I received two emails from "DIRECTV Customer Care" telling me about two credits applied to my account. One for $119.15 and the other email said $4.76. It shows my DIRECTV account number right except it doesn't have the last digit. I logged onto my DIRECTV account through my browser, I didn't click the link in the email and it shows no such credit. I haven't called D* asking for any kind of credits. Any ideas?

I would just call DirecTV and question it and see what they say.

I received two emails from "DIRECTV Customer Care" telling me about two credits applied to my account. One for $119.15 and the other email said $4.76. It shows my DIRECTV account number right except it doesn't have the last digit. I logged onto my DIRECTV account through my browser, I didn't click the link in the email and it shows no such credit. I haven't called D* asking for any kind of credits. Any ideas?

Call them for sure sounds like possible phishing

I received two emails from "DIRECTV Customer Care" telling me about two credits applied to my account. One for $119.15 and the other email said $4.76. It shows my DIRECTV account number right except it doesn't have the last digit. I logged onto my DIRECTV account through my browser, I didn't click the link in the email and it shows no such credit. I haven't called D* asking for any kind of credits. Any ideas?

Whats your email client?
Can you get us the headers from the email?!?

Sure..

I get

Received from: from 147.21.160.203 (EHLO D4EMPE83.LA.FRD.DIRECTV.COM) (147.21.160.203) by mta218.mail.re3.yahoo.com with SMTP; Sat, 03 Nov 2007 08:15:25 -0700

from D4EMPE80.LA.FRD.DIRECTV.COM ([147.22.176.65]) by D4EMPE83.LA.FRD.DIRECTV.COM with Microsoft SMTPSVC(6.0.3790.1830); Sat, 3 Nov 2007 09:14:55 -0600

from pwfc2040u ([172.19.56.250]) by D4EMPE80.LA.FRD.DIRECTV.COM with Microsoft SMTPSVC(6.0.3790.1830); Sat, 3 Nov 2007 09:14:55 -0600

Sure..

I get

Received from: from 147.21.160.203 (EHLO D4EMPE83.LA.FRD.DIRECTV.COM) (147.21.160.203) by mta218.mail.re3.yahoo.com with SMTP; Sat, 03 Nov 2007 08:15:25 -0700

from D4EMPE80.LA.FRD.DIRECTV.COM ([147.22.176.65]) by D4EMPE83.LA.FRD.DIRECTV.COM with Microsoft SMTPSVC(6.0.3790.1830); Sat, 3 Nov 2007 09:14:55 -0600

from pwfc2040u ([172.19.56.250]) by D4EMPE80.LA.FRD.DIRECTV.COM with Microsoft SMTPSVC(6.0.3790.1830); Sat, 3 Nov 2007 09:14:55 -0600

Looks legit... FRD I might assume would be the Fraud subdivision of DTV, or, maybe thats just where there email server is located... I would def. call D* and ask 'em what the deal is.

I called D* and they didn't see anything on their end either. I gave the account # that was on the email and he didn't see anything on that account either but he said that account was pending termination.

I didn't click the link in the email and it shows no such credit. I haven't called D* asking for any kind of credits. Any ideas?
------------------
Good thinking on your part to NOT use the link provided in the E-mail....
Open the e-mail sent to you and run the mouse cursor over the link they
provided....If it is NOT DirectTV's URL DO NOT click on it...it would probably take you to the false site in a attempt to gain your info. I am concerned as to how they obtained your account nbr(except for the last digit)...makes me think there is some kind of inside leak of info at D*

The only thing I can think of is a system error...
A buddy of mine got a call from the automated system saying it was sad to hear him leaving and informed him about how to return his boxes.
Thing is, he never cancelled his account, or even tried to.

Called D* and they said it was a system error and they were sorry, but everythings good on his account, he was pleased.

Definatly NOT a D* e-mail addsress...report it as Phising to D*

147.21.160.203 = following

OrgName: Hughes Electronics
OrgID: HUGHES-6
Address: 2250 East Imperial Highway
City: El Segundo
StateProv: CA
PostalCode: 90245
Country: US

NetRange: 147.21.0.0 - 147.21.255.255
CIDR: 147.21.0.0/16
NetName: THE-DIRECTV-GROUP-INC
NetHandle: NET-147-21-0-0-1
Parent: NET-147-0-0-0-0
NetType: Direct Assignment
NameServer: DENDNS01.DIRECTV.COM
NameServer: DENDNS02.DIRECTV.COM
NameServer: ESDNS01.DIRECTV.COM
NameServer: ESDNS02.DIRECTV.COM
Comment:
RegDate:
Updated: 2006-03-30

RTechHandle: GM384-ARIN
RTechName: MacLean, Gene
RTechPhone: +1-310-364-7926
RTechEmail: ebm3@c79.net

OrgTechHandle: DOMAI41-ARIN
OrgTechName: Domain Registrar
OrgTechPhone: +1-310-964-1037
OrgTechEmail: domain.registrar@directv.com

# ARIN WHOIS database, last updated 2007-11-02 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

Definatly NOT a D* e-mail addsress...report it as Phising to D*

What the hell do you mean its not a D* address?!? Look at it again! If you think all D* addresses are gonna be person@directv.com you're sadly mistaken!

As far as the latter post goes, thanks for pulling that info. Hughes owns D*'s equipment side (all the D* branded receivers are spec'd by hughes or some crap like that)

Which means since D* has no record of it, then someone there is trying a
clever individual enterprise....send some e-mail to someone in d*'s security...

maybe email this guy & ask what the deal is

RTechName: MacLean, Gene
RTechPhone: +1-310-364-7926
RTechEmail: ebm3@c79.net

Is there an email for D* security?

Is there an email for D* security?
-------
See next to last para:
http://www.directv.com/DTVAPP/global/contentPage.jsp?assetId=2900001

moonman, thanks I forwarded both emails to D*.

You may want to clear the link posted earlier ... especially if it may lead to a questionable site.

It leads to directv.com
the real directv.com
its not a link masked by a link.
its directv.com

I deleted the post just to be sure.

I received two emails from "DIRECTV Customer Care" telling me about two credits applied to my account. ... ... ... I haven't called D* asking for any kind of credits. Any ideas?

I wanted to bring this thread forward because I have got at least two of these mails in the last 4 months -- not relating to credits, but to service changes that were neither requested nor made.

I've looked closely at the "fake" emails and I put "fake" in quotes, because as posted earlier in this thread they do indeed seem to be coming from directv.com -- mail04.directv.com [147.21.160.203].

I see only two differences between the legitimate emails and the two illegitimate ones.

1. The legitimate ones have my account number.
2. The illegitimate ones originate (based on the earlies "Received from" header) from a different domain. All my legitimate emails originate from a 147.x.x.x address, but my two illegitimate emails originate from 172.x.x.x addresses. Here are the two "illegitimate" routes:

Received: from D4EMPE83.LA.FRD.DIRECTV.COM ([147.22.176.68]) by D4EMPE83.LA.FRD.DIRECTV.COM with Microsoft SMTPSVC(6.0.3790.1830);
Fri, 4 Apr 2008 03:38:01 -0600
Received: from CPMSCOM01 ([172.19.53.201]) by D4EMPE83.LA.FRD.DIRECTV.COM with Microsoft SMTPSVC(6.0.3790.1830);
Fri, 4 Apr 2008 03:38:01 -0600

and

Received: from D4EMPE83.LA.FRD.DIRECTV.COM (mail04.directv.com [147.21.160.203])
by mx.google.com with ESMTP id k27si2743441qba.10.2008.08.11.15.59.22;
Mon, 11 Aug 2008 15:59:23 -0700 (PDT)
Received: from D4EMPE80.LA.FRD.DIRECTV.COM ([147.22.176.65]) by D4EMPE83.LA.FRD.DIRECTV.COM with Microsoft SMTPSVC(6.0.3790.1830);
Mon, 11 Aug 2008 16:59:17 -0600
Received: from pwfc2040u ([172.19.56.250]) by D4EMPE80.LA.FRD.DIRECTV.COM with Microsoft SMTPSVC(6.0.3790.1830);
Mon, 11 Aug 2008 16:59:17 -0600


I've sent basically this same info to emailfraud@directv.com. I'll post back if I hear anything enlightening. I doubt if the OP and I are the only ones getting these emails, so hopefully this can provide some commiseration for other forum members.