address according to other posts I'm seeing.  So what's going on here?  The supposed Verizon Wireless login link within that same e-mail also points to an ecrmomcl site, which I THINK is an attempt to steal my credentials?  This is so unprofessional and confusing.  Either the right hand doesn't know what the left hand is doing or Verizon has been compromised.  Either way, it's bad.Phishing.pngimage (3).png

0 Likes
Re: Accept your agreement to receive your device
Sh4
Novice

Now the link is attempting to install malware in my browser.  Something is seriously wrong!Malware.png

0 Likes
Re: Accept your agreement to receive your device
Sh4
Novice

image (4).png

0 Likes
Re: Accept your agreement to receive your device
Sh4
Novice

Chat1.png

0 Likes
Re: Accept your agreement to receive your device
Sh4
Novice

Proof that this e-mail came directly from Verizon.  It is not a phishing attack from a random third party; Verizon is sending this.

Parsing header:Received:  from 10.220.168.45 by atlas101.sbc.mail.ne1.yahoo.com with HTTPS; Tue, 21 Dec 2021 14:44:14 +0000
host 10.220.168.45 (getting name) no name
10.220.168.45 discardedReceived:  from 144.160.244.122 (EHLO alph752.prodigy.net) by 10.220.168.45 with SMTPs (version=TLS1_2 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256); Tue, 21 Dec 2021 14:44:14 +0000
host 144.160.244.122 (getting name) = alph752.prodigy.net.
alph752.prodigy.net is 144.160.244.122
Possible spammer: 144.160.244.122
Received line acceptedReceived:  from omsgout2-tdc.verizonwireless.com (omsgout2-tdc.verizonwireless.com [137.188.104.189]) by alph752.prodigy.net (Inbound 8.15.2/8.15.2) with ESMTPS id 1BLEiCZD045899 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <x>; Tue, 21 Dec 2021 09:44:13 -0500
host 137.188.104.189 (getting name) = omsgout2-tdc.verizonwireless.com.
omsgout2-tdc.verizonwireless.com is 137.188.104.189
144.160.244.122 not listed in cbl.abuseat.org
144.160.244.122 not listed in dnsbl.sorbs.net
144.160.244.122 is not an MX for alph752.prodigy.net
144.160.244.122 is not an MX for alph752.prodigy.net
Possible spammer: 137.188.104.189
137.188.104.189 is not an MX for omsgout2-tdc.verizonwireless.com
Host omsgout2-tdc.verizonwireless.com (checking ip) = 137.188.104.189
Host alph752.prodigy.net (checking ip) = 144.160.244.122
144.160.244.122 not listed in cbl.abuseat.org
144.160.244.122 not listed in dnsbl.sorbs.net
   Chain test:alph752.prodigy.net =? alph752.prodigy.net
   alph752.prodigy.net and alph752.prodigy.net have same hostname - chain verified
Possible relay: 144.160.244.122
Received line acceptedReceived:  from 144-70-2-76.vpc.verizon.com ([144.70.2.76]) by omsgout2-tdc.verizonwireless.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Dec 2021 14:44:11 +0000
host 144.70.2.76 (getting name) no name
137.188.104.189 not listed in cbl.abuseat.org
137.188.104.189 listed in dnsbl.sorbs.net ( 1 )
137.188.104.189 is not an MX for alph752.prodigy.net
137.188.104.189 is not an MX for omsgout2-tdc.verizonwireless.com
137.188.104.189 is not an MX for omsgout2-tdc.verizonwireless.com
137.188.104.189 is not an MX for alph752.prodigy.net
Possible spammer: 144.70.2.76
Host omsgout2-tdc.verizonwireless.com (checking ip) = 137.188.104.189
137.188.104.189 not listed in cbl.abuseat.org
137.188.104.189 listed in dnsbl.sorbs.net ( 1 )
   Chain test:omsgout2-tdc.verizonwireless.com =? omsgout2-tdc.verizonwireless.com
   omsgout2-tdc.verizonwireless.com and omsgout2-tdc.verizonwireless.com have same hostname - chain verified
Possible relay: 137.188.104.189
Received line accepted
Tracking message source: 144.70.2.76:
Routing details for 144.70.2.76
[refresh/show] Cached whois for 144.70.2.76 : [email address removed per the Verizon Terms of Service]
Using abuse net on [email address removed per the Verizon Terms of Service]
abuse net telops.gte.com = [email address removed per the Verizon Terms of Service]
Using best contacts [email address removed per the Verizon Terms of Service]
Message is 3 hours old
144.70.2.76 not listed in cbl.abuseat.org
144.70.2.76 not listed in dnsbl.sorbs.net
144.70.2.76 not listed in accredit.habeas.com
144.70.2.76 not listed in plus.bondedsender.org
144.70.2.76 not listed in iadb.isipp.com
Finding links in message body
Parsing text part
From: Verizon <[redacted]> ([redacted], Your order is almost complete.)
 Please complete your order.
 Hi, [redacted] | Account number ending in: [redacted]
View full messageReport Spam to:
Re: 144.70.2.76 (Administrator of network where email originates)
 To: [redacted] (Notes)

0 Likes
Re: Accept your agreement to receive your device
vzw_customer_support
Customer Support

You can never be to safe, Sh4. I know these scammers are getting smarter and smarter. You can report this here: https://www.verizon.com/support/residential/announcements/phishing

I can make sure everything is good with your account. Please check your private message. -Amber

0 Likes
Re: Accept your agreement to receive your device
Sh4
Novice

The problem is, this literally came directly from Verizon.  I received another e-mail today, also from Verizon, regarding a separate support ticket.  The links in the ticket also point to ecrmomcl.  Apparently, this company is a partner that Verizon uses to send out notifications.  It has legitimately been hacked and is sending out dangerous e-mails to Verizon customers.  They have full access to account information, purchase history, etc.  It's a serious security incident and I can't get anybody at Verizon to take it seriously and investigate.

0 Likes
Re: Accept your agreement to receive your device
vzw_customer_support
Customer Support

Sh4, It is always a good idea to be cautious with a email that doesn't seem right. I would like to review your account to see if this is something we have sent. Please reply to the private message sent .-Tionna

0 Likes
Re: Accept your agreement to receive your device
Sh4
Novice

I'm getting e-mails from Verizon asking me to accept a solution.  There is no solution to accept -- this e-mail came directly from Verizon (not from a third-party impersonating Verizon) and it was completely bogus and an attempt to defraud.  I don't need anybody to check my account -- the account is fine.  My account is protected with 2FA and has not been compromised.  Rather, this is a serious issue that is internal to Verizon, or to one of Verizon's trusted partners, and it should be investigated.

0 Likes
Re: Accept your agreement to receive your device
vzw_customer_support
Customer Support

Sh4,

 

We always value customers who are keen to give us their feedback. I will be sure to pass on what you have told me to our Managerial Team. Thank you for bringing this to our attention. 

 

-Nicci

0 Likes