Today i get an email from my ISP, Cox, telling me that a computer in my home is infected with a specific malware. The email had some suggestions and links to follow for more info about getting rid of it.

I know, I know....I immediately though the same thing. Phishing scam. So I called them directly, talked to 2 tech support people and they confirmed that they did indeed send it. WTF?

SO they went on about how they're protecting "their network", blah, blah, blah and some stuff that really made no sense. At one point the guy volunteered that they can't see what websites we go to. I already know that's a lie, so why even say it.

So the questions: How do you know what's on my computers? If you can tell a device in my house is infected, then you obviously know which one. So Which one? Why is something on one of my computers considered "Your network"?

And then of course they offered to find and remove any malware for a fee.

The entire thing sounded like a text book scam. But I called them directly, all the recordings and prompts were the same, and they verified the email verbatim. A few searches and I found where others have reported the same thing from the same ISP and it is real.

Here's the big kicker. On my main computer I use a different DNS, VPN, on another I use proxychains, but now I'm wondering if any of that stuff does any good.. No, not every device in my house uses such measures, and further reading on various sources said that it could be a false positive or an Android device.

The entire thing was very disturbing. To think that they fully admit now that they can detect ( or see) what's on my personal computer.
That's hard to deal with.

Could be rogue employees within the company trying to make a buck? Trying to play elaborate hoaxes on people? It's not unthinkable!

Disturbing is the right word. They shouldn't know what's on your computers. Is it possible it is a company scam, since they offered to fix everything for a fee? Maybe they send the email out to get people to sign up for their removal service.

You've probably already searched for others who received similar emails. I just found one where Cox told someone he had a specific Windows virus when he only uses Macs. In general it sounds like the email is automatically sent when your network visits certain sites that they've identified as delivering malware and they can't tell you which computer, because they can't see past your router.

Another possibility is that you visited a site using a shared IP address and another site on the same IP was the one delivering malware.

Something doesn't feel right about this and I suspect it's Cox being overzealous. From different threads I found, it doesn't appear they can actually see what's on your computer and what they do is identify what to them appears to be something leaving your network or you visiting an IP they have listed as malicious.

It's still pretty disturbing.

It appears to be by IP address. The 2nd tech said that the email was automatically triggered based on our IP address, which is the modem.
It's really upsetting because it's clear to me that no matter what I do, using proxies, open DNS, VPN's that I still can't escape the watchful eye of the ISP.

To be clear, I am studying for a White Hat/Pentesting certification and do frequent a lot of different sites, Git Hub downloads for various software, and do play with Remote Access Tools..installing them on test devices that I have, and so on. So I can definitely see where they could see something if they were looking. I've just never had it confirmed that they can, do monitor, and now even comment on it.

I was much happier when I just suspected, but didn't know for sure. Now I feel like I have absolutely no privacy regardless of the reassurances they tried to give me that they aren't monitoring my traffic.

You ISP is going to have to know to some extent where your network traffic is going. Just like the post office needs to know the addresses of your outgoing mail. There is just no way that can be avoided.

When you called them directly, where did you get the number? Try calling directory assistance and see if the numbers match.

It is possible to install a virus on a system that will redirect specific web searches to fake pages. There is even a scam out now that only require that you hover over the link.

I've been a customer for years and know the number by memory. It's one of those easy to remember numbers and I called it direct.
I know about fake pages and redirects. I actually know how to create them now. So my guard is up all the time, and it all checked out. It really was them.

I sort of though so. But this just seems so odd.

One of the legitimate options would be that they monitor specific designation IP address. Addressed know to be connected to viruses and malware. They would not be monitoring your IP address per say, but just monitoring traffic going to those address and backtracking it to the source.

So now that you know your ISP is spying on you, what are you going to do about it? Change your ISP? I read somewhere that using a VPN from a nation with strict privacy laws (like Sweden or Germany for example) can help.

So now that you know your ISP is spying on you, what are you going to do about it? Change your ISP? I read somewhere that using a VPN from a nation with strict privacy laws (like Sweden or Germany for example) can help.

I have VPN's. VPN's only protect your connection from one place to another so that they can't see inside the packet. It doesn't stop them from seeing that you're online (and other meta data) and where those packets are going. IOW, they can see where you're going, just not what you're doing when you get there.

I feel like as long as I have to use their modem to connect to the internet, there's no real privacy. It was the IP address of the modem that they said created the trigger.

Even if I use my own modem, they still "Allow" it, and verify it on the network. I gotta believe if they can send a signal to the modem to reset it, they can see what's coming through it as well.

Sounds like the ISP is trying to drum up some new business with scare tactics. They probably have no idea if a device in your home is infected.

I don't think it matters what modem you use. The ISP will have to assign an IP address to it. Likewise, they will need to know where you want to send your packets. You can encrypt what is in the packet to prevent them from seeing what is in it, put it will still have a to and from address. If you are really paranoid, you can route the packet through third parties around the world. But that seems a little extreme for what amount to zero benefit.

Remember, the ISP is probably trapping data for the government. Maybe they decided to use it for their advantage.

Even if an ISP did know what sites someone is visiting (despite using VPNs and everything) how do they know what's on a particular machine? The machine could have software installed from any source - pen drives, external hard drives, another ISP, mobile internet, DVDs, LAN connection etc. Looks like the only way they did know was to have some kind of spyware installed on the machine. Either that or it's just a hoax perpetrated by someone within the company, trying to run a scam.