Search similar:
|
|
uniqs 815224 |
|
|
|
3 edits
8 recommendations |
MGD
MVM
2007-Dec-14 12:56 am
Ebook websites, fraud charges, Devbill/DigitalAge/PlutoThis thread was born from this security forum thread: » Unauthorized charges - digismarket & mfbpsite and specifically this post: » Re: Unauthorized charges - digismarket & mfbpsiteThere is far more here than first meets the eye!. digismarket.com and mfbpsite.com card fraud, are only the tip of the iceberg. They are just a fraction of a criminal operation run by a well organized, sophisticated, multi divisional, vertical crime syndicate. That conclusion is the result of tracking and analyzing this syndicate's operations for over two years. They have been running this large criminal enterprise for at least 4 to 5 years, if not longer. Most importantly, it is driven from routine unfettered access to consumer's card account data by this Eastern European crime syndicate. How long has this been going on?.... How and from where are they getting the card account data?....How exactly does it work?.... Where does the millions of fraudulent cash go?..... Who are they?.digismarket.com DIGISMARKET.COM 607-821-2630
And: mfbpsite.com MFBPSITE.COM 310-237-6452
are just two out of the current crop of dozens of fraud sites that are all inter related, and operated by the same crime syndicate in a mutil hub and spoke type organization. The websites are just a front, fake sites, they do not sell anything, They are strictly a laundering vehicle used in an elaborate scheme to convert hijacked card data into cash, and shuttle it out of the country. A criminal conspiracy that has been operating successfully for several years. Every single charge processed through any of these sites is fraudulent, There are no valid orders that originate from there. They are a front, set up exclusively to launderd hijacked card data into cash, and facilitate the removal of these funds out of the US.The current group of ebook sites involved in this card laundering process are controlled by the same crime ring that also operated the infamous fake webtemplate sites known as DEVBILL. The Devbill fraud site group also included ebook sites: "Reqwest" advicebyrequest.com and its sister company "Digital Reading" digital-reading.com are two from circa 08/2006. Also in the mix were mobile phone game download sites such as "moball" hosted as moballtech.com "Generex" generextech.com and "McColgan Cellular Games" mobilegamejuice.com. The crime syndicate's operation was directly tied to the Digitalage scam as many of the fraud charges showed up alongside the "Digital Age" charge in the same billing period, or on subsequent periods, if the card was not cancelled. The Digital Age fraud was directly tied to the infamous "Pluto" card charge scam by a common domain contact address. The current crop of ebook sites can also be directly connected to this same criminal enterprise. There were several different website iterations of this laundering format over the years, these latest group of ebook scam sites can be assigned to a Version 5.0. Though crucial pieces of how the crime ring operated were accumulated from sifting through reams of data along the way, the case was not cracked until version 4.5 of the template scam was underway in the second half of 2006. Persistent cyber forensic analysis began to pay off in November of 2006, when a website manufacturing location was uncovered. Subsequent monitoring and shadowing of their activities produced an entire group or division of fraud sites in various stages of operation. This was followed in the first few months of 2007 by the penetration of the outer ring of the crime syndicate's operation. For the first time this enabled the core operational procedures to be uncovered. No postings updates were made during this period, because in the past the syndicate monitored the noise levels and adjusted their tactics accordingly. Credit for contributions for some of this discovery should be shared with two other individuals. However, they requested anonymity, once the full scope and extent of this criminal enterprise was realized, and who may be behind it. It was then clear that this entire multi year operation had to be driven by unfettered access to a continuous stream of card account data. At least one division of the crime syndicate presented itself as being based in Lithuania, however, the laundered cash from the fraudulent credit card billings was tracked going to a bank account in Bulgaria. I will go into greater detail later, first lets address the current crop of card laundering fraud sites: A sample of some of the other current sites ran by this enterprise include: byersebooks.com Byers Ebooks 201-258-5600
ebsebooks.com AKA Electronic Business Resources 412-927-0410
usefulmart.com usefulmart.com 678-534-2858
bestdigimart.com Bestdigimart 330-871-7932
embintelligence.com embintelligence 404-287-0562
mylibreria.com mylibreria 503-616-3843
smartemarket.com Smartemarket 337-935-0141
There are also recent reports about fraud card charges listed as Crystal Clear Designs, fabri-tex and Vin Designs. Other names surfacing are The Book Cellar Boston, Aslene Reads e-books, and Homebase out of CA . Other names now expired that were associated withthese fraud charges were treedonlainsite.com, Brookshire Enterprises brookshire-ent.com, and bestdigimart.com. It took some serious digging to discover who they really are, as these criminals go to considerable lengths to obfuscate themselves. Many of the names they pick will intentionally resemble legitimate entities. In fact the domain for one of the above, embintelligence.com is registered to an unrelated lady in her 60's residing at Saint Clare's Hospital, Franciscan Oaks Assisted Living Unit, in Denville, NJ, not your typical ebook vendor. There are many more in various stages of operation, each processing thousands of fraudulent charges a month.These sites are not set up to generate any internet business, in fact, the items for sale can be routinely obtained for free. They are just one ingredient in an elaborate credit card fraud laundering process. The sites are an essential component in order to deceive multiple banks, and pass a routine vetting process for a card merchant account. Authorize.net appears to be the predominant card processor used by this criminal enterprise. One obvious sign that they are not intended as sites that random buyers could come across to make purchases from, is that many them are hidden from the internet. They, as intended, cannot be found using any search criteria. Several of the current sites are configured to block any search engine access using a robots.txt file configured as: User-agent: * Disallow: / Examples:
This crime syndicate clearly has unfettered and continuous access to volumes of consumer's card account data at the highest levels. They had access to this data 2 years ago, last year, this year, and they have access to fresh data today. This criminal enterprise has built a sophisticated process that has enabled them to retrieve at least 1,500,000 card data accounts annually, and remove an estimated $15,000,000 a year in laundered card fraud proceeds out of the country. However, the actual amount could be any multiple of that. If they have not laundered a charge through your card already, it is only because they did not retrieve that account data yet. Your card's prior history appears to have no relevance with respect to the odds of getting hit with these specific fraud charges. Also not relevant is the card issuing bank, the charges occur across a broad spectrum of card issuers. Neither is the fact that it is a debit (check card) or credit card, both are billed as CNP transactions, however, they do not have access to the debit pin numbers. Though primarily a Visa / Mastercharge phenomena, it also hits Amex and other card holders. The current focus on Equifax as a potential source of a leak by the latest crop of victims posting on Chris Jopin's blog and also discussed in Brian Sullivan's Red Tape chronicles article, is a recurring anomaly with this criminal enterprise's fraud operation. Victims of this fraud tend to look for a prior common transaction which they believe may point to the source of how their account data was compromised. That focus is understandable, however, the long term history of this crime syndicate indicates that the data is not coming from any recent online transaction that the consumer made with their card. After sifting through years of reports the totality of the data points to a significant leak higher up the database chain. If you were to examine the entire range of victims over a longer time period, you would find that there are many more who do not have any prior charging history in common. During the past few years consumer posting of fraudulent charges that can be tracked to this crime syndicate have reached critical mass at various times. The consensus during these peaks have pointed at one time to Amazon as being the common link, at another time it was PayPal, then various other vendors. The normal instinct is to look at where you last used the card online as a potential source of the leak. That kind of analysis and conclusion actually works in the crime syndicates favor, because it focuses attention to a common vendor, and away from data base storage higher up the chain. Over the long term, the following anomalies emerge:• Card holders who have only used their cards at brick and mortar establishments, and have never used their card online, end up with a fraud charge from the syndicate. That is significant, in that the only data captured in card present B&M transactions are the card swipe data. That data only includes the cardholders first & last name, the card number, and the expiration date. I have verified that when this crime syndicate charges your card, they not only submit your card number, name, and exp date, but also your full correct address and the 3 digit CVV2 number. Where is that complete data stored if you never made an online purchase with the card?. • Consumers have been hit with the crime syndicate's charge on two cards, either in the same month or in consecutive periods. The two cards were issued by different institutions and both were never used at the same vendor, nor online • A consumer reported that shortly after receiving his new card he locked it up in a drawer, and never used it anywhere. Several months later the first ever charge to the card was from the syndicate. This type of report has occurred repeatedly over the years for this operation: (Emphasis added) quote: Mon, Aug 20, 2007 10:16 pm
I got one of my credit card bills in the mail and noticed a strange charge.
BROOKSHIRE-ENT.COM 2054190624 AL $5.00
Mind you, I havent made a charge on this card for maybe two years. I stopped using this card regularly after I accrued a pretty big balance and for the past few years, Ive only been making payments to it. Heck, I dont even keep this card in my wallet. It stays locked up in an undisclosed location that is too inconvenient for me to access. So getting a new charge on this card is pretty strange.
I immediately called my credit card company to dispute the charges. I explained a little more to them and they closed my account and will process for me a new account, number and card.
And:
September 3rd, 2007 at 3:15 pm | Same problem here. This is quite a scam. $15 here. Same company. Inactive but valid Visa. ....................
Source= »slantyeyed.com/wp/?p=905
The current group of sites (Version 5.0) differ from the previous template group in that they are all differently designed webpages. That may be the result of a combination of publicity and also possibly blacklisting by the merchant account provider Authorize.net. Examples of the Ver 4.0 template sites can be found here. The later group of the template sites from late 2006 thru mid year 2007 (Ver 4.5) were never published before as that was during the "shadowing" period when much of the operational tactics were being infiltrated. Below is a list of the names and domains that were retrieved from the production assembly line during that time. I have uploaded screen shots of the actual web urls and websites that were taken at the time to a Photobucket album This group was labeled as Version 4.5 since the format was a different design than the 4.0 group, note each name in the blue upper right box and the matching url. In fact, the connection between them can be seen as the morphing was caught in the act. A version 4.0 site "Alta Vista Web Designs" reported multiple times for fraudulent charges was caught on the same IP as the new ones, in the process of being re labeled as "ultrahorizonwebdesign.com"It was from this group or "division" that the laundered proceeds were tracked moving out of US Banks to the Bank in Bulgaria.
DOMAIN CONTACT NUMBER BUSINESS NAME
universal-webdesigns.com +1-(303)-495-3608 Universal WebDesigns, LLC tws-templates.com +1-(210)-587-7370 Total Webdesign Solutions, LLC. ptds-templates.com +1-(201)-535-8843 Pov technology design solutions, LLC pps-templates.com +1-(775)-548-9423 PPS,Inc lts-templates.com +1-(612)-216-4166 Littlefork Technology Solutions, Inc kato-technologies.com +1-(313)-281-8090 K.A.T.O. Technology, LLC icon-concepts.com +1-(386)-951-4388 Icon Design Concepts Inc gvc-technologies.com +1-(516)-596-8594 GVC Tech Designs, Inc. fdwc-technologies.com +1-(859)-401-0648 Design Web-Solution,LLC web-designs-4-u.com +1-(706)-243-4850 Webdesigns4U, LLC allstar-webtemplates.com +1-(303)-484-6926 All Star Web Designs, LLC AEP-TEMPLATES.COM +1-(281)-962-4281 AEP WebDesign Solutions, LLC ere-webdesignsolution.com +1-(207)-669-8257 ERE WebDesign Solution L.L.C wilson-templates.com +1-(636)-234-0932 Wilson Technologies, LLC pwd-templates.com +1-(609)-858-5284 Phoenix Web Design LLC bfm-websolutions.com +1-(608)-531-1939 BFM Web Solutions, LLC cmc-templates.com +1-(636)-234-0975 CMC Webdesign, LLC ficas-templates.com +1-(262)-997-9372 FICAS, Inc kaizer-templates.com +1-(321)-283-4399 Kaizer Services, LLC ultratech-webdesigns.com +1-(303)-325-3807 ULTRATECH WEB DESIGNS kamk-templates.com +1-(313)-281-1325 K.A.M.K. Technology, LLC mgn-templates.com +1-(214)-594-5853 MGN Enterprises, LLC hoskins-technologies.com +1-(859)-400-0794 Hoskins, corp webfirstclass.com +1-(202)-640-2764 WEB FIRST CLASS LLC floridadesign-solutions.com +1-(941)-876-6863 Southwest Florida Web Solutions, LLC. westernlogos.com +1-(229)-351-4237 Western Logos, LLC ur-solutions.com +1-(207)-457-5279 RSP Web Design Solution LLC
. Though the ebooks sites operated as a division and in parallel to the template sites as far back as late 2006, they multiplied during the first half of 2007. By the middle of 2007 they became the predominant sites, just as the template operation appeared to be phasing out. The current crop of ebook (et all) sites operate identically to the prior version, down to a common beneficiary. There are 3 core components to this crime syndicate's operation.The first ingredient is direct access to a constant supply of card account data. I cannot identify where the long term data is coming from, though access is on going because fresh cards are routinely hit. I can confirm that this criminal enterprise does have the following data on the victims that charges are processed against. In addition to the card number they have the victim's full name and complete address, the card expiration date and the CVV2 security code. The second component is the ability to set up a web hosting site combined with a merchant billing account to process the card charges and launder them into cash. Though the criminals are adept at successfully passing a vetting process to obtain a merchant account, there is an obvious weakness in the entire process. The third and crucial component is the ability to set up US bank accounts to receive the funds from the fraudulent charges. This crime syndicate actually has two bank accounts set up for each domain. One to receive the initial funds from the processor, and a second account that the money is then transferred into, to protect it from being reversed. The later account is from where the laundered funds are then wired out of the US in increments below the threshold for any oversight. That set up has been repeatedly documented in the template sites (Ver 4.5), and the identical modus operandi has now been confirmed in use with these ebook site set ups. To defeat current banking regulations and remain anonymous the syndicate recruits US victims as mules who are hired as unwitting partners in the fraudulent scheme. The process of recruiting and maintaining these cyber mules is a division unto itself of this criminal enterprise. That complex process was also documented in the previous version and is expected to be no different in this version. Be advised that this is not your typical bogus check cashing or carded goods re-routing job, that should send alarm bells ringing in even the most naive individual. There is an indoctrination process that begins at the moment of contact and persists throughout the process. The syndicate actively recruits from multiple venues, including contacting individuals that have resumes listed on Monster and other job seeking sites. It may take an initial interest and response from over 200 people in order to end up with one fully indoctrinated and participating cyber mule. I have spoken with several and the process is effective, none had any idea what they were involved in, especially during the early stages. I assume by design, all of these cyber mules had little prior knowledge of how an internet business or merchant billing account operates. They are recruited as US partners for a foreign company, and are instructed to set up a Limited Liability Corporations (LLC) naming themselves as the registered agent. They are also instructed to obtain a federal tax id number in the business name. Using that LLC documentation they are then instructed to set up the two US corporate bank accounts. The bank accounts must have online access so the syndicate can remotely access and monitor the incoming fund transfers. However, the wiring of funds back to the syndicate is done by the cyber mules. The syndicate is thoroughly versed in the procedures of how to set up US corporations, and they also appear to have intimate knowledge of the US banking system. They provide detailed instructions for the cyber mules to follow. The brainwashing is so thorough that they even have the mules make a purchase from the site with their own credit card as a test, and then later issue them a credit for the charge. The cyber mules receive compensation in the amount of 10% of the monthly proceeds after expenses. They are reimbursed for the LLC set up cost from the first fraud card run. While trying to identify who the cyber mules were for the current Ebook sites it became apparent that the obfuscation process had reached new levels with this version 5.0. Remember that this syndicate makes hiding information at every stage an integral part of the process. Some of the websites are difficult to find due to search engine blocking, at least until there are several internet reports of fraudulent charges. In many cases the business name is a craftily altered derivative of the domain name used, making it difficult for one to easily lead to the other. Charges may show up billed under the business name which may not be the exact lettering of the domain name. They intentionally balance the obfuscation, close enough that it does not raise suspicion at the merchant account vetting process during set up, but as difficult as possible to match after the fact when the fraud is under way. See the layout of names on the 4.5 list above. Also some of the latest reports of fraud charges under such names as "Crystal Clear Designs", "The Book Cellar" and "Vin Designs" which are too generic to dig into without additional data. That is why it is important for anyone reporting these small fraudulent charges to list the complete line data that appears on their card statement including any listed phone number, even a partial oneAlso, it is vital that you report these immediately as fraudulent charges to your bank. DO NOT call and "dispute" the charge. Disputing a charge is a process reserved for billing received from a legitimate entity, that you did not make. The dispute process helps the criminals sustain the operation for that domain, because the bank sends them a notice of dispute which (A) takes time, and (B) allows the criminals to issue you a credit and save the cost of a charge back fee, usually around $25. It is also vital that you cancel and replace the card. These criminals have your com;plete card data. They will continue to make charges to the card. Cancelling and replacing it is your only option.By now they have many years of experience and have perfected the process. The syndicates goal is to run high volume small charges spread across many bank card issuers, using multiple merchant accounts. They hope to maximize the amount of victims who either do not notice it, or do not bother because of the amount. Once a victim is prepared to contest it, then the syndicate wants to issue you a credit and save the charge back fee. They have a prepared script to deflect the attention away from them by saying that someone must have used your card on our site so we will issue you a credit. They will even go so far as to make up an email address that was used for the purchase. They may even tell you that you should report your card as stolen. Of course when was the last time a thief stole a credit card number and decided to maximize its potential by downloading a $10 ebook. In the past the syndicate had the mules respond to the telephone messages, but in the current version they route the calls and voice mails to Eastern Europe and respond directly. Bypassing the mules extends the longevity of each LLC because they are shielded from the volume of charge backs that grows larger each month. The criminals are also using some of the same service providers for the listed phone numbers as was used in previous versions. So who are the conned US based cyber mules for the current ebook sites. I began the process of trying to track them down two weeks ago. I know how to find them based on the crime syndicate's know modus operandi, however actually making contact with them has been tedious and difficult at best. Here is the data so far: . digismarket.com » www.google.com/search?hl ··· G=SearchThough the domain is registered to a Johanna Ray in with an address in Selden, NY: Domain name: digismarket.com Registrant Contact: digismarket.com JOHANNA RAY (johanna.market@gmail.com) +1.6813466445 Fax: +1.5555555555 16 Hudson ST Selden, NY 11723 US The crime syndicate's cyber mule will be the individual who registered the LLC, in the case of Digismarket it is conviently to "no name" at:
That address data cross references to a Steven Bailey: Steven Bailey 6 Franklin Pl, Apt 2 Farmingdale, NY 11735-2636 Listing Details Job title: Owner Company: Digismarket Com LLC So far I have not been able to locate a listed phone number for Mr Bailey or found a way to contact him. . . mfbpsite.com » www.google.com/search?hl ··· e+SearchThat domain is registered as follows: Domain name: mfbpsite.com IP Address: 208.109.225.236 Registrant Contact: mfbp Eleanor Scott (SuppEleanor@gmail.com) +1.3104103189 Fax: +1.5555555555 20411 Campaign Dr Carson, CA 90746 US A California corporation that matches that name appears to be registered to a Christopher Thom
2440 N FREMONT appears to be a multiple tenant business location. A public records search yields this: Christopher Ins Thom 2440 Fremont St Monterey, CA 93940 . . byersebooks.com » 209.85.207.104/search?q= ··· =3&gl=usThe domain data is: Registered through: GoDaddy.com, Inc. Domain Name: BYERSEBOOKS.COM Created on: 11-Dec-06 Expires on: 12-Dec-07 Last Updated on: Administrative Contact: Kimeklis, Russell russellkimeklis@yahoo.com 162 Airmount Road Mahwah, New Jersey 07430 United States (309) 419-3042 However the corporation is registered as follows: quote: BYERSEBOOKS INCORPORATED 0400153571 DP
STATE OF NEW JERSEY
BUSINESS REGISTRATION CERTIFICATE
Taxpayer Name: BYERSEBOOKS INCORPORATED
Trade Name:
Address: 1303 FAULKNER COURT MAHWAH, NJ 07430
Certificate Number: 1285919
Effective Date: November 14, 2006
Date of Issuance: November 28, 2007
The website lists the same address:
There is no public record of the Russell Kimeklis at the domain address in Mahwah, NJ, nor anywhere in New Jersey or surrounding states. The corp address does have the following name listed: Jane Byers Listing Details Job title: Owner Company: Byersebooks Inc Calls to the published number listed for that address have not been returned. . . ebsebooks.com AKA Electronic Business Resources » www.google.com/search?hl ··· esourcesThe domain registration data lists: Domain name: ebsebooks.com Administrative Contact: - Richard Stewart (ebsebooks@yahoo.com) +1.3094077237 Fax: - 910 Freeport Road Pittsburgh, PA 15238 US Creation date: 30 May 2006 The Pennsylvania corporation stats for ebsebooks are:
There is no registered agent listed, however, a check of the actual documents on file at DOC in Harrisburg, PA., show that the agent for tax process service, is an individual named TERRA MILBOURNE. There are no public listings for that named individual at the 34 Grant Ave address. Though the city is listed as Pitsburgh PA 15202. That zip code is commonly used as Bellevue, PA 15202. Several searches turn up other possible addresses and numbers for that named individual, including a listing at a commercial business located nearby. . . Bestdigimart.com » www.google.com/search?hl ··· G=SearchThe domain reg has: BESTDIGIMART.COM Registrant Contact: HARRIS HINES (HARRIS.HINES@gmail.com) +1.3308717932 Fax: +1.5555555555 7644 Market St , Youngstown, Oh 44615 US Creation date: 12 Feb 200 The Ohio corporate filing for the LLC is about as sparse as it can get. No place of business, and the registered agent is a commercial rental agent, Mark Schiff, a figure head. A public records check for the domain registrant turns up no entries for a Harris Hines in the State of Ohio. quote: Business Name Charter
BESTDIGIMART.COM LLC
Registration Number 1671920
Original Filing Date Jan 10 2007
Type Domestic Limited Liability Company
Active Jan 10 2007 Active
Agent Name:
Business Filings Incorporated Mark Schiff
» www2.sos.state.oh.us/pls ··· =1671920and: » www2.sos.state.oh.us/rep ··· 01600178This one needs additional gigging in order to come up with whoever is really behind the LLC. Though Mr. Schiff would be recognized as the legal agent for the company, though he plays no active role in it. . . mylibreria.comDomain info: Domain name: mylibreria.com » www.google.com/search?hl ··· e+SearchRegistrant Contact: MYLIBRERIA.COM JEFFEREY PENN (PJEFFEREY@GMAIL.COM) +1.5036163843 Fax: +1.5555555555 10940 N.W. Supreme Court Portland, OR 97229 US Creation date: 11 Apr 2007
There is no number listing for a Krishna at that address. However there is one for a Varalakshmi & Sudha R Yaramala. Have not been successful at making contact . . smartemarket.com » www.google.com/search?hl ··· G=SearchDomain registration appears to be cloaked: Domain name: smartemarket.com Registrant Contact: WhoisGuard WhoisGuard Protected (ec41e85caca04d158220ea920720f5f2.protect@whoisguard.com) +1.6613102107 Fax: +1.6613102107 8939 S. Sepulveda Blvd 8939 S. Sepulveda Blvd Westchester, CA 90045 US Creation date: 15 Jan 2007 Though the phone number on the website has a Louisiana area code, a search of the LA. corporations does not yield a match for that business name. There is a Smartemarket Inc: » www400.sos.louisiana.gov ··· 4456640D though it has been around for a long time. This is still a work in progress. . . embintelligence.com » www.google.com/search?hl ··· e+SearchThe domain is registered to: Domain name: embintelligence.com Registrant Contact: EMBINTELLIGENCE.COM Barbara Frye (frye74@gmail.com) +1.9735866072 Fax: +1.5555555555 19 Pocono Rd Denville, NJ 07834 US Creation date: 02 Aug 2007 That is the address of The Georgia Division of corporations shows:
I contacted Mr. Benkowitz last week, and spent some time explaining the situation to him. I asked him up front not to mention our conversation to the people that he was dealing with outside the US. Rather he take and a day or two and go over the details that I provided him with, independently confirm them, and he should come to the same conclusion. His circumstances were identical to the known modus operandi. The set up matched exactly to previous cybermules from the 4.5 template version. There were two bank accounts, one to receive the merchant payments and a secondary account that the money was then transferred to, in preparation for wiring out the fraudulent funds from the US. The purpose of the second account by the way, is to allow the funds to be immediately removed from the incoming merchant account, and prevent any subsequent reversal by the processor. he confirmed that the syndicate had remote access to the bank account. Mr. Benkowitz had no access to the web site controls, he never received nor seen any detail level transaction report, only the summary reports of the billing. I provided predictable detail of the function he performed and reviewed it with him. He never met nor spoke to the people he "partnered" for, all communication was via email. He said he did have a number for them, but that was essentially a virtual fax number where he sent charge credit back forms, whenever victims managed to track him down about their charges. I told him that if he looks over his situation, he will see that he has no clue what goes on behind the scene. His essential and primary function is to wire 90% of the funds on a regular basis from a bank account here to a foreign country for which he is paid the remaining 10%. Again to people he never met and does not really know who they are. I told him that not only did the website not have any measurable incoming traffic, neither was there any recorded outbound email traffic from the embintelligence.com domain. On a legit site one would expect the ratio of visits to purchases at maybe 20 to 1, and each purchase would be due a confirmation out bound email. I mentioned the name of the previous beneficiary used on the ver 4.5 Bulgarian transfers "inowest" and asked him if it sounded familiar. He said it sounded like who he was sending the money to. I asked if it was going to Bulgaria, he said no, Kurdistan. I said Kurdistan and not Kazakhstan he said he believed it was Kurdistan. I asked him how he was recruited. He said he was only involved with it for a few months, and that it was his brother in law who enrolled him as he had a corp for some time also. He did not give me his brother in laws name, nor the domain that he was using. Mr. Benkowitz said that he would go visit his partner in the next day or two and call me from his house so I could go over the same details with him. I said fine give me a call. The next day I did receive an email reply confirming that the merchant processor they were using was Authorize.net. I never heard from Mr. Benkowitz again, he did not answer, nor return a follow up phone call or reply to a subsequent email. Yesterday I decided to track down who the brother in law may be, it was not difficult: . . usefulmart.com » www.google.com/search?hl ··· G=SearchDomain name: usefulmart.com Registrant Contact: UsefulMart.com LLC Kevin Kirk (burningmike@gmail.com) +1.5094639854 Fax: +1.5555555555 1024 Coral Club Drive Coral Springs, Florida 33071 US Creation date: 29 Nov 2006Nobody by that name at that address. A check of the Georgia public corporation records produced this:
Over a year old and still kicking, impressive !! I went ahead and called Mr. Hoffman yesterday, I said that I had spoken to his brother in law last week and I was wondering if he had discuused the conversation with him. He said yes he had, and he said "I am angry at him for giving you my name and number". I said that he did not give it to me, I found it on my own. Mr. Hoffman had a nasty attitude, and said that he did not want to have any conversation with me about this issue, he did not want to discuss anything, goodbye !! and he hung up. I am really disapointed, while it is easy to see from watching this criminal enterprise in operation, how people could get indoctrinated into the scheme. It is disturbing that once the situation is clearly laid out for them, and they examine what role they are actually performing, and the circumstances, that it is at least highly suspicious. There are no legitimate business models where this scenario exists. I have a lot of sympathy for the ensared cyber mules, they are also victims of this ruthless criminal enterprise. However the millions of dollars a year that they unwittingly launder out of the US and into this crime syndicates hands are not going to feed hungry children in orphanages. Freezing all funds at the moment of awareness, is a pre requisite to remaining an innocent participant. Before moving on to some of the previous methods used for recruiting cybermules, lets address where the fraudulent funds were actually going outside the US to, during that phase. The specific routing data was: Beneficiary's Bank Name: EUROBANK PLC Beneficiary's Bank SWIFT code: EUBKBGSF Beneficiary's Bank Address: 43 Cherni Vrah Blvd., 1407 Sofia, Bulgaria Beneficiary Account: BG96PIRB91701745144579 Beneficiary Name: Inowest Enterprises IncEUROBANK PLC is an original Bulgarian Bank that was bought out by the Greek bank Piraeus Bank in January 2005. Not much data is available about the beneficiary "Inowest Enterprises Inc". It appears from one posting on a PrOn webmasters site someone described them as a company that sends out wires on behalf of others. Not surprised, Bulgaria has a long tradition as a money laundering center This was only one of many stops in the process before it reached it final location. I believe that the core of this crime syndicate is located somewhere in Russia, and ultimately that may be where the money ends up. The cyber mule recruiting division of this enterprise involved several processes. As mentioned prior it included the syndicate directly contacting people who posted their resumes on job sites. They also placed adds in multiple locations. During the shadowing of the last template phase sites an actual recruiting website was uncovered. this website was specific tot he template group and was assumed to be one of many that were in operation. The site operated as P.O.V Webdesign Solutions, Inc., with a domain of pov-webdesignsolutions.com. The name closely resembled one of the actual template sites ptds-templates.com which was labeled Pov technology design solutions LLC. However there was never any direct reference between the recruiting site and the actual template domains. A set of inventory screen shots of the site and its recruitment pages was taken in April 2007, not long before they disappeared.
Listed on the main page is their "location" given as: P.O.V. Webdesign Solutions, Inc., Laisves pr. 12 LT-04215 Vilnius, Lithuania
The designated contact was listed as Tomas Lasinkas, who in fact was the name the version 4.5 template cyber mules communicated with, regardless of where or how they were recruited. In addition the "president" of POV is listed as Povilas Baranauskas. The balance
Interesting, apparently some potential cybermules and newbie converts found each other HEREAgain, the goal is to run high volumes of cards against small amounts multiplied, times numerous simultaneous sites. If the victim catches it give them a fake email address that used it. Quickly give them a credit to prevent a $25 charge back fee, and to prevent triggering a high charge back alert with the merchant account. Tell the victim someone must have used the card on the site. Suggest it even may have been stolen to divert attention away from the operation. keep the cyber mule out of the loop, maximize the return and longevity for each operating domain. Viewed at the lowest common denominator it is a handful of victims complaining about a trivial charge on their card from one little website. That is not going to trigger any bank investigation, is it spread among many. It also is way below the threshold to trigger any Federal snooping around. Even if a site goes down the rest of the hub are preserved, they do not appear related. If a division goes down, the other divisions still function. Everything hums unless someone grasps the big picture and identifies it as a multi million dollar operation. Add the costs of replacing the cards and we have an annual loss barking at $70 million. But who knows how big it really is. Most certainly this structure was built around the fact that the syndicate has direct access to this card account data, and volumes of it. The operation is vertical, they are not buying data from carding forums. While the location and method of the card access is a priority to discover, notable mention of the clear weakness in the merchant account vetting process must not be ignored. There are numerous symptoms indicating that these sites are not legit even before the charge back ratio grows to trigger levels. No traffic, no outbound mail, robots disallow. Card data detail entry reports that would show that the data is batched, and is not coming randomly from assorted IPs as a typical site would have. It is not that it cannot happen every now and then, but for a multi year criminal syndicate to operate well over 100+ domains with impunity, over and over, and not trigger any alert. Would it be so rewarding to criminals if Authorize.net and others did not front the money right away and instead held two months in reserve for new sites, that would enable the charges to cycle. Clearly some changes need to be made, much of this fraud has become acceptable and is tolerated as past of the given percentage that is wrote off annually. MGD | | MGD 3 edits
4 recommendations |
MGD
MVM
2007-Dec-14 3:17 am
I just ran some new searches after completing the above, and found a news article that I had previously missed. This July 07 notice from the Michigan Attorney General may be a partial reason for the ver 4.5 template sites phasing out and the full blast of ebook sightings. A cyber mule was arrested and charged: quote: Office of the Attorney General:
Cox Charges Woman with ID Theft
Agency: Attorney General
July 19, 2007
LANSING -- Attorney General Mike Cox today announced that he has charged Krystal Owens of Detroit with three-counts of identity theft and one-count of conspiring to commit identity theft.
"Identity theft is a devastating crime to its victims," said Cox. "My office will continue to be vigilant in defending Michigan's citizens from having their identities stolen."
Since January 2007, the Michigan Attorney General's Office has received more than 130 complaints from consumers across the country indicating that K.A.T.O. Technology, LLC, also known as K.A.M.K. Technology, LLC, had charged $12.95 against their credit card without their permission. The Attorney General's investigation found that in the summer of 2006, the defendant Krystal Owens conspired with Tomas Lasinkas of POV Web Design Solutions to set up bogus corporations, banking accounts, and other arrangements thereby enabling Lasinkas to make unauthorized charges against consumers credit card accounts using the bogus company names K.A.T.O. Technology, LCC and K.A.M.K. Technology, LLC. From September 2006 to March 2006, Lasinkas made 75 to 100 unauthorized charges, at $12.95 each, on a daily basis, and Owens wired the illegal proceeds to Lasinkas' bank accounts in Bulgaria on a regular basis. Lasinkas and Owens accumulated approximately $200,000 by way of this fraudulent activity during a six month period.
A criminal charge is merely an accusation, and the defendant is presumed innocent until and unless proven guilty. The penalty for identity theft is up to 5 years in prison and/or a fine up to $10,000.
Source: » www.michigan.gov/ag/0,16 ··· ,00.htmlThat seems really severe, I do not believe based on my experience of the syndicate, that it was possible for Krystal Owens to "conspire", that would require knowledge and intent. It appears that a subsequent article in the Detroit Free Press investigated and picked up on that angle: quote: ................. Krystal Owens, 40, of Detroit was arraigned Thursday on three counts of identity theft and one count of conspiring to commit identity theft for allegedly bilking people out of at least $200,000, Cox said. If convicted, she faces up to five years in prison for each count of identity theft and/or a fine of up to $10,000.
But a Free Press review conducted late Thursday and early today of the particulars of the case raises questions about whether Owens was a willing or unwitting participant in a potential online version of a get-rich-quick scheme. The attorney general's office was not available for comment on this issue early this morning.
Owens was charged after more than 130 people nationwide filed complaints since January with the Michigan Attorney General's Office that their credit cards were billed $12.95 without their permission by K.A.T.O. Technology, LLC, or K.A.M.K. Technology, LLC. ........
Source: » www.redorbit.com/news/te ··· dex.htmlFrom my November 2006 archive of the website "factory" kato-technologies.com +1-(313)-281-8090 K.A.T.O. Technology, LLC kamk-templates.com +1-(313)-281-1325 K.A.M.K. Technology, LLC
KATO
I wonder if they are aware of the full scope of the operation, and that other than a momentary blip it is still running. Strange in that I cannot find any subsequent activity of this July case. This may explain why the funds, though still assigned to the same named beneficiary: Inowest Enterprises Inc., may now be going to another country instead of Bulgaria. I would like to get confirmation from another cybermule that they are in fact going to Kurdistan. Of course either place is probabaly one of many stops and conversions that take place on the way to a final destination. I don't for a moment believe that there is or ever was a "Tomas Lasinkas" and "Povilas Baranauskas" it don't get any more "Lithuanian" sounding than that. Plus hang up a large shingle saying "here is our address, this is where we are at" and you can bet that it is the last place on earth that the real criminals are going to be at. Nor do I think that there was an executive from the crime syndicate waiting at the Bulgarian bank for the weekly wire transfers to come in. By the way several subtle attempts to get "Lasinkas" out in the open failed. Even when his accounts were blocked and his money was at stake, he still wouldn't crawl out of his shell. Here is his voice circa Feb. 2007. Bad quality because he was using Skype, ID was +1(000)012-3456 Tomas_Lasinkas_3.wav 1445208 bytes
MGD
| | Rocky67Pencil Neck Geek Premium Member join:2005-01-13 Orange, CA |
Rocky67
Premium Member
2007-Dec-14 11:05 am
Re: Ebook websites, fraud charges, Dev bill/DigitalAge/PlutoMGD, your work is astonishing. The cyber community owes you a vote of thanks. | | garys_2k Premium Member join:2004-05-07 Farmington, MI |
to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/PlutoAmazing! That is some of the most incredible work I've seen.
Regarding this enterprise, they must have some extensive resources. None of the obvious English language gaffs, that endless supply of fresh card data, a deep understanding of the U.S. banking and finance system. No lads sitting in sweaty Nigerian Internet cafes, these.
I can only imagine that the card data is an inside source at one of the central clearinghouses. Finding THAT source should be a top Federal priority. | | |
to Rocky67
Re: Ebook websites, fraud charges, Dev bill/DigitalAge/PlutoThank You Rocky67 , appreciated. | | | MGD 1 edit |
to garys_2k
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Plutosaid by garys_2k:Amazing! That is some of the most incredible work I've seen. Regarding this enterprise, they must have some extensive resources. None of the obvious English language gaffs, that endless supply of fresh card data, a deep understanding of the U.S. banking and finance system. No lads sitting in sweaty Nigerian Internet cafes, these.......... Thanks, Yes indeed, this is not your typical scam operation at all. The sophistication, expertise, and sheer enormity of this crime syndicate's operation has yet to be realized, or receive the deserved publicity. They have have intricate knowledge of the not only the banking system, but also down to the level of knowing the precise chargeback exception triggering ratios of the online merchant processing system. Again, it is vital that the victims report the charges as fraudulent, then cancel and replace their cards. You play in to the crime syndicates hands by allowing them to issue a credit for the charge. That is what they want to do once they know you have caught it, and will dispute the charge. Victims should also file a complaint online with the Internet Crime Complaint Center (IC3). By issuing credits or reversals to the percentage of victims that discover and pursue the fraudulent charge, that will help maintain a chargeback ratio below the merchant processor's flag threshold. They have managed to sustain some individual accounts for well over a year by doing this. In addition, they get to deflect attention away from their operation, by making it appear, however unbelievable, that a team of criminals are trying to scam the websites using hijacked card data to buy useless ebooks, webtemplates, or cellphone games. When in fact the syndicate is just harvesting cash by ploughing card data in batch entries through their scores of fake sites. said by garys_2k:I can only imagine that the card data is an inside source at one of the central clearinghouses. Finding THAT source should be a top Federal priority. . Yes, this most definitely needs Federal priority, and immediate urgency from both the Secret Service and the FBI. The sheer volume of data that the syndicate has access to, indicates that there is a compromised hole large enough to drive a truck through it. I have given considerable thought as to where and how they are getting the data from. Infiltration by a human mole remains a distinct possibility. I do believe though that the core of the criminal enterprise operates from Russia, or maybe the Ukraine, and there is some anecdotal evidence to support that. Two years ago at the peak of the Digital Age card fraud, there was much speculation that the CardSystems Solutions Inc. leak may have been a prime source of data at the time. However, many of the reports, if correct, stated that though consumer's name, card number and CVV2 were taken, the victims address was not in the files. Since we know that this syndicate is entering address data, then that would tend to preclude that possibility. There was one component of the Card Systems data theft that could very well be the same vehicle in use now, and should also be considered a primary suspect. According to an About.com article in October of 2005, that addressed the potential Card Systems & Digital Age connection. There was a quote from Congressional testimony provided by John Perry, President and CEO of Card Systems Solutions with respect to how the data was compromised: quote: ......"the theft was carried out through the use of a malicious script planted on their system through an Internet-facing application. The malware was programmed to run every 4 days, at which time it sought out a specific file type and extracted credit card holder's names, account numbers, expiration dates and CVV codes. The extracted information was zipped and forwarded to an FTP site where it was presumably retrieved by the attackers".
There is no reason not to believe that a similar malware could exist in another penetrated card account database. Similar malware could have infiltrated databases further up the chain, and still be functioning today. There are still groups of victims on diverse internet forums comparing unique online vendors that they all have a recent purchase with. They point to that common link as the source and location of where their card data was compromised at. Some say Equifax, others are pointing to Digital River, and some to PayPal. However, there is some degree of certainty that this data is not coming from any recent internet transactional event, for several reasons. Sampling of the entire operation routinely turns up victim's cards that were never ever used in online card not present (CNP) transactions. If you never entered your CVV2 number, who or what database would have it stored ??. Combine that with reported charges to cards that were dormant for extended periods that are then hit with these charges. That indicates that the data is not coming from intercepted recent transactions, but rather a storage database that contains card accounts with both active and dormant card data combined, and no distinguishing flags between them. Also, routine reports of victims hit on multiple unrelated cards, indicates that the database may group card account data by the card holder account name, regardless of the card issuer. It does appear that the syndicate is unable to differentiate between fresh frequently used cards, and cards with little or no recent activity. If the criminals had access to the card activity, they would surely sort by that data. For an operation that remains low key, and is dependant on maximizing non disputed billing, why would they knowingly even shoot a charge against a card that has been dormant for a year or more. That is as close as one can get to a guaranteed rejection of the charge by the victim. Bill $15 get get $15 chargedback plus a $25, equals -$25. So they do not know, otherwise they would screen the dormant ones out. In fact, if they could see the transactional history of the accounts, they would sort and select out all the ones that had 3 page bills every month, and probably at least two users. Those are the accounts that have the highest odds of not catching and rejecting the charge. They could maximize their laundering success ratio by selectively billing accounts where the fraud charge would be buried in a 30 item bill. There are also routine reports of victim's who noticed that their cards were "pinged" 24 hours before the charge hit. If the criminals were intercepting data at the transactional level, between Equifax and the upstream processor for example, there would be no need to ping cards. The data would already be from fresh recently used cards. Random card pinging has been a common theme going all the way back to the Pluto card scam. MGD Edit = fixed bad link | | pcdebbbirdbrain Premium Member join:2000-12-03 Brandon, FL |
pcdebb to MGD
Premium Member
2007-Dec-19 6:09 pm
to MGD
i swear, in my lifetime if i ever win the lottery i'm writing you a check, just for the effort you put into this. | | |
MGD
MVM
2007-Dec-20 4:18 am
. That is so nice , Thank You MGD | | MGD 4 edits
2 recommendations |
MGD
MVM
2007-Dec-20 5:56 am
I will now address several additional sites that are currently involved in the card fraud operation. We will also take a look back at some that have already burned out. First let's again look at the structure of this criminal enterprise, so that we can understand how it operates. I will go into some detail on the multiple "hub and spoke" format of the operation. One step up from the fake sites that are converting and laundering the card data, are the hub sites. A hub site is the command and control for a group of the fake billing sites. The hub site will be visible because it is also the recruiting location for the US based cyber mules. That is where the mules are first recruited to, and from where they get instructions in setting up the (unknown to them) fake business operation. From there they will receive detailed instructions for setting up an LLC, a corporate bank account, and applying for a merchant billing account, all for the fake business site which they have been assigned to. The hub site operates numerous fake business sites and contol the mules. Here is a diagram of the way I see the operational structure:
There is now further confirmation connecting the Devbill Template sites from 2006 thru early 2007, and the current crop of E-book sites. As stated earlier the laundered funds from the template group were tracked being wired from US bank accounts to A Eurobank account in Bulgaria. Several of the bank accounts associated with the new E-book (et all) sites are now wiring the laundered proceeds to a bank in Bishkek the Capital city of the Republic of Kyrgyzstan, another former Soviet Republic. No coincidence either is the fact that the funds are sent to the attention of Inowest Enterprises the same beneficiary as the devbill template group wirings. Presumably the move from Bulgaria to Kyrgyzstan may have been partially motivated by the busting of the cyber mule by the Michigan Attorney General. There will be several wire transfer points conviently located in countries that are difficult to trace money from. Just as pov-webdesignsolutions.com was the hub / command & control for the 2006-07 web template sites, the equivelant hub / command & control for some of the E-book fraud sites is e-bca.com » www.e-bca.com , » www.e-bca.com/affiliate.php
That is who instructs and communicates with the mules. They also batch process the hijacked card data in to the site billing account. That is also where the contact phone numbers listed on the site will relay to, and where the calls to victims are returned from. While pov-webdesignsolutions.com pretended to be operating from Vilnus, Lithuania, e-bca.com is pretending to be out of Boden, SwedenAtala Designs, Inc 214-594-4188 was also a hub C&C site at one time » ataladesigns.com
However, there are recent reports of fraud charges coming in under the Atala Designs ataladesigns.com name. They may now have switched to dual purpose mode. In may 2007 they hit the radar as clearly being in the mule recruiting business. They were running employment adds on Craigslists and were tested. Here is the May 2007 response to the add inquiry: quote: From: gundarskristop@aol.com [mailto:gundarskristop@aol.com] Sent: Thursday, May XX, 2007 XX:XX XX (REDACTED) To: (REDACTED) Subject: Atala Designs, Inc. from Craigslist
Hello (REDACTED),
Thank you for responding to Atala Designs, Inc's job offer on craigslist.org. In this letter I will kindly let you into the details of Atala Designs, Inc position of Manager.
Our Marketing Department has developed a perfect idea to boost sales. The idea is to have more subsidiaries that would resell our Webstite Templates. Manager is the person who owns a subsidiary company. Your owing a subsidiary company is very profitable, it is a 21-century-level business. Anyone can do this, because setting up a small company of your own is very simple, and provided with easy-to-follow step-by-step instructions of your personal Atala Designs, Inc manager it is really a fun ride.
After your company is set up, Atala Designs, Inc will create a website for you which will resell our templates.
With company and online store you will easily open necessary business and merchant accounts in a bank.
Final step is launching your store live on the web and taking your commission from sales.
Let me emphasize extremely advantageous features that are sure to help you make the right decision and become our partner. They are:
1. No skills and experience in programming and web design are required from you. Atala Designs, Inc professionals will handle all technical questions; 2. You will not have to sell or advertise anything. It is our special marketing department that will be responsible for it; 3. You will not have to process our customers' payments and deal with customer care issues. Our customer service department will solve them; 4. As the project is in full swing your only responsibility will be managing business account (withdraw your commission and transfer the balance to Atala Designs, Inc).
So, I very much hope that you find our business concept interesting and if you would like to pursue it further, feel free to email me and I will get back to you with every little detail of how our cooperation will develop. Also, I will forward you our Agreement, Instructions and FAQ.
Atala Designs, Inc Agreement - if you would like to work with us, this agreement contains important information about how you are going to be paid, security, etc;
Instructions - describes our partnership in detail and instructs you what to do next;
FAQ - the questions you maybe want to know.
I will be looking forward to your next email.
Please reply to this email: gundars_kristopans@ataladesigns.com
Thank you very much. Respectfully, Gundars Kristopans, Manager of Atala Designs, Inc.
Atala Designs, Inc. Astras Gunara 8b, 14, Riga, LV-1082, Latvia, Phone/Fax for US: (801) 788-5851 Our web site: ataladesigns.com
. Take note that Atala is pretending to be located in another Baltic state, Latvia. Since Lithuania has been covered by P.O.V. Solutions, I would expect Estonia to show up listed somewhere shortly. Atala Designs is clearly a web template C&C hub and along with them come reported fraud charges from a rash of new template sites. Templates, Version 5.0: sensatetech.com - 805-275-2235 AKA Sensate Technology, LLC., Innovative Solutions » www.google.com/search?hl ··· G=Search
ccdtemplates.com - 206-319-8144 AKA Crystal Clear Designs, LLC., Innovative Solutions » www.google.com/search?hl ··· G=Search
mvwebtemplates.com - 404-474-3440 AKA Most Valuable Web Templates Innovative Solutions » www.google.com/search?hl ··· G=Search
mcatemplates.com - 623-444-2173 M.C.A.» www.google.com/search?hl ··· G=Search
ilicsolutions.com - 312-235-6926 Alen Ilic, Inc
freedomtemplates.com - 954-???-????
[freedomtemplates is AWOL, if someone has a screenshot or details from the site, please contact me]
All are carbon copies of each other. Cards will be hit with charges from multiples of this group. Some charges showing up in tandem with the ebook fraud site mylibreria.com
I will follow up with details on the above group
MGD
| | |
GraciousReader to MGD
Anon
2007-Dec-20 11:44 am
to MGD
Thank you for this information! Earlier this week, I found a suspicious charge from embintelligence.com on my credit card I hardly use. I looked up the DNS info, searched on the contact info, and came upon this page.
The registrar address is valid, but it also happens to be an assisted living center in NJ. I called the number at the website (in Georgia) which sounded like a really bad answering machine. This all seemed a bit suspicious at the time, so I didn't leave any info and put out a fraud alert on my credit.
I've printed out the info and will be trying to resolve this later with my bank. Thank you very much! | | EW @sbcglobal.net 1 edit |
EW to MGD
Anon
2007-Dec-20 3:54 pm
to MGD
MGD, please contact me regarding your Ebook fraud investigation [removed by moderator- Dennis] | | |
salvo to MGD
Anon
2007-Dec-21 9:53 am
to MGD
My account was recently charged by usefulmart.com and, after one day of internet research, I subsequently canceled the card and disputed the charge.
I wish I had seen this site prior to that, though, otherwise I wouldn't have merely disputed the charge, but would have characterized it as a fraudulent charge.
I have, though (due to the advice on this site) filed a formal complaint with IC3.
It seems as though it shouldn't be too hard for the credit-card transaction authorizers to "globally" reject any charges originating from these families of sites....
Also, I understand the sensitivity to putting up too much information about these criminals thus allowing them to cover their tracks---if an e-mail such as mine hinders the effort to more closely monitor the activities of these rings, then please, Mr./Ms. Moderator, delete it. | | Doctor OldsI Need A Remedy For What's Ailing Me. Premium Member join:2001-04-19 1970 442 W30 |
to MGD
I'd sure like to see indictments and arrests on the 2 Marietta based Mules (Mr. Benkowitz and Mr. Hoffman) that know they are not running a legitimate web enterprise. Would you report those two to the AJC.com so they can do a story on them from your evidence and get the local authorities involved? | | 4 edits |
MGD
MVM
2007-Dec-21 12:16 pm
said by Doctor Olds:I'd sure like to see indictments and arrests on the 2 Marietta based Mules (Mr. Benkowitz and Mr. Hoffman) that know they are not running a legitimate web enterprise. Would you report those two to the AJC.com so they can do a story on them from your evidence and get the local authorities involved? . I need to update that segment, I did not want to post anything prior to certain events taking place. I did make subsequent contact with the parties and provided them with irrefutable evidence of the fraud, and the fact that they were conned into believing it was a legitimate operation. I also emphazied at the time that while up to now they were a victim and an unwitting participant, however, once alerted and given specific details of the fraud, then to continue to go forward, could in the future jeopardize the claim of being an unwitting participant. I can now tell you that the bank accounts have been frozen, and remote access to the accounts blocked. No additional funds will be wired to the drop in Kyrgyzstan. I also requested that all documents, including emails and other evidence be preserved. It is worth reiterating that all the mules that I have been in contact with have no idea what they have been involved with. The con job is very professional, it even invloves completing and submitting a multiple page application. They also must provide copies of their identification, under the guise that they need a security background check. The data that mules end up seeing is very restricted, and intended that way. The mules that I have located or identified range in age from their early twenties to seventies, and have various backgrounds. Recently many of them have been elderly, but they clearly were not net savvy enough to recognize the subtle signs of the fraud. MGD EDIT= There are dozens and dozens of active mules out there, located around the country. Probably way more than 100 all total over the past two years. There will be a cyber mule behind evey one of these websites generating the fraud charges. | | MGD |
MGD to EW
MVM
2007-Dec-21 12:21 pm
to EW
said by EW :
MGD, please contact me regarding your Ebook fraud investigation [removed by moderator- Dennis] To the LE agent that posted this, I sent you an email from MGD with my contact information. Please check to make sure that you received it. (I requested that the moderator redact your contact information when I read it.) MGD | | MGD
1 recommendation |
MGD
MVM
2007-Dec-21 1:06 pm
An update regarding the victim card data.
I recently discussed the results of a random sample of the data that this crime syndicate is processing. My original thoughts as to the source may not be accurate.
The sample was small, about 2,000 consecutive entries. The interesting part is that the rejection rate ran about 35% at initial entry time. If this is a representative sample it may be significant in terms of the likely source of the data.
There was no dominant reason for the rejection, it varied. Invalid cvv2 number, card previously reported as lost or stolen, address match failed, etc, etc.
It has been suggested that these criminals may be compiling partial data from multiple sources in order to build a data set sufficient to complete a CNP (card not present) transaction. That scenario has been seen out there in the wild before.
These results certainly suggest that they do not have "pure" data. It also further reinforces that they are not intercepting recent real time vendor transactions. The failure rate for card processing from legitimate entities is in the single digits.
They still must have volumes of data though, even more so if the typical failure rate is 35%. They are also not entering data in batches as was first seen two years ago. The data is entered at random times to mimic a typical online vendor, thereby defeating any batch type triggering event flags.
MGD | | MGD
1 recommendation |
MGD
MVM
2007-Dec-21 7:26 pm
Need to add one more to the above group of fraud template sites: valencetemplates.com - 312-265-8407 Valence Internet Technology, LLC
[valencetemplates.com IP 66.152.173.182] Domain name: valencetemplates.com Registrant Contact: VITLLC Brian Guest (brian_guest01@yahoo.com) +1.6614518231 Fax: +1.6614518231 1048 N. Marshfield #3R Chicago, IL 60622 US Name Servers: ns1.hostdone.com ns2.hostdone.com Creation date: 10 Oct 2007 17:51:17 Expiration date: 10 Oct 2008 17:51:17 Entity Name VALENCE INTERNET TECHNOLOGY SOLUTIONS, INC. File Number 65757419 Status GOODSTANDING Entity Type CORPORATION Type of Corp DOMESTIC BCA Incorporation Date (Domestic) 09/18/2007 State ILLINOIS Agent Name R & S LEGAL SERVICES INC Agent Change Date 09/18/2007 Agent Street Address 200 WEST MADISON ST STE 2100 Agent City CHICAGO Agent Zip 60606 Duration Date PERPETUAL Annual Report Filing Date 00/00/0000
Assuming that name is correct there is no listing for that address. The agent service R & S LEGAL SERVICES INC can be contacted also. I am betting that Mr Guest and Mr. Ilic of ilicsolutions know each other. The dates are close and one may have recruited the other. . ilicsolutions.com - 312-235-6926 Alen Ilic, Inc[ilicsolutions.com IP 66.152.162.117] Domain name: ilicsolutions.com Registrant Contact: AI LLC alen ilic (alen_ilic04@yahoo.com) +1.6108081615 Fax: +1.6108081615 4950 N Marine Dr #807 chicago, IL 60640 US Name Servers: ns1.hostdone.com ns2.hostdone.com Creation date: 26 Oct 2007 20:11:22 Expiration date: 26 Oct 2008 20:11:22 Entity Name ALEN ILIC INC. File Number 65821265 Status GOODSTANDING Entity Type CORPORATION Type of Corp DOMESTIC BCA Incorporation Date (Domestic) 10/19/2007 State ILLINOIS Agent Name ALEN ILIC Agent Change Date 10/19/2007 Agent Street Address 4950 N MARINE DR #807 Agent City CHICAGO Agent Zip 60640 Duration Date PERPETUAL Annual Report Filing Date 00/00/0000 For Year No number listed at that adress. I have located a phone number for that name at a nearby address.
. sensatetech.com - 805-275-2235 AKA Sensate Technology, LLC.,[sensatetech.com] 202.60.92.179 Domain name: sensatetech.com Registrant Contact: ST LLC George Berreman (georgeberreman@yahoo.com) +1.5016370368 Fax: +1.5016370368 3700 Dean Dr #507 3700 Dean Dr #507, Ca 93003 US Name Servers: ns1.aussiednsserver.com ns2.aussiednsserver.com Creation date: 12 Sep 2007 21:44:07 Expiration date: 12 Sep 2008 21:44:07 LP/LLC SENSATE TECHNOLOGY LLC Number: 200723010107 Date Filed: 8/1/2007 Status: active Jurisdiction: CALIFORNIA Address 3700 DEAN DRIVE #507 VENTURA, CA 93003 Agent for Service of Process GEORGE BERREMAN 3700 DEAN DRIVE #507 VENTURA, CA 93003
There is a listed number . ccdtemplates.com - 206-319-8144 AKA Crystal Clear Designs, LLC.,[ccdtemplates.com IP 202.60.92.179] Domain name: ccdtemplates.com Registrant Contact: CCD LLC Arthur Chandler (arthur_chandler00@yahoo.com) +1.7203851302 Fax: +1.7203851302 13626 8th Ave S Burien, WA 98168 US Name Servers: ns1.aussiednsserver.com ns2.aussiednsserver.com Creation date: 26 Sep 2007 18:38:56 Expiration date: 26 Sep 2008 18:38:56 INTERACTIVE DESIGNS LLC UBI Number 602762619 Category Limited Liability Regular Profit/Nonprofit Profit Active/Inactive Active State of Incorporation WA Date of Incorporation 09/18/2007 License Expiration Date 09/30/2008 Registered Agent Information Agent Name ARTHUR CHANDLER Address 13626 8TH AVE S City BURIEN State WA ZIP 98168
13626 8TH AVE S appears to be a Multiple business location No listed number at that address. however there are several people with that name in the Tacoma / Seattle area . mvwebtemplates.com - 404-474-3440 AKA Most Valuable Web Templates Innovative[mvwebtemplates.com IP 202.60.92.179] Domain name: mvwebtemplates.com Registrant Contact: TTS Edward Murphy (eddiemv777@yahoo.com) +1.2707787541 Fax: +1.5555555555 1060 Park Row North Atlanta, GA 30312 US Name Servers: ns1.aussiednsserver.com ns2.aussiednsserver.com Creation date: 26 Jun 2007 20:23:33 Expiration date: 26 Jun 2008 20:23:33 Name Name Type MURPHY VENTURES, INC. Current Name SWINTON LEGACY, INC. PRIOR NAME --------------------------------- Profit Corporation - Domestic - Information Control No.: 0209361 Status: Active/Compliance Entity Creation Date: 2/19/2002 Jurisdiction: GA Principal Office Address: 1060 Park Row North Atlanta GA 30312 Last Annual Registration Filed Date: 7/16/2007 Last Annual Registration Filed: 2007 ----------------------------- Registered Agent Agent Name: EDDIE J. MURPHY Office Address: 1060 PARK ROW NORTH Atlanta GA 30312 Agent County: ---------------------------- Officers Title: CEO Name: EDDIE MURPHY Address: 1060 PARK ROW NORTH Atlanta GA 30312 ---------------------------- Title: CFO Name: ANN MURPHY Address: 1060 PARK ROW NORTH Atlanta GA 30312 ---------------------------- Title: Secretary Name: EDDIE MURPHY Address: 1060 PARK ROW NORTH Atlanta GA 30312 -----------------------------
Now that LLC was a tough find, it originally was formed in 2002 and is why I skipped over it several times. It was formerly another name, and then changed to MURPHY VENTURES which equals the "MV" in: "mvtemplates.com". No number however there is one for another business at that address. . mcatemplates.com - 623-444-2173 M.C.A.[mcatemplates.com IP 66.152.161.13] Domain name: mcatemplates.com Technical Contact: MCT LLC Steve Rogan (steve_rogan12@yahoo.com) +1.5095625853 Fax: +1.5095625853 8912 E. Pinnacle Pear Ro #174 Scottsdale, AZ 85255 US Name Servers: ns1.hostdone.com ns2.hostdone.com Creation date: 25 Sep 2007 10:25:41 Expiration date: 25 Sep 2008 10:25:41 That address is a typo, it is "Peak" not "Pear" and that appears to be a multi business location. Still searching Arizona corp. records. M.C.A. is an abbreviation for something not related to "templates". Cannot locate a Steve Rogan in Scottsdale. . freedomtemplates.com site currently 404 Domain name: freedomtemplates.com Registrant Contact: Cd LLC Edgard Lopez (edgardfromflorida@yahoo.com) +1.6156766977 Fax: +1.6156766977 4019 N. University Dr. APT. E-107 Fort Lauderdale, FL 33351 US Name Servers: ns1.aussiednsserver.com ns2.aussiednsserver.com Florida Limited Liability Company FREEDOM WEB DESIGNS, LLC Filing Information Document Number L07000077425 FEI Number NONE Date Filed 07/27/2007 State FL Status ACTIVE Principal Address 4019 NORTH UNIVERSITY DRIVE, APT. 3-107 SUNRISE FL 33351 Mailing Address 4019 NORTH UNIVERSITY DRIVE, APT. 3-107 SUNRISE FL 33351 Registered Agent Name & Address SPIEGEL & UTRERA, P.A. 1840 SW 22ND ST. 4TH FLOOR MIAMI FL 33145 US Manager/Member Detail Name & Address Title MGR LOPEZ, EDGARD A 4019 NORTH UNIVERSITY DRIVE, APT. 3-107 SUNRISE FL 33351
I hope MR. Lopez did not sign up for the syndicate's CEO special package deal. As it appears that less than two months after the above corp was set up, he registered 4 more LLCs that have ominous internet appearing names.: Florida Limited Liability Company COMPUTERS DATA CENTER & TECHNOLOGIES, LLC Date Filed 09/18/2007 Florida Limited Liability Company WEB INVESTMENTS USA, LLC Date Filed 09/18/2007 Florida Limited Liability Company WEB DATA INTERNATIONAL, LLC Date Filed 09/18/2007 Florida Limited Liability Company REAL INVESTMENTS MANAGEMENT INTERNATIONAL HOLDINGS, LLC Date Filed 09/18/2007 Still trying to track a number down for Edgard at this new location. Though not all sites are coded to block search engines, this group was:
| | garys_2k Premium Member join:2004-05-07 Farmington, MI |
to MGD
We may get a few more views on this thread, I posted a reply here: » 800notes.com/Phone.aspx/ ··· 75-2235/ where people are speculating about how their cards were compromised. As far as how they're getting the CC and CV2 numbers, since many of these cards have not been used recently (if ever) that would tend to discount the "assembled from multiple sources" theory but add weight to the compromised database idea. Of course, that contradicts the high rejection rate... Too bad we can't ask Time magazine's newest Person of the Year to help us -- something tells me he'd be able to find out with one phone call. » www.time.com/time/specia ··· theyear/ | | |
Amy B80 to MGD
Anon
2007-Dec-23 11:50 am
to MGD
Thank you for linking to this forum from » www.sygyzy.com/2007/02/0 ··· new-419/We reported the charge as fraudulent, shut down the debit card immediately but the company was still able somehow to refund the $4.95 even though the debit card number they used was now defunct so how were they able to get the refund issued through the bank while the bank was aware it was a fraudulent charge to begin with? I'm not happy with the bank for doing this because that pretty much cuts me off from being able to do anything else about it, though I admit from the way you make things sound, it might not be completely beneficial if all I am going to be able to do is take down some unknowing mule. I truly was hoping to keep them from being able to make a refund even so far as refusing to give any contact/billing information regarding the charge when I finally got a heavy accent speaking lady that answered the phone at the number listed with the charge. Note I had called numerous times with the landline home phone with never an answer then later that evening I called with a cell phone and she answered right away. Odd. | |
1 recommendation |
MGD
MVM
2007-Dec-23 1:22 pm
said by Amy B80 :
..... so how were they able to get the refund issued through the bank while the bank was aware it was a fraudulent charge to begin with? ... For cancelled cards there is a rollover process that extends at least for 30 days where a credit will be cross referenced. It is not the banks fault, as once the original biller issues a refund for the charge the process is automated. As mentioned before, that is why they always list a relay phone number on each site, and aggressively try to issue credits when a victim intends to charge it back. A chargeback negates the original charge and then adds a $25 fee from the merchant processor. That eats away at the syndicates funds, and is eventually what burns the account up. Depending on the variables the account can last for a year or more. However, the growing amount of chargebacks and fees eventually cause the account to implode, and it ends up in a huge negative. So a priority for the criminals is to issue a credit in lieu of facing a charge back. In addition, corresponding with a victim allows them to deflect attention away from them by insisting that "someone" compromised their card and used it to purchase something at the site. That modus operandi has been in use for years. In fact some of you may recall in 2003 - 2004, during earlier versions of this syndicate's enterprise they had websites which had a message on the main page that said "If you received a charge from xyz company on you card. Please enter the last four digits of your card number to receive a refund credit." That format was subsequently discontinued as it became ridiculed. Placing a message and entry box prominently on the main page became an obvious scam flag when thousands of users reported charges from assorted sites that all had the same format. MGD | | MGD 2 edits
1 recommendation |
to garys_2k
Thanks, I had seen some of those individual pages before from search hits, but not the entire thread. In reviewing, it leads to another "template page". A poster listed a charge from naturalordretemplate. Re arranging the name leads to: naturalordertemplate.com - 626-310-0668 Natural Order, Inc
[naturalordertemplate.com IP= 66.152.173.178] Domain name: naturalordertemplate.com Registrant Contact: I E C I Andrew Fairbanks (andy_fairbanks@yahoo.com) +1.6106431850 Fax: +1.6106431850 403 Perkins ST Oakland, CA 94610 US Name Servers: ns1.hostdone.com ns2.hostdone.com Creation date: 17 Sep 2007 20:07:28 Expiration date: 17 Sep 2008 20:07:28 Andrew Fairbanks 403 Perkins St Oakland, CA 94610-4722 phone number unavailable There are two other individuals who have the same phone number using that address. Though the listed contact phone is also a CA area code, there is no listing for a "Natural Order " in the California corp. database. Two postesrs report that the charge appears to list Minnesota as the origination, and also that the phone number above is also listed as "Atala Designs". That is the Hub / recruiting site I listed in a previous post. quote: ..."Pending charge from "Atala Designs St Paul Park MN" for $11.85 on 22Dec07"...
..."I received a charge on my credit card from ATALA Designs for $10.65 12/12/2007. I reported it to my bank and the charge was removed and now I have to get a new card. On my account description of the charge it gave a 626 number which is Alhambra, CA but the info on my account said MN"....
Strange, ataladesigns.com: » ataladesigns.com/ is now off the air. I also checked Minnesota corp data base and did not get a hit under that name either. EDIT= This could be an attempt to salvage a business entity set up, where the mule may have got suspicious and dropped out in the early stages. /edit I have some other hub sites coming up shortly including what appears to be a new theme, version 6.0. Also have the latest version of the "mobile phone games" site, a la Generex and Moball. MGD | | MGD 2 edits
1 recommendation |
MGD
MVM
2007-Dec-23 5:05 pm
Still digging around the "Inowest" connection, so far unable to tell if they are a part of the operataion, or complicit. I cannot yet rule them out. We have already established the firm connection, and continuation to the Devbill / digitalAge et all by way of the foreign laundering. As stated, the version 4.5 templates funds from the hijacked cards were wired out of US banks to: Beneficiary's Bank Name: EUROBANK PLC Beneficiary's Bank SWIFT code: EUBKBGSF Beneficiary's Bank Address: 43 Cherni Vrah Blvd., 1407 Sofia, Bulgaria Beneficiary Account: BG96PIRB91701745144579 Beneficiary Name: Inowest Enterprises IncWe know that the fraudulent carded funds from several of the e-book sites are now wired out of US banks and routed to: Beneficiary's bank name: ASIAUNIVERSALBANK Beneficiary's Bank SWIFT code: ASUJK22 Bank address: 59, togolok moldo str., 720033, BISKHEK, KYRGYZSTAN REPUBLIC Beneficiary account: 1231128530000131 Beneficiary name: Inowest Enterprises Beneficiary address: same as bank address Asia Universal Bank is: » www.aub.kg/en .No coincidence that Asia Bank has several outlets in Russia, and branch offices in the Ukraine, Latvia, and Kazakhstan. AUB does have a stated policy to counteract the laundering of illicitly-acquired funds: » www.aub.kg/en/about/gene ··· al/proiz Maybe a "heads up" is in order. Inowest is now referenced in two webmaster forums that deal in PrOn affiliate referrals and sponsored site linking. In addition to the previous: quote: I'm getting wires but don't know which sponsors - please help!
------------------------------------------------------------
Hey
I've received a few unknown wires. Does anyone here know which sponsors they are? These are wires btw, no cheques.
Inowest Enterprises Gioram Kenny Media Design Ironic
And if the owners of these sponsors see this post, can you please tell me in which country your company is based?
Thanks anyway Maikel
Source= NOT WORK SAFE » www.gofuckyourself.com/s ··· t=615371A second recent reference is on a similar Russian forum, and in fact specifically mentions "Inowest v ASIAUNIVERSALBANK". A rough Google translation is here may not be WS either: » translate.google.com/tra ··· 6hl%3DenAt this stage it is possible that inowest is a Russian "currency facilitator", operating on the virtual fringe. Maybe similar to this Russian company: » www.fethard.biz/ and » www.fethard.biz/about.phpIt is reasonable to assume that whatever laundering vehicle and location the criminal enterprise is using, it is one that they are familiar with, and have established history with. I need to reach and convert more "cyber mules" in order see if there are other accounts and C&Cs that are in use. MGD | | MGD 2 edits
1 recommendation |
MGD
MVM
2007-Dec-23 7:45 pm
At the start, I reiterated that this syndicate has been in operation for years, and has constant access to card account data. You can journey back to seven years ago and see the "Beta", or maybe even Version 1.0 of this long running criminal operation. These reports are from 7 years ago, almost exactly to the day: 'Tis the season for credit-card heistsand: 'Egghead.com Gets HackedBesides, at that time, the obvious operational base was Russia, pay close attention to some of the common ingredients: circa 2000: quote: "....MSNBC.com research has revealed that for at least the past six months, hundreds and perhaps thousands of consumers have found charges between $5 and $25 billed to their credit cards. The laundering efforts appear to involve a group Russian telecommunications and Internet companies. Since July, Net users have widely complained about charges from companies named Skiftelecom, Incomtel, Global Telecom, and Inetplat. It was not immediately clear if the Russian firms were participants or victims of the scheme.
After initial e-mail contact, Inetplat didn't respond to a request for an interview. None of the others immediately replied to e-mail.
There has been a fresh flurry of charges-at least 100-billed this week by Global Telecom and Inetplat, which appear from their Web site to be the same company......."
Ringing any bells ??? if not try this: quote: "....She said one of her fellow victims had received a reply from Inetplat earlier this year after complaining. In the e-mail, the company was said to reply: "Possible your credit card data was stolen by hackers and used to enter one of the sites of our clients. We refund you all the money charged from your card within one week. Please do not make chargeback within this week." .....
Oh.. sound familiar.!! What was not apparent back in 2000 was these sites were "fronts" and connected.GTELECOM.NET Global Telecom gtelecom.net and Inetplat Inetplat.com were clones of each other. From a rough translation of Inetplat.com's Home Pagequote: "....The pay system InetPlat allows services on the method to the payment through Internet of the credit maps VISA and Eurocard/Mastercard for vebmasterov of paid sites and developers of software. Relying on contemporary technologies we let us ensure reliability and safety of your electronic commerce. Hundreds of clients from the different countries of peace already are used InetPlat in their business".....
A comment in another Russian PrOn webmaster affiliate forum not long afterwards makes reference to "inetplat" and translates as: circa 2001: quote: ".....4 more greatly I will say, they do not work from similar lazhey EVEN nelegal'shchiki! -))) An example, there was this office as inetplat.com (recently its name it was mentioned in connection with the scandal "Russians they robbed 3 million Americans"), so they they attempted to interest in its service of russkoyazychnykh nelegal'shchikov. And those sent them. This office awaits analogous. However, however, there lie in the first proposal on the site, in the first word: THE "RELIABLE method to obtain payment into the Internet"; -))"....
Of course now after several progressions and iterations they have adapted and fine tuned the operation. Incoming charges from Russia against thousands of US cards has long been addressed by monitoring algorithms that will reject them onsight. As recently as 2006 they had several sites that tried to run charges from merchant accounts in the UK and Sweden. They failed, the majority of the charges were rejected, and were subsequently blacklisted. Many potential victims received a notice from the card issuer that the charge was rejected. The hosting and processing via internal US merchant accounts was a procedure adopted by the syndicate to counteract these measures. The most lenient security threshold for charges processed to US cards are ones that originate from within the US. It was then that the recruiting of cyber mules began, and the operation moved "onshore". The fundamental issue back then was one of a card data security problem, that is what drives this entire operation. Unfortunately, 7 years later it is still the core problem. MGD | | garys_2k Premium Member join:2004-05-07 Farmington, MI
1 recommendation |
garys_2k
Premium Member
2007-Dec-23 9:47 pm
Getting to the core issue, where/how they get the card data, ought to be front and center to the entire Mastercard/Visa/Amex industry. Seven years? Clearly the source data has been the most consistently reliable part of the scheme -- more certain than the systems for processing the charges.
It could likely be a small group of moles placed in key positions in the business. They could skim the data onto floppies/CDRs/USB drives, whatever and export it at their leisure. They could plant the malware onto the providers' servers that uploads files.
Or, maybe they can do the latter remotely -- given the number of vulnerabilities in web facing servers out there. As for the high rejection rate, that could be a key clue.
Clearly we need a much more robust method of verifying credit card transactions where the card isn't physically present. I suspect this syndicate targets the U.S. because our procedures are easier to defraud. | | |
chst to MGD
Anon
2007-Dec-24 8:40 pm
to MGD
MGD, the job you are doing is amazing!
I could become one of those cyber mules! But now they have no chance. They've hired me and I've almost set up the merchant account already. That's a big luck I've found everything out on this stage, they haven't had a chance to charge anybody through me yet!
Well, anyway.. I think I've got some interesting things that were not mentioned above and could help to trace those bastards, but I'm not sure if I should post them right here. Please e-mail me at chstpublic[at]gmail.com | | |
MGD
MVM
2007-Dec-25 5:05 pm
said by chst :
MGD, the job you are doing is amazing!....... Thank you, as requested, made contact from 007MGD MGD | | MGD
1 recommendation |
MGD
MVM
2007-Dec-27 5:03 am
Updating, rooted some more out. Another template clone: infinitysonstemplates.com 404-474-2550 Infinity & Sons, LLC. That is the current phone number listed here: » infinitysonstemplates.co ··· help.php Charges have also shown up on statements under that name listing another number: 404-645-1736 see: » 800notes.com/Phone.aspx/ ··· 645-1736
[infinitysonstemplates.com IP 66.152.162.116 ] Domain name: infinitysonstemplates.com Registrant Contact: IS LLC bryan gracy (gracy_bryan@yahoo.com) +1.4046451736 Fax: +1.4046451736 205 Sue Ln Auburn, GA 30011 US Name Servers: ns1.hostdone.com ns2.hostdone.com Creation date: 02 Nov 2007 19:41:28 Expiration date: 02 Nov 2008 20:41:28 The cybermule matches the domain reg.:
Business Name History ----------------------------------------- Name Name Type INFINITY & SONS LLC Current Name ----------------------------------------- Limited Liability Company - Domestic Control No.: 07089304 Status: Active/Compliance Entity Creation Date: 10/29/2007Jurisdiction: GA Principal Office Address: 205 sue lane Auburn GA 30011 Last Annual Registration Filed Date: Last Annual Registration Filed: ---------------------------------------- Registered Agent Agent Name: Gracy, Bryan Office Address: 205 sue lane Auburn GA 30011 Agent County: Barrow ---------------------------------------- There is no number listed for him at that specific address. A reverse lookup of the address lists a different name. It is possible that this was a recent move, as there are other listings for his name in Georgia. . . Here is another E-book site: mynetconnex.com 732-993-5297 mynetconnex
Been around since March 2007 without much noise: » www.google.com/search?hl ··· e+SearchFor this genre, the domains usually do not match anyone, and can be carded. There is no reverse listing for this address, nor is there one for anyone with that name in NJ. [mynetconnex.com IP 68.178.233.191] Domain name: mynetconnex.com Registrant Contact: MYNETCONNEX.COM MEGAN BROCK (supportmynetconnex@gmail.com) +1.7329935297 Fax: +1.5555555555 306 Stevens Way Freehold, NJ 07738 US Name Servers: dns1.name-services.com dns2.name-services.com dns3.name-services.com dns4.name-services.com dns5.name-services.com Creation date: 20 Mar 2007 20:42:34 Expiration date: 20 Mar 2008 20:42:34 There does not appear to be any corp listing for a mynetconnex, however, there is the following New Jersey corporation: quote: New Jersey State Corporate and Business Information Reporting
Business Entity Name
NET CONNEX, INC.
Filing Number 0100708464
Code DP
There is a legit business called : Net Connex Technologies, Inc., so I am unable to tell yet. The Governor of New Jersey wants at least $5 to cough up more info. I have added it to my list. I may try and negoitate a bulk rate ! MGD | | pleekmoTriptoe Through The Tulips Premium Member join:2001-09-14 Manchester, CT
1 recommendation |
pleekmo
Premium Member
2007-Dec-27 6:43 am
Maybe we should start an MGD anti-scammer fund. I think that this would be an excellent idea, given MGD's value so far in shining the light on the dark corners of the Internet financial world. | | |
MGD
MVM
2007-Dec-27 9:31 am
Thanks, I was just making fun, .... and to be fair to NJ, they are not alone, several states now charge to look up data. However, I am still set on you winning that lotto. MGD | | pleekmoTriptoe Through The Tulips Premium Member join:2001-09-14 Manchester, CT |
pleekmo
Premium Member
2007-Dec-27 10:20 am
said by MGD:However, I am still set on you winning that lotto. MGD Yes, I do every now and then say my prayers to the Jackpot God. | |
|