RSS

Tag Archives: Spoofed

eBay Scammer

EBAY SCAM – PHISHING SCAM

Below is a list of conversations between a eBay user and a scammer going by the name Sarah.

ebay-logo-scam

Monday is fine, once its scanned send it by email by replying the purchase invoice.

Sarah

On Sat, Feb 2, 2013 at 10:26 PM, Gary Ferguson <firgy@blueyonder.co.uk> wrote:
Yes, I’ve got one but I would have to get it scanned at work on Monday. How would I get it to ebay?
From: Sarah
Sent: Saturday, February 02, 2013 10:13 PM
To: Gary Ferguson
Subject: Re: 1976 VW T2 Westfalia Camper? Unrestored
Do you have a copy of statement Gary to send eBay to verify ? or a copy of payment slip. send it by email or fax.

Sarah

On Sat, Feb 2, 2013 at 10:04 PM, Gary Ferguson <firgy@blueyonder.co.uk> wrote:
Hi Sarah
Has the money gone in to ebay? My wife went to the bank today and it’s definitely been sent so we have done all we can.
I am working in London next week so can i pick the van up?
Regards
Gary
From: Sarah
Sent: Saturday, February 02, 2013 1:22 PM
To: Gary Ferguson
Subject: Re: 1976 VW T2 Westfalia Camper? Unrestored
?

On Sat, Feb 2, 2013 at 1:18 PM, Gary Ferguson <firgy@blueyonder.co.uk> wrote:
Yes, I’ve got the paying in stub.
From: Sarah
Sent: Saturday, February 02, 2013 1:15 PM
To: Gary Ferguson
Subject: Re: 1976 VW T2 Westfalia Camper? Unrestored
Nothing yet Gary do you have the payment slip ?
Sarah

On Sat, Feb 2, 2013 at 1:05 PM, Gary Ferguson <firgy@blueyonder.co.uk> wrote:
Hi Sarah
Have ebay told you they’ve got the money yet? I can come down to Hendon tomorrow to collect the van.
Gary
From: Sarah
Sent: Friday, February 01, 2013 9:55 AM
To: Gary Ferguson
Subject: Re: 1976 VW T2 Westfalia Camper? Unrestored
I will confirm later today if possible send a copy of statement to eBay showing your money left to speed up the verification process.
Sarah

On Fri, Feb 1, 2013 at 9:00 AM, Gary Ferguson <firgy@blueyonder.co.uk> wrote:
Sarah
Can you check this morning for the payment, it should have arrived. I need the van for this weekend.
If there is any trouble please email me asap and will go to the bank to see what the hold-up is.
Gary
From: Sarah
Sent: Thursday, January 31, 2013 7:45 PM
To: Gary Ferguson
Subject: Re: 1976 VW T2 Westfalia Camper? Unrestored
Gary I am not pulling out i am starting delivery as soon payment is verified and there is no payment by npw.

Sarah

On Thu, Jan 31, 2013 at 6:51 PM, Gary Ferguson <firgy@blueyonder.co.uk> wrote:
Sarah
Of course I paid, I did it at the Barclays bank in King Street, South Shields as soon as it opened yesterday morning.
I hope you are not trying to pull out of the deal?
Gary
From: Sarah
Sent: Thursday, January 31, 2013 6:46 PM
To: Gary Ferguson
Subject: Re: 1976 VW T2 Westfalia Camper? Unrestored
Well Gary I spoke with eBay and they have no payment yet so did you really pay ? if yes where did you pay ?
Sarah

On Thu, Jan 31, 2013 at 6:16 PM, Gary Ferguson <firgy@blueyonder.co.uk> wrote:
Hi Sarah
Is everything in order – can you send me the van now?
Will you be sending it on a wagon, or can I come and collect it? If it is coming on a wagon I’ll have to take the day off work to make sure I am in the house.
Regards
Gary
From: Sarah
Sent: Wednesday, January 30, 2013 7:58 PM
To: Gary Ferguson
Subject: Re: 1976 VW T2 Westfalia Camper? Unrestored
Thank you for confirming Gary, I wait for the payment clearance confirmation once its verified delivery will take place. will keep you posted.
Sarah

On Wed, Jan 30, 2013 at 7:39 PM, Gary Ferguson <firgy@blueyonder.co.uk> wrote:
Hi Sarah
I have wired the money to ebay, can you deliver the van now?
Gary
From: Sarah
Sent: Wednesday, January 30, 2013 9:02 AM
To: Gary Ferguson
Subject: Re: 1976 VW T2 Westfalia Camper? Unrestored
No thank you Gary
Sarah Read the rest of this entry »

 
4 Comments

Posted by on 02/06/2013 in Other

 

Tags: , , ,

“eHarmony.com Dating Partner”

POSSIBLE PHISHING ATTACK – ONLINE DATING WEBSITE – PRETENDING TO BE EHARMONY – SPOOFED LINKS

ATTENTION: I’ve been getting fake eHarmony emails sent to my spam filter. I am not, nor have I ever signed up for eHarmony and I received these eHarmony emails the past several days (on my fake scam baiting account, mind you) — I knew immediately that something was phishy. The fact that the URLs weren’t even related to eHarmony, and after looking up the header details I realized this is some type of phishing email. Whether it’s malware, a hacker, a scam, etc, it’s something phishy.
SUBJECT LINE: Singles Looking For Love In 2013

#1 Most Trusted Online Dating Site. Join Now!

©2013 eHarmony, Inc.
If you would no longer wish to receive our special promotions, please click here
or send mail to:
PO Box 3640, Santa Monica, CA 90408

HEADER DETAILS:

Return-Path: <2093192922@portalexport.com>
X-YahooFilteredBulk: 130.93.81.10
Received-SPF: pass (domain of portalexport.com designates 130.93.81.10 as permitted sender)
X-YMailISG: M3AJff0WLDu3gnhmNjiGcWZCDX8VNfF9gVyEVwn0d57lYzYE Qw6i7CSQaV_KniE81oJcBTzfEaYhbhvkkW_3bgeWeNssI0hpTf8pzJVZd4oj DlOjgYNdSbizcBsnGDlAlYOCN3ODZG2M3SCHPtdrCfd2Vkv.uh7LQM7onIIZ EvxzodhiT8tstB4O0meuQ.GeuYvrrsfQ_ykQPIL11z4apR1aDJwKCEP8PjBP NiXMaIWSB6QtdT9r3Nu9RD7FRc_6pNpGJCLqKv6YhG2tAUiA.Z4dU8LaSe.Z 2OSI7J.8etjFW6l1A07wfcOiPhdjpUJfzOKT3gjlPVw0bneSOCbvdf0n0.Ol J53i3G8UtPk._SsOOuRTH0px18vsfKJfAba0qkHMhi4IaS.xyabsVmAj3121 .cFUzW7sBgHPzIHmJwX2hAOHr8n.nzSK05os.fCTkr2VC2dn3adr5CjCK4Cs yTDmaf2XCi7fI_wdhX_VHfQl4n43kCVWkSbr83ioRgw1UxL5OQh648_uW3QA QNZiz09BBkeWzy5hcVIbYeFN6WRAHb554l.AFMQQZSY1F.WzfnoyjbRArlsb 3_YxdMxulbx_UfOHBv2DlGin3XVIA_DASQd3fT.2LlbX02M.sFomz4ikQI5k W4tlvj5kpAYEpDzMjMrSZoz.900y4sxRbFw5kv_dEAZ56_OcfsiD_wTuA6K0 XlRzTlIP27gQ6EoIafDU.GIyYrCNNxBrKCQOXKyTuG7UWLCjf.zAHY5oqjdo sylsaiFmj20f24gNvgwgyUFjwvfC0SAwlCbKIeoXrXVhJDdjQ0ikPMgeeoHg OH7f2Hf6DSdjKB_cFDCPGGbfRscHYLePq_0BmP1zUnM5L1zxzc.EY9CPijgN DsAPkpAoAp5lY7C8GDeqPZOyAvPJuyU2Qt0mmE9q5QiBvRvKlewbvOK7BusZ Z_o5cddS._R1QyJ0J6OfiirXgHbZlGwZGY3VqH2gfGGXZiqrrTVS6uiI0a_F mNiVA5Jdw.Vhose1PnR0ATG3SQJLy0xlgfmCI90TJe3_E6NwubWAWK5YK4OU zwrMdKiLpHu5WM7SHvA8GgPTws4NqwqbYn1gBkNvHgYkTzabyQ7E72vguk7r mCvYXVpJaYrgozv5OGNXnQeCHtL73sQf0IQrQAmkWAIe1pKxBtUS8HkDJki. iNH_vWvqO9_HTPOKGRArVq4FQPKhgoQaS6gXzUpa18fjyytvuzkIjgpnECia dYgtcMwG6TaMfJfnilczjWZ7i19ceCfb26_gGwIqqHEOexzWs42hb3vuiKYd qOStuXI6KVd6Fig5Kkvs5CfzO7NN9d28mgX4EN4UtypmZDvUmY6GSZfX8PHl FqOpIksji3xRa2u1f.Yl6KUArTL0dWTicRIVXiunSnD2uuxuhCUov9fgtuGc b_jAFjk9vsXH27xV
X-Originating-IP: [130.93.81.10]
Authentication-Results: mta1234.mail.ac4.yahoo.com from=; domainkeys=neutral (no sig); from=portalexport.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO ul.portalexport.com) (130.93.81.10) by mta1234.mail.ac4.yahoo.com with SMTP; Wed, 30 Jan 2013 16:25:27 -0800
From: eHarmony.com Dating Partner <mailers@portalexport.com>
Message-id: <72704994_2093192922@portalexport.com>
Subject: Singles Looking For Love In 2013
X-mHn9bGc2TnNqC6Sqp8c: NzI3MDQ5OTRfMjA5MzE5MjkyMl8xNDI1ODY0N180ODMyOV82NzQ5MF8xMjI0NTVfMjY3MV83OTU2Mzk3XzBfNjA5DQ
X-Ver: NzI3MDQ5OTQ
X-CampaignDetail: 72704994
X-Log: 0
Errors-To: errors@portalexport.com
<http://portalexport.com/x/MjA5MzE5MjkyMg|NzI3MDQ5OTQ|cG9ya3lleHBvc2VkQHlhaG9vLmNvbQ|NDI|MTUzMQ|Njc0OTA|MTIyNDU1|NDgzMjk||MA|MA|||Nzk1NjM5Nw|MTQyNTg2NDc|MjY3MQ|MA|NjA5|VQ.html>
Content-Type: multipart/alternative; boundary=”—-_=_NextPart_001_FHVBI9TV.45VYWRRW” 88.198.16.166 173.44.133.82

 eHarmony.com Dating Partner mailers@portalexport.com 130.93.81.10

 The links came in forms of images pretending to be eHarmony but the actual URLs were http://www.portalexport.com.br/negocios.htm <> http://webmail.portalexport.com.br/index.php?lang=Latvian — Which is a ”business consultant” looking for partners to buy and sell items. It’s not even a English website, never mind an English dating website like eHarmony. The actual URL can’t be copy and pasted because it came in the form of an image but it started off like portalexport.com/…/with_a_bunch_of_numbers_and_letters

__ __ __ __

SUBJECT LINE: Singles Looking For Love In 2013

©2013 eHarmony, Inc.
If you would no longer wish to receive our special promotions, please click here
or send mail to:
PO Box 3640, Santa Monica, CA 90408

HEADER DETAILS:

Return-Path: <2093192922@devicedigest.com>
X-YahooFilteredBulk: 130.93.80.179
Received-SPF: pass (domain of devicedigest.com designates 130.93.80.179 as permitted sender)
X-YMailISG: qP4_qdIWLDsuod7JBnqDQpOfP0SPPxPAdYLhMttsbbbZhvJ9 fTFBcUBRm31.ArzlDqoCIlKINNvCIZPP.YYUpu38eWQuf1B.f7NKGjT7t_sd dx2s5ERWR8ymbEo8pXEaYNEaZEgtG_imXHo6Cnq1d4OemJo6.fPkm8YH_uVB ET0R1GYNVy5KoonXIyfDW9mtrMRtNj2nfuMJp2qHFgItr2hH0dOfoe08OPvG om5jmFe7TP8l16Rv0r5Ljt5L.X9gPwAiGV5VxLGnhZ49zhl9.upfGLsU9uCl 0GQAGSt8lIUoUBZ0w.Q6MNpIq33IY2fMPHnQjaz3yVk8U3Sv7ZLgvxVo7Tw8 st6vV5zQ36c7YI8AeqnehFxAr2iLjWa475NvjoyXmhGOO.AYJ3wkOvlV1MWu MiS0Zv86zlT1wQeBftcu9ROAl2wZco_tx6kt7Tfm.adYFbjuU6mNNcjTmm1F SKQ8gCHHei6JhHVxXtvoXYCyTaVxkbsmtLu5iC92ggMO5t8kU8ASjX0MWdS8 cx51VgWGHcRMtAMTq.uZWQJHWaYuQLmlqTGLyEg8V7XAGOjv9BYJrZYJNzJ4 wq2kJoyRWCB4qL1akmMI61mSMxEUq3vDjpjo6UERvvYFvHjzRn.dthghsCSB mIXI6xpIzNWnL_LOFNPs3HINsIYORPNYGAAibnrd6rNERchkaaxjqjVdVz0S s4ssR_3Lj1lxP9ncV9aU7gVa_qtegp6br61vnF2TaQ7hBEVXi1pqPxoge37d 2WN5c2pA8fEkfzgf7LQ0Hj7Rk3zRh5h2T4f5FL06JT5_RfSkZ9THFCufOlZp leAWTeA9qBfi2l7OeF6AEMGH1u1Ez4n0fQCkqIesKA_GIDfV1mmhbKQaK3Nf QcdIYfUCEGBbcspg78A_3SYNUXWyH4MS3GfdqBE61Y0jkkPERCHvSXz_RZkf 7KN3SEIXfKDn.VttRA7YEuRtsV_BXZKKEeX3lkfP_JcCEq.g39SC2Zux69L_ DwIw.MIbUbePduUaBC3.9yPNHbbLjTUvglNzyNmhHg5Nny_lLg5Iws_t7bbU FerwxMy0zl6SPwz0X09ztF5pwdxEnNht9xig0rd34yaDf9UYXmiKYbg0W8dS AlfOFPOmBlOo74nXVt8jywbKPE5j_8.niDgLwTXn6XC9fmPnhO_vGE1P7Hus Zn0_0WmKEDdFMyxMqJdt3Gq2lC3FJtzk935BL7bjaBv..azU7iLcHHLGrl4k rssOIt_F8bKMkmXr4xpqNYdd1fI0YpDK4ToJPfiGOQwTDrq1SB_xzppvljtw jCjUlLlzIyu31xor_0G6eb9JcAfynnabJsFsF2_grljdRB0nfKfxbPvWbzaf 2fhu8ZNCj4UngXFA5pKMeJIW
X-Originating-IP: [130.93.80.179]
Authentication-Results: mta1047.mail.gq1.yahoo.com from=devicedigest.com; domainkeys=neutral (no sig); from=devicedigest.com; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO kl5hbb.devicedigest.com) (130.93.80.179) by mta1047.mail.gq1.yahoo.com with SMTP; Thu, 31 Jan 2013 12:16:30 -0800
From: eHarmony Dating <mailers@devicedigest.com>
Message-id: <72975089_2093192922@devicedigest.com>
Subject: Singles Looking For Love In 2013
X-IK1CRNCvGL5wLAmNh8H: NzI5NzUwODlfMjA5MzE5MjkyMl8xNDI1ODk1Nl80NjQyOF82NTU4OV8xMjI0NTVfMjY3MV83OTU2MzkyXzBfNjA5DQ
X-Ver: NzI5NzUwODk
X-CampaignDetail: 72975089
X-Log: 0
Errors-To: errors@devicedigest.com
List-Unsubscribe: <http://devicedigest.com/x/MjA5MzE5MjkyMg|NzI5NzUwODk|cG9ya3lleHBvc2VkQHlhaG9vLmNvbQ|NDI|MTUzMQ|NjU1ODk|MTIyNDU1|NDY0Mjg||MA|MA|||Nzk1NjM5Mg|MTQyNTg5NTY|MjY3MQ|MA|NjA5|VQ.html>
Content-Type: multipart/alternative; boundary=”—-_=_NextPart_001_9EEATPXW.CKJHBHDT”

eHarmony Dating mailers@devicedigest.com RETURN_PATH: 2093192922@devicedigest.com

This email came in the form of a link as well. The URL is something along the lines of devicedigest.com/…/_bunch_of_numbers_and_letters — At first, it looks like a legitimate website, however, the .com/…/_numbers_letters are what’s making me suspicious. And the website the above email (portalexport) brought me too, was nothing more then a login page and business consultant looking for business partners (supposely a french website, not even English, and definitely NOT eHarmony.

 

If someone has figured out who these unknown emailers are, could you please fill me in. Thank you.

 

Tags: , , , , , , , , , , , , , , ,

 
%d bloggers like this: