RSS

“eHarmony.com Dating Partner”

01 Feb

POSSIBLE PHISHING ATTACK – ONLINE DATING WEBSITE – PRETENDING TO BE EHARMONY – SPOOFED LINKS

ATTENTION: I’ve been getting fake eHarmony emails sent to my spam filter. I am not, nor have I ever signed up for eHarmony and I received these eHarmony emails the past several days (on my fake scam baiting account, mind you) — I knew immediately that something was phishy. The fact that the URLs weren’t even related to eHarmony, and after looking up the header details I realized this is some type of phishing email. Whether it’s malware, a hacker, a scam, etc, it’s something phishy.
SUBJECT LINE: Singles Looking For Love In 2013

#1 Most Trusted Online Dating Site. Join Now!

©2013 eHarmony, Inc.
If you would no longer wish to receive our special promotions, please click here
or send mail to:
PO Box 3640, Santa Monica, CA 90408

HEADER DETAILS:

Return-Path: <2093192922@portalexport.com>
X-YahooFilteredBulk: 130.93.81.10
Received-SPF: pass (domain of portalexport.com designates 130.93.81.10 as permitted sender)
X-YMailISG: M3AJff0WLDu3gnhmNjiGcWZCDX8VNfF9gVyEVwn0d57lYzYE Qw6i7CSQaV_KniE81oJcBTzfEaYhbhvkkW_3bgeWeNssI0hpTf8pzJVZd4oj DlOjgYNdSbizcBsnGDlAlYOCN3ODZG2M3SCHPtdrCfd2Vkv.uh7LQM7onIIZ EvxzodhiT8tstB4O0meuQ.GeuYvrrsfQ_ykQPIL11z4apR1aDJwKCEP8PjBP NiXMaIWSB6QtdT9r3Nu9RD7FRc_6pNpGJCLqKv6YhG2tAUiA.Z4dU8LaSe.Z 2OSI7J.8etjFW6l1A07wfcOiPhdjpUJfzOKT3gjlPVw0bneSOCbvdf0n0.Ol J53i3G8UtPk._SsOOuRTH0px18vsfKJfAba0qkHMhi4IaS.xyabsVmAj3121 .cFUzW7sBgHPzIHmJwX2hAOHr8n.nzSK05os.fCTkr2VC2dn3adr5CjCK4Cs yTDmaf2XCi7fI_wdhX_VHfQl4n43kCVWkSbr83ioRgw1UxL5OQh648_uW3QA QNZiz09BBkeWzy5hcVIbYeFN6WRAHb554l.AFMQQZSY1F.WzfnoyjbRArlsb 3_YxdMxulbx_UfOHBv2DlGin3XVIA_DASQd3fT.2LlbX02M.sFomz4ikQI5k W4tlvj5kpAYEpDzMjMrSZoz.900y4sxRbFw5kv_dEAZ56_OcfsiD_wTuA6K0 XlRzTlIP27gQ6EoIafDU.GIyYrCNNxBrKCQOXKyTuG7UWLCjf.zAHY5oqjdo sylsaiFmj20f24gNvgwgyUFjwvfC0SAwlCbKIeoXrXVhJDdjQ0ikPMgeeoHg OH7f2Hf6DSdjKB_cFDCPGGbfRscHYLePq_0BmP1zUnM5L1zxzc.EY9CPijgN DsAPkpAoAp5lY7C8GDeqPZOyAvPJuyU2Qt0mmE9q5QiBvRvKlewbvOK7BusZ Z_o5cddS._R1QyJ0J6OfiirXgHbZlGwZGY3VqH2gfGGXZiqrrTVS6uiI0a_F mNiVA5Jdw.Vhose1PnR0ATG3SQJLy0xlgfmCI90TJe3_E6NwubWAWK5YK4OU zwrMdKiLpHu5WM7SHvA8GgPTws4NqwqbYn1gBkNvHgYkTzabyQ7E72vguk7r mCvYXVpJaYrgozv5OGNXnQeCHtL73sQf0IQrQAmkWAIe1pKxBtUS8HkDJki. iNH_vWvqO9_HTPOKGRArVq4FQPKhgoQaS6gXzUpa18fjyytvuzkIjgpnECia dYgtcMwG6TaMfJfnilczjWZ7i19ceCfb26_gGwIqqHEOexzWs42hb3vuiKYd qOStuXI6KVd6Fig5Kkvs5CfzO7NN9d28mgX4EN4UtypmZDvUmY6GSZfX8PHl FqOpIksji3xRa2u1f.Yl6KUArTL0dWTicRIVXiunSnD2uuxuhCUov9fgtuGc b_jAFjk9vsXH27xV
X-Originating-IP: [130.93.81.10]
Authentication-Results: mta1234.mail.ac4.yahoo.com from=; domainkeys=neutral (no sig); from=portalexport.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO ul.portalexport.com) (130.93.81.10) by mta1234.mail.ac4.yahoo.com with SMTP; Wed, 30 Jan 2013 16:25:27 -0800
From: eHarmony.com Dating Partner <mailers@portalexport.com>
Message-id: <72704994_2093192922@portalexport.com>
Subject: Singles Looking For Love In 2013
X-mHn9bGc2TnNqC6Sqp8c: NzI3MDQ5OTRfMjA5MzE5MjkyMl8xNDI1ODY0N180ODMyOV82NzQ5MF8xMjI0NTVfMjY3MV83OTU2Mzk3XzBfNjA5DQ
X-Ver: NzI3MDQ5OTQ
X-CampaignDetail: 72704994
X-Log: 0
Errors-To: errors@portalexport.com
<http://portalexport.com/x/MjA5MzE5MjkyMg|NzI3MDQ5OTQ|cG9ya3lleHBvc2VkQHlhaG9vLmNvbQ|NDI|MTUzMQ|Njc0OTA|MTIyNDU1|NDgzMjk||MA|MA|||Nzk1NjM5Nw|MTQyNTg2NDc|MjY3MQ|MA|NjA5|VQ.html>
Content-Type: multipart/alternative; boundary=”—-_=_NextPart_001_FHVBI9TV.45VYWRRW” 88.198.16.166 173.44.133.82

 eHarmony.com Dating Partner mailers@portalexport.com 130.93.81.10

 The links came in forms of images pretending to be eHarmony but the actual URLs were http://www.portalexport.com.br/negocios.htm <> http://webmail.portalexport.com.br/index.php?lang=Latvian — Which is a ”business consultant” looking for partners to buy and sell items. It’s not even a English website, never mind an English dating website like eHarmony. The actual URL can’t be copy and pasted because it came in the form of an image but it started off like portalexport.com/…/with_a_bunch_of_numbers_and_letters

__ __ __ __

SUBJECT LINE: Singles Looking For Love In 2013

©2013 eHarmony, Inc.
If you would no longer wish to receive our special promotions, please click here
or send mail to:
PO Box 3640, Santa Monica, CA 90408

HEADER DETAILS:

Return-Path: <2093192922@devicedigest.com>
X-YahooFilteredBulk: 130.93.80.179
Received-SPF: pass (domain of devicedigest.com designates 130.93.80.179 as permitted sender)
X-YMailISG: qP4_qdIWLDsuod7JBnqDQpOfP0SPPxPAdYLhMttsbbbZhvJ9 fTFBcUBRm31.ArzlDqoCIlKINNvCIZPP.YYUpu38eWQuf1B.f7NKGjT7t_sd dx2s5ERWR8ymbEo8pXEaYNEaZEgtG_imXHo6Cnq1d4OemJo6.fPkm8YH_uVB ET0R1GYNVy5KoonXIyfDW9mtrMRtNj2nfuMJp2qHFgItr2hH0dOfoe08OPvG om5jmFe7TP8l16Rv0r5Ljt5L.X9gPwAiGV5VxLGnhZ49zhl9.upfGLsU9uCl 0GQAGSt8lIUoUBZ0w.Q6MNpIq33IY2fMPHnQjaz3yVk8U3Sv7ZLgvxVo7Tw8 st6vV5zQ36c7YI8AeqnehFxAr2iLjWa475NvjoyXmhGOO.AYJ3wkOvlV1MWu MiS0Zv86zlT1wQeBftcu9ROAl2wZco_tx6kt7Tfm.adYFbjuU6mNNcjTmm1F SKQ8gCHHei6JhHVxXtvoXYCyTaVxkbsmtLu5iC92ggMO5t8kU8ASjX0MWdS8 cx51VgWGHcRMtAMTq.uZWQJHWaYuQLmlqTGLyEg8V7XAGOjv9BYJrZYJNzJ4 wq2kJoyRWCB4qL1akmMI61mSMxEUq3vDjpjo6UERvvYFvHjzRn.dthghsCSB mIXI6xpIzNWnL_LOFNPs3HINsIYORPNYGAAibnrd6rNERchkaaxjqjVdVz0S s4ssR_3Lj1lxP9ncV9aU7gVa_qtegp6br61vnF2TaQ7hBEVXi1pqPxoge37d 2WN5c2pA8fEkfzgf7LQ0Hj7Rk3zRh5h2T4f5FL06JT5_RfSkZ9THFCufOlZp leAWTeA9qBfi2l7OeF6AEMGH1u1Ez4n0fQCkqIesKA_GIDfV1mmhbKQaK3Nf QcdIYfUCEGBbcspg78A_3SYNUXWyH4MS3GfdqBE61Y0jkkPERCHvSXz_RZkf 7KN3SEIXfKDn.VttRA7YEuRtsV_BXZKKEeX3lkfP_JcCEq.g39SC2Zux69L_ DwIw.MIbUbePduUaBC3.9yPNHbbLjTUvglNzyNmhHg5Nny_lLg5Iws_t7bbU FerwxMy0zl6SPwz0X09ztF5pwdxEnNht9xig0rd34yaDf9UYXmiKYbg0W8dS AlfOFPOmBlOo74nXVt8jywbKPE5j_8.niDgLwTXn6XC9fmPnhO_vGE1P7Hus Zn0_0WmKEDdFMyxMqJdt3Gq2lC3FJtzk935BL7bjaBv..azU7iLcHHLGrl4k rssOIt_F8bKMkmXr4xpqNYdd1fI0YpDK4ToJPfiGOQwTDrq1SB_xzppvljtw jCjUlLlzIyu31xor_0G6eb9JcAfynnabJsFsF2_grljdRB0nfKfxbPvWbzaf 2fhu8ZNCj4UngXFA5pKMeJIW
X-Originating-IP: [130.93.80.179]
Authentication-Results: mta1047.mail.gq1.yahoo.com from=devicedigest.com; domainkeys=neutral (no sig); from=devicedigest.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO kl5hbb.devicedigest.com) (130.93.80.179) by mta1047.mail.gq1.yahoo.com with SMTP; Thu, 31 Jan 2013 12:16:30 -0800
From: eHarmony Dating <mailers@devicedigest.com>
Message-id: <72975089_2093192922@devicedigest.com>
Subject: Singles Looking For Love In 2013
X-IK1CRNCvGL5wLAmNh8H: NzI5NzUwODlfMjA5MzE5MjkyMl8xNDI1ODk1Nl80NjQyOF82NTU4OV8xMjI0NTVfMjY3MV83OTU2MzkyXzBfNjA5DQ
X-Ver: NzI5NzUwODk
X-CampaignDetail: 72975089
X-Log: 0
Errors-To: errors@devicedigest.com
List-Unsubscribe: <http://devicedigest.com/x/MjA5MzE5MjkyMg|NzI5NzUwODk|cG9ya3lleHBvc2VkQHlhaG9vLmNvbQ|NDI|MTUzMQ|NjU1ODk|MTIyNDU1|NDY0Mjg||MA|MA|||Nzk1NjM5Mg|MTQyNTg5NTY|MjY3MQ|MA|NjA5|VQ.html>
Content-Type: multipart/alternative; boundary=”—-_=_NextPart_001_9EEATPXW.CKJHBHDT”

eHarmony Dating mailers@devicedigest.com RETURN_PATH: 2093192922@devicedigest.com

This email came in the form of a link as well. The URL is something along the lines of devicedigest.com/…/_bunch_of_numbers_and_letters — At first, it looks like a legitimate website, however, the .com/…/_numbers_letters are what’s making me suspicious. And the website the above email (portalexport) brought me too, was nothing more then a login page and business consultant looking for business partners (supposely a french website, not even English, and definitely NOT eHarmony.

 

If someone has figured out who these unknown emailers are, could you please fill me in. Thank you.

Advertisements
 

Tags: , , , , , , , , , , , , , , ,

6 responses to ““eHarmony.com Dating Partner”

  1. Dalem

    02/20/2013 at 10:53

    These emails are from a company or companies that are doing email campaigns. I believe they are affiliate links or an email marketing company.
    I get dozens of these emails every day all with different links within the emails, some from Rosetta Stone, PPI insurance, Mis-sold insurance etc. etc. If you look at the headers details look near the bottom you will see something along the lines of ‘ X-CampaignDetail: 79311493 ‘ which to me points to an email campaign company.
    They are really annoying but the only thing you can do is delete them. Don’t follow any links even out of curiosity.
    I have my email client set to not show images (unless I choose to show them ) as it can be an indication that the email has been read by the recipient, thereby confirming to these spammers that your email is valid. This is a tactic often used by spammers.

     
    • DiscoveredTruth

      02/20/2013 at 12:23

      Thank you Dalem. I have images blocked on my email account as well, so that’s good to know. I haven’t clicked on any links either. So what you’re saying is basically that the emails are indeed spam but not actual scammers/phishing attacks?

       
      • Dalem

        02/20/2013 at 13:01

        Hi DiscoveredTruth.
        I’m pretty sure they are just spam mail and not some scam/phishing attempts. The emails I get all seem to originate from the same company even though they have many different ip addresses. I think the tale tell sign of the ‘X-CampaignDetail: xxxxxxxx’ in the headers indicates that.
        I wouldn’t worry too much about the emails. They are just so annoying.

         
      • DiscoveredTruth

        02/28/2013 at 23:33

        Thank you Dalem. I think you’re right! They didn’t look like your typical scam email but everytime I receive an email on my scam-baiting account I’m on HIGH alert. Lol.

         
      • Dalem

        02/20/2013 at 13:05

        Hi again.
        I forgot to say that it’s possible that the emails contain affiliate links. Affiliates often get paid just because someone has clicked on their links. Best thing is just delete anything you are not sure about and stay safe…..

         
      • Dalem

        02/20/2013 at 13:28

        Back again.

        I can confirm that they are email marketing companies. It’s not too difficult to find from their email headers, even though they tried to mask them. Your particular email originates from youradshere.net.

        Some of mine originate from the following:
        enrollweb.net
        emailjournal.net
        promotionnexus.net
        achieveopportunities.com

        One thing I would say is that not to click on any ‘unsubscribe’ links as that will also confirm to them that your email address is indeed active.

         

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: