×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IH8Spam
Contributor II
Message 1 of 3

Constant Email spam from a McAfee Affiliate

This has also been reported to the official spam address and customersupport with (as yet) no response.

I receive on average 2 spam emails a day that are designed to terminate in a valid genuine McAfee link, specifically:

https://www.mcafee.com/consumer/en-us/landing-page/direct/fdr/ctl/index.html

These links have two additional parameters attached:

adobe_mc_sdid=SDID%3D12F06CAD3EA15F71-2947E92912F15D1B%7CMCORGID%3DA729776A5245B1590A490D44%40AdobeOrg%7CTS%3D1699112665
adobe_mc_ref=https%3A%2F%2Fhelpinprogress.com%2F

These can be decoded to:

  • adobe_mc_sdid=SDID=12F06CAD3EA15F71-2947E92912F15D1B
  • MCORGID=A729776A5245B1590A490D44@AdobeOrg
  • TS=1699112665
  • adobe_mc_ref=https://helpinprogress[.]com/  defanged for safety - malicious domain

 

These emails:

  • are being generated with falsified SMTP headers from multiple hosted IPs
  • Reference a Google storage API link for HTML content - this is used to redirect to another domain passing encoded parameters
  • A 301 redirect from the domain through helpinprogress[.]com on to the genuine McAfee URL.

This seems to be a longstanding practice to gain referral monies from McAfee (see for example https://forums.mcafee.com/t5/Cybercrime-Phishing/Affiliate-Spam/m-p/716471 and https://forums.mcafee.com/t5/Cybercrime-Phishing/Affiliate-Spam/m-p/716471).

I can see no other purpose for this behaviour.

 

Why is this not being addressed properly by McAfee? 

The referring domain in this instance is flagged as malicious by multiple vendors and has no public facing website. It is periodically moved between hosting providers who are "reluctant" to enforce anti-abuse measures.

It would seem that McAfee:

  • Have no measures in place to prevent this type of abuse
  • Have no reporting mechanism in place to report this specific type of abuse
  • Ignore reports via other channels

I await any official response with interest.

 

 

 

 

2 Replies
IH8Spam
Contributor II
Message 2 of 3

Re: Constant Email spam from a McAfee Affiliate

This affiliate has now either re-registered or an additional affiliate is using the same techniques, this time with the use of twitter / X short urls for the initial email href:

New terminating page:

https://www.mcafee.com/consumer/en-us/landing-page/direct/fdr/var/index.html

New parameter values (including a new domain referenced in adobe_mc_ref):

adobe_mc_sdid=SDID=4AB0CF32AD3870FA-5AA32AA9BDD1234F
MCORGID=A729776A5245B1590A490D44@AdobeOrg|
TS=1699370173
adobe_mc_ref=https://successdauntless.com/

My suspicion is that the previous account has now been stopped by McAfee and the individual / organisation concerned has promptly setup a new affiliate account, switching to a backup domain

Once again, the referring domain referenced in adobe_mc_ref has no legitimate web presence, is anonymised and already flagged as malicious on VirusTotal

 

This issue really needs due diligence in the registration process to be tackled properly. A proper reporting method would also help mitigate the damage to McAfee's reputation.

 

IH8Spam
Contributor II
Message 3 of 3

Re: Constant Email spam from a McAfee Affiliate

Latest parameters used by this spamming affiliate are now:

adobe_mc_sdid=SDID=436BAD1E38AF1A08-0EFBE6D1284FF4DD
MCORGID=A729776A5245B1590A490D44@AdobeOrg
TS=1699812337
adobe_mc_ref=https://diametricblip.com/

 

It's clear from the MCORGID parameter that this is being done by the same affiliate.

I'm satisfied that in absence of any attempt by McAfee to resolve this there are sufficient grounds to raise this as a complaint at the FTC / ICO level 

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community