RSS

Tag Archives: Phishing

“eHarmony.com Dating Partner”

POSSIBLE PHISHING ATTACK – ONLINE DATING WEBSITE – PRETENDING TO BE EHARMONY – SPOOFED LINKS

ATTENTION: I’ve been getting fake eHarmony emails sent to my spam filter. I am not, nor have I ever signed up for eHarmony and I received these eHarmony emails the past several days (on my fake scam baiting account, mind you) — I knew immediately that something was phishy. The fact that the URLs weren’t even related to eHarmony, and after looking up the header details I realized this is some type of phishing email. Whether it’s malware, a hacker, a scam, etc, it’s something phishy.
SUBJECT LINE: Singles Looking For Love In 2013

#1 Most Trusted Online Dating Site. Join Now!

©2013 eHarmony, Inc.
If you would no longer wish to receive our special promotions, please click here
or send mail to:
PO Box 3640, Santa Monica, CA 90408

HEADER DETAILS:

Return-Path: <2093192922@portalexport.com>
X-YahooFilteredBulk: 130.93.81.10
Received-SPF: pass (domain of portalexport.com designates 130.93.81.10 as permitted sender)
X-YMailISG: M3AJff0WLDu3gnhmNjiGcWZCDX8VNfF9gVyEVwn0d57lYzYE Qw6i7CSQaV_KniE81oJcBTzfEaYhbhvkkW_3bgeWeNssI0hpTf8pzJVZd4oj DlOjgYNdSbizcBsnGDlAlYOCN3ODZG2M3SCHPtdrCfd2Vkv.uh7LQM7onIIZ EvxzodhiT8tstB4O0meuQ.GeuYvrrsfQ_ykQPIL11z4apR1aDJwKCEP8PjBP NiXMaIWSB6QtdT9r3Nu9RD7FRc_6pNpGJCLqKv6YhG2tAUiA.Z4dU8LaSe.Z 2OSI7J.8etjFW6l1A07wfcOiPhdjpUJfzOKT3gjlPVw0bneSOCbvdf0n0.Ol J53i3G8UtPk._SsOOuRTH0px18vsfKJfAba0qkHMhi4IaS.xyabsVmAj3121 .cFUzW7sBgHPzIHmJwX2hAOHr8n.nzSK05os.fCTkr2VC2dn3adr5CjCK4Cs yTDmaf2XCi7fI_wdhX_VHfQl4n43kCVWkSbr83ioRgw1UxL5OQh648_uW3QA QNZiz09BBkeWzy5hcVIbYeFN6WRAHb554l.AFMQQZSY1F.WzfnoyjbRArlsb 3_YxdMxulbx_UfOHBv2DlGin3XVIA_DASQd3fT.2LlbX02M.sFomz4ikQI5k W4tlvj5kpAYEpDzMjMrSZoz.900y4sxRbFw5kv_dEAZ56_OcfsiD_wTuA6K0 XlRzTlIP27gQ6EoIafDU.GIyYrCNNxBrKCQOXKyTuG7UWLCjf.zAHY5oqjdo sylsaiFmj20f24gNvgwgyUFjwvfC0SAwlCbKIeoXrXVhJDdjQ0ikPMgeeoHg OH7f2Hf6DSdjKB_cFDCPGGbfRscHYLePq_0BmP1zUnM5L1zxzc.EY9CPijgN DsAPkpAoAp5lY7C8GDeqPZOyAvPJuyU2Qt0mmE9q5QiBvRvKlewbvOK7BusZ Z_o5cddS._R1QyJ0J6OfiirXgHbZlGwZGY3VqH2gfGGXZiqrrTVS6uiI0a_F mNiVA5Jdw.Vhose1PnR0ATG3SQJLy0xlgfmCI90TJe3_E6NwubWAWK5YK4OU zwrMdKiLpHu5WM7SHvA8GgPTws4NqwqbYn1gBkNvHgYkTzabyQ7E72vguk7r mCvYXVpJaYrgozv5OGNXnQeCHtL73sQf0IQrQAmkWAIe1pKxBtUS8HkDJki. iNH_vWvqO9_HTPOKGRArVq4FQPKhgoQaS6gXzUpa18fjyytvuzkIjgpnECia dYgtcMwG6TaMfJfnilczjWZ7i19ceCfb26_gGwIqqHEOexzWs42hb3vuiKYd qOStuXI6KVd6Fig5Kkvs5CfzO7NN9d28mgX4EN4UtypmZDvUmY6GSZfX8PHl FqOpIksji3xRa2u1f.Yl6KUArTL0dWTicRIVXiunSnD2uuxuhCUov9fgtuGc b_jAFjk9vsXH27xV
X-Originating-IP: [130.93.81.10]
Authentication-Results: mta1234.mail.ac4.yahoo.com from=; domainkeys=neutral (no sig); from=portalexport.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO ul.portalexport.com) (130.93.81.10) by mta1234.mail.ac4.yahoo.com with SMTP; Wed, 30 Jan 2013 16:25:27 -0800
From: eHarmony.com Dating Partner <mailers@portalexport.com>
Message-id: <72704994_2093192922@portalexport.com>
Subject: Singles Looking For Love In 2013
X-mHn9bGc2TnNqC6Sqp8c: NzI3MDQ5OTRfMjA5MzE5MjkyMl8xNDI1ODY0N180ODMyOV82NzQ5MF8xMjI0NTVfMjY3MV83OTU2Mzk3XzBfNjA5DQ
X-Ver: NzI3MDQ5OTQ
X-CampaignDetail: 72704994
X-Log: 0
Errors-To: errors@portalexport.com
<http://portalexport.com/x/MjA5MzE5MjkyMg|NzI3MDQ5OTQ|cG9ya3lleHBvc2VkQHlhaG9vLmNvbQ|NDI|MTUzMQ|Njc0OTA|MTIyNDU1|NDgzMjk||MA|MA|||Nzk1NjM5Nw|MTQyNTg2NDc|MjY3MQ|MA|NjA5|VQ.html>
Content-Type: multipart/alternative; boundary=”—-_=_NextPart_001_FHVBI9TV.45VYWRRW” 88.198.16.166 173.44.133.82

 eHarmony.com Dating Partner mailers@portalexport.com 130.93.81.10

 The links came in forms of images pretending to be eHarmony but the actual URLs were http://www.portalexport.com.br/negocios.htm <> http://webmail.portalexport.com.br/index.php?lang=Latvian — Which is a ”business consultant” looking for partners to buy and sell items. It’s not even a English website, never mind an English dating website like eHarmony. The actual URL can’t be copy and pasted because it came in the form of an image but it started off like portalexport.com/…/with_a_bunch_of_numbers_and_letters

__ __ __ __

SUBJECT LINE: Singles Looking For Love In 2013

©2013 eHarmony, Inc.
If you would no longer wish to receive our special promotions, please click here
or send mail to:
PO Box 3640, Santa Monica, CA 90408

HEADER DETAILS:

Return-Path: <2093192922@devicedigest.com>
X-YahooFilteredBulk: 130.93.80.179
Received-SPF: pass (domain of devicedigest.com designates 130.93.80.179 as permitted sender)
X-YMailISG: qP4_qdIWLDsuod7JBnqDQpOfP0SPPxPAdYLhMttsbbbZhvJ9 fTFBcUBRm31.ArzlDqoCIlKINNvCIZPP.YYUpu38eWQuf1B.f7NKGjT7t_sd dx2s5ERWR8ymbEo8pXEaYNEaZEgtG_imXHo6Cnq1d4OemJo6.fPkm8YH_uVB ET0R1GYNVy5KoonXIyfDW9mtrMRtNj2nfuMJp2qHFgItr2hH0dOfoe08OPvG om5jmFe7TP8l16Rv0r5Ljt5L.X9gPwAiGV5VxLGnhZ49zhl9.upfGLsU9uCl 0GQAGSt8lIUoUBZ0w.Q6MNpIq33IY2fMPHnQjaz3yVk8U3Sv7ZLgvxVo7Tw8 st6vV5zQ36c7YI8AeqnehFxAr2iLjWa475NvjoyXmhGOO.AYJ3wkOvlV1MWu MiS0Zv86zlT1wQeBftcu9ROAl2wZco_tx6kt7Tfm.adYFbjuU6mNNcjTmm1F SKQ8gCHHei6JhHVxXtvoXYCyTaVxkbsmtLu5iC92ggMO5t8kU8ASjX0MWdS8 cx51VgWGHcRMtAMTq.uZWQJHWaYuQLmlqTGLyEg8V7XAGOjv9BYJrZYJNzJ4 wq2kJoyRWCB4qL1akmMI61mSMxEUq3vDjpjo6UERvvYFvHjzRn.dthghsCSB mIXI6xpIzNWnL_LOFNPs3HINsIYORPNYGAAibnrd6rNERchkaaxjqjVdVz0S s4ssR_3Lj1lxP9ncV9aU7gVa_qtegp6br61vnF2TaQ7hBEVXi1pqPxoge37d 2WN5c2pA8fEkfzgf7LQ0Hj7Rk3zRh5h2T4f5FL06JT5_RfSkZ9THFCufOlZp leAWTeA9qBfi2l7OeF6AEMGH1u1Ez4n0fQCkqIesKA_GIDfV1mmhbKQaK3Nf QcdIYfUCEGBbcspg78A_3SYNUXWyH4MS3GfdqBE61Y0jkkPERCHvSXz_RZkf 7KN3SEIXfKDn.VttRA7YEuRtsV_BXZKKEeX3lkfP_JcCEq.g39SC2Zux69L_ DwIw.MIbUbePduUaBC3.9yPNHbbLjTUvglNzyNmhHg5Nny_lLg5Iws_t7bbU FerwxMy0zl6SPwz0X09ztF5pwdxEnNht9xig0rd34yaDf9UYXmiKYbg0W8dS AlfOFPOmBlOo74nXVt8jywbKPE5j_8.niDgLwTXn6XC9fmPnhO_vGE1P7Hus Zn0_0WmKEDdFMyxMqJdt3Gq2lC3FJtzk935BL7bjaBv..azU7iLcHHLGrl4k rssOIt_F8bKMkmXr4xpqNYdd1fI0YpDK4ToJPfiGOQwTDrq1SB_xzppvljtw jCjUlLlzIyu31xor_0G6eb9JcAfynnabJsFsF2_grljdRB0nfKfxbPvWbzaf 2fhu8ZNCj4UngXFA5pKMeJIW
X-Originating-IP: [130.93.80.179]
Authentication-Results: mta1047.mail.gq1.yahoo.com from=devicedigest.com; domainkeys=neutral (no sig); from=devicedigest.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO kl5hbb.devicedigest.com) (130.93.80.179) by mta1047.mail.gq1.yahoo.com with SMTP; Thu, 31 Jan 2013 12:16:30 -0800
From: eHarmony Dating <mailers@devicedigest.com>
Message-id: <72975089_2093192922@devicedigest.com>
Subject: Singles Looking For Love In 2013
X-IK1CRNCvGL5wLAmNh8H: NzI5NzUwODlfMjA5MzE5MjkyMl8xNDI1ODk1Nl80NjQyOF82NTU4OV8xMjI0NTVfMjY3MV83OTU2MzkyXzBfNjA5DQ
X-Ver: NzI5NzUwODk
X-CampaignDetail: 72975089
X-Log: 0
Errors-To: errors@devicedigest.com
List-Unsubscribe: <http://devicedigest.com/x/MjA5MzE5MjkyMg|NzI5NzUwODk|cG9ya3lleHBvc2VkQHlhaG9vLmNvbQ|NDI|MTUzMQ|NjU1ODk|MTIyNDU1|NDY0Mjg||MA|MA|||Nzk1NjM5Mg|MTQyNTg5NTY|MjY3MQ|MA|NjA5|VQ.html>
Content-Type: multipart/alternative; boundary=”—-_=_NextPart_001_9EEATPXW.CKJHBHDT”

eHarmony Dating mailers@devicedigest.com RETURN_PATH: 2093192922@devicedigest.com

This email came in the form of a link as well. The URL is something along the lines of devicedigest.com/…/_bunch_of_numbers_and_letters — At first, it looks like a legitimate website, however, the .com/…/_numbers_letters are what’s making me suspicious. And the website the above email (portalexport) brought me too, was nothing more then a login page and business consultant looking for business partners (supposely a french website, not even English, and definitely NOT eHarmony.

 

If someone has figured out who these unknown emailers are, could you please fill me in. Thank you.

 

Tags: , , , , , , , , , , , , , , ,

Suspicious Spam – Scrappers Attic

PHISHY EMAIL – I’VE RECEIVED SIMILAR EMAILS IN MY SPAM FILTER IN THE PAST. I’VE NEVER CLICKED ON ANY LINKS – POSSIBLE MALWARE OR VIRUS.

safe_or_not

Your friend : YOU’ve Been Selected (Free Private Training) has recommended this great product from Scrappers Attic

Hi …!

Your friend, : YOU’ve Been Selected (Free Private Training), thought that
you would be interested in Hooked on Fishing-Fishing Title accessory sheet
from Scrappers Attic.

: YOU’ve Been Selected (Free Private Training) sent a note saying:

Our computer has randomly selected 100 people to
qualify for exclusive access today.

The spots are limited so please click the link below to see if you qualified to access the product today, before everyone else.

Your special invitation is below…

ACCESS UNIQUE INVITATION: #G52BMT

==_ http://0t.se/dollarcode

PS : Remember positions are available on a strictly first come first serve basis.

Your link will only allow 1 person to join, so please
do not pass it on to others.

ACCESS UNIQUE INVITATION: #G52BMT (Link Copy To Browsers)

==_ http://0t.se/dollarcode

List Marketers,

Theresa M. Langford
864 Henry Ford Avenue
New York, NY 10016

—————————————————————————————-

To view the product, click on the link below or copy and paste the link into
your web browser:

http://scrappersattic.net/index.php?main_page=product_info&products_id=1457&zenid=3cgturf7hnc0ual026562f72q7

Regards,

Scrappers Attic
http://scrappersattic.net/

—–
IMPORTANT: For your protection and to prevent malicious use, all emails sent
via this web site are logged and the contents recorded and available to the
store owner. If you feel that you have received this email in error, please
send an email to thescrappersattic@yahoo.com

This email address was given to us by you or by one of our customers. If you
feel that you have received this email in error, please send an email to
thescrappersattic@yahoo.com
This email is sent in accordance with the US CAN-SPAM Law in effect
01/01/2004. Removal requests can be sent to this address and will be honored
and respected.

HEADER DETAILS:

Return-Path: <do_notreply@ymail.com>
X-YahooFilteredBulk: 72.47.233.67
Received-SPF: none (domain of ymail.com does not designate permitted sender hosts)
X-YMailISG: CuuLYm0WLDsQh_nHM5WHCzP0f7_Mj.VKI6eWJQh1YZpCUKQU 5SAFelkhH2lHx1pB00UDVEzBtsRUb1DL7BGZS.tf8XZRPltztoODR1HG6Khm AngxUNqCJlprCdmpXYX2k0p2Adzyjy1ke0G_amoyMeBPxXqYu1IR9bX8cFTg tGGc9tWOjoGw7AC2c1yFfLhKkE4LaClAOIAAjyD1OdGFZBF5aijcKQ42ElZ8 1ZcbkbwGyMZXywW8H9iNxv7TpYD3PaaW14AUPewJE68buX52x7ithwTBuno7 RtAsYh7TPhgWn5hU3bmp90FuTTLu.vbdgRVYrR9ncpXyDIRJIa4Co6Qgj7E5 NnUH_kYirB.y8LQVuHNpGLhpsjL1KrSpWqqFTkRSDFinCTZPRT57U8fj1VJr eGICh2WdDqVJaqp1ZP08zMbE1CBMplm1eFPWu.jUj3xz1cJ2ABv6M3GO16fo NmqT5aldpdzAmp85IGyDC719ZSgCmIUfzjXzawGC_gq9qbucOZpceO6EA4v6 PaeTllQwCd2bfG48ZJb30JmOnsY9OS3pm9NsrJa8QeQVZOVnx_eCWkPUhKCk ZgCra_ORBqn7VLPbaigN8VwiL7NCL_vN2lrMMppQnUm9W7BudVdWfFcGKMnT ruo7Ydw_df_Y3tx.fFlPw_XmSY4PquJFRjGfcbYKLmbPWlTVwlHwsxelvt4m VwIj6PDnTzAb99xwbViUV4r7Ams8m3doHtcNy.gVriI359g0SxklbKQRCO9. 5eGQ3lyqIRNv2hspuoLcXbCdXCX9Npe54YeauRb7PRU5WB53_VoIt6gZowiC e9WYWlo_772FESIc7Qoz.ULWKgyPv7VtlhhECqPY9Ngb_5hzW9RzCltYTuD7 fW8VOTMwdHhjCgsfeAN2Q0l1uzOr54dwXuV9H3PXOl9b_eKvQBO7.SZV9z2v aBHDR8g.ZjPVjkP9Th31a1GAiYmdfoFGqV7gg_DiUIHM.W7kHuMgg34by9Mj SmxMCPpqeFO_vBLgFOuj8zz6SyeDq0R3AGsFC34HiqLP2q8_klenAY74FsjA PvcwOzipFKj9SQyRpoVTPUa26rtjOrfEewxTxX8bsQHBU5MRFux2lYgKm.bf fOaiyW0tqabfep43pgteG17ZDrurUy7tfdCwI.z6_Aq1Rl_Q.Q3zc8xrgX3D S5IOF2cwbfm5ziWlB1PtV3tZtSUzDzUHOniWf72KwTmkJOEuAkkzDtihfkoX DEShz3G_XZ1UdnP9xNOsYUelyl.fo4JMGGlwm8heS89x_Fk8CuLGFJK.2yHE UaarVQ–
X-Originating-IP: [72.47.233.67]
Received: from 127.0.0.1 (EHLO ft11i.com) (72.47.233.67) by mta1163.mail.bf1.yahoo.com with SMTP; Wed, 30 Jan 2013 03:41:38 -0800
Subject: Your friend : YOU’ve Been Selected (Free Private Training) has recommended this great product from Scrappers Attic
From: “: YOU’ve Been Selected \(Free Private Training\)” <do_notreply@ymail.com>
Reply-to: “: YOU’ve Been Selected \(Free Private Training\)” <do_notreply@ymail.com>
Message-ID: <e9094b7d93592d7eebdbd819ec05e1b3@scrappersattic.net>

72.47.233.67 do_notreply@ymail.com thescrappersattic@yahoo.com RECEIVED_IP: 72.47.233.67

 
2 Comments

Posted by on 01/30/2013 in Uncategorized

 

Tags: , , , , , , , ,

 
%d bloggers like this: