Ebook websites, fraud charges, Devbill/DigitalAge/Pluto - Scam and Phishbusters

Author	All Replies
MGD Premium,MVM join:2002-07-31 kudos:9 4 edits	reply to Doctor Olds Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto On several occasions over the past few years I have awarded the title of the organized crime syndicate's current "longest running card fraud money laundering LLC / website" which is still actively charging. It should also be noted that the award can only be assigned to the "longest known" fraud site. Despite over 6 years and thousands of postings on over a half dozen threads on DSLR, we still only scratch the surface of this massive operation. I made the mistake back in July of 2009 of assigning that longest running active fraud title to: EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410. At the time, I had presumed that the prior record holder of four and half years of continuous fraud charging, KCSOFTWARECOM LLC aka KCSOFTLLC.COM had been shut down after THIS POST in October of 2008. Unfortunately, 10 months later in October of 2009, I had to issue THIS RETRACTION when it was discoverd that KCSOFTWARECOM LLC aka KCSOFTLLC.COM.com had continued processing fraud charges and laundering the proceeds out the country as late as Jun 10th, 2009. Since KCSOFTWARECOM LLC aka KCSOFTLLC.COM began operation in March of 2004, that meant they had racked up over 5 years, or half a decade of continuous fraud charging: The corresponding business LLC registration: Not long after that, a security insider at a major financial institution went on an intensive hunt to track down the associated business bank account, and have it closed down for fraud and money laundering. There have been no reported fraud charges since that time. Several days ago when I saw more fraud charging coming in from EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 a 2006 organized crime syndicate's fraud entity, I decided it was time to firmly plant them in the # 1 spot again. I must admit, I am a little gun shy. Though there have been no fraud reports for over 6 months on KCSOFTWARECOM LLC aka KCSOFTLLC.COM, the cyber mule Ms. Kimberly Costanza continues to list it as her occupation: I do not know about everyone else, but I would be tempted to remove it from my resume, if it had clearly sank in that for over half a decade I had been duped into setting up a card fraud money laundering business entity for a Russian organized crime syndicate: ================================= Kimberly Costanza’s Experience owner/partnership Business Software (Computer Software industry) January 2004 — Present (6 years 4 months) Selling web software design products on the business website in the United States. In partnership with a software company. ================================= Ref:»www.linkedin.com/pub/kimberly-co···/6a7/6ba Just doing a Google search of one's business entity KCSOFTLLC, would return a staggering over 1,400 hits and none of them are from anyone who actually made a legitimate purchase in the 5 plus years. I will agree that it is extremely difficult to comprehend how an individual could remain duped for such an extended period. If you only Googled the name of your fraudulent business entity just once in half a decade, even out of curiosity, what a story it would tell. While you shuttle and launder the fraud proceeds out of the country blissfully ignorant, companies as far away as France with almost identical names are being hounded by defrauded consumers. In August of 2005, in response to another round of fraud complaints in the security forum Snowy posted a link about the French company kcsoftwares.com, in the third entry here: »$9.95 scam, now from kcsoftllc.com who, at that time had posted an alert due to all the complaints that it was mistakingly receiving: =========================== About Fraudulent purchases Many persons have contacted us concerning fraudulent purchases charged on their credit cards with a name very similar to our company's name : KCSOFTWARE.COM LLC (from the United States of America). We are not such company. We are KC Softwares SARL, based in France. Charged made by our company are explicitly labeled KC Softwares SARL or Yaskifo. If not then we are NOT the company in cause. We have tried to contact KCSOFTWARE.COM LLC, but without any succes ========================== The flooding of innocent companies with fraud charge complaints, is, and has been, a recurring issue. In that case the letter "s" was the only distinguishing item. I don't know when Ms. Costanza's LinkedIn page went up, but I do not recall seeing it in the latter half of 2009 when I last conducted a detail audit. So is it possible that a new bank and merchant account were set up for a replacement website for KCSOFTLLC.COM. It is clear to me that there were multiple merchant accounts supporting KCSOFTLLC.COM in the half decade that it existed. I can tell that based on the way victims reported the fraud charges over the years. The quoted line item charge known as a "billing descriptor" varies over the period. Since that bill descriptor is set by the merchant account provider, the most likely reason it changed over time is because the merchant provider changed. In this organized crime syndicate's operation the only reason for multiple merchant account providers is because the prior one gets canceled to excessive charge backs and fraud complaints. That would put KCSOFTWARE.COM LLC in the "Steve John Rogan" of Arizona category. However, it might be unfair to question the reasoning, logic, and intuitive, skills of Ms. Costanza without also including the similar but professional version of those skills at Authorize.net / Cybersource. After all, they were, and are, the preferred and so far as I can tell the sole provider of every payment gateway access for all of the organized crime syndicate's decade long card fraud and money laundering operation. In any event, and presuming Ms. Costanza has retired from: ..."Selling web software design products on the business website in the United States. In partnership with a software company". ...., I feel it is appropriate to now crown: EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 as the OCS's reigning longest continuous and still active card fraud laundering operation. »ebsebooks.com Snapped 2009-01-26 03:27:06 »ebsebooks.com Snapped 2009-07-08 13:31:59 »ebsebooks.com/contacts.php Snapped 2009-07-08 13:31:41 »ebsebooks.com/robots.txt Snapped 2009-07-08 13:31:23 Although the card fraud charging and laundering of EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 is believed to have began long before this first public report in December of 2007: quote: Amanda 28 Dec 2007 Found online that the number belongs to ebsebooks.com AKA Electronic Business Resources 412-927-0410 Ref: »800notes.com/Phone.aspx/1-412-927-0410 The most recent fraud charge report is from a few days ago, March 31st., on whocallsme.com: quote: Mike G 31 Mar 2010 I was reviewing my statement and found a 4.95 charge for which I know nothing. It looks as though I am not the only one being fraudly charged by this company »whocallsme.com/Phone-Number.aspx···270410/4 The first report on that forum is in February of 2008. But we know that the Pennsylvanian cyber mule, Terra Milbourne registered the Electronic Business Resources LLC on February 6th. 2006, which makes it over 4 years old: It is also possible that there was a previosu website, as EBSEBOOKS.COM was not registered until May 30th., 2006, then repeatedly renewed, as I am sure it passed all expectations of the organized crime syndicate's longevity: Registration Service Provided By: Jaguar Technologies LLC Contact: sales[@]jaguarpc.com Domain name: ebsebooks.com Administrative Contact: ------>FRAUDULENT - Richard Stewart (ebsebooks@yahoo.com) +1.3094077237 Fax: - 910 Freeport Road Pittsburgh, PA 15238 US Name Servers: ns3.jaguarpc.net ns4.jaguarpc.net Creation date: 30 May 2006 20:43:47 Expiration date: 30 May 2008 20:43:47 Expiration date: 30 May 2009 20:43:47 Expiration date: 30 May 2010 20:43:47 . The documented hosting and nameserver activity history shows: EBSEBOOKS.COM IP Address History =================== Event Date Action Pre-Action IP Post-Action IP ====================================================== 2006-06-01 New -none- 207.210.81.180 2006-10-14 Change 207.210.81.180 69.73.180.196 2007-04-22 Change 69.73.180.196 69.73.139.29 2007-10-21 Not Resolvable 69.73.139.29 -none- 2008-06-02 Change 69.73.139.29 8.15.231.113 2008-06-04 Change 8.15.231.113 69.73.139.29 Name Server History =================== Event Date Action Pre-Action Serve Post-Action Server ============================================================ 2006-06-01 New -none- Jaguarpc.net 2008-06-02 Transfer Jaguarpc.net Name-services.com 2008-06-04 Transfer Name-services.com Jaguarpc.net . The fact that it goes back over 4 years is a reminder of how the Crime Syndicate routinely and repeatedly used jaguarpc.net, for numerous domain registrations and hosting, which is now owned by Landis Holdings Inc, and was once the OCS's preferred provider. In fact a search for "Jaguar" of the entire DSLR records, will produce 3 pages of results all related to this card fraud and money laundering crime syndicate going back to September of 2005 Repeated efforts to track Ms. Milbourne down have failed. The Pittsburgh, PA., website of magicalhandsmassage.com, which once had a listing for a matching name, is now NLA: quote: Terra Milbourne received her massage and body work training from the Pittsburgh School of Massage Therapy. While trained in numerous therapies, her area of specialty is Thai Massage, also know as the lazy man's yoga. She comes from a long line of Native American Healers and uses this healing knowledge in massage. Terra is skilled in the use of herbs, essential oils and their healing properties. Magical Hands Massage · 5817 Forward Ave · 412.422.2284 · M-F 10am - 7pm, Sat 10am - 4pm Ref: »magicalhandsmassage.com/who_we_are.html Other digging may indicate that Ms. Milbourne, believed to be in her early thirties, could be related to a famous baseball player from the mid 70's to mid 80's, who played with the Astros, and Yankees, possibly a daughter. Since the fraud charging and money laundering entity: EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 just passed its 4th birthday, and is now in its 5th year of operation, it really needs to be shut down. The financial system security contact responsible for tracking down and terminating the last know accounts of KCSOFTWARECOM LLC aka KCSOFTLLC.COM, has know begun the process of trying to travk down the associated fraud accounts for EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410. This wizard has developed a sixth sense whereby they can smell the aroma of any of the Organized Crime syndicate's card fraud laundering operations if any related paperwork passes within 250ft of them, regardless of how well disguised it is. However, the task will be significantly easier if a fraud victim can provide the 21 digit ARN (Acquirer Reference Number) of the related fraud charge from EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410. Even the 2nd through 7th digits would be of help. I will return to EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 in the second post from now as they are uniquely linked to the new card fraud laundering operation that this Organized Crime Syndicate has now morphed into. During the second half of 2009, the overall merchant account fraud detection rate at enrollment time peaked at an all time high. The modus operandi became well know within the system and thus the detection at set up time was significant. Since them the OCS has totally changed the way they operate. They had long ago abandoned the factory servers where over a 100 fraud websites were stashed in various stages of construction and operation. The days of shadowing the operation as they shuttled the production between servers in Australia and the US are no more. The multi year configurations of fake Web Templates, E-Books, Mobile Games, etc are fading fast. They have been replaced with an entirely new genre, designed to co-mingle with legitimate startups and be undetected. Single server hosting scattered individually, all around the globe, along with the strategy of reducing the monthly fraud throughput per site by 50% has produced an entirely new operation totally unlike the prior history. Though the output per unit is dropped to avoid detection and complaints the number of performing units has been increased to compensate. We will return to this rebirth facade, and how the 4 plus year EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 fraud operation is directly linked to it. But next we will head over to the UK and take a peek at a database of the new matching recruiting operation ... MGD
	to forum · permalink · 2010-04-04 15:43:20 ·
music man Premium join:2008-08-12	Good work fella!!! You mentioned the UK!! You have my full attention!
	to forum · permalink · 2010-04-05 11:51:50 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	Actually the reference to the UK was not that any new operation had been uncovered there, it was a reference to the excellent work that bobbear.co.uk is doing with respect to uncovering, exposing, and closing down many of the organized crime syndicate's recent recruiting websites. As you may know the volunteer group bobbear.co.uk »bobbear.co.uk has served as a collection point, a central database, and global resource on mule recruiting of all kinds. I frequently collaborate with Bob and have confirmed mule recruiting websites that are ran by this organized crime syndicate. Recently Bob has been instrumental in uncovering several of this crime syndicate's latest recruiting operations. Many potential mule recruits who have resumes posted at Careerbuilder.com have contacted bobbear.co.uk after being solicited by the criminals. Potential mules who were suspicious of the solicitations, and contacted bobbear after searching and finding similarities between their correspondence and existing data on bobbear.co.uk. This collaboration has yielded clues as to the OCS's new operational strategy and tactics. Those clues combined with other pieces of evidence gathered elsewhere, tell the story of the the organized crime syndicate's new and emerging tactics. As I mentioned in an above post in the second half of 2009 the criminals were fettered by an increasing level of early detection of the fraudulent merchant accounts and associated operation. This growing failure rate prompted the syndicate to significantly alter their operation. The fraudulent front websites which are a cover for the card fraud laundering, are no longer hosted in clusters, but are distributed individually across the globe. In addition, to almost eliminate any victim group collection of fraud reporting, and thus uncovering, they have reduced the amount processed monthly by each card fraud website. That reduction has been compensated for by increasing the total number of active fraud processing sites. The survival benchmarks are the ebsebooks.com, cheapestthemes.com, kcsoftllc.com. The strategy is to return to a virtual stealth mode of card fraud laundering where the noise levels are so reduced and dispersed that once again no one will be aware that there is a massive fraud operation taking place. The keystone of this new strategy is to diversify the fake websites from intangible products, into appearing to sell real products, thus making merchant account flag filtering at application time even more difficult. This new genre of themed websites can now be exposed. Bobbear.co.uk uncovered the third mule recruiting website in the trilogy of the China based "Toy manufacturing" fake front. First it was Tetronix toys Ltd aka Tetronixtoys.com who were carpet bombing Careerbuilder with job adds supporting the Crayon Group. Then came the identical clone Que toys Ltd aka quetoys.com which attempted to create an instant established history by mass seeding posts with a Russian bot crawler script, and also flooded Careerbuilder with job adds. The third identical version came complete with multiple actual real press to seed a fake history of joint ventures and Santarex Toys Ltd aka santarextoys.net was uncovered and neutered by Bobbear.co.uk. ===================================== Tetronix toys Ltd Tetronixtoys.com Company name: Tetronix toys Ltd Company address:49/F, World Trade Centre, 280 Gloucester Road, Causeway Bay City:Hong Kong Country: China E-mail: info@Tetronixtoys.com ===================================== Que toys Ltd www.quetoys.com Company name: Que toys Ltd Company address: 23,Harbour Road, Wan Chai City: Hong Kong Country: China E-mail: info@quetoys.com ===================================== Santarex Toys Ltd www.santarextoys.net Company name: Santarex Toys Ltd Company address: Worldwide Executive Centre, 9/F World-Wide House, 19 Des Voeux Road Central City: Hong Kong, China Phone: +852 8120 3741 E-mail: info@santarextoys.net ===================================== Cyber-mule jobs are by invitation only !! you will not just "run across" the fake website, or find in any job searching: .......... ..... .. We plan to develop a network of sales through our own Internet shops with help of Sales Representative / Project Manager. We have developed the necessary marketing strategy. Main duty of a Sales Representative will be the organization of sale strategies for the products. Our company is already working on a reliable plan; and, all we need is a partner whom we can trust. Please, check the requirements for the job below, and decide if it works for you: -Age: must be over 21 years; -References: positive feedback from the previous employer (possibly from the last one); -Knowledge: good or deep knowledge of Word, Excel. Internet Explorer; -Personal Qualities: communicative, responsible, self-motivation and self-development; -Transportation: having a personal car would be a plus; -You will need to open a company in the state of your residence; it maybe a LLC, or any other kind of company. Furthermore: It can be considered as a part-time employment; Salary: we have 2 options (from which you will need to choose one variant.): 1. $2,000 USD fixed per month 2. 10% commission on each sale. You can work with us in parallel with the main activities you have. We will discuss all the details more once you accept the offer. Also, we are willing to work around your schedule so that you have more time to spend with your family. And, the most important part, you are not required to investment your own funds; all costs are covered by the company. I'm looking forward to hearing from you soon. -- Best Regards, Alexander Kalmanovsky, HR Manager, Santarex Toys Ltd. Bogus Press Release actually sent out on the paid wire service by the organized crime syndicate: The Fake fraudulent PR was even picked up by Fidelity Investments: »eresearch.fidelity.com/eresearch···s&gic=25 This seeding of enews to create a searchable bogus history, aimed at duping victims who think they are performing due diligence is becoming commonplace in organized cyber crime. Though santarextoys.net was displaying a cloaked privacy domain registration: Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM Registration Service Provided By: HIGH QUALITY HOST COMPANY Contact: +1.6462130098 Domain Name: SANTAREXTOYS.NET Registrant: PrivacyProtect.org Domain Admin (contact@privacyprotect.org) P.O. Box 97 Note - All Postal Mails Rejected, visit Privacyprotect.org Moergestel null,5066 ZH NL Tel. +45.36946676 Creation Date: 09-Nov-2009 Expiration Date: 09-Nov-2010 Domain servers in listed order: ns2.echo-host.com ns1.echo-host.com IP Location: Russian Federation Moscow For Mediasoft Expert Ltd Resolve Host: c002n01.zahost.ru IP Address: 88.212.201.90 When you lift up the privacy cloak and look under: Domain Name: SANTAREXTOYS.NET Registrant: HOLT llc. SHAWN HOLT (isaactimidvj@hotmail.com) 45 Quail Trail Buxton Maryland,04093 US Tel. +145.789807 Creation Date: 09-Nov-2009 Expiration Date: 09-Nov-2010 Domain servers in listed order: ns2.echo-host.com ns1.echo-host.com There was a backup .com domain waiting in the wings SantaRexToys.COM: Registration Service Provided By: HIGH QUALITY HOST COMPANY Contact: +1.6462130098 Domain Name: SANTAREXTOYS.COM Registrant: Cooper llc. Brian Cooper (zombaklinevat@hotmail.com) 480 Etowah Drive Cartersville Georgia,30120 US Tel. +168.7098790 Creation Date: 04-Nov-2009 Expiration Date: 04-Nov-2010 Domain servers in listed order: ns3.netter.ru ns1.netter.ru IP Location: Russian Federation St. Petersburg Ooo Company Delfa Resolve Host: 156.10.arpa.delfa.net IP Address: 193.124.10.15 Thanks to the great work at Bobbear.co.uk, both domain names were subsequently suspended by the registrar: Domain servers in listed order: ns2.suspended-domain.com ns1.suspended-domain.com More fraud mule recruit websites and the new webface versions of card fraud laundering sites to follow Also, Canadian residents beware ... active recruiting of cyber mules in CANADA is back. There ~~..IS ..~~ was at least one active card fraud laundering website fronted by a Canadian cyber mule. Last known active Canadian cyber-mules for the OCS was in 2006 and 2008. MGD
	to forum · permalink · 2010-04-06 02:44:43 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	reply to MGD Towards the end of 2009 the large increase in the organized crime syndicate's cyber-mule recruiting fake front websites began showing up on almost a weekly basis in Bobbear.co.uk's global database. With an abundant supply of compromised card data from the syndicate's non stop hacking and infiltration of the financial system, combined with their revised stealth plan of doubling the amount of active card fraud laundering websites, there is an ever increasing demand for fresh cyber-mules. Consequently there has been a significant growth in the amount of fake recruiting sites. A diverse variety of recruit sites is also needed as the organized crime syndicate has round the clock access to the huge database of resumes on Careerbuilder.com via fraudulent employer accounts. In the continuing theme of fake Swedish based recruit sites, a la: "Gjörwellsgatan 28, 112 60 Stockholm Sweden", Bob documented "Job Instructor Inc." recruitment company aka job-instructor.com, and also "Job Specification Inc." recruitment company aka jobspecification.org. The continued monitoring produced additional paired sites such as this follow up to an inquiry of Job Specification Inc. www.jobspecification.org published by Bob: quote: Good day! Thank you for your answer. I believe our cooperation will bring us a lot of positive experience. Please see below the detailed description of the position of Assistant Director. Our Swedish partner, Azatti Desing Studio Inc, is looking for a candidate to the position of Assistant Director. They've applied to us to find the proper person for this position according to their requirements. Azatti Desing Studio Inc. provides their customers with wide variety of design services for many years already and has a great experience in this sphere. Recently, the management of the company has decided to enter the US market, and for this purpose they need an associated business unit in US. This decision was also caused by the difficulties existing for European companies who wish to sell products and services to US customers as well as by intention to avoid heavy domestic taxes (as you might know, Swedish taxation is probably one of the heaviest in the world). Azatti Desing Studio's Inc. engineers will create a Web-store for US company to sell their original products online. They will promote this Web-store and provide it with hosting, development and support. To accept payments online, it will be necessary to have a merchant account. Unfortunately it is impossible for European company, which has a merchant account in European bank, to accept payments online from US customers (basically, it is possible, but with a lot of limitations that make it impossible). So the Assistant Director, as a company representative, will need to open a merchant account in US. Azatti Desing Studio will provide you with all necessary information and instructions. The primary duties of Assistant Director are: a. Business bank account and Merchant account maintaining and monitoring; b. Handling business correspondence and transmitting it to Azatti Desing Studio Inc by fax or by mail (all expenses are reimbursed). c. Being in touch with Azatti Desing Studio's Inc representative by e-mail and accurately following his/her instructions. First of all you'll need to register the LLC in your Secretary of State or at >http://instacorp.com. (Feel free to ask for my help with this question at any time). Your company will operate as an on-line store and will sell a digital content for PC provided by Azatti Desing Studio Inc. Also Azatti Desing Studio Inc will be responsible for customers and technical support. You will be responsible only for performing the duties above. Azatti Desing Studio's Inc requirements: 1. A punctuality, clear background. 2. Deep desire to achieve financial success. 3. Computer / Internet / e-mail skills. 4. Internet and e-mail access. 5. US citizenship or Green Card. Your commission will be 5% from the store revenues (you'll earn about 2,500-3,000$ per month). Also all bank and merchant fees will be paid by the parent company. You will get your 5% in any case not depending what fees will be. Your income will increase along with business boost. You will be responsible to pay taxes only on your commission; the rest taxable 95% is a responsibility of the parent company. Let me sum up all I said above about your duties briefly in few clear steps: 1. You need to file a legal entity in your state (city) (it can be a LLC or Sole Proprietorship). If you already have a company, it's great, it will save us some time. The cost of registering a small business starts from $200, but it strongly depends on the State. The time frame for a company set-up also differs from state to state and normally the process of registration takes 2-10 business days. The parent company will reimburse you for these start up expenses from the first revenues your web-store produces. 2. After the LLC is registered you'll need to open a business checking account in any bank in your area. After that your personal manager will provide you with instructions on how to open the merchant account for the store. Here ends the start up process and your duties will be just to monitor the accounts and take your regular commission. As you can see, all steps are very easy. Feel free to ask any questions you have and let me know your decision. In case it is positive I'll send you an Agreement to sign that welcomes you to the Azatti Desing Studio Inc successful team. Waiting for your answer. Sincerely yours, Kevin Larsen. The reference to Azatti Desing Studio Inc(sic) turned out to be "Azatti Design Studio Inc": Azattidesignstudio.com ICANN Registrar: ACTIVE REGISTRAR, INC. Domain Name: AZATTIDESIGNSTUDIO.COM Expiry Date: 03-Dec-2010 Creation Date: 03-Dec-2009 Name servers: ns1.horse.arvixe.com ns2.horse.arvixe.com Registrant Name: Whois Manager Registrant Company: Whois Proof LLP Registrant Email Address: Registrant Address: PO Box 4120 Registrant City: Portland Registrant State/Region/Province: OR Registrant Postal Code: 97208-4120 Registrant Country: US Registrant Tel No: +1.2024700599 Registrant Fax No: +1.8663666681 IP Address: 174.120.228.3 IP Location:- Texas - Dallas - Theplanet.com Internet Services Inc Bobbear.co.uk's monitoring of the cyber-mule recruiting by 1stclassrecruitment.org uncovered another fresh theme Rocking Icons aka ROCKINGICONS.COM still active: »www.rockingicons.com/ Registration Service Provided By: Active-Domain LLC Contact: >http://www.active-domain.com Domain Name: ROCKINGICONS.COM Expiry Date: 28-Nov-2010 Creation Date: 28-Nov-2009 Name servers: ns1.croc.arvixe.com ns2.croc.arvixe.com Registrant Name: Whois Manager Registrant Company: Whois Proof LLP Registrant Email Address: Registrant Address: PO Box 4120 Registrant City: Portland Registrant State/Region/Province: OR Registrant Postal Code: 97208-4120 Registrant Country: US Registrant Tel No: +1.2024700599 Registrant Fax No: +1.8663666681 Server Type: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28 IP Address: 75.126.53.64 IP Location: - Texas - Dallas - Softlayer Technologies Inc Response Code: 200 Domain Status: Registered And Active Website Bob's write up of the OCS's RockingIcons recruit fraud website shows where the data is cloned from. MGD
	to forum · permalink · 2010-04-06 18:59:49 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	reply to MGD As bobbear.co.uk continued to collect samples of this organized crime syndicate's aggressive mule recruitment projects, one in particular was instrumental in discovering the new group of fake front card fraud laundering using tangible products as a front. Data from Bob correlated with information coming from other sources pointing to this new vector. While fake front mule recruiting websites for intangibles, such as the above Rocking Icons continues, the diversification into real products is an attempt to deceive merchant account underwriters who are aware of the fraud intangible operation. The tactic is also designed to snare cyber-mules who may be wary of becoming involved in a download only type operation. Though recruiting for mules for fronting fake laundering websites of real products is new, faking that they are based in China is not: Geo Electronics Ltd aka GEO-ELECTRONICS.COM »www.bobbear.co.uk/geo-electronics-ltd.html ============================================= Company name: Geo Electronics Ltd Company address: 168-200, Connaught Road Central, Sheung Wan. City: Hong Kong Country: China Phone: +852-8121-1956 E-mail: business@geo-electronics.com ============================================= and a partner recruit site Jongsun Electronics Ltd aka JONGSUNELECTRONICS.COM »www.bobbear.co.uk/jongsun-electr···ltd.html ============================================= Jongsun Electronics Ltd Company name: Jongsun Electronics Ltd Company address: Eastern Commercial Centre, 397 Hennessy Road, Wan Chai. City: Hong Kong Country: China Phone: +852-8176-3628 E-mail: business@jongsunelectronics.com ============================================= This new tactic of a real products enterprise also comes with a whole new deception angle to ensnare potential cyber-mules into participating in a global card fraud money laundering organized crime enterprise. To those who are not particularly business savvy or have a good understanding of global eCommerce, the logic of recruiting a US partner seem almost legitimate: Good day, We have received your inquiry with regards to the open vacancy for the position of a Sales Representative/Project Manager at our company. Please review this brief information below on our company and the job offer itself: We are involved in the complete production cycle, manufacturing various consumer electronics, from flash lights to camcorders and computer equipment at our plant located in Shenzhen, Ñhina. At the moment, we are looking for new ways to sell our products since, due to the global economic crisis, the amount of firm standing orders for wholesale supplies of electronics and equipment has decreased severalfold. In the past 6 months, we have been consulting with a few leading business consulting agencies in Hong Kong and, as a result of these consultations, we have developed a new unique model for selling our products; it is aimed at the biggest market - the US market. In brief, the professional recommendation that we have received is to create an Internet store for promoting our products, where we could use all the available advantages as the manufacturer of the products, in particular: flexible price police, availability of the products offered at the Internet store in stock will reach 99%, using the Internet store for selling our products both on the wholesale and retail basis. When working on developing the business model for the work of the Internet store, the only problem that we have come up against is this bottleneck/snag: in China, where our company is located, it is extremely difficult to run an e-commerce export-oriented business. Let me explain why it is so: the thing is that at any Internet store, just as at any retail store, a customer first selects a product and then pays for it, and it is here that we have discovered the problem: the problem of payment for the products. We have been offered several variants, which involve using the services of the so-called third party processing companies: they would process the customers' payments and for their services involved in processing payments made by US customers at our Internet store they would charge a 25% commission for each sale. Naturally, it is not profitable for us; we have begun looking for ways out of this situation and we have come up with one variant, which would allow us to still sell our products in the USA and the overall level of expenses (commission expenses) would reach up to only 10%, which is acceptable for our company. The above briefly explains the reason why, to implement this fairly simple model with a minimum of expense paid out as commission for each sale, we need a Sales Representative, a reliable and trustworthy partner in the USA. Now, let me give you some more detailed information: According to the results of our research, the most widely used payment method at US Internet stores is credit/debit/gift cards. As I have already mentioned, if we were to implement this model of work here in China, we would have to pay 25% commission (for each sale effected at the Internet store) for processing payments made by our customers by a third party processing company; if we implement this model through a Sales Representative in the USA, however, we will only need to pay up to 10% commission, including the salary paid to the Sales Representative. So, our primary task and responsibility will be to ensure that a reliable system for processing the customers' payments at the Internet store is in place; for this purpose, there are the so-called E-commerce Merchant Accounts, which you will need to open and integrate with the Internet store (we will provide all the required assistance for that); that will allow the customers to pay for the products that they would like to purchase at our Internet store in the real time mode, i.e. it will take no more than 2-3 minutes from the moment a customer selects a product to purchase to the moment the customer actually pays for it. Unfortunately, we cannot directly open an E-commerce Merchant Account in the USA on our own, since one of the first requirements of all the merchant account providers is that one of the partners involved in the project should be a resident of the USA. What are our products? Most of the products that we manufacture are presented on our website, and you are welcome to review them there. We manufacture a very wide range of various electronics products, from flash lights, lasers and USB connectors to camcorders, DVD players, etc. Also, we act as a wholesaler within a wide network of electronics manufacturers in China; therefore, we can always guarantee the 99% availability levels of the products in stock at our warehouses. What will the sales system be like and how will it work? 1. We will provide you with an Internet shop; to be more exact, we will develop it for you from scratch and absolutely free of charge for you; it will be a website located on a domain in the .com zone. 2. We will present most of our product range at the Internet store; although it is also possible that we will only present only one category/type of products, for example: flash cards, memory cards. 3. You task will be to connect this Internet shop to the sales system; in particular, you will need to obtain an E-commerce Merchant Account. 4. As soon as you have opened an E-commerce Merchant Account, our technical specialists will integrate it into the Internet shop and after that anybody will be able to purchase the products offered there; it will be possible to do that within 2-3 minutes: the customer will simply choose a product, add it to the shopping cart, press the checkout button, enter the information on their credit card - every transaction will be quickly processed, verified, and approved - and if everything is fine, the customer will receive their order delivered right to their door within 5-14 days. Summing it all up, you will receive a full-fledged E-shop ready to begin sales of our products; it is not only interesting, it is also - in my opinion - an opportunity to try something new for yourself, open the E-commerce market for yourself, and currently this market is the most promising market: many large-scale players have moved their sales to the Internet. How will we promote and advertise our products?.. We have already signed preliminary contracts with a few Internet companies that are specialized in promoting websites, assist in generating web traffics and, in the end, ensure an adequate level of sales. Please do not be too skeptical - there will definitely be sales! We are very certain about that as we have several very real advantages in the market: 1) Wide choice of products 2) The product prices are within the wholesale range, i.e. if previously you would have to purchase, say, a whole container of a certain product to get the per-item price that we offer, we as the manufacturer can now offer you this wholesale price when you only want to purchase a single item; so, in essence, it is basically an aggressive dumping strategy, but we have to go about it that way to generate an adequate level of sales. There is a very important point to emphasize! You will not need to pay for the advertising and promotion campaign for the project; I would like to remind you that you will only be managing the E-commerce Merchant Account, while we will be managing the Internet store, and this combination will give us a very effective sales model. How will the products be delivered to the customers? In the course of our company's business activities, we have established good business contacts with logistics companies focused on export into the USA. We work with FedEx, DHL, UPS, Hong Kong Post, China Post, EMS, and Air China Cargo. The product price will include shipping to the USA by one of the express delivery services that we work with. For each order shipped, the customer will be provided with the tracking number to be able to track their package while it is in transit to them. What warranty/guarantee do we offer for product returns in cases of defective products (manufacturing defects), products damaged in transit, etc.? First of all, let me make this very clear to you: we value our every customer. We have a 30-day guarantee, so during the 30-day period a customer can return the products received for any reason - be it a scratch of the product's frame or any other defects. The customer will simply have to send the products back to us and we will immediately send a replacement. Or, if the customer chooses not to receive a replacement, our company will make a complete refund to the customer. Actually, if you know about eBay, you may already know that half of the so-called powersellers work according to this business model; this model is called dropshipping. Drop shipping is a supply chain management technique in which the retailer does not keep goods in stock, but instead transfers customer orders and shipment details to either the manufacturer or a wholesaler, who then ships the goods directly to the customer. Now, let me tell you in more detail how you can implement this business model: What do you have to do to open an E-commerce Merchant Account and connect it to your website (your Internet store)?.. 1. You will need to register a company in the state of your residence; it can be either an LLC company, or a Corp, Inc, or even Sole Proprietorship etc. Besides, if you already have a company of your own that is properly registered, you can use it for the purposes of this project without any problems. 2. You will need to obtain the TAX ID (EIN) so that in future you would be able to pay taxes, file tax returns, etc. 3. The last thing is to open an E-commerce Merchant Account; you will need to open it at one of the local banks in your town. We will work together with you on analyzing all the offers with regards to e-commerce merchant accounts at the banks in your town and we will choose the best one together. The company is necessary for the following purposes: 1. You will be able to run the business, as Internet sales is a full-scale business and it has to be registered as such. 2. You will not be able to open an e-commerce merchant account for your website without a registered company; the e-commerce merchant account presupposes that you have sales and you, therefore, have to be a registered company, as the e-commerce merchant account is a banking instrument for effecting sales through the Internet, and sales always mean that you are carrying our commercial business activities, hence you have to pay taxes, etc. There is no business without it being a registered company; any business should be formalized as some form/kind of a company. The following information is needed to understand the duties and to properly execute the entire range of your responsibilities. What are our responsibilities and obligations towards you? 1) High-quality support for our products. 2) Full responsibility before future customers. 3) Thorough marketing policies in order to ensure a good level of sales. 4) Our guarantee of providing only high quality and tested products. 5) Paying salary in full and on time. What are your responsibilities and obligations towards us? 1) Maintaining of efficient marketing model: - Active Merchant Account; - Active company; - Timely payments for Merchant account fees (through future turnover of the company). 2) Providing accounting reports 1-2 times a month in order to synchronize with accounting reporting of Geo Electronics Ltd. 3) Work with chargebacks, preparation of documents for disputing chargebacks, keeping record of the statistics. How will the customers be serviced? A special call center will be set up for the project. So every client would be able to call and immediately get an answer. What about advertising and promotion of the project? At the initial stage we will implement 100% support for the project on promotion and advertising. How would the profit be allocated? Salary (commission based): Commission based salary, i.e. you will be getting 10% from each sale effected through the Internet store, and you will be receiving your salary immediately upon the successful completion of a purchase at the Internet store. The calculations we have made show that your salary will amount to about 2000$ per month. This figure was arrived at as a result of mathematical calculations based on the average traffic conversion rate (ratio); we know the volume of the traffic that will be sent to your Internet store every month and know the average amount/sum of the average purchase at the Internet store. What do I get as a result? - You get a website made by outstanding professionals in the field of we design absolutely free of charge; - The entire product range that you are going to sell is free as well; - Unlimited Customer Support Service; - Unlimited Advertising Support; - The ability to earn money at any time that is convenient to you; - You work out your own working schedule. IMPORTANT! No investments into the project are required on your part! But you will need to register a company and open a merchant account for it; that will cost about USD 200-300. You will be reimbursed for these expenses in the full amount before the launch of the project. It is not a significant sum of money, but for us it will be a guarantee of the seriousness of your intentions and a confirmation that we have chosen the right, reliable and determined person to work with. I would like to emphasize it by repeating that this sum on your part will not be investment or expense, as we will return this money that you will spend on opening the company and the merchant account to you in the full amount! -- Sincerely, Alexey Mitrofanov, Dropshipping Development Manager, Geo Electronics Ltd. This crime syndicate goes to extensive effors to create a plausible proposition to lure cyber-mules into participating. Thanks to the efforts of bobbear.co.uk and an alert potential mule efforts to uncover the website design of this new tangible product format were successful. The organized crime syndicate did however were very protective of this new format, and the potential website assigned to the cyber mule only remained online for less than 48 hours. As soon as they suspected a lack of sincerity by the potential mule, they removed the website: LAVADIGITAL.NET Bogus domain registration: Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM Registration Service Provided By: HIGH QUALITY HOST COMPANY Contact: +1.6462130098 Domain Name: LAVADIGITAL.NET Registrant: NEEDHAM llc. JACKIE NEEDHAM (bakerpyrotechnicvy@hotmail.com) 10391 remy lane florence Kentucky,41042 US Tel. +168.6547912 Creation Date: 23-Feb-2010 Expiration Date: 23-Feb-2011 Domain servers in listed order: ns2.zmaximum.ru ns1.zmaximum.ru . LAVADIGITAL.NET IP Location: Russian Federation Moscow Zet Maximum Ltd Resolve Host: transurfers.ru IP Address: 213.219.241.22 Blacklist Status: Clear Notice the odd collection of products, all matching the typical amounts used in the fraud charge laundering operation: Thanks to the efforts of bobbear.co.uk both mule recruiting websites Geo Electronics Ltd aka GEO-ELECTRONICS.COM and Jongsun Electronics Ltd aka JONGSUNELECTRONICS.COM are NLA. However, the OCS are producing numerous fresh websites every week. The services used to register these two recruiting domains Legato LLC legato.name in Samara, Russia, is also the current registrant of the nefarious, CARDER.BIZ, CARDER.INFO, and CARDERS.CC GEO-ELECTRONICS.COM Registrar: Regtime Ltd. Creation date: 2010-01-29 Status: active Registrant: Flexandr Kotlakov geo-electronics llc. Registrant, Administrator, Technical: Legato LLC Email: reg@legato.name Address: Lesnaya 23, korpus 49 City: Samara ZIP: 443002 Country: Russia Phone: +7.9198031521 Name servers: ns1.rufox.ru ns2.rufox.ru JONGSUNELECTRONICS.COM Registrar: Regtime Ltd. Creation date: 2010-02-28 Expiration date: 2011-02-28 Status: active Registrant, Administrator, Technical: Legato LLC Email: Address: Lesnaya 23, korpus 49 City: Samara ZIP: 443002 Country: Russia Phone/fax: +7.8469799038 Name servers: ns7.prostohosting.net ns8.prostohosting.net . MGD
	to forum · permalink · 2010-04-09 19:34:13 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	Not only do consumers who have resumes stashed on careerbuilder.com need to be aware of this added fake tangible products division of the OCS, but consumers need to be also aware of the sub $20 fraudulent charges that are spewing from these fraudulent entities. Fake product websites such as these will be very difficult to detect as though they are more numerous than their intangible cousins, these only process individually about 50% of the fraud amount that the others do. The purpose is to create a more stealthy operation with very little or no noise levels, enabling them to operate processing fraud charges for a significant period of time. As I mentioned, besides the data from bobbear.co.uk which confirmed that the organized crime syndicate was now using websites with real products as a front for laundering hijacked card data, evidence which ties this new venture to the same crime syndicate can be found from a victim of a fraud charge from the multi year EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410. A report on March 20th on the 4th page of the whocallsme.com victim thread for 412-927-0410, the number for EBSEBOOKS.COM aka Electronic Business Resources contains this vital post: quote: Matt 20 Mar 2010 I had this scam hit my one bank account last year about 4 times (each time it was a different electronics company name with a phone number that went direct to voicemail). I went to my bank (a federal credit union) and canceled my debit card and went back to ATM cards. However, i have 2 accounts there and kept my Debit card with the other account. Now, that account just got hit with 2 charges this month (one from Electronic Business and one from Planet of Electronics). Same deal as everyone - one $4.95 charge, 1 $2.95 charge. I will now be going back to a regular ATM card for the 2nd account as well as our other one has been fraud-free since i got rid of the debit card. Ref:»whocallsme.com/Phone-Number.aspx···270410/4 It was reports of just such unusual activity reported back in 2004 - 2005 and continuously since then, which first spiked my interest in this fraud. In reference to EBSEBOOKS aka Electronic Business Resources the victim reports 4 fraud charges occurring the last year from EBSEBOOKS on a debit card. The victim cancels the debit card after the fourth charge and requests the replacement be a regular ATM non debit card. A second account held by the victim at the same institution remained unchanged. Now that account gets hit with a set of tandem charges, one from EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 and a second charge from an entity he states is Planet of Electronics. You will never guess when it was tracked down what the fake website card fraud laundering front for Planet of Electronics is pretending to sell ?? SCAM FRAUD = Planet of Electronics aka PLANETOFELECTRONICS.COM 206-426-2670 = SCAM FRAUD »PLANETOFELECTRONICS.COM SCAM FRAUD = Planet of Electronics aka PLANETOFELECTRONICS.COM 206-426-2670 = SCAM FRAUD »PLANETOFELECTRONICS.COM ============================================= Contact Us If you have any problems, comments or suggestions, please feel free to contact us. We will make every effort to reply to you within 24 hours during regular business days. Company name : Planet of Electronics Address : Phone : 206-426-2670 E-Mail : support@planetofelectronics.com Business Hours: Mon-Fri 8:00am to 5:00pm (Pacific Time Zone) ============================================= SCAM FRAUD = Planet of Electronics aka PLANETOFELECTRONICS.COM 206-426-2670 = SCAM FRAUD Not only is the card fraud laundering website not engaged in eCommerce, no one could even find it: SCAM FRAUD = Planet of Electronics aka PLANETOFELECTRONICS.COM 206-426-2670 = SCAM FRAUD On 02/19/2010 the GoDaddy registered and hosted domain was changed from this: Registrant: Diana Light light_d2010@yahoo.com 40 Lewis Irvine, California 92620 United States Domain Name: PLANETOFELECTRONICS.COM Created on: 23-Oct-09 Expires on: 23-Oct-10 to this: ICANN Registrar: GODADDY.COM, INC. Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Domain Name: PLANETOFELECTRONICS.COM Created on: 23-Oct-09 Expires on: 23-Oct-10 Server Type: Apache IP Address: 173.201.167.24 IP Location: - Arizona - Scottsdale - Godaddy.com Inc Response Code: 200 Domain Status: Registered And Active Website planetofelectronics.com is hosted on a dedicated server. . The organized crime syndicate's identical twin of Planet of Electronics aka PLANETOFELECTRONICS.COM 206-426-2670 is: SCAM FRAUD = PRECONSOL aka PRECONSOL.COM 206-350-9087 = SCAM FRAUD ============================================= Contact Us If you have any problems, comments or suggestions, please feel free to contact us. We will make every effort to reply to you within 24 hours during regular business days. Company name : Preconsol.com Address : Phone : 206-350-9087 E-Mail : support@preconsol.com Business Hours: Mon-Fri 8:00am to 5:00pm (Pacific Time Zone) ============================================= Domain Name: PRECONSOL.COM Created on: 24-Dec-09 Expires on: 24-Dec-10 Administrative Contact: Private, Registration Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Server Type: Apache IP Address: 97.74.186.31 IP Location: - Arizona - Scottsdale - Godaddy.com Inc Response Code: 200 Domain Status: Registered And Active Website preconsol.com is hosted on a dedicated server. PRECONSOL aka PRECONSOL.COM 206-350-9087 was shut down this past week and is no longer able to process fraud charges. Planet of Electronics aka PLANETOFELECTRONICS.COM 206-426-2670 needs to identified and neutered. MGD
	to forum · permalink · 2010-04-09 23:01:08 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	said by music man: ............. You mentioned the UK!! You have my full attention! . Interesting that you mention the UK, though I have repeatedly searched, I have not seen any actual UK based operation from this crime syndicate since the 2008 UK Strawberry card fraud operation, which you had a bird's eye view of from its birth. I suspect there may be some as they are difficult to detect in this form of stealth mode. What does occur from time to time is UK card victim data is ran through the fraudulent US merchant accounts. The lack of noise is probably due to the fact that the data is dispersed an mixed simultaneously through multiple card fraud laundering entities of the crime syndicate. Ironically, I ran across just such an example of UK victims a few days ago during the unmasking of the latest tangible items fraud laundering group. A financial security systems insider with whom I have collaborated with over the last two years, has been vigorously preventing and shutting down the organized crime syndicate's card fraud laundering entities. This individual who is now an expert on sniffing them out of the system, has done more by far, of anyone on the inside, in disrupting and preventing the crime syndicate from functioning. They are the unsung hero when comes to who has been the most effective at targeting the card fraud laundering operation. In fact, it was they who went above and beyond the call of duty, and spend hours tracking down and terminating the accounts of the half decade long fraud operation of KCSOFTWARECOM LLC aka KCSOFTLLC.COM. One of the OCS's new tangible theme card fraud laundering entities unmasked in the past week while in its infancy was SUPPATOYS.COM 303-261-8619, a product of the SANTAREX TOYS recruitment campaign: As usual, a DIRECTI bogus domain registration: Registration Service Provided By: HIGH QUALITY HOST COMPANY Contact: +1.6462130098 Domain Name: SUPPATOYS.COM Registrant: HERRING llc. ARTHUR HERRING (nortonbjstove@hotmail.com) cowpath rd. 358 lansdale Pennsylvania,19446 US Tel. +178.9756342 Creation Date: 26-Nov-2009 Expiration Date: 26-Nov-2010 Domain servers in listed order: ns2.r01.ru ns1.r01.ru Server Type: Apache/2.2.3 (Linux/SUSE) IP Address: 195.24.66.108 IP Location: - Moskva - Moscow - Garant-park-telecom Response Code: 200 Domain Status: Registered And Active Website IP Address History SUPPATOYS.COM Event Date Action Pre-Action IP Post-Action IP ========================================================== 2009-12-03 New -none- 213.155.7.168 Ruslan Zhavrud Ukraine 2009-12-13 Change 213.155.7.168 213.155.7.172 Ruslan Zhavrud Ukraine 2010-02-15 Change 213.155.7.172 213.155.25.172 Ruslan Zhavrud Ukraine 2010-02-25 Change 213.155.25.172 195.24.66.108 (Moscow State University) The first and so far only reports of fraud charges are coming from victims in the UK posting on the UK moneysavingexpert.com forum: quote: 05-04-2010, 6:29 PM #1 alibongo42 MoneySaving Stalwart Weird credit card transaction I have just discovered a small value credit card transaction that I don't believe I actioned. I need to wait until tomorrow to call my card company, but having done a bit of research, it seems really weird. I wanted to canvas opinion and see if anyone has heard of anything like this. The transaction was on 16 Mar 10, and is for £6.19 and came from "WWW SUPPATOYS COM". Turns out this was a US transaction, converted from dollars. I have not been in the US since Jan, and did not use this card there. I also don't recall making any online transactions that would fit. The website is a blank page. Nothing interesting when I view the source code either. When I ping the IP address, it belongs to somewhere in Russia. On googling the website, it is listed as the homepage for a variety of usernames on a variety of forums (spanning a vast array of topics). In each case, the user has only registered from 23rd - 26th March 10, and made only one post. The posts are coherent, but usually have no significance to the subject of the forum. In some cases the user has a status of BANNED. The most common username is MSMILLER36. I can find no online reference to anyone else commenting on potentially fraudulent activity from this site. Has anyone heard of anything like this before? Even if my card company change my card, I will still be curious as to what this is all about! ================================================================ 05-04-2010, 7:56 PM #3 Wml MoneySaving Newbie Another weird card tranaction Hello, I too have a transaction from www suppatoys com, like you I know I didn't make this tranaction and have had my card blocked! The transaction was on 17th March and was for £7.01, also converted from US dollars. Looks like someone is setting up a nice big scam!!!!! ================================================================ 05-04-2010, 9:03 PM #8 alibongo42 MoneySaving Stalwart Card now stopped, and I'm not the first customer to have called with the same query! Ref:»forums.moneysavingexpert.com/sho···31598811 Interestingly, and as noted by the first victim who posted on moneysavingexpert.com, there are numerous SEO seeding with forum posts using "suppatoys.com 303-261-8619" as a signature: Ref:»www.google.com/search?hl=en&q=su···gs_rfai= If you are wondering about the apparently native English skills of the seed postings, which in the past have been documented as originating from IP addresses in both Moldova and the Russian Federation, it is because they copy and paste postings from other forums. An observant analysis will conclude that there was an intentional fraud processing run of known UK card data, because unlike past SEO forum post seeding, some of these appear to intentionally target UK based forums. In addition, the fact that some of the posts were originally copied from UK forums can be derived from the EU spelling of "favorite" in this subject title "Your favourite toy of your childhood?" Once again, smart ... but not smart enough !! MGD
	to forum · permalink · 2010-04-12 00:17:03 ·

MGD Premium,MVM join:2002-07-31 kudos:9	Another of the organized crime syndicate's new card fraud laundering website designs for tangible products, now closed, is: The Electronics World aka THEELECTRONICSWORLD.COM 404-551-2247 »theelectronicsworld.com ================================ Contact Us If you have any problems, comments or suggestions, please feel free to contact us. We will give your satisfying reply within 24 hours during business days. Company Name : The Electronics World Address : Phone : 404-551-2247 E-Mail : support@theelectronicsworld.com Business Hours: Mon-Fri 8:00am to 5:00pm Central Time Zone New Ticket Submission Form ================================ The above is what victims will see. However during the application and vetting process, all the "I"s are dotted: And is subsequently removed during the car fraud laundering to hide the location and identity of the duped mule. Carded bogus domain registration: Registrar:DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM Registration Service Provided By: EVERITY, INC. Contact: +1.8005538470 Website: >http://www.everity.com Domain Name: THEELECTRONICSWORLD.COM Registrant: N/A Michael Bohn (mbohn47@yahoo.com) 6724 Wildwood Way Houston TX,77023 US Tel. +01.5854867081 Creation Date: 24-Nov-2009 Expiration Date: 24-Nov-2010 Domain servers in listed order: ns14.everity.com ns13.everity.com Which, to further hide the fraud operation is subsequently changed to : Domain Name: THEELECTRONICSWORLD.COM Registrant: PrivacyProtect.org Domain Admin () P.O. Box 97 Note - All Postal Mails Rejected, visit Privacyprotect.org Moergestel null,5066 ZH NL Tel. +45.36946676 Creation Date: 24-Nov-2009 Expiration Date: 24-Nov-2010 Domain servers in listed order: ns14.everity.com ns13.everity.com And the icing on the cake: MGD
	to forum · permalink · 2010-04-18 18:09:58 ·
MGD Premium,MVM join:2002-07-31 kudos:9	Another of the syndicate's confirmed cyber-mule recruiting operations first published by bobbear.co.uk. and now offline is HIRESAURUS.COM HIRESAURUS.COM was an entity used in the Rocking Icons aka ROCKINGICONS.COM recruiting fraud. The organized crime syndicate has a stable home inside of careerbuilders.com and peruses the large database of resumes at will: Greetings, My name is William Watson, I am the manager of Hiresaurus recruitment company, a leading recruiting agency for home based jobs. I email you with regard to the job seeking information you posted at www.CareerBuilder.com. ; I viewed your resume and you seem to be an appropriate candidate for the position which is currently open within one of the companies we perform our recruiting campaigns for. Could you please confirm you are still interested in employment? If you are, please, let me know and I will get back to you with more information on the position. Regards, William Watson. Hiresaurus Inc. (www.hiresaurus.com) A response to the unsolicited contact generated: Thank you very much for your answer and interest to our offer. Please see below the detailed description of the position of Assistant Director. First of all about requirements: - US citizenship or Green Card - Clear background - Computer and Internet skills - Internet access at home What you'll need to do for accepting Assistant Director position: - Sign the contractor agreement with Rocking Icons Inc - Establish business in the US (Limited Liability Company is preferred) - Open business banking account for your business name (LLC) - Open merchant account for your business name (LLC) After everything will be ready Rocking Icons Inc will start web-store sales. The web-store will sell packets of icons. Of course you have to understand that first time you'll have very small amount of sales. Rocking Icons Inc have powerful marketing tools for web-store promotion. As I told you before this position is commission only. Rocking Icons Inc offers 5 percents of net profit of the web-store for Assistant Director. And I have to inform you that all your out of pocket expanses that you'll have while establishing business and opening account will be reimbursed with your first commission after starting sales. I think after reading this information you have many questions about Assistant Director position. Please feel free to ask everything you want to know. Waiting for your answer. Sincerely, William Watson. Hiresaurus Inc. (www.hiresaurus.com) Ref: »www.bobbear.co.uk/hiresaurus.html Registrar: ACTIVE REGISTRAR, INC. Registration Service Provided By: Active-Domain LLC Contact: >http://www.active-domain.com Domain Name: HIRESAURUS.COM Expiry Date: 28-Nov-2010 Creation Date: 28-Nov-2009 Name servers: ns1.active-dns.com ns2.active-dns.com Registrant Name: Whois Manager Registrant Company: Whois Proof LLP Registrant Email Address: rd9m4r45g1l@whoisproof.com Registrant Address: PO Box 4120 Registrant City: Portland Registrant State/Region/Province: OR Registrant Postal Code: 97208-4120 Registrant Country: US Registrant Tel No: +1.2024700599 Registrant Fax No: +1.8663666681 Server Type: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28 IP Address: 75.126.53.64 IP Location: - Texas - Dallas - Softlayer Technologies Inc MGD
	to forum · permalink · 2010-04-18 18:39:58 ·
MGD Premium,MVM join:2002-07-31 kudos:9	The OCS's active card fraud laundering operation of: SCAM FRAUD = Planet of Electronics aka PLANETOFELECTRONICS.COM 206-426-2670 = SCAM FRAUD Was previously revealed In This Post, so far the cyber-mule and their location has remained unknown. They are actively processing fraud charges and laundering the fraud proceeds by wiring them out of the country and back to the syndicate. Based on the format of several search referrals to this thread from card fraud victims, I can now narrow down the location of the cyber-mule and the associated fraudulent business bank account to the state of Texas. Multiple Google searches are being conducted using the following phrasing: PLANETOFELECTRONICS.CO 206-426-2670 TX Which are either leading here, or to the 800Notes posting. Since that must match the bill descriptor that fraud victims are seeing on their bank statements, we can therefore now conclude that the merchant account, cyber-mule, and acquirer bank is based in Texas. Something that was not known until now. Part of the organized crime syndicates new Stealth Modus Operandi involves deliberately concealing a name connection between the holding LLC and the operating name, they will be very difficult to find by searching the state of Texas corporate records. Therefore, if any victim of the: SCAM FRAUD = PLANETOFELECTRONICS.COM 206-426-2670 fraud charge can get me the Acquirer Reference Number (ARN) for the fraud charge transaction, it will enable the acquirer bank to be identified, and the process of closing down the money laundering fraud account can get underway. It is vital to get as many card fraud laundering entities shut down quickly. This new stealth mode strategy may now involve between 100 to 200 active fraud processing sites at any given time. This mass dispersal strategy using all kinds of tangible product themes, are next to impossible to detect. By reducing the per site volume and spreading the fraud operation over a much larger landscape, it has become a virtual silent operation. Evidence began surfacing in the last two months of 2009 that the OCS had begun a massive cyber-mule recruiting campaign. It is believed that by switching the program and stating as per above posted recruiting emails, that the sales were for tangible products, electronics and toys from China that a lot more potential mules could be recruited. Who would suspect that kids toys would be a vector for card fraud and subsequent money laundering. Further evidence of the mass recruiting campaign came from the fact that bobbear.co.uk was also seeing a significant increase in reports of potential recruit victims receiving solicitations for partnerships involving Corps/LLCs and merchant accounts. By the way, Bob just distributed emails notifying associates that he will be retiring and ending his excellent website at the end of this month. He was been an great resource in the tracking and exposing of all forms of cyber-mule recruiting The apparent inept ability of Careerbuilder.com in preventing the organized crime syndicate from having a permanent home inside their resume database, is, in my opinion, negligent at best. It is almost a certainty that these fraudulent employer accounts are set up and paid for by the crime syndicate using hijacked card data. If you are unable to detect the fraud accounts at the front door, then the subsequent disputed charges used to pay for the accounts, should be setting off alarm bells at the back end. The ability of the organized crime syndicate to continually utilize the services of careerbuilder.com unfettered, over such an extended period, is second only to Authorize.net / Cybersource in the long term facilitation of this massive fraud operation. Recent infiltrations across enemy lines, and subsequent perusing down the virtual corridors of the organized crime syndicate ( I will take you on a bird's eye virtual tour through the crime syndicate's engine room later ), show that they can now run over 7,000 fraud charges at a pop, and not one victim complaint surfaces on the internet. They are determined to return to vitual invisibility, hijacking mass quantities of card data from the financial system and laundering it through a large network of active charge fraud processing entities, then extracting the millions in proceeds out of the country, using the same system. MGD
	to forum · permalink · 2010-04-19 23:51:27 ·
Doctor Olds I Need A Remedy For What's Ailing Me. Premium,VIP join:2001-04-19 1970 442 W30 kudos:18	It is simply mind boggling the amount of fraud generated by this crime syndicate and yet no one in power that can stop it seems interested in doing so. You have enough data and documentation to remove any and all doubt that it is a long term fraud operation that just keeps on stealing nearly unabated. -- What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
	to forum · permalink · 2010-04-20 00:38:48 ·
rzaruba join:2000-08-04	said by Doctor Olds: It is simply mind boggling the amount of fraud generated by this crime syndicate and yet no one in power that can stop it seems interested in doing so. You have enough data and documentation to remove any and all doubt that it is a long term fraud operation that just keeps on stealing nearly unabated. Now why did I retire again?
	to forum · permalink · 2010-04-20 05:37:19 ·
music man Premium join:2008-08-12	reply to MGD @MGD I think you can add "thedigitalelectronics.com" to the list of scam sites. »thedigitalelectronics.com Snapped 2010-05-23 04:38:24 Further details ICANN Registrar:GODADDY.COM, INC. Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Domain Name: THEDIGITALELECTRONICS.COM Created on: 21-Sep-09 Expires on: 21-Sep-10 Last Updated on: 21-Sep-09 Administrative Contact: Private, Registration Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Technical Contact: Private, Registration Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Fax -- (480) 624-2598 Domain servers in listed order: NS57.DOMAINCONTROL.COM NS58.DOMAINCONTROL.COM No robots.txt page which is quite unusual but fits the profile totally otherwise. No phone number ( that i can find) for disgruntled "customers" which will help keep the site out of 800notes.com
	to forum · permalink · 2010-04-20 14:49:48 ·
music man Premium join:2008-08-12	reply to MGD Yet another nice fake site »digitalworldwide.biz [imaging failed] »digitalworldwide.biz Snapped 2010-05-23 04:38:04 ICANN Registrar:No data found for this domain. Domain Name: DIGITALWORLDWIDE.BIZ Domain ID: D33871541-BIZ Sponsoring Registrar: GODADDY.COM, INC. Sponsoring Registrar IANA ID: 146 Domain Status: clientDeleteProhibited Domain Status: clientRenewProhibited Domain Status: clientTransferProhibited Domain Status: clientUpdateProhibited Registrant ID: CR42792417 Registrant Name: Registration Private Registrant Organization: Domains by Proxy, Inc. Registrant Address1: DomainsByProxy.com Registrant Address2: 15111 N. Hayden Rd., Ste 160, PMB 353 Registrant City: Scottsdale Registrant State/Province: Arizona Registrant Postal Code: 85260 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +1.4806242599 Registrant Facsimile Number: +1.4806242598 Registrant Email: Administrative Contact ID: CR42792424 Administrative Contact Name: Registration Private Administrative Contact Organization: Domains by Proxy, Inc. Administrative Contact Address1: DomainsByProxy.com Administrative Contact Address2: 15111 N. Hayden Rd., Ste 160, PMB 353 Administrative Contact City: Scottsdale Administrative Contact State/Province: Arizona Administrative Contact Postal Code: 85260 Administrative Contact Country: United States Administrative Contact Country Code: US Administrative Contact Phone Number: +1.4806242599 Administrative Contact Facsimile Number: +1.4806242598 Administrative Contact Email: Billing Contact ID: CR42792426 Billing Contact Name: Registration Private Billing Contact Organization: Domains by Proxy, Inc. Billing Contact Address1: DomainsByProxy.com Billing Contact Address2: 15111 N. Hayden Rd., Ste 160, PMB 353 Billing Contact City: Scottsdale Billing Contact State/Province: Arizona Billing Contact Postal Code: 85260 Billing Contact Country: United States Billing Contact Country Code: US Billing Contact Phone Number: +1.4806242599 Billing Contact Facsimile Number: +1.4806242598 Billing Contact Email: Technical Contact ID: CR42792421 Technical Contact Name: Registration Private Technical Contact Organization: Domains by Proxy, Inc. Technical Contact Address1: DomainsByProxy.com Technical Contact Address2: 15111 N. Hayden Rd., Ste 160, PMB 353 Technical Contact City: Scottsdale Technical Contact State/Province: Arizona Technical Contact Postal Code: 85260 Technical Contact Country: United States Technical Contact Country Code: US Technical Contact Phone Number: +1.4806242599 Technical Contact Facsimile Number: +1.4806242598 Technical Contact Email: Name Server: NS19.DOMAINCONTROL.COM Name Server: NS20.DOMAINCONTROL.COM Created by Registrar: ACTIVE REGISTRAR, INC. Last Updated by Registrar: GODADDY.COM, INC. Last Transferred Date: Thu Feb 25 16:01:54 GMT 2010 Domain Registration Date: Thu Oct 01 18:38:29 GMT 2009 Domain Expiration Date: Fri Sep 30 23:59:59 GMT 2011 Domain Last Updated Date: Thu Feb 25 20:37:02 GMT 2010 Telephone number - 206-337-3716 is a K7 redirect/personal number so beloved of Nigerian scammers/ scambaiters and also many of the eastern european scamming classes.
	to forum · permalink · 2010-04-20 15:07:51 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to Doctor Olds said by Doctor Olds: It is simply mind boggling the amount of fraud generated by this crime syndicate and yet no one in power that can stop it seems interested in doing so. You have enough data and documentation to remove any and all doubt that it is a long term fraud operation that just keeps on stealing nearly unabated. Part of the solution requires a two pronged attack. Besides going after the money all the way to the final drop, it is imperative to cut off the access to the volumes of card data That is the driving engine behind this entire crime syndicate. Close to a decade of operation has enabled them to perfect the fraud, and embed themselves into the financial system like a giant leech. They are now almost a permanent fixture of the system structure. Sitting at the head of the table feeding from the financial system trough of cyber crime fraud. I am sure that you never imagined that the same criminal enterprise that triple hit your card with fraud charges back in 2005, would be still operating almost a half decade later. I am coming up on my sixth year anniversary of the first page of notes which eventually became a thesis. I recall observing that there was something different and unusual about the first posts on DSLReports in middle of 2004: Ref:»$9.95 scam.. check your bank statements. Some initial digging on the reported Pansalcorp fraud charges led me to a 2004 list of similar entities: I had no idea how the mechanics of the fraud worked, but it sure looked more than run of the mill fraud charges from unrelated sources. By the time the Pluto Data fraud charging had rolled in in February of 2005: Ref:»Scam Alert: Pluto Data I suspected that there may be some connection between them. Though Pluto was a different MO, there many similarities between them. Pluto kept growing: Ref:»Feds Investigating Pluto Data Scam The forum thread made mainstream media on MSNBC: Ref:»www.msnbc.msn.com/id/7150531/ and it kept on going: Ref:»Pluto D Nicosia / Pluto Data The Pluto Data fraud charge thread hit 58 pages, over 1,100 posts and 60K unique reads. »Pluto Data Credit Card Charge By the time your Digital Age fraud charge thread started in last quarter of 2005: »[scam] Digital Age, KCSOFTLLC and Coastal Wave Int I was already several chapters into this. Though I had framed out what I believed was going on, the whole cyber-mule aspect was still only a strong suspicion. The parallel Trouble Bubble fraud charge thread »Trouble Bubble LLC Collegeville? also convinced me that consumer card data was being removed from the financial system by the truck load. Running the theories and the rough shell of what I believed was going on across several security peers, was not encouraging. The consensus was that it could not happen, too many checks and balances. But I already knew from the infiltration of another scam ScriptsStore »Scripts Store Credit Card Scam and the recovery of records and data of a $200K card fraud run in less than 10 days, that it was possible on some scale. There sure was a conflict between the evidence that was being accumulated and the general perception. A week would not go by without victims saying: "I get the feeling that my bank thinks I am an idiot. I am complaining about a $10 charge, and they said it must be a purchase that I forgot about, or, it is being billed another name. Just contact the vendor first and resolve it." I knew then that this had all the makings of a perfect massive fraud crime. The crime syndicate had already learned that while $30 fraud charges to a million cards would generate a huge amount of noise and make mainstream media. But if the same total was converted to $10 fraud charges against 3 million cards, the decibels dropped to a tolerable and sustainable level. That was the sweet spot, and later would go lower. MGD
	to forum · permalink · 2010-04-21 05:33:01 ·
Doctor Olds I Need A Remedy For What's Ailing Me. Premium,VIP join:2001-04-19 1970 442 W30 kudos:18	Someone in the transaction/processing chain is looking the other way (for a cut?) or is deeply involved themselves. It should be, after a decade, easy enough for security people in the Industry to find/look at the ongoing data loss, see who is downloading/copying/transferring it and where is it finally being collated at prior to use, IMHO. It will be a huge story and I think it will shake foundations when someone in power finally decides to shine a spot light down the dirty halls this operates from and putting a lid on it forever. I know, wishful thinking on my part. I think it is a factor affecting the economy. -- What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
	to forum · permalink · 2010-04-21 06:24:10 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	reply to music man said by music man: Yet another nice fake site »digitalworldwide.biz ICANN Registrar:No data found for this domain. Domain Name: DIGITALWORLDWIDE.BIZ Domain ID: D33871541-BIZ Sponsoring Registrar: GODADDY.COM, INC. Sponsoring Registrar IANA ID: 146 Registrant ID: CR42792417 Registrant Name: Registration Private Registrant Organization: Domains by Proxy, Inc. Registrant Address1: DomainsByProxy.com Registrant Address2: 15111 N. Hayden Rd., Ste 160, PMB 353 Registrant City: Scottsdale Registrant State/Province: Arizona Registrant Postal Code: 85260 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +1.4806242599 Registrant Facsimile Number: +1.4806242598 .. Name Server: NS19.DOMAINCONTROL.COM Name Server: NS20.DOMAINCONTROL.COM Created by Registrar: ACTIVE REGISTRAR, INC. Last Updated by Registrar: GODADDY.COM, INC. Last Transferred Date: Thu Feb 25 16:01:54 GMT 2010 Domain Registration Date: Thu Oct 01 18:38:29 GMT 2009 Domain Expiration Date: Fri Sep 30 23:59:59 GMT 2011 Domain Last Updated Date: Thu Feb 25 20:37:02 GMT 2010 Telephone number - 206-337-3716 is a K7 redirect/personal number so beloved of Nigerian scammers/ scambaiters and also many of the eastern european scamming classes. Great catch !! A whole group of these all have the free Voip 206 relay numbers. Looks like the siteshot engine is still in the repair shop, so I will throw up a pic: Digital Worlwide aka DIGITALWORLDWIDE.BIZ 206-337-3716 »digitalworldwide.biz ========================== Company name : Digital Worlwide Address : Phone : 206-337-3716 E-Mail : support@digitalworldwide.biz Business Hours: Mon-Fri 8:00am to 5:00pm Central Time Zone ========================== Note in the privacy domain reg that you posted above: Last Transferred Date: Thu Feb 25 16:01:54 That transfer was to hide the original carded registration, which was: Domain Name: DIGITALWORLDWIDE.BIZ Domain ID: D33871541-BIZ Sponsoring Registrar: ACTIVE REGISTRAR, INC. Sponsoring Registrar IANA ID: 1090 Domain Status: pendingTransfer Registrant ID: DI_10460830 Registrant Name: George Bogart Registrant Organization: digitalworldwide.biz Registrant Address1: 29 Mountaiview Dr. Registrant City: Brookfield Registrant State/Province: CT Registrant Postal Code: 06804 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +1.2063509521 Registrant Email: g_bogart043@yahoo.com Administrative Contact ID: DI_10460830 I was surprised by this at first until I realized what was going on. The duped young cyber-mule is going all out to publish his business partnership thinking he is fronting a legit operation. He is advertising the site all over: »www.electronicsworldwideblog.com/contact/ A Blog: »electronicsworldwide.wordpress.c···rldwide/ He even has a twitter account promoting it: »twitter.com/electronicsbiz Little does he know that while he is promoting the website, the organized card fraud laundering crime syndicate employer is hiding it: Someone should Ping him, maybe at his twitter account, if still active, and get him over here. He needs to lock out his Authorize.net card fraud account, and not make any more foreign wire transfers of the fraud proceeds. Clearly, this kid has no clue that he is being duped. The major concern here is that while the first recruiting and fraud set up appears to be back in November: Date Filed 11/18/2009 CALVIN, MATTHEW ELECTRONICS WORLDWIDE LLC I am concerned that he may have be the next "Mary Attalla", if one is good, then two is even better: Date Filed 01/21/2010 CALVIN, MATTHEW ELECTRONICS OVERLOAD, LLC and three is even better yet: Date Filed 03/29/2010 CALVIN, MATTHEW ELECTRONICS WORLD, LLC L10000034289 I do not know for sure but I suspect the other two could be active sites as well. The last one was just a few weeks ago. Though not the registered owner of the LLC, he may be the admin of this website: »www.creationmarketinginc.com He needs a "Heads Up", for sure. His early journey into the virtual world is nothing like he thinks it is. I wonder if he was recruited by SANTAREXTOYS.NET or one of the others. MGD
	to forum · permalink · 2010-04-21 07:04:14 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	Another version in the electronic theme genre of the organized crime syndicates card fraud and money laundering operation: SCAM FRAUD = Great Electronics aka GREATELECTRONICSPLUS.COM 206-337-9794 = SCAM FRAUD »greatelectronicsplus.com =============================== If you have any problems, comments or suggestions, please feel free to contact us. We will make every effort to reply to you within 24 hours during regular business days. Company name : Great Electronics Address : Phone : 206-337-9794 E-Mail : support@greatelectronicsplus.com Business Hours: Mon-Fri 8:00am to 5:00pm (Pacific Time Zone) New Ticket Submission Form =============================== Hidden from the world: Another in the mass group of GoDaddy registered and fraud hosted domains: Domain Name: GREATELECTRONICSPLUS.COM ICANN Registrar: GODADDY.COM, INC. Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Domain Name: GREATELECTRONICSPLUS.COM Created on: 15-Feb-10 Expires on: 15-Feb-11 Last Updated on: 15-Feb-10 You can see the process that the criminals got through with GoDaddy using hijacked credit card data to pay for the domain registration. If it fails the first time, just come back and reregister the domain with another stolen card: GREATELECTRONICSPLUS.COM IP Address History Event Date Action Pre-Action IP Post-Action IP =============================================================== 2010-02-25 New -none- 72.167.232.200 2010-03-20 Change 72.167.232.200 173.201.159.141 Registrar History Date Registrar 2010-02-15 GoDaddy.com Name Server History Event Date Action Pre-Action Server Post-Action Server =============================================================== 2010-02-06 New -none- Domaincontrol.com 2010-02-07 Transfer Domaincontrol.com Spam-and-abuse.com 2010-02-10 Delete Spam-and-abuse.com -none- 2010-02-17 New -none- Domaincontrol.com Before the repeat attempt and subsequent privacy cloaking, GREATELECTRONICSPLUS.COM was first registered as: Registrar: GODADDY.COM, INC. Registrant: Heinz Hoffmann P.O. box 254 189 Rolling Village Green Factoryville, Pennsylvania 18419 United States Domain Name: GREATELECTRONICSPLUS.COM Created on: 05-Feb-10 Expires on: 05-Feb-11 Last Updated on: 05-Feb-10 Administrative Contact: Hoffmann, Heinz heinz_hoffmann11@yahoo.com P.O. box 254 189 Rolling Village Green Factoryville, Pennsylvania 18419 United States 206-350-2749 Fax -- Domain servers in listed order: NS57.DOMAINCONTROL.COM NS58.DOMAINCONTROL.COM This entity is no longer processing fraud charges. MGD
	to forum · permalink · 2010-04-21 21:33:28 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	reply to Doctor Olds said by Doctor Olds: Someone in the transaction/processing chain is looking the other way (for a cut?) or is deeply involved themselves. It should be, after a decade, easy enough for security people in the Industry to find/look at the ongoing data loss, see who is downloading/copying/transferring it and where is it finally being collated at prior to use, IMHO. It will be a huge story and I think it will shake foundations when someone in power finally decides to shine a spot light down the dirty halls this operates from and putting a lid on it forever. I know, wishful thinking on my part. I think it is a factor affecting the economy. While I do think there is an astonishing level of incompetence within the financial industry, conversing with a security executive at PNC BANK HQ in Pittsburgh some years ago, for me, established the lowest base level of Fraud IQ in the industry. If this complex fraud MO was not already documented in the text books, then to them it did not or could not exist. To say they were backwards looking would be an understatement. Worse yet, there was abject refusal to accept and vet reams of evidence that it existed within their institution. Trying to explain the fraud operation away, as something it wasn't, especially to someone who by then had over 2,000 hours of intensive forensic analysis into the crime syndicate, was meager attempt at covering it up. " Oh well there may be a few fraud charges on the account, but they are also factoring billing for other accounts that we know are legit", had me laughing hysterically. I left them with the prediction that this failure to be proactive, recognize emerging threats, and revise the focus for "Know Your Customer" to "Know who your REAL Customer is" would leave them prone to repeatedly servicing organized crime in the future. That prediction I believe, has already come to pass. The lesson I have learned though is that you cannot paint the entire financial industry with the same brush. While the above is the epitome of the low point, at the opposite end of that spectrum exists, probably the sharpest, forward, outside the box thinking, financial security official that I have ran across. I have been amazed at the caliber of what does exist on the inside. This individual, who was attracted to this data early on, immediately recognized the significance of what was taking place. One of the many purposes of posting such specific and exacting intelligence data here, is that it allows for independent corroboration. If one has access to historical data from some entity as far back as 2005, you can easily verify that every single card submitted was a fraudulent charge. You do not have to take my word for it, you can verify it. Same goes for the specific foreign bank accounts listed where the fraud proceeds went to. This individual revamped the entire process within a major organization to focus on trapping this activity, and even preventing them from getting onboard in the first place. So successful were these proactive revisions in preventing the accounts, that 20 or 30 pages back a potential cyber-mule came here and apologized. She was about to file formal complaints over the fact that she was refused a merchant account. She was angry that her application was denied though she had met all the credit qualifiers. What had happened was the application had triggered complex detection flags within that revised system. In the uproar over the denial of what appeared to her as being a qualified application, she was directed to this thread to see if she recognized any familiar tactics, which of course she then did. She went from being an angry rejected client, to being very appreciative of being alerted to her duped status. This security official represents everything that is right about the system when it is populated by sharp analytical individuals. If only they could be cloned and widely distributed. In fact it is reasonable to conclude that the massive recent changes in the organized crime syndicate's tactics, to spreading out the fraud over a much wider group of active accounts, is the result of this individuals preventative tactics. Switching to a wide array of tangible and diversified products, and reducing the account volume appear likely to have been designed to defeat detection parameters put in place by this financial security expert. Remember there are many many thousands of accounts processing charges daily. When you look at the entire volume, detecting these fraud operations once they get in is extremely difficult. The organized crime syndicate has employed the best black hats in eastern Europe that money can buy. I will show you later in great detail just how sophisticated the programming is that spoofs the system by mimicking expected behavior. With respect to this financial security official, they have also gone far and above the call of duty. This individual adopted the difficult task of hunting down which institution the half decade long KCSoft LLC was operating from, and had it closed down. Something no one else had been able to accomplish for years. In addition, they recently went after another "Lifer" Cheapestthemes.com 904-352-1238 which had been fraud charging for over a year. That same financial security individual was responsible for tracking them down, and the account was just terminated as of April 1st. What had looked like this for over a year: now »Cheapestthemes.com generates this: Among the numerous others, You can chalk up KCSOFT LLC, and cheapestthemes.com as being shut down as a direct result of this security officials external hunting expeditions. So eventually, when this sh*t ultimately hits the mass media fan, this individual and their financial organization will come out smelling like a rose, and deservedly so. If some like Authorize.net / Cybersource end up being depicted as comatose with respect to this multi year fraud, then others will be seen as having the stamina of marathon runners. So while there is a lot of criticism at why this multi year fraud operation continues unabated, it does not apply equally across the entire financial industry. There is a significant variance in the forward thinking and reactive competency. MGD
	to forum · permalink · 2010-04-21 23:51:17 ·
MGD Premium,MVM join:2002-07-31 kudos:9 1 edit	Another recently uncovered new fresh and decepitive card fraud design theme from the C&C SantaRexToys recruit group is: SCAM FRAUD = WB E TOYS aka WBETOYS.COM 228-284-0834 = FRAUD SCAM »wbetoys.com This qualifies as Version 6.0. When this now ceased operation was first brought to my attention, I did a double take !!. If you were conditioned to expect intangible downloads of mobile games, themes, et all, then ran across a website of Kids Toys with a $200 plus item spashed across the front, who would suspect that an organized crime syndicate was using children's toys as a front to launder hijacked credit card into cash and launder it out of the country. Imagine how convincing this format had to be to the duped cyber-mule. Now note the typical small fraud charge amount items: ========================== Company name: WbeToys dot COM. Direct line: 228-284-0834 The call center works from 9 am to 5 pm Monday-Saturday (Eastern Time) ========================== Hidden from everyone in the vast caves of cyberspace: ========================== WbEToys.com Server Type: nginx/0.7.65 IP Address: 212.59.118.66 IP Location: - Russian Federation - Information Group Cross-media Ltd Response Code: 200 Domain Status: Registered And Active Website ========================== Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM Registration Service Provided By: HIGH QUALITY HOST COMPANY Contact: +1.6462130098 Domain Name: WBETOYS.COM Registrant: VANSANT llc. JOE VANSANT (jarrettradiotherapyfh@hotmail.com) 347 Still Hollow Rd. Jasper Georgia,30143 US Tel. +165.5489454 Creation Date: 14-Jan-2010 Expiration Date: 14-Jan-2011 Domain servers in listed order: ns2.io-hosts.org ns1.io-hosts.org Finding more of these card fraud puppys, which undoubtly exists, will be very difficult. wbetoys.com IP Address History Event Date Action Pre-Action IP Post-Action IP ===================================================== 2010-01-23 New -none- 212.59.117.29 2010-02-03 Change 212.59.117.29 212.59.118.66 Registrar History Date Registrar 2010-01-14 DirectI.com Name Server History Event Date Action Pre-Action Serve Post-Action Server ===================================================== 2010-01-16 New -none- Io-hosts.org Neither the fake toys nor the fake electronics are a new theme for the Organzed Crime Syndicate. Back in the middle of 2008 several of the criminals IPs and servers hosted on McColo were being shadowed during the set up phase of the UK Berry fraud project. Two test fraud sites apparently targeted to the UK, were found mixed in with the Strawberry fraud stes during construction. One a toy website, kiddytoys.net: »/r0/download/1···crop.png And the other an electronic website, megaphotostore.com: »/r0/download/1···crop.png Both were revealed in this 2008 post, though none were ever found in active production. There were also several variants. MGD
	to forum · permalink · 2010-04-22 01:27:01 ·

Broadband Tech > Security > Scam and Phishbusters > Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto