K PattersonPremium,MVM
join:2006-03-12
Columbus, OH
kudos:1 | reply to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Victor Sulla is likely a false name. He is a reputable, published, economist. We've seen this here before, although my 70-year old brain has forgotten the details. |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | said by K Patterson:Victor Sulla is likely a false name. He is a reputable, published, economist. We've seen this here before, although my 70-year old brain has forgotten the details. LOL !! Yes, I thought that also when I ran the name. Of course very easy to use it, or his card, to register domains.
Then after some more digging it got a little complicated. While the domains are easy forgeries, this would be more difficult to pull off as a forgery:
A Delaware Corp, properly re registered in DC for doing business there.
Also has a lot of advertising etc. over a long period. Even a press release: »www.prnewsnow.com/Public_Release···411.html
Of course the later could all be easily faked. All that promotion doesn't fit in here. Also that was a legit phone number for him at one time, since disconnected, which is also unusual. Though there are several flags, it doesn't quiet fit into the complicit mold, ... yet. There are some newer numbers available for him, too late to call tonight. Possibly more than one person with that name?. Or...?
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to MGD
webperfecttemplates.com 760-690-3138 Web Perfect Designs, LLC is finished as of several days ago, the merchant account is locked, all transfers have ceased. The criminals subsequently pulled the website »webperfecttemplates.com
MGD |
|
|
|
| I'm pretty naive about this. I got a call from my bank's fraud dept. yesterday. I was also hit with the fraudulent charge from Monrovia Designs. They charged $12.79. A few days prior, I noticed an unfamiliar hold on my account from "Triprents.com" for $6. I tried to dispute this charge but my bank does not allow holds to be disputed until they post to the account. When the charge didn't go through, I thought nothing of it until I received the call yesterday.
My card has now been frozen. Forgive me if my questions are very basic, but I'd like to know a little more about what happened.
1. From what I've read, a Brian Meyer from Alexandria, Virginia is some kind of registered agent for a "Monrovia Incorporated." Is that a real person or just an alias?
2. What exactly is a cyber mule?
Thanks. |
|
 pleekmoTriptoe Through The TulipsPremium
join:2001-09-14
Manchester, CT
 ·AT&T DSL Service
| said by jd08 :
2. What exactly is a cyber mule?
Thanks.
A cyber mule is an on-line (computer-using) money mule.
--
HCN: Because you deserve a rest!
Proud member of the Free Omelas Liberation Front. |
|
garys_2kPremium
join:2004-05-07
Farmington, MI Reviews:
 ·Callcentric
·Future Nine Corp..
| reply to jd08
said by jd08 :
1. From what I've read, a Brian Meyer from Alexandria, Virginia is some kind of registered agent for a "Monrovia Incorporated." Is that a real person or just an alias?
2. What exactly is a cyber mule?
Thanks.
1. It's likely a real person, the "cyber mule" running that particular business. It's entirely possible that he thinks he's running a legitimate business and is amazed at how easy it is to make money. Essentially he's the front man for the Russian mobsters that really set it all up, and he's (quite possibly unwittingly) taking care of the bank chargebacks as they hit.
2. See above. In crime, a "mule" is the person seen to be fronting the operation and they may think that they're actually running an ordinary, legit. business. They pull the freight for the criminals behind the curtain. |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to jd08
said by jd08 :
.....I got a call from my bank's fraud dept. yesterday. I was also hit with the fraudulent charge from Monrovia Designs. They charged $12.79. A few days prior, I noticed an unfamiliar hold on my account from "Triprents.com" for $6. I tried to dispute this charge but my bank does not allow holds to be disputed until they post to the account. When the charge didn't go through, I thought nothing of it until I received the call yesterday............... You are the first to report the pre authorization or card ping from "Triprents.com" that I have read.
"Triprents.com" is owned by the same group that also owns "arealhome.com". Arealhome.com has been repeatedly reported for showing up as a ping charge right before the fraud charge proper. This pre validation procedure has been a common tactic, going all the way back to the height of the Digital Age Fraud in 2005.
In fact Doctor Olds  posted back in Sptember 2005 how his card was first pinged with a small charge to test it. Then he was hit with a KCSOFTLLC.com template charge, which was then folowed by a Digital Age charge: »[scam] Digital Age, KCSOFTLLC and Coastal Wave Int
The people at Travelegia.com who own both arealhome.com and Triprents.com have stated that their billing account has been hijacked, the password to the account was hacked.
They said that they are fielding numerous calls from people complaining about this. They stated that many many cards were processed through their merchant account. they said that they are victims too, and are left with a mess to clean up. They also said that they have filed a police report.
As stated in a previous post Travelegia appears to be a legitimate established business entity, and is one of numerous entities that has been hacked in order to use their accounts for card list cleaning.
They may be willing to provide more details publicly on what happened.
MGD |
|
| said by MGD:As stated in a previous post Travelegia appears to be a legitimate established business entity, and is one of numerous entities that has been hacked in order to use their accounts for card list cleaning. I trust your judgement, if you talked to them and believe that they are victims in this too. However, I do find it strange that according to their domain registration, they're a US company, but their websites are hosted in Russia. And not only are they hosted in Russia, but they are hosted on the same IP as a templates site. It's not common for US companies to host their website in Russia, especially when they don't appear to be targeting the Russian market.
Are they claiming that their domain registration or DNS has also been hijacked, to point their DNS records to this Russian server? Or do they have any other explanation? |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | You raised excellent points, and I am following up with them. I asked if they would provide additional corroborating information, and they asked me to submit questions to them for a response. They are aware up front that I am seeking a reply that can be published.
The company representative would not answer the question regarding the hosting location that I asked. However, he said to submit questions to them and they would respond. He said that he was not authorized and did not want to carry on a detailed conversation without some vetting.
On the face of it, it seemed like a reasonable request, and I am following up with them. I will specifically include that question. At that point I was willing to give them the benefit of the doubt pending these response. There may also be a public record of police reports. The fact that the holding company Travelegia has been around for several years 2003/04, and that this is a known tactic, is why I still have an open mind. Historically, hijacked accounts have been used for the pinging process, as it racks up a hefty bill, and does not generate revenue.
I am not vouching for them, and I should have included quotations around the "they said" portion above, as I was quoting what hey said. If there is the possibility that a legit business has been maligned by having their accounts hijacked. I at least want to error on the side of caution. There is no history prior to the current event, of any of those domains being associated with fraud charges.
Hopefully additional data can be obtained that can nail this down. I will also provide them a link to the thread in case they want to comment directly.
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to nobounds
said by nobounds:... However, I do find it strange that according to their domain registration, they're a US company, but their websites are hosted in Russia. .. Yes, that was one of the very first questions I asked, and caused some confusion. He initially denied they were hosted on a Russian server. I contacted what appears to be the main company Travelegia.com, and that is hosted in the US. I then said that I was referring to the group hosted on IP 81.177.22.77 I even wondered why there were merchant accounts on some to begin with. He said that the accounts that were hijacked and where the fraud billing from, were PayPal business accounts.
MGD |
|
| reply to MGD
VIN design, Roman Piglitsin and Solomka from Sacramento and Plumas, CA have hit my Amex three times now since November for $12.38, $9.45 and $9.59. Fortunately, Amex has been good about crediting my account. |
|
approval from:
Doctor Olds
| reply to MGD
Yes, we " www.hostdone.com " are working for clean intetnet hosting service.
www.hostdone.com has delete any Fraud web site from our system and warn any other website to get hosted, it is very clear that is against of our terms of used.
Best Regards
HOSTDONE
»www.hostdone.com |
|
| reply to MGD
Confirming reports on Monrovia Incorp (aka Monrovia Designs). On 2/27/08 they charged 11.89 to my Chase Visa. I am currently in process of getting Chase to flag them as a fraudulent vendor. They actually posted this charge as though it was signed for (some kind of code Chase recieves) and manually keyed in off the physical card! I am in Arizona, and this charge was put through as if it were from Huntsville, Alabama?! Also, I called the "support" number that Chase had (same as was listed here 703-349-7199)...goes straight to voicemail greeting stating all agents are busy, please leave a message or email them at support@monroviadesigns.com. Looking up www.monroviadesigns.com, it is an obviously false front, created using homestead.com. States their business is outsourcing. I have forwarded all the great information in this post to Chase. Keep up the great work!!! |
|
| reply to MGD
Thanks for this thread! Amazing work, MGD.
I found this after I discovered my wife's debit card got hit for a $11.89 charge from Interactive Designs of Seattle (phone number shown is 2063198144, which is the same as shown on the Crystal Clear Designs website). I reported this to my Bank today.
The day before this transaction, there was a pending charge of $4.95 for a company in Tennessee called Fantastic Plants. This is a small bona fide company and were obviously inundated with phone calls as there was a recprded message saying they believed card numbers weres stolen from Paypal. From what I am reading this was the 'ping' charge and never got posted to our account.
I'll also now report this on the IC3 website. |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | said by stevedaytona:Thanks for this thread! Amazing work, MGD. ......The day before this transaction, there was a pending charge of $4.95 for a company in Tennessee called Fantastic Plants. This is a small bona fide company and were obviously inundated with phone calls as there was a recprded message saying they believed card numbers weres stolen from Paypal. From what I am reading this was the 'ping' charge and never got posted to our account....... Thanks you, and glad you posted. Great info on the prior ping charge, as that further confirms this ongoing pre testing of cards. I wonder if the reason that Fantastic Plants mentions PayPal is because that was their merchant account that was hacked. The people at Arealhome.com and Triprents.com which was another multiple reported ping entity, stated that it was their business PayPal account that was hacked. The card pinging was done from that account.
From the previous reports of multiple pinging names, there is no doubt that there is another side to this operation. That component is one that involves the routine hacking of business merchant accounts. They are then used to pre screen lists for currently valid cards, which are then proecessed throught the fake businesses.
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to d3na3az
said by d3na3az :
Confirming reports on Monrovia Incorp (aka Monrovia Designs). On 2/27/08 they charged 11.89 to my Chase Visa. I am currently in process of getting Chase to flag them as a fraudulent vendor. They actually posted this charge as though it was signed for (some kind of code Chase recieves) and manually keyed in off the physical card! I am in Arizona, and this charge was put through as if it were from Huntsville, Alabama?! ...... Do you have any more information on the Huntsville, Alabama angle. Monrovia is operating out of Virginia. However, your statement that the charge was posted as a "signed for" transaction, is something that I have seen on just about all of the charges that I have looked at. They were all coded as processed "POS" transactions. Point of Sale coding usually refers to the card being present, a card scan.
However, all of the charges are obviously "CNP" Card not present transactions. I assumed it to be incorrect coding, as the process is very different. POS is a card swipe via a terminal or manual entry, and only picks up the strip data. That data only has card number, first and last name, and expiration date. In contrast, a CNP entry, in addition to the above data would need a complete address, usually verified via AVS, and also the 3 digit security code.
I see the POS data line coded on most of the debit card transactions. maybe someone can query their bank, though I have found that most do not really know the finer deatails at that level.
MGD |
|
Laurie
join:2007-07-08
Middle Village, NY | I was told the fraudulent charge on my debit card from Crystal Clear Designs was "keyed in." |
|
Laurie
join:2007-07-08
Middle Village, NY | And this is what it said on my statement:
CKCD DEBIT 01/22 CRYSTAL CLEAR DESI206-3198144 WA $11.89 |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | said by Laurie:And this is what it said on my statement: CKCD DEBIT 01/22 CRYSTAL CLEAR DESI206-3198144 WA $11.89 Thanks, that does look like a CNP card not present transaction, which is expected, and the way it should be. Meaning your data was submitted on a form. That would have included name address etc., along with a security code from the back of the card.
Here is an example of the fraud type that I was talking about, that are coded as Point of Sale transactions, when clearly they were not:
quote:
12/24/2007 POS PURCH - 5732 EST COMPANY FL 866-347-0931 EST COMPANY $9.40
MGD |
|
 CCB
@bellsouth.net | reply to MGD
Great work and very informative!I came accross this thread after receiving a fraudulant charge of $11.89 on 3/3/08 from Mca Web Technologies, 623-742-3769. I reported it as fraud and the card company removed it from my account and are sending new cards. I did not see Mca Web discussed or listed on previous posts. |
|
