Ebook websites, fraud charges, Devbill/DigitalAge/Pluto - Scam and Phishbusters

Author	All Replies
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to MGD Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto said by MGD: ...Continuing with the "AQUA" genre: ... .. Eatemplates.com AKA EA Web Designs 434-878-3659 ------------------------------ Contact us EA Web Designs www.eatemplates.com Phone/Fax: 1-(434)-878-3659 Support e-mail: support@eatemplates.com ------------------------------ ... .. Again, still trying to locate the state where the LLC and the cyber-mule are located. This one is also from the June 24th batch of registrations..... MGD This one is an "INC" registered in California on 6/23/2008: Corporation . EA WEB DESIGNS, INC. Number: C3150731 Date Filed: 6/23/2008 Status: active Jurisdiction: California . Address 2710 SHELDON CT EL SOBRENTE, CA 94803 . Agent for Service of Process EVELIO AREAS 2710 SHELDON CT EL SOBRENTE, CA 94803 Also, a flood of fraud charge complaints starting on 08/26/08: »phoneowner.info/Number.aspx/4348783659 Take note of the tandem charge from the "toll free" division ALS 800-604-3067, in addition to the EA WEB DESIGNS, INC fraud charge: quote: Chad - 27 Aug 2008 FYI: I'm in Austin, TX, in case this scam is due to a local store employee who is skimming credit card numbers. I was charged for $11.89 on Friday. I also got another charge from "ALS 800-604-3067" for $9.70 a day later. Someone has sold my CC# and the customers are making small charges to see if they're valid. Have your cards cancelled because they'll make big charges on them soon. also: quote: Gary, Gilbert AZ - 2 Sep 2008 I just spoke with Capital One (CO) Visa and they tell me this company is known by them and there is no problem with getting the charges reversed. I tried to tell the CO lady that is was strange that so many of us here have had the same problem. She would not give me details about the company, but assured me that there would not be a problem with getting the 11.49 credited back to my account. ..... .. Caller: EA WEB DESIGN MGD
	to forum · permalink · 2008-09-08 15:15:51 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	reply to MGD Extracts with data from the previous master post: efstemplates.com AKA EFS Templates, Inc 860-752-6123 »efstemplates.com Snapped 2008-09-06 03:45:29 »efstemplates.com/help.php Snapped 2008-09-06 03:45:08 ------------------------------ Contact us EFS Templates, Inc. www.efstemplates.com Phone/Fax: 1-(860)-752-6123 Support e-mail: support@efstemplates. ------------------------------ The domain has a faked registration on 07/10/08 in Ohio: ICANN Registrar: ENOM, INC. Registration Service Provided By: NameCheap.com . Domain name: efstemplates.com . Registrant Contact: FSC LLC Jeff Wall 551 SOM Center Rd. Mayfield Village, OH 44143 US . Administrative Contact: FSC LLC Jeff Wall (jeff_wall02@yahoo.com) +1.7346613257 Fax: +1.7346613257 551 SOM Center Rd. Mayfield Village, OH 44143 US . Status: Locked . Name Servers: dns1.registrar-servers.com dns2.registrar-servers.com dns3.registrar-servers.com . Creation date: 10 Jul 2008 14:25:39 Expiration date: 10 Jul 2009 14:25:39 Alex, I will take "where the criminals hide cyber-mules for $600", please. Answer: So where is the company registration hidden at, when the criminal's used a Connecticut 860 area code for a website "contact us", and a domain registered to an Ohio address?. Question: What is Florida, Alex! Registered by a Martin A. Douglas, who is the listed officer: -------------------------- Florida Profit Corporation -------------------------- . EFS TEMPLATES, INC. . Filing Information -------------------------- . Document Number P08000068113 . FEI Number NONE . Date Filed 07/18/2008 State FL Status ACTIVE . Principal Address -------------------------- 13615 SOUTH DIXIE HWY SUITE 114-496 MIAMI FL 33176 US . Mailing Address -------------------------- 13615 SOUTH DIXIE HWY SUITE 114-496 MIAMI FL 33176 US . Registered Agent Name & Address -------------------------- CORPORATION SERVICE COMPANY 1201 HAYS STREET TALLAHASSEE FL 32301 US . Officer/Director Detail -------------------------- Name & Address Title D MARTIN, DOUGLAS A 13615 SOUTH DIXIE HWY SUITE 114-496 MIAMI FL 33176 US I am not sure if there is any cyber-mule relationship between this one and: Efsdesign.com ------------------------------ Efsdesign.com Contact us Executive Financial Services www.efsdesign.com Phone/Fax: 1-(318)-938-2177 Support e-mail: support@efsdesign.com ------------------------------ Probably not, the efsdesign.com domain shows being registered with Godaddy on 07/21/2008. However, it now has no registration and is for sale by GoDaddy, indicating a carded domain. MGD
	to forum · permalink · 2008-09-08 17:37:56 ·

MillerLite @comcast.net	reply to MGD MGD Not to sound sympathetic to the mules here, but I've done some digging(and am now probably on some Terrorist list!) ANyway, From what I have gathered and some of this is speculative, you can only trust thieves so much, The Russian mafia os behind this. I saw a news report eh about a month ago that lead me to believe it a little more. I would have to dig back a bit to find that article. But I have also heard the KGB is protecting them and taking a cut. Sadly I honestly think your efforts may be in vain and only catching the poor saps like the retiree in CA that is now ruined and probably will lose 5-7 years of his life over the stress. If they are running 3,000+ per site and operating the better part of 10 sites at any given time, here on this site what maybe a tenth of a percent if that of people are talking about it, or even acknowledging it as a fraud? That leaves a whole lot of people calling the number and getting refunded or letting it go. Hopefully you know way more than you are letting on about the investigations otherwise it seems like a huge waste of time that is putting some very innocent peoples lives in utter ruin. Again, not being negative because my CC# was ripped too and I found out from here. My $0.02, which with the economy is probably actualy worth about $0.015 but eh.
	to forum · permalink · 2008-09-10 22:32:55 ·
MGD Premium,MVM join:2002-07-31 kudos:9	said by MillerLite : ....Sadly I honestly think your efforts may be in vain and only catching the poor saps like the retiree in CA that is now ruined and probably will lose 5-7 years of his life over the stress. If not more, however, had efforts to identify these sites and track the cyber-mules down not been undertaken, he would now be in even worse shape. On the day that he was contacted he had just returned from Bank of America at the syndicate's request, having been approved for a second merchant account. Within days a second website would have been up and running, and he would now be in even deeper. In addition, he was in the process of completing a wire transfer to Eurobank in Sofia Bulgaria to Inowest, for an amount in excess of $25,000. That wire was immediately revoked. So, however bad his situation is now, it would have been 10 times worse had he not have been alerted. Then there is the criminal aspect to all of that, which has been discussed numerous times. While the majority of cyber-mules are duped participants, there are some that have gone way past the point where it is reasonable to believe that they have clear knowledge of what is going on, and their role in it. said by MillerLite : If they are running 3,000+ per site and operating the better part of 10 sites at any given time, here on this site what maybe a tenth of a percent if that of people are talking about it, or even acknowledging it as a fraud? That leaves a whole lot of people calling the number and getting refunded or letting it go..... At any given time there are probably 40 to 50 active fraud sites, maybe more. This is an assembly line process, there are sites under construction all the time. The monthly ceiling for billing is $40,000 to $50,000, any more and it would exceed the small business classification threshold. Each site goes through a seasoning process that mimicks what a typical business would do. They start out small and increase the total each month. According to one cyber-mule's analysis of several months of billing, 80% of the charges went through uncontested. Any way you grind the math, $12 million a year in fraud is a conservative number for gross billing. said by MillerLite : ...Hopefully you know way more than you are letting on about the investigations otherwise it seems like a huge waste of time that is putting some very innocent peoples lives in utter ruin. .... Many aspects of the case are not dicussed on the forum. The criminals began monitoring long ago what is being published about the operation. In fact, they have already been in contact with me here via the forum. It would not be prudent to lay all the cards on the table. There is also a delay in documenting some of the operation. Alerting the public to the specific nature of these fraud charges, and the best procedure to address them, is an important part of curtailing the scam. So is trying to cut off the supply of cyber-mules by publishing the actual methods of recruitment. The "ruin" actually begins when they go forward and register an LLC / INC. It gets worse when they open a bank account, and obtain merchant services then turn the log in credentials over to the crime syndicate. It gets progressively worse when the launder the stolen proceeds by wiring it out of the country back to the crime syndicate. There is not much that anyone else can do to ruin your life after that, In fact tracking them down and alerting them mitigates the ruin. Whether I can track them or not, sooner or later several entities will eventually be in touch with them. The quicker that they can extricate themselves from the operation the better off they will be. Numerous cyber-mules and almost cyber-mules have become aware of what was going on by just running key word searches. By closing up shop early, and preserving all the records, has helped to preserve their status as "duped". Time will tell as to how much in vain this effort is. Originally the odds were presumed not to be good, since this operation has been running for years. It is also true that many cyber criminals in both Russia and the Ukraine appear to be shielded. Though one only has to look at the TJMAX case to see how some of them get picked off the minute they exit the protected jurisdiction. Case in point, is the recently indictment of Maksym Yastremsky of the Ukraine. Maksym has been in a Turkish jail for over a year. He was arrested in a nightclub within hours of arriving there on vacation from the Ukraine: »english.sabah.com.tr/0D94CA9E90F···B81.html That appears to be a lesson learned from what happened in the 2005 case of fellow Ukrainian Dmitry Ivanovich, one of the alleged ring leaders of CardPlanet: »blog.washingtonpost.com/security···rss_blog While in prison after his arrest, two politicians managed to convince the judge to release him on bail. The FBI now considers him a fugitive. Dmitry Ivanovich has since become a politician himself, and is running for office: »blog.washingtonpost.com/security···ads.html Coincidentally, elected politicians are immune from criminal prosecution MGD
	to forum · permalink · 2008-09-12 02:05:20 ·
MillerLite @comcast.net	reply to MGD Oh yes, there is no doubt if you can catch the guy early and stop it, that will save them and aid them in the innocent victim defense. Yeah TJMAXX was ok, but a few years ago about every major data leakage was from the ShadowCrew guys they were killing it. Now if they are tied into this same ring, pfft they have the better part of 200 million cards or more who knows how many smaller chains dont report breaches for fear of a backlash. Even if they had to actually buy the cards, hell they are down to $0.50-$0.75/card now. $10/card you are looking at 1500-2000% profit. As long as people buy stuff online and expose their cvv info these forms of the underworld will continue to grow. Everyone moving to more plastic than cash is only going to exacerbate the problem. They are getting brazen, just google sell cvv they do it right in the open. From what I learned though the viet and phili gys were 99% thieves robbing the wannabe thieves. Incredible.
	to forum · permalink · 2008-09-12 23:16:50 ·
Doctor Olds I Need A Remedy For What's Ailing Me. Premium,VIP join:2001-04-19 1970 442 W30 kudos:18	said by MillerLite : As long as people buy stuff online and expose their cvv info these forms of the underworld will continue to grow. Everyone moving to more plastic than cash is only going to exacerbate the problem. That is not the real source of the continuous flow of data this syndicate has access to. The CVV is not supposed to be stored and it is the rare supplier of merchant services that leaves a debugging feature enabled in the POS system that creates the rare CVV database (that wasn't supposed to be created in the first place) matched to the CC Numbers where a few of these large breaches occurred, but looking at the "big picture" that sadly is but a few drops in the bucket. It is actually higher up in the card processors/clearing houses databases and even the CC providers databases where the large breaches are occurring and with an estimated 80% fraud charges going through the system uncontested, that means a lot of people do not reconcile their monthly statements (or just don't even look at them) which isn't very smart. This huge breach wasn't about online shopping (most aren't, BTW). Good old B&M (Brick and Mortar), swiped the physical card, but the company was keeping extra data (Track 2 data) that it should not have been storing with the CC transaction details. TJX data breach: At 45.6M card numbers, it's the biggest ever It eclipses the compromise in June 2005 at CardSystems Solutions »www.computerworld.com/action/art···=9014782 quote: The systems that were broken into were based in Framingham and processed and stored information related to payment cards, checks and merchandise returned without receipts. The data breach affected customers of its T.J.Maxx, Marshalls, HomeGoods and A.J. Wright stores in the U.S. and Puerto Rico. Also affected were customers of its Winners and HomeSense stores in Canada and TK Maxx stores in the U.K. Data breach at TJX leads to fraudulent card use The company has not said how many credit and debit card numbers were exposed »www.computerworld.com/action/art···=9009158 quote: TJX itself has not disclosed specifically what sort of information was compromised. But the company appears to have been storing so-called Track 2 data taken from the magnetic stripe on the back of cards. Track 2 data includes account numbers, expiration dates and encrypted personal identification numbers, plus other information that card-issuing banks can include at their discretion. The storing of such data by retailers is specifically forbidden under PCI. Payment Card Industry data security standard IMHO, You have a better chance of getting your Debit Card PIN stolen at your Banks ATM or affiliate ATM by a hidden camera used with dummy card reader that is placed over the real reader in the ATM machine than having your CCV taken while using eCommerce at a online store. Th hidden camera setup captures you keying in your PIN code[s] and the dummy card stripe reader copies your card data/account details and all the thief has to do is copy that captured data to a magnetic stripe writer to record your account details on blank card stock (white cards) then use that with the PIN hand written on the same card to wipe your account balance out later at any affiliate ATM. As seen here: »www.ocregister.com/articles/atm-···ies-lieu »www.freerepublic.com/focus/f-new···45/posts »www.thestar.com/SpecialSections/···e/188460 »www.nbc-2.com/articles/readartic···1474&z=3 »www.jacksonville.com/tu-online/s···77.shtml -- What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
	to forum · permalink · 2008-09-14 14:02:08 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to MGD Several of the fraud sites from this group were previously reported by music man from aa419.org: sadi-q-themes.biz 434-336-4079 sparecap.org 208-629-8051 allforyounow.com 203-404-4852 themobileclub.org 231-225-0410 yourplproject.org 424-785-1586 allthebestforyou.biz 904-425-1621 mae_aa419 from aa419.org compiled the following list of fraud sites several weeks ago, additional contributions came from music man This group appears to test out an improved obsfucation process. The domains still have bogus registrations, however many are registered to a random name and address within a close radius of the actual cyber-mule. The listed phone number will have an area code that matches to the state of LLC incorporation. Those two ingredients are designed to assist in passing the account vetting process. However in this method of disguising and hiding the cyber-mule, is achived by registering an LLC whose name has no connection to the domian name. Also, that LLC name is neer listed on the fraud site, only the phone number is published. The result is a fraud site where you can determine the state that the cyber-mule is located within, but will be unable to track them down to a specific LLC or INC registration. Fraud sites from this group: driveabargain.org 904-638-4767 now down Google cache: »74.125.45.104/search?hl=en&safe=···gain.org Snapped 2008-09-14 17:11:07 »74.125.45.104/search?hl=en&safe=···G=Search Snapped 2008-09-14 17:10:50 IP: 74.86.165.119 HOST: softlayer . Domain ID:D152543673-LROR Domain Name:DRIVEABARGAIN.ORG Created On:25-Apr-2008 16:32:49 UTC Last Updated On:25-Jun-2008 03:51:15 UTC Expiration Date:25-Apr-2009 16:32:49 UTC Sponsoring Registrar:eNom, Inc. (R39-LROR) Status:CLIENT TRANSFER PROHIBITED Registrant ID:42c35fa6935 Registrant Name:Lidia Potter Registrant Street1:8139 Chimney Oak Dr Registrant Street2: Registrant Street3: Registrant City:Jacksonville Registrant State/Province:FL Registrant Postal Code:32244 Registrant Country:US Registrant Phone:+1.9046384767 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:lidiapotter@gmail.com . . sbrightpdas.com 954-762-7736 »sbrightpdas.com Snapped 2008-09-14 17:10:33 »sbrightpdas.com/contacts.php Snapped 2008-09-14 17:10:15 IP: 72.167.131.16 Host: godaddy . Domain Name: SBRIGHTPDAS.COM Registrar: WILD WEST DOMAINS, INC. . Registrant: . Adams, Alan Adams748@gmail.com 1761 W Hillsboro Blvd Deerfield Bch, Florida 33442 United States (954) 762-7736 . Registered through: IX-ONE.COM Domain Name: SBRIGHTPDAS.COM Created on: 28-Apr-08 Expires on: 28-Apr-09 . Domain servers in listed order: NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM . . z-connection.org 203-285-6642 »z-connection.org Snapped 2008-09-14 17:09:58 »z-connection.org/contacts.php Snapped 2008-09-14 17:09:40 IP: 75.127.70.4 HOST: softlayer . Domain ID:D152611764-LROR Domain Name:Z-CONNECTION.ORG Created On:02-May-2008 19:09:34 UTC Last Updated On:02-Jul-2008 03:49:26 UTC Expiration Date:02-May-2009 19:09:34 UTC Sponsoring Registrar:eNom, Inc. (R39-LROR) Status:CLIENT TRANSFER PROHIBITED Registrant ID:5d47d04e93e Registrant Name:Richard Orr Registrant Organization:- Registrant Street1:8007 E Coronado Rd Registrant Street2: Registrant Street3: Registrant City:Scottsdale Registrant State/Province:AZ Registrant Postal Code:85257 Registrant Country:US Registrant Phone:+1.2032856642 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:Florgf44@gmail.com sadi-q-themes.com 434-336-4079 (sadi-q-themes.BIZ previously reported) Was hosted by KAhosting.com on IP 74.52.156.2 it now redirects to sadi-q-themes.biz Cloaked domain: WhoisGuard WhoisGuard Protected (93917dbcaa87422996e8b17f49be2d39.protect@whoisguard.com) +1.6613102107 Fax: +1.6613102107 8939 S. Sepulveda Blvd. #110 - 732 Westchester, CA 90045 US . Status: Locked . Name Servers: ns7.selectdns.net ns8.selectdns.net . Creation date: 09 Jun 2008 17:57:04 Expiration date: 09 Jun 2009 17:57:04 . . intelipalm.com 434-336-4079 The site currenlty shows only an index: »intelipalm.com However Google does have a cache of the main page from May 26, 2008 : »74.125.45.104/search?hl=en&safe=···G=Search Snapped 2008-09-14 17:14:34 Fraud report complaints on 800notes.com began on 08/18/2008 »800notes.com/Phone.aspx/1-434-336-4079 »whocallsme.com/Phone-Number.aspx/4343364079 »phoneowner.info/Number.aspx/4343364079 quote: Lor - 2 Sep 2008 They charged my credit card for $4.78 so I closed that account and was assigned a new number. Three months ago I had a similar situation happen for $4.95. When I called their phone number I swear it is the same womans voice on their answering machine. Don't bother leaving messages, I did this time and the last time and they don't call back,definately a scam artist who got my one credit card number and has tried this trick twice in 4 months - account closed! You are correct, the same voice is used on the entire group. IP: 74.86.165.119 Host: softlayer.com . Domain Name: INTELIPALM.COM Registrar: ENOM, INC. . Domain name: intelipalm.com . Registrant Contact: . Albert Milton 4132 Tompkins Ave Oakland, CA 94619 US . Administrative Contact: . Albert Milton (albert.mltn@gmail.com) +1.4343364079 4132 Tompkins Ave Oakland, CA 94619 US . Status: Locked . Name Servers: ns1.hostm.net ns2.hostm.net ns3.hostm.net . Creation date: 05 May 2008 23:52:33 Expiration date: 05 May 2009 23:52:33 . . 7-livels.com 919-246-591 »7-livels.com Snapped 2008-09-14 17:09:22 »7-livels.com/contacts.php Snapped 2008-09-14 17:08:59 Domain Name: 7-LIVELS.COM Registrar: ENOM, INC. . honourbright.com Alfredo Angelina (Dffg43@gmail.com) +1.9198620492 Fax: +1.5555555555 4208 Bugle Ct Raleigh, NC 27616 US . Status: Locked . Name Servers: ns51.domaincontrol.com ns52.domaincontrol.com . Creation date: 07 Apr 2008 18:49:00 Expiration date: 07 Apr 2009 18:49:00 . honourbright.com has the identical registeration from 27 Feb 2008, and does not show any active website. In case of future fraud charges please note that the domain registration is usually faked, and that has been confirmed in this case. There is no connection to the operaion. . . a2wizard.org Web 513-258-2856 Web Site Disabled »a2wizard.org »74.125.45.104/search?q=cache:_4G···&strip=1 Snapped 2008-09-14 17:14:17 The a2wizard.org domain registration was identical to 7-livels.com and honourbright.com. However on 09/15/2008 the registration was updated to a cloaked whoisguard.com Domain ID:D152654584-LROR Domain Name:A2WIZARD.ORG Created On:07-May-2008 18:52:27 UTC Last Updated On:12-Sep-2008 23:16:00 UTC Expiration Date:07-May-2009 18:52:27 UTC Sponsoring Registrar:eNom, Inc. (R39-LROR) Status:OK Registrant ID:22fd5bd1225 Registrant Name:WhoisGuard Protected Registrant Organization:WhoisGuard Registrant Street1:8939 S. Sepulveda Blvd. #110 - Registrant Street2: Registrant Street3: Registrant City:Westchester Registrant State/Province:CA Registrant Postal Code:90045 Registrant Country:US Registrant Phone:+1.6613102107 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:39a2e678d8094239a67ab3c466fb05fe.protect@whoisguard.com . . startability2k.com AKA Starcatalog LLC 678-436-3075 »startability2k.com Snapped 2008-09-14 17:08:42 »startability2k.com/contacts.php Snapped 2008-09-14 17:08:24 Business Name History . ----------------------------------------------- . Name Name Type: LLC Current Name: STARCATALOG, LLC . ------------------------------------------------ . Limited Liability Company - Domestic - Information . Control No.: 08020039 Status: Active/Compliance . Entity Creation Date: 3/7/2008 . Jurisdiction: GA Principal Office Address: . 2012 SHAWN WAYNE CIRCLE Atlanta GA 30316 . Last Annual Registration Filed Date: Last Annual Registration Filed: ------------------------------------------------ . Registered Agent . Agent Name: CORPORATION SERVICE COMPANY Office Address: 40 TECHNOLOGY PKWY SOUTH #300 NORCROSS GA 30092 Agent County: Gwinnett This domain reg did not follow the typical pattern: IP: 75.127.70.4 Host: gnax . Domain Name: STARTABILITY2K.COM Registrar: ENOM, INC. . Domain name: startability2k.com . Registrant Contact: startability2k Vicki Baird 13128 Casa Grande Ave Lakeside, CA 92040 US . Administrative Contact: startability2k Vicki Baird (VBstartability2k@gmail.com) +1.6784363075 Fax: +1.5555555555 13128 Casa Grande Ave Lakeside, CA 92040 US Status: Locked . Name Servers: ns.ez-web-hosting.com ns1.ez-web-hosting.com . Creation date: 02 Apr 2008 22:39:30 Expiration date: 02 Apr 2009 22:39:30 Fraud charge reports: »www.callercomplaints.com/SearchR···436-3075 Also Note, duplicate hit from the "Toll Free" fraud div.: quote: Sammie - 7 Jun 2008 This just happened to on 06 JUN 08. $9.40 to HBS 888-215-5608 CA. When you call they say your phone call can not be taken. Also I received a charge for $4.91 to STARCATALOG LLC 678-4363075 GA the day before. When I called that number it was a lady that you could barely understand. Someone before said somethings about Equifax, well I've never dealt with them, but I've been disappointed in AOL. I had internet through them and they would send information to my parents PO Box that lived over 200 miles from me, and I didn't even know my parents PO Box. I asked them about it, and they said they worked with a third party company. I hate these people that like to share all of our information quote: VAL - 22 Aug 2008 THIS HAS HAPPENED TO ME TWO MONTHS AGO BUT UNDER A DIFFERENT NAME OF WISEE GOODS FOR THE SAME AMOUNT AND $9.99 CHARGE FROM A DIFFERENT CO. I'M BEING CHARGED $4.91 BY STARCATALOG LLC. THE ONLY LINK I CAN SEE IS SOME HOW THEY GOT A HOLD OF MY OLD BANK OF AMERICA VISA NUMBER WHEN I SWITCHED OVER TO THE AMERICAN EXPRESS CARD THROUGH B OF A. THE FIRST TIME IT WAS SOME TYPE OF MOBILE PHONE BILLING OF SOME SORT. I HAVE A FEELING NEXT MONTH AFTER THESE FRAD CHARGES ARE REVERSED THE NAME WILL ONCE AGAIN CHANGE. I AM CANCELLING THIS CARD! I'M SAID, I'VE HAD IT FOR ABOUT 30 YEARS A duplicate from another known fraud: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto and: »Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot The HBS 888-218-5608 CA fraud charge reports run 7 pages long, and begin in November of 2007 thru June of 2008: »800notes.com/Phone.aspx/1-888-218-5608 From August 2007 to November HBS used 866-214-7845:»www.google.com/search?hl=en&safe···G=Search . . mobilehomestuffstoreplus.com 301-979-9685 »74.125.45.104/search?hl=en&safe=···plus.com Snapped 2008-09-14 17:13:56 Cyber-mule was alerted a month ago prior to going live. Already had bank and merchant accounts set up, operation was shut down. Confirmed as recruited via careerbuilders.com resume by Careerplanet.com and Planeraproject.com The domain was originally cloaked via GoDaddy domainsbyproxy, however it is now showing as confiscated and for sale, indicating a carded original set up: Registrant: Wild West Domains 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260 United States . Registered through: Domains Priced Right Domain Name: MOBILEHOMESTUFFSTOREPLUS.COM Created on: 22-May-08 Expires on: 22-May-09 Last Updated on: 03-Sep-08 . Administrative Contact: domains for sale, Wild West Domains confiscateddomain@wildwestdomains.com Wild West Domains 14455 N Hayden Rd Suite 219 Scottsdale, AZ 85260 United States 480-505-8800 Fax -- 480-505-8844 . . budgetbuy.org 301-979-9534 now down, open directory »budgetbuy.org »www.assec.org/contacts.php&hl=en···strip=1" >74.125.45.104/search?q=cache:htt···&strip=1 Snapped 2008-09-14 17:15:55 Domain ID:D152790539-LROR Domain Name:BUDGETBUY.ORG Created On:22-May-2008 21:23:23 UTC Last Updated On:12-Sep-2008 23:48:13 UTC Expiration Date:22-May-2009 21:23:23 UTC Sponsoring Registrar:eNom, Inc. (R39-LROR) Status:CLIENT TRANSFER PROHIBITED Registrant ID:82a2453467c Registrant Name:Susie Nelson Registrant Street1:102 North Center Registrant Street2: Registrant Street3: Registrant City:Carlisle Registrant State/Province:Arkansas Registrant Postal Code:72024 Registrant Country:US Registrant Phone:+1.3019799534 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:snmail128@gmail.com . Name Server:NS1.USWEBHOSTING.COM Name Server:NS2.USWEBHOSTING.COM . . sparecapital.biz down (sparecap.ORG 208-629-8051 previously reported) Domain Name: SPARECAPITAL.BIZ Domain ID: D25034042-BIZ Sponsoring Registrar: EVERYONE''S INTERNET LTD. Sponsoring Registrar IANA ID: 925 Domain Status: ok Registrant ID: TUGZY30QWP4VOPF7 Registrant Name: Barbara Weeks Registrant Organization: sparecapital.biz Registrant Address1: 2006 S 257th St Registrant City: Des Moines Registrant State/Province: WA Registrant Postal Code: 98198 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +1.3038751403 Registrant Email: dinatoney79@gmail.com Administrative Contact ID: TUGZY30QWP4VOPF7 Administrative Contact Name: Barbara Weeks Administrative Contact Organization: sparecapital.biz Administrative Contact Address1: 2006 S 257th St Administrative Contact City: Des Moines Administrative Contact State/Province: WA Administrative Contact Postal Code: 98198 Administrative Contact Country: United States Administrative Contact Country Code: US Administrative Contact Phone Number: +1.3038751403 Administrative Contact Email: dinatoney79@gmail.com Name Server: NS7.SELECTDNS.NET Name Server: NS8.SELECTDNS.NET Domain Registration Date: Fri May 16 00:22:46 GMT 2008 Domain Expiration Date: Fri May 15 23:59:59 GMT 2009 . . MGD
	to forum · permalink · 2008-09-14 17:39:42 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to MGD said by MGD: Will come back and add data to these, need to set and hold the siteshot, in case they are pulled: .......... .. [imaging failed] »ktechwebdesign.com Snapped 2008-09-06 03:44:50 [imaging failed] »ktechwebdesign.com/help.php Snapped 2008-09-06 03:44:50 ------------------------------ www.ktechwebdesign.com Contact us KTech Solutions, LLC www.ktechwebdesign.com Phone/Fax: 1-(308)-646-0010 Support e-mail: support@ktechwebdesign.com ------------------------------ ... .. . I have located the LLC and location of the cyber-mule for: ktechwebdesign.com AKA KTech Solutions, LLC 308-646-0010 I know that they have been actively processing fraud charges for several weeks. At least a half dozen Google search referrals have been coming in for that name. The cyber-mule is from Douglastown / Little Neck New York: NYS Department of State Division of Corporations Entity Information . --------------------------------- . Selected Entity Name: KTECH SOLUTIONS L.L.C. . Selected Entity Status Information Current Entity Name: KTECH SOLUTIONS L.L.C. Initial DOS Filing Date: JUNE 04, 2008 County: QUEENS Jurisdiction: NEW YORK Entity Type: DOMESTIC LIMITED LIABILITY COMPANY Current Entity Status: ACTIVE . Selected Entity Address Information DOS Process (Address to which DOS will mail process if accepted on behalf of the entity) . ONLINE RETAIL 240-35 69TH AVENUE DOUGLASTON, NEW YORK, 11362 Registered Agent NONE . The website is down, however that is not a guarantee that fraud charges have stopped. The listed contact number is also NLA. That address is apparenlty an apartment building with multiple units:»www.whitepages.com/search/Revers···e=survey A Nebraska area code for a contact number. A California domain registration, finished off with a no robots archive blocker. Domain Name: KTECHWEBDESIGN.COM Registrar: ENOM, INC . Registration Service Provided By: NameCheap.com . Domain name: ktechwebdesign.com . Registrant Contact: tbr LLC Jin Bowden (silverio_bowden@yahoo.com) +1.5016425898 Fax: +1.5016425898 697 Woodlane Dr 697 Woodlane Dr, CA 91024 US . Status: Locked . Name Servers: dns1.registrar-servers.com dns2.registrar-servers.com dns3.registrar-servers.com . Creation date: 18 Jun 2008 14:34:09 Expiration date: 18 Jun 2009 14:34:09 . [Edit add] That domain registration is identical to the one used for Delamoratemplates.com on the 13th March 2008:»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto [/Edit] . . Still searching on the original list to identify the state where these entities are registered. In the interim if there are any reports of fraud charges the line item should contain thetwo letter state abbreviation code. efsdesign.com AKA Executive Financial Services 318-938-2177 exclusivewebconcepts.com AKA Exclusive Web Design Co. 585-535-1425 giwebdesign.com AKA Global Interservice, LLC 253-238-5381 lqservices.com AKA LUNA QUEST On-Line Services 503-766-3438 michiintel.com AKA PearllIntel@yahoo.com, LLC 562-252-1771 nlmdesign.com AKA New Liberty Management, Inc. 417-423-7523 pdatemplates.com AKA Pda press, Inc. 352-353-0375 pg-templates.com AKA Preferred Gate, LLC 410-457-7720 tamarackconsults.com AKA Tamarack Designs, LLC 601-667-4534 Tpdtemplates.com AKA TruthLives Productions and Design, LLC. 605-741-0077 Zdtemplates.com AKA Zavier Web Design and Tech Solutions, LLC 559-682-3757 xftemplates.com AKA Xtreme Focus, LLC 207-433-0565 fotemplates.com AKA Fire Opal, LLC 970-315-4005 count= 13 MGD EDIT= added missing LLC screenshot
	to forum · permalink · 2008-09-14 23:33:26 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to MGD Finally, nailed it, this took a while. However, it solved more than one outstanding issue: tamarackconsults.com AKA Tamarack Designs, LLC 601-667-4534 The brick wall in this case was the listing as Tamarack Designs, LLC There are pages of victim fraud complaints:»www.google.com/search?hl=en&q=60···aq=f&oq= Though the first fraud report in May on 800Notes.com, lists the charge as originating in Canton, MS., all the other victims report the line item charge as "WA" for Washington State: »800notes.com/Phone.aspx/1-601-667-4534 Repeated searches of Washington State's corporate database turned up nothing for Tamarack Designs, LLC: Even though the first victim stated MS, it was not registered there. There were dozens of victims reporting "WA", they all could not be wrong. There was also no way that the merchant account could be set up to show the wrong state. That configuration is outside of the criminal's control. That left the only possibility as an obfuscated name, though it could not be totally different and pass vetting, what little there is. Well maybe it wasn't an LLC,... sure enough, but look at what was coughed up, ring any bells?: Tamarack Designs is not an LLC, it is actually a trade name, and just look at who registered it, and what else he had going on: License Detail . License Information: . Entity Name: INTERACTIVE DESIGNS LLC Firm Name: INTERACTIVE DESIGNS LLC License Type: Washington State Business Entity Type: Limited Liability Company UBI: 602762619 Business ID:001 Location ID:0001 . Location Address: 13626 8TH AVE S BURIEN, WA, 98168-3602 Mailing Address: 13626 8TH AVE S BURIEN, WA, 98168-3602 . Governing People: ARTHUR CHANDLER . Registered Trade Names: 3 RIVER DESIGNS CRYSTAL CLEAR DESIGNS TAMARACK DESIGNS Not only did it solve the long lost: RD-WEBCONCEPTS.COM AKA 3 River Designs, LLC 910-221-7646 from 04/29/2008 »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto I recall back then that Zenith had checked for "3 river designs" in each of the 50 state's corporate records, and made a second trip through them as well. Not only that, but this clearly shows that cyber-mule Mr. Arthur Chandler, who goes all the way back a year to September of 2007, is now up in Steve Rogan, and Mike Allison territory. When a cyber-mule hits the one year mark, and 4 plus fraud sites, the duped status has long gone as a arguable defense. Remember that Arthur Chandler first came onboard the thread back in December of 2007 for: ccdtemplates.com AKA Crystal Clear Designs, LLC. 206-319-8144 »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Then for: interactiveconsults.com AKA Interactive Designs, LLC 206-319-7126 »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto You simply cannot go a year and get to this stage, and not be significantly aware of what is going on. Not even a 2 digit IQ defense would qualify. Using the arbitrary 20% fraud charge dispute rate, you could see as many as 600 chargebacks a month. That would be followed by at least several calls from the merchant account processor asking what is going on. Not only would the cyber-mule be exposed to all of those issues, they would also see the monthly statements as well. No doubt the early accounts have long since been cancelled by the processor for excessive chargebacks. Just look at the complaint lists: 8 pages of fraud complaints for Interactive Designs beginning in Decenber of 2007: »800notes.com/Phone.aspx/1-206-319-8144 plus the other sites: »www.google.com/search?hl=en&safe···G=Search Then interactiveconsults.com, »www.google.com/search?hl=en&safe···G=Search and "3 river designs" »www.google.com/search?hl=en&safe···-7646%22 Also, the first two domains were registered to Chandler, so he would have been exposed to complaint contacts from victims. The third and fourth domains were bogus, in order for the crime syndicate to reduce his exposure. Also, the idea that one was helping a foreign company "develop" a business, goes out the window when the merchant accounts get cancelled. You then set up new names, as the others have been blacklisted. The removes any aspect of continunity for the fake business model. Over the course of the year, you also have to overcome the dozens of wires to various former Soviet Block countries of the fraudulent funds. While a fresh cyber-mule recently recruited by an employment agency from an online resume at careerbuilders.com, is at one end of the scale, clearly duped. Chandler, Rogan, and Allison are examples of the extreme opposite end of that cyber-mule scale, cyber-mule evolution!. Arthur Chandler has been an elusive target to catch up with. The original posted LLC from back in December, listed an address of: Agent Name Arthur Chandler Address 13626 8TH AVE S City BURIEN State WA ZIP 98168 The Washington state business data now contains a second address of: 6013 79TH ST CT E, PUYALLUP, WA 98371 INTERACTIVE DESIGNS LLC UBI Number 602762619 Category LLC Profit/Nonprofit Profit Active/Inactive Active State Of Incorporation WA Date of Incorporation 09/18/2007 Expiration Date 09/30/2009 Dissolution Date Registered Agent Information Agent Name ARTHUR CHANDLER Address 6013 79TH ST CT E City PUYALLUP State WA ZIP 98371 . Governing Persons Title Name Address Executor Chandler, Arthur 13626 8th Ave S BURIEN, WA Member CHANDLER , ARTHUR PUYALLUP, WA The original address only hits on a Nail Salon licensed to someone else, and this »www.alt-remedies.acedistribution···dstart=0 The PUYALLUP address gets no hits. There are several Chandlers in that zip code, but no Arthur. So where is he hiding out at ?? Really surprised that a cyber-mule can go a year, four merchant accounts, and the first two domains were registered in their name. For the record: Domain Name: TAMARACKCONSULTS.COM Registrar: ENOM, INC. Registration Service Provided By: NameCheap.com . Domain name: tamarackconsults.com . Registrant Contact: td llc michael cullum 5557 First Stateman Lane Alexandria, VA 22312 US . Administrative Contact: td llc michael cullum (cullum_m1734@yahoo.com) +1.3094391906 Fax: +1.3094391906 5557 First Stateman Lane Alexandria, VA 22312 US . Status: Locked Name Servers: ns1.hostdone.com ns2.hostdone.com . Creation date: 21 Feb 2008 14:15:43 Expiration date: 21 Feb 2009 14:15:43 Notice that many of the fake registrations contain a different abbreviated LLC name above the registrants name. In this case it has "td llc". I believe that what the syndicate is doing is using previous cyber-mule's names to register new domains for other cyber-mules. Remember that the syndicate has a large collection of US identity documents from all the recruits, even the ones that drop out after the application process. MGD
	to forum · permalink · 2008-09-15 03:45:15 ·
Whip412 @embarqhsd.net	reply to MGD Potential new one? »www.ripoffreport.com/reports/0/3···3192.htm »www.webdesigns-corp.com/careers.htm Registration Service Provided By: Active-Domain LLC Contact: »www.active-domain.com Domain Name: WEBDESIGNS-CORP.COM Expiry Date: 15-Sep-2009 Creation Date: 15-Sep-2008 Name servers: ns32.mochahost.com ns33.mochahost.com Registrant Name: Whois Manager Registrant Company: Whois Proof LLP Registrant Email Address: sh3z6c1x@whoisproof.com Registrant Address: PO Box 4120 Registrant City: Portland Registrant State/Region/Province: OR Registrant Postal Code: 97208-4120 Registrant Country: US Registrant Tel No: +1.2024700599 Registrant Fax No: +1.8663666681 Admin Name: Whois Manager Admin Company: Whois Proof LLP Admin Email Address: sh3z6c1x@whoisproof.com Admin Address: PO Box 4120 Admin City: Portland Admin State/Region/Province: OR Admin Postal Code: 97208-4120 Admin Country: US Admin Tel No: +1.2024700599 Admin Fax No: +1.8663666681 Tech Name: Whois Manager Tech Company: Whois Proof LLP Tech Email Address: sh3z6c1x@whoisproof.com Tech Address: PO Box 4120 Tech City: Portland Tech State/Region/Province: OR Tech Postal Code: 97208-4120 Tech Country: US Tech Tel No: +1.2024700599 Tech Fax No: +1.8663666681
	to forum · permalink · 2008-09-15 21:30:43 ·
mrsamsmitty join:2008-08-08 Denver, CO	reply to MGD Just had this company post a fraudulent charge to my credit card: EA WEB DESIGNS for $11.89 This company did as well not to long ago: ISSO for $9.50 Other links: '»www.callercomplaints.com/SearchR···678-5605' '»800notes.com/Phone.aspx/1-866-678-5605/1'
	to forum · permalink · 2008-09-16 15:22:52 ·
MGD Premium,MVM join:2002-07-31 kudos:9	said by mrsamsmitty: Just had this company post a fraudulent charge to my credit card: EA WEB DESIGNS for $11.89 This company did as well not to long ago: ISSO for $9.50 Other links: '»www.callercomplaints.com/SearchR···678-5605' '»800notes.com/Phone.aspx/1-866-678-5605/1' Excellent information, thank you for posting. ISSO 866-678-5605 FL is part of the "toll free fraud group", from the same organized crime syndicate. Be aware that there are also ISSO fraud charge reports under another toll free number: ISSO 800-881-8482 FL. Fraud charges under the original 866-678-5605 number begin around February 2008 up to August. Fraud charges from ISSO under the 800-881-8482 number started in August and continue:»800notes.com/Phone.aspx/1-800-881-8482 and »www.callercomplaints.com/SearchR···881-8482 The changing of numbers is a typical characteristic, most likely the result of the use of hijacked card data used for the online signup of these voip services. The changing of numbers also causes a loss of tracking continuity. Cracking this toll free division is difficult. They use either generic names or three and four letter words. Repeated checks of State and local business records have failed to yield a direct match to any of them. No corresponding websites have ever been identified for them. Since little is known, it is possible they may be factored or pass through billing accounts. With respect to ISSO, several victims report that their bank told them that ISSO is a "Hobby, Toy and Game Shop in Florida". However, that is the bank reading the merchant account classification code that was assigned. In order to help crack this division and identify the merchant account origination points. I would appreciate it if you still have your statement handy, if you can send me via Instant Message (IM) the 21 character item transaction code from the line item ISSO charge that is listed on your statement. That may assist in identifying the actual source and origination point of the fraud charge. Obtaining the transaction item code applies to any of these toll free fraud entities that little is known about. This may help to determine the exact modus-operandi of the set ups, and assist in preventative measures to block their repeated occurrence. Do not post the item transaction codes in public. So far there no one has reported a city code appearing alongside the ISSO fraud charge. Another toll free member of the fraud group from Florida, was EST COMP 866-347-0931 Boca Raton, FL They were first reported in December of 2007 with fraud charges appearing alongside Fabri-Tex »www.google.com/search?hl=en&q=86···aq=f&oq= EST subsequently used the number 800-554-8147 on later fraud charges. MGD
	to forum · permalink · 2008-09-16 19:28:08 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to Whip412 said by Whip412 : Potential new one? »www.ripoffreport.com/reports/0/3···3192.htm »www.webdesigns-corp.com/careers.htm .... Though this is is a criminal fraud operation involving cyber-mules, it revolves around cashing fraudulent checks, and sending the cash via WesternUnion or MoneyGram back to the criminals. This is not one that requires the set up of LLCs / Corps and bank accounts and merchant services. These frauds burn through mules quickly, as the checks / payments bounce back. That group also burns through fraudulently registered recruiting sites quickly because of mass spamming. Some of the recent domains associated with that group are: proweb-designs.com rapidweb-solutions.com secure-webprojects.com profiweb-studio.com firstclass-ecommerce.com ecommerce-websolutions.com MGD
	to forum · permalink · 2008-09-16 19:43:08 ·
noebook4me join:2008-03-31 Plymouth, IN	reply to MGD Police probe new identity theft twist By DAVE STEPHENS, Tribune Staff Writer Story Created: Sep 16, 2008 at 3:08 PM EDT Story Updated: Sep 16, 2008 at 3:08 PM EDT SOUTH BEND – Shadi Musleh says it’s not rare for his store near the state line to sell several hundred dollars worth of cigarettes to a single customer. Related ContentStudy: Online banking made riskier because of site design flaws Police: Most people will be victims of identity theft in their lifetime Throwing away your identity: Agencies respond Instructions for an identity theft victim (.pdf) Police report increase in identity theft How to avoid cons that can lead to identity theft So when four women from Chicago entered the US 31 Tobacco Outlet on Indiana 933 on Friday and purchased $1,200 worth of merchandise using Visa and Mastercard gift cards, he didn’t think anything was suspicious. Until he got a phone call. A man in North Carolina told Musleh that his debit card showed a transaction at the store, even though the card was still in his wallet. So when the same four women returned to his store on Saturday, Musleh called police. What police discovered was a new twist in identity theft. According to St. Joseph County police spokesman Sgt. Bill Redman, police found that the women’s gift cards had magnetic strips encoded with the account numbers of stolen credit cards. Redman said police recovered nearly 60 credit or debit cards from two women, both 22, and two other women, 23 and 49. Musleh, the store owner, said he had encountered a similar scam when he worked in Australia, but this is the first time he has heard of it here. Because of the ambiguity of gift cards, Musleh said it’s a crime that almost impossible to catch. "With a gift card, you don’t need to ask for ID because there’s no name, no nothing that can be verified," Musleh said. "Anyone can use them, for any amount, and there’s nothing on them you can check." Because of the rarity of the case, both St. Joseph County police detectives and the federal Secret Service agents are continuing to investigate, Redman said. The four women were arrested and taken to the St. Joseph County Jail where all four remained in custody Tuesday afternoon.
	to forum · permalink · 2008-09-17 11:39:20 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to MGD There is a another genre of fraud website designs in use by the organized crime syndicate. This group began fraud charge operations around May of 2008. They have been under observation as a result of a heads up tip in June from mikesc . The sites have two basic designs, and are always hosted on GoDaddy with SSL certs. The early sites all had UK domain registrations, though the cyber-mules are US based and only US cards are targeted. It appears that in at least recent cases the domain is registered in the cyber-mule's name. Not sure yet if that is just a one off merchant application vetting adjustment. GOSAMPLESPRO.COM 623-237-9067 Now changed to under construction: Contact Us Jeff Katz (623) 237-9067 USA GOSAMPLESPRO.COM ----------------------------- If you want to request a moneyback or refund please click here If you want to contact us for any reason please write email to: admin@gosamplespro.com or by phone: (+1)(623) 237-9067 or by filling form below: ----------------------------- Registered through: GoDaddy.com, Inc. Domain Name: GOSAMPLESPRO.COM Created on: 06-Mar-08 Expires on: 06-Mar-09 Last Updated on: 06-Mar-08 . Administrative Contact: WILSON, DAVID al4n_b4ll@yahoo.co.uk 10 BARTIE GARDENS ASHGILL LARKHALL, SOUTH LANARKSHIRE ML9 3FB United Kingdom (777) 493-3721 . Domain servers in listed order: NS11.DOMAINCONTROL.COM NS12.DOMAINCONTROL.COM . . Easytemplatesrpo.com 616-723-0572 ----------------------------- Easytemplatesrpo.com Sales: George Hetschinof (+1)(616)723-0572 EASYTEMPLATESRPO.COM If you want to request a moneyback or refund please click here If you want to contact us for any reason please write email to: admin@easytemplatesrpo.com or by phone:(+1)(616)723-0572 or by filling form below: ----------------------------- Registered through: GoDaddy.com, Inc. Domain Name: EASYTEMPLATESRPO.COM Created on: 14-Jan-08 Expires on: 14-Jan-09 Last Updated on: 14-Jan-08 . Administrative Contact: WYNNE, JOHN johndwynnez@hotmail.co.uk 15 OAKLEY CLOSE LIVERPOOL, MERSEYSIDE L12 0BQ United Kingdom (151) 228-5368 . Domain servers in listed order: NS07.DOMAINCONTROL.COM NS08.DOMAINCONTROL.COM Fraud charge reports start in May: »800notes.com/Phone.aspx/1-616-732-0572 »800notes.com/Phone.aspx/1-623-237-9067 Cross charging from the crime syndicate's other sites,: quote: Rating: 0 Nancy Fatigato@cox.net - 2 May 2008 I live in Las Vegas and recently been charged a 4.95 charge through my bank from wiseegoods. I have changed my card number and the bank will refund the money. However in April I was also charged a $9.85 charge from a GOSAMPLEPRO.COM I think this is just another one of there co. because when I tried to contact them I got the same response,a recording, a woman with an accent. this charge is also being removed from my bank. »74.125.45.104/search?q=cache:b0a···=1&gl=us Wiseegoods has been discussed multiple times in two threads: »Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot and »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto quote: billy-bob - 24 Jun 2008 I had the same thing happen this billing cycle -- gosamplespro.com 623-237-9067 from Arizona for $9.85. The Website is down. The phone number is disconnected. And I never use that particular credit card, so I have no idea how this creep got the number. But I had the account closed today and I contested the charge. I agree, we have to do something to get this fixed! This guy belongs in jail. I wonder how many people just pay their bills like usual. He must be rolling in money. This is pretty bad service: quote: Jim - 25 May 2008 Same story here. Worse, Mastercard has not removed the charge from my account. Even after I spent an hour filling out and faxing the paperwork, they took a month to send a letter to say "we're investigating - we'll let you know". I'm about two steps away from suing somebody. This is an interesting read, and I am not sure what to make of it yet. At best it is only an anecdotal connection since only one victim has it in common. It came up because a user of »www.vanguardmil.com which apparently was hacked and compromised using a man in the middle clone site »www.vanguardmil.net ended up with a EASYTEMPLATESRPO.COM fraud charge. It sort of reminded me of the rangerjoes sql injection exploit attack. »captalk.net/index.php?action=pri···c=5503.0 There is only one listed customer who became a subsequent fraud victim from the syndicate, so it is still an anecdotal connection. A rough version of the story is that apparently »vanguardmil.com was compromised for length of time. Apparently the criminal hackers set up a fake clone domain vanguardmil.net »vanguardmil.net. As the criminals monitored the site transactions they would send an email to the purchasers with a return address of the .net domain asking them for: Another site in this group that has already been taken down: BERLANO.COM 913-871-8154 quote: Filed by Sid at 9/14/2008 6:20:36 PM Caller Type: Unknown Phone Number Report: Fraudulant credit charges 817-8715154 BERLANO.COM. CLOSE YOU ACCOUNT NOW BEFORE MORE CHARGES ARE PROCESSED!! I have not used the card for over 2 years and suddenly a $9.85 appears. »www.callercomplaints.com/SearchR···871-8154 No Google cache of berlano.com. Though they have a limited robots.txt file »easytemplatesrpo.com/robots.txt Snapped 2008-09-17 22:07:31 They also have search archiving blocking tags in the page source code: quote: >meta http-equiv="imagetoolbar" content="no" >meta name="author" content="The Zen Cart™ Team and others" >meta name="generator" content="shopping cart program by Zen Cart™, >http://www.zen-cart.com eCommerce" meta name="robots" content="noindex, nofollow" >base href="http://www.easytemplatesrpo.com/" Even without that they are difficult to find as there is little if any searchable text. The belarno.com domian reg: Registered through: GoDaddy.com, Inc. Domain Name: BERLANO.COM Created on: 25-Jun-08 Expires on: 25-Jun-09 . Administrative Contact: Salter, Ron ronsalters@yahoo.co.uk 38B, Oglander road London, London SE15 4EL United Kingdom +442032392946 . Domain servers in listed order: NS31.DOMAINCONTROL.COM NS32.DOMAINCONTROL.COM MGD
	to forum · permalink · 2008-09-17 22:15:42 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	reply to MGD connecttemplates.com AKA Web Connections, Inc. 501-303-4635 ---------------------------- Contact us Web Connections, Inc. www.connecttemplates.com Phone/Fax: 1-(501)-303-4635 Support e-mail: support@connecttemplates.com ---------------------------- As usual, blocked from search engine archiving: »connecttemplates.com/robots.txt Snapped 2008-09-20 19:23:58 Web Connections Inc., was set up within the past month. What makes this interesting is, that it is yet another connection which ties all these various themed operations together. Have a look at the domain registration: Domain Name: CONNECTTEMPLATES.COM Registrar: GODADDY.COM, INC. Created on: 19-Aug-08 Expires on: 19-Aug-09 . Registrant: Mahon, Gershom mahon_gershom@yahoo.com 866 E 93rd. street Brooklyn,, New York 11236 United States (425) 963-1511 . Domain servers in listed order: NS1.HOSTDONE.COM NS2.HOSTDONE.COM The name Gershom Mahon, is another piece of the organized crime syndicate puzzle. Gershom was the cyber-mule who set up the New York Sales & Multi-Services, LLC 620-307-0165 that was posted back in early August:»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto The long running Atala Designs, Inc 214-594-4188 »ataladesigns.com is one of the known cyber-mule recruiters for the orange template fraud format websites. »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Gershom Mahon was assigned to the Black X Template group. Cyber-mules from that group were recruited by the EffectiveSoft fraud clones: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto who were also tied to both the UK Alfacor and Strawberry card fraud and recruiting operation: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Once again, the recycling of cyber-mule data adds more pieces to the puzzle. Still trying to hunt down the state where this "Web Connections, Inc." was registered. It is a very generic name that exists in multiple places, however, you can eliminate New York and Arkansas, (the 501 contact area code) from the list of possibilities. It is a little early yet for fraud reports to show up, though they will have the state abbreviation on the line item when they do. MGD EDIT= corrected exclusivesoft to EffectiveSoft and fixed link
	to forum · permalink · 2008-09-20 19:29:14 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to MGD Have another fresh crop of fraud websites coming up, no let up on the Russian / Ukrainian factory assembly line: alwebexpress.com AKA Alpha Express, LLC 435-554-0243 ----------------------- »alwebexpress.com Contact us Alpha Express, LLC www.alwebexpress.com Phone/Fax: 1-(435)-554-0243 Support e-mail: support@alwebexpress.com ----------------------- I have not identified the cyber-mule's LLC that is associated with. There appears to be several legitimate Alpha Express llcs' registered in various states. Since the domian was just registered on 07/08/2008 they may not have any fraud charge reports for a few weeks yet. That is assuming that the merchant account has already been completed and approved. The line item of the fraud charge will specify the state. Bogus registration, as usual: Domain Name: ALWEBEXPRESS.COM Registrar: ENOM, INC. . Registration Service Provided By: NameCheap.com Contact: support@NameCheap.com . Domain name: alwebexpress.com Registrant Contact: JDv James Dougherty 162 BALA DR. SOMERS POINT, NJ 08244 US . Administrative Contact: JDv James Dougherty (eliz_dough9673@yahoo.com) +1.6315324267 Fax: +1.6315324267 162 BALA DR. SOMERS POINT, NJ 08244 US . Status: Locked . Name Servers: ns1.hostdone.com ns2.hostdone.com . Creation date: 08 Jul 2008 19:56:17 Expiration date: 08 Jul 2009 19:56:17 »alwebexpress.com Snapped 2008-09-22 21:47:25 Most likely, you can eliminate Utah, and New Jersey, from, the list of possibilities for the LLC. MGD
	to forum · permalink · 2008-09-22 21:55:04 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to MGD Iltemplates.com AKA Internet Logistics, LLC 352-353-0375 --------------------------- Contact us Internet Logistics, LLC www.iltemplates.com 555 N. El Camino Real ----->>Indicates the merchant account came from the secondary market. Potential problem obtaining merchant account directly from a bank. Suite A 357, San Clemente, CA, 92672 Phone/Fax: 1-(352)-353-0375 --------------------------- P/LLC INTERNET LOGISTICS, LLC Number: 200822710276 Date Filed: 8/13/2008 Status: active . Jurisdiction: CALIFORNIA Address 555 N EL CAMINO REAL STE A 357 SAN CLEMENTE, CA 92672 . Agent for Service of Process MARY ATTALLA 555 N EL CAMINO REAL STE A 357 SAN CLEMENTE, CA 92672 Too early for fraud repors yet, MARY ATTALLA should be reachable. Registrant: BEATA WILTOS 10 julia terrace dover, New Jersey 07801 United States . Registered through: GoDaddy.com, Inc. Domain Name: ILTEMPLATES.COM Created on: 21-Aug-08 Expires on: 21-Aug-09 Last Updated on: 21-Aug-08 . Administrative Contact: WILTOS, BEATA beata_wiltos1986@yahoo.com 10 julia terrace dover, New Jersey 07801 United States (425) 963-9504 . Domain servers in listed order: NS1.HOSTDONE.COM NS2.HOSTDONE.COM . »iltemplates.com Snapped 2008-09-23 02:26:13 MGD
	to forum · permalink · 2008-09-23 02:26:23 ·
Concerned @orlandotelco.net	Hello, I came across this thread through a google search of "Starr Works Consulting" 843-278-5237 MD" that defrauded my Wamu card of $11.89 on 082508. I have never heard of this firm nor done business with them. I cannot imagine how they got my card number. I contacted Wamu and am filling out the required paperwork to get a chargeback. Do I need to cancel the card, or should I consider this a one-time fraud? Any comments appreciated.
	to forum · permalink · 2008-09-23 15:47:37 ·
MGD Premium,MVM join:2002-07-31 kudos:9	said by Concerned : Hello,........ Do I need to cancel the card, or should I consider this a one-time fraud? Any comments appreciated. Hi, and thanks for posting. Absolutely, you must cancel and replace the card. There is no question that you will be charged repeatedly. In the years that I have been tracking this criminal enterprise, I have yet to see a "one time only incident". Make sure that your bank knows that this is a "Fraudulent Charge". Your card account data is already compromised, and that card is in the crime syndicate's database. They will now rotate charges across several of their fraudulent websites / LLCs. The only way to stop it is to have the card cancelled and reissued. I can tell you that you will not get another charge from Starr Works Consulting" 843-278-5237 MD Thanks to some very sharp and observant minds within the system, Starr Works has been recently cut off and shut down. Though the majority of the hijacked card data is reserved by the syndicate for repeated use in this fraud system, a percentage of the card data is used to pay for the support operation. Therefore some cards will get hit for hundreds of dollars in website hosting service charges and registrations, plus other assorted fees including for bulk phone system purchases. Other victims cards can get hit with the crime syndicate's G & A expenses. Many victim's cards have been hit for high priced airline tickets for flights from Western to Eastern Europe. The tickets are expensive as they are last minute high priced bookings for travel within 24 to 36 hours. That way once the initial purchase is approved, the flight will have been completed before the victim has a chance to see and dispute the charge. Generally, individual cyber criminals do not have the trait of practicing restraint in fraudulent card usage. That is why this operation is tagged as an organized crime syndicate. There is a level of dominant control in this operation with regard to card data handling, that would be lacking in any loosely knit group of cyber criminals. It takes a high level of control to reserve the majority of the hijacked card data for exclusive use in this process. Most stolen card data is burned up by a rash of repeated sequenced charges. That type of use in turn triggers a rather fast alert in the system which flags the card. It is those types of high use card burns that then triggers fraud analysis that in many cases the patterns uncover the source of the leaks. This organized crime syndicate derives multiple benefits by only hitting massive amounts of cards for around $10 a pop. Despite what victims are told repeatedly by institutions of a fraud charge investigation, there really is none for a $10 fraud charge. Consequently there is no database assembly of the cards subjected to the charge, and no potential to discover unknown leaks. That is a tremendous advantage and preservation tactic for the syndicate. The potential to identify and disrupt the potential sources and exploit methods are non existent. Bear in mind that almost every large card database infiltration in the last few years was first identified from the outside, not from within. Card Systems, TJMAX, Hannaford, WalMart gas stations, et all, were first notified based on fraud pattern analysis from the outside. That led to calls, with, hey, you guys have a data compromise problem. Only after that outside notification, was the actual point of infiltration discovered. In some cases it had been ongoing for several years. That form of analysis is totally absent from this long running fraud, and without that, no one knows for sure what the sources are. This operational format can apparently be sustained indefinitely. Bleeding off $15 to $20 million a year in fraudulent cash from the mutli billion dollar card industry, appears to be a level that can be tolerated. MGD
	to forum · permalink · 2008-09-23 17:43:55 ·

Broadband Tech > Security > Scam and Phishbusters > Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto