We have discovered a phishing campaign that uses fake Xfinity pages to steal your login credentials. Below is how the attack works, based on real screenshots.
How the Scam Works
Step 1 – The “Thanks for choosing xfinity” lure
The victim lands on a simple page with an Xfinity logo, a “Thanks for choosing xfinity” message, and a button that says “click here to continue”.
This page has no real function – its only purpose is to make you click the button and move to the fake login form.
Step 2 – The fake sign‑in page
After clicking, you are taken to a second page that mimics Xfinity’s real login screen.
It asks for:
- Email / mobile / username
- Password (not shown in the screenshot, but the next field is implied)
The page includes fake legal text: “By signing in, you agree to our Terms of Service and Privacy Policy.”
There is a “Let’s go” button to submit your data.
Step 3 – Credential theft
When you enter your Xfinity ID and password, the information is sent directly to the attackers. They can then:
- Access your Xfinity account (TV, internet, billing)
- Change your plan or order services
- Use the same email/password combination to attack other accounts (email, banking, social media)
Red Flags You Should Notice
| Real Xfinity login page | This phishing page |
|---|---|
URL starts with https://login.xfinity.com/ or customer.xfinity.com | Suspicious, unrelated domain (often github.io, free hosting, or misspelled domains) |
| Shows a green lock icon and valid security certificate | No visible security indicators, or a certificate not issued to Comcast |
| Has “Forgot password?” or “Create an account” links | Missing standard account recovery options |
| Professional, consistent design | Simple, stripped‑down design – often only the logo and a form |
| No “click here to continue” intermediate page | Uses an unnecessary extra click to lower your guard |
How to Protect Yourself
- Never click links in unexpected emails, SMS, or social media messages – even if they look official.
- Always type the address manually into your browser:
xfinity.comorcustomer.xfinity.com. - Check the URL carefully before entering any password. Look for misspellings (e.g.,
xfinity-login.xyz) or unusual domains. - Enable two‑factor authentication (2FA) on your Xfinity account – it blocks attackers even if they have your password.
- If you already entered your credentials – go to the real Xfinity website immediately, change your password, and check for unauthorized changes to your account.
Share This Warning
Phishing pages like these are hosted on many different domains. If you see a page that looks like the screenshots above – do not enter any information. Instead, report it to Xfinity (Comcast) and help others by sharing this warning.