|
uniqs
815477 |
|
 |
|
1 recommendation |
to Twice Bitten
Re: Ebook websites, fraud charges, Devbill/DigitalAge/PlutoLet's start here: Fraud charge Victim # 1
.
11/18/2008 $4.95 fraud charge from Looper Enterprises ---> same victim 12/01/08 $.26 fraud charge from Adele Services
Fraud charge Victim # 2
.
12/19/2008 $7.50 fraud charge from Rebatesoft ---> same victim 12/22/2008 $10.29 fraud charge from Internet Logistics LLC, 352-3530
Fraud charge Victim # 3
.
12/30/2008 $7.20 fraud charge from GETNEWITEMS ---> same victim 12/31/2008 $11.89 fraud charge from Internet Logistics LLC
. LOOPER ENTERPRISES and INTERNET LOGISTICS LLC have already been identified and confirmed as this crime syndicate's operation. First take ADELESERVICES.COM AKA ADELE SERVICES 800-764-8104 800-578-9641ADELE SERVICES appears to be have been set up strictly as a "pinging service" to pre validate card data. First reports begin to roll in around the end of November, and run through the end of December. I completely missed it until twice bitten reported on EXTRA PATH. You can only imagine to what extent only the surface is being scratched here of this massive fraud operation. Adele fraud reports include this: quote:
Filed by JLo at 12/10/2008 10:20:23 AM Caller Type: Unknown
Phone Number Report: No call was made to me. 2 FRAUD charges were made to my bank account. The FIRST transaction was:10/24/2008 ELECTRONIC/POS TRANS 999999 OBAMA FOR AMERICA 3128192416 IL 10/22 21:10 $5.00 The SECOND transaction was: 10/29/2008 ELECTRONIC/POS TRANS 999999 OBAMA FOR AMERICA 3128192416 IL 10/27 20:59 $5.00 "THIS WAS WHEN IT WAS DEPOSITED BACK INTO MY ACCOUNT!! I NEVER authorized this transaction. The THIRD transaction was: 11/21/2008 ELECTRONIC/POS TRANS 3825 ADELE SERVICES 8005789641 NY 11/20 21:19 $0.25 I HAVE ***NEVER*** USED THIS DEBIT CARD!! THIS CARD WAS NEVER ACTIVATED!! IT WAS SHREDED!! I think there is a HUGE leak on info somewhere.
Lots of all ping charge complaints:» www.google.com/search?hl ··· e+Search and » www.google.com/search?hl ··· e+SearchNot the first time that the virgin card scenario has been reported on here. Also cyber criminals routinely use on-line donations, charities, etc as a way to ping cards for free. The reversal of the Obama contribution, probably by the campaign, indicates that the listed donor did not match the card data. Someone from Local Cleavland, Ohio, media looking for local victims, » www.topix.com/forum/clev ··· KJUQ7Q9K I know it is a little late now, anyone want to give them a "heads up" on the big picture anyway. HMnnn !: quote:
Reward $5000 Filed by Reward $5000 at 11/23/2008 9:18:23 AM Caller Type: Unknown
Phone Number Report: Charged my account $.21 Reward for info on who did this; Adele services, I am coming for you Contact me at DiCaprio@steelersfan.net No joke,, You find these guys before me, I will pay.
» www.callercomplaints.com ··· 1&page=1Wonder if he will accept GPS coordinates? Watch for the connections to EXTRA PATH as we go through ADELE SERVICES. By the way the following phone numbers show up used for Extra Path: EXTRA PATH 800-691-8539
EXTRA PATH 888-523-5305
EXTRA PATH 800-385-8413The adeleservices.com website is now blank, however I can tell it had a blocked robots.txt file because Google knows it existed but has no cached copy of any pages (a la extrapath)
Domain name: ADELESERVICES.COM
.
Administrative Contact:
THOMAS, PHILIP support@adeleservices.com
68 South Service
Melville, NY 11747
US
+1.8005789641
Technical Contact:
THOMAS, PHILIP support@adeleservices.com
68 South Service
Melville, NY 11747
US
+1.8005789641
.
Registrar of Record: TUCOWS, INC. ---> SAME AS EXTRAPATH
Record last updated on 03-Jun-2008.
Record expires on 30-May-2009.
Record created on 30-May-2008.
.
Domain servers in listed order:
NS2.LUNARMANIA.COM ---> SAME AS EXTRAPATH
NS1.LUNARMANIA.COM
ADELESERVICES.COM TraceRoute to 67.210.109.220 [adeleservices.com] 67.210.109.220 ismene. lunarmania.comEXTRAPATH.COM TraceRoute to 67.210.98.240 [extrapath.com] 67.210.98.240 mania. lunarmania.com» 800notes.com/Phone.aspx/ ··· 523-5305Also while wearing your EXTRAPATH hat, guess what is at the adeleservices.com domain address of 68 South Service, Melville, NY 11747. Correct, another Regus virtual office address, small world: 
» www.regus.com/locations/ ··· =officesWhile in the » adeleservices.com neighborhood on the lunarmania.com IP 67.210.109.220 let's do a quick drive through of the 700 odd websites that are hosted on that server. Another current blank page website GLFDSITE.COM » gfdlsite.com/ also with no google cache of the site:
Whois Record
Registrant:
GFDL
5601 Bridge St
Fort Worth, TX 76112
US
.
Domain name: GFDLSITE.COM
Administrative Contact:
McCurtis, Sean support@gfdlsite.com
5601 Bridge St
Fort Worth, TX 76112
US
+1.8007299176
Technical Contact:
McCurtis, Sean support@gfdlsite.com
5601 Bridge St
Fort Worth, TX 76112
US
+1.8007299176
.
Name Server: NS1.LUNARMANIA.COM
Name Server: NS2.LUNARMANIA.COM
.
ICANN Registrar: TUCOWS INC.
Created: 2008-05-29
Expires: 2009-05-29
Updated: 2008-05-29
I know what you are going to ask ... I wonder .... what is at 5601 Bridge St, Fort Worth, TX 76112 ? 
» www.regus.com/locations/ ··· =officesNow look at what GFDL AKA GFDLSITE.COM 800-729-9176 800-764-0847 has been up to. Pinging thousands and thousands of cards. 18 pages of fraud reports under number on 800notes.com alone. Beginning in the middle of November: » 800notes.com/Phone.aspx/ ··· 764-0847 last report was 01/09/09. They must have rented boxes at all these Regus locations. One victim got a complete address from the bank and it has a suite number, # 30: » 800notes.com/Phone.aspx/ ··· 764-0847quote:
------------------------------------------------------
As I checked on-line this morning, I see a small charge in the amount of $0.13 with the text "TX GFDL" after the number (1-800-764-0847 TX GFDL). It does NOT say "pre-authorize"--it is a 13 Cent charge by someone unknown by me
------------------------------------------------------
PA Here. I found the same transaction documented as "Debit Card Withdrawal GFDL 800-764-0847 TX" for $0.18 cents in my checking account.
------------------------------------------------------
Another Washingtonian with same story only it was a $.13 charge. Fortunately, credit union security caught it, put a hold on my card and notified me, so(apparently)no damage done. It came from the same GDFL phishers in Texas. My CU also gave me a partial address of 5601 Bridge Street, Suite #30, but they didn't have a city or zip code
------------------------------------------------------
California - 24 Nov 2008
Got me for $0.17 shows up as GFDL 800 764 0847 TXUS. Seems they tried small to see if card would go thru and then went for it. I received a call from card security thru my bank wanting to verify transactions on my account. Apparently they tried me for $1200.00 which declined because it was far over daily limit which flagged my bank. I got lucky with that. The next two they tried was for $400 and and another for $200 both declined because they tried the large amount first causing a freeze on the account. They were going thru Western Union on-line from what card security was telling me.
------------------------------------------------------
me too - 30 Nov 2008
Same thing as everyone else is reporting: $.14 charge on 11/14 to "GFDL 800-764-0847 Tx".
Then $155 in 5 separate charges on 11/17 to "Ups[bunch of #s]800-811-1648 Ga" that I didn't make.
------------------------------------------------------
Plus the scammer also changed the mailing address and phone # for this REI Visa card thru US Bank. The new address they gave is for RMS Gold Assaying, 3015 Gilroy St. Los Angeles, CA 90039 and cell phone is (213)400-6044. Good news is that US Bank emailed me a confirmation that I had changed my address, otherwise who knows how much more they would have charged.
------------------------------------------------------
me too - 7 Dec 2008
Ups numbers were tracking numbers. Found out that there were packages sent from Marion, IN to various places in the United States. Now if I can only get senders name and address, I could catch my thief.
------------------------------------------------------
The company also is going by another name DDA PURCHASE GFDL 800-764-0847 TX GFDL with also a bogus 800 number. I'm so mad. Chase didn't seem to care about my bringing this to their attention.
------------------------------------------------------
MA - 15 Nov 2008
I got the $0.15 charge from GFDL on my Bank of America account yesterday. I had a charge on 11/9 for $7.50 from RebateSoft and had my card canceled and replaced on Thursday. I don't know how this got through, as my card was canceled on Thursday, going to call the bank.
So ADELE SERVICES ADELESERVICES.COM and its clone GFDL GFDLSITE.COM were just pure pinging, card testing operations. The difficult part is how they managed to pull off a merchant processing account with such clear non vettable data. I suspect that they may have obtained an account in the secondary on-line market. In fact lunarpages.com where all three of the fraud sites were hosted, EXTRAPATH, GFDL, and ADELE SERVICES, offers an easy on-line enrollment for such merchant accounts: 
I do not know if that is how the merchant accounts were set up, though it is a distinct possibility, as it offers an easy on-line "anonymous" enrollment. Some secondary merchant providers will allow attachment of a foreign bank account, or a virtual currency set up. If a US bank account is involved then that would require the presence of a cyber-mule, that is not apparent at this stage. Prior pinging that came from hijacked merchant accounts were pre authorizations only and rolled off, as the hijacked account would be stuck for all the fees. In a criminal owned set up such as these, they needed to make an actual ping charge to help cover the processing fees charged to the account. . . Now let's have a look at that 12/30/2008 $7.20 fraud GETNEWITEMS fraud charge, that hit victim #3 24 hours prior to $11.89 fraud charge from the confirmed crime syndicate's Internet Logistics LLCI tracked the GETNEWITEMS fraud charges to a fake bogus card fraud laundering operation masquerading as an internet hosting provider called GETNEWONE.ORG 866-446-7809 888-775-7814
GETNEWONE.ORG quote:
Contact Details
Our sales and technical support teams are available 24/7/365 to answer all your questions and resolve any problems you may have while using our web hosting services.
For any suggestions about our web hosting services, or for abuse and billing complaints, please contact us via e-mail info@getnewone.org or by phone (888) 775-7814.
Added emphasis to "billing complaints" Multiple fraud charge complaints from November, under three different toll free numbers and two different states, FL, NC, indicating multiple merchant accounts: ----------------------------------------- "I had a charge of $7.20 on my credit card from GETNEWONE.COM 888-7757814 FL. This is a scam." 888-775-7814 » 800notes.com/Phone.aspx/ ··· 775-7814----------------------------------------- I just finished talking to my bank and having them issue me a new bankcard number because "Getnewitems 8664467809 NC" appeared on my VISA account on 11/19/08 in the amount of $7.20 866-446-7809 » 800notes.com/Phone.aspx/ ··· 446-7809Also: » whocallsme.com/Phone-Num ··· 64467809----------------------------------------- I just noticed this charge on my credit card today. It was for $7.20 and came from GETNEWITEMS 888-219-5123 NC ----------------------------------------- AG - 22 Dec 2008 Same thing: $7.20 charge from: GETNEWITEMS 8882195123 NC. Bank confirms this is a fruadulent charge 888-219-5123 » 800notes.com/Phone.aspx/ ··· 219-5123----------------------------------------- NOT HAPPY - 24 Nov 2008 We received a charge this morning from a company called REBATESOFT for $7.50. We bank with a completely different bank in a different town than my brother and he got hit by a company called GETNEWITEMS for $7.20 last Thursday. HOW FRUSTRATING ----------------------------------------- Take note of how the "prices" listed at GETNEWONE.ORG match the fraud charges: 
A 10/11/2008 cloaked domian registration:
Domain ID:D154447384-LROR
Domain Name:GETNEWONE.ORG
Created On:11-Oct-2008 18:29:30 UTC
Last Updated On:11-Dec-2008 03:50:14 UTC
Expiration Date:11-Oct-2009 18:29:30 UTC
Sponsoring Registrar:Moniker Online Services Inc. (R145-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:MONIKER1557516
Registrant Name:Moniker Privacy Services
Registrant Organization:Moniker Privacy Services
Registrant Street1:20 SW 27th Ave.
Registrant Street2:Suite 201
Registrant Street3:
Registrant City:Pompano Beach
Registrant State/Province:FL
Registrant Postal Code:33069
Registrant Country:US
Registrant Phone:+1.9549848445
Registrant Phone Ext.:
Registrant FAX:+1.9549699155
Registrant FAX Ext.:
Registrant Email:GETNEWONE.ORG@domainservice.com
Admin ID:MONIKER1557516
Admin Name:Moniker Privacy Services
Admin Organization:Moniker Privacy Services
Admin Street1:20 SW 27th Ave.
Admin Street2:Suite 201
Admin Street3:
Admin City:Pompano Beach
Admin State/Province:FL
Admin Postal Code:33069
Admin Country:US
Admin Phone:+1.9549848445
Admin Phone Ext.:
Admin FAX:+1.9549699155
Admin FAX Ext.:
Admin Email:GETNEWONE.ORG@domainservice.com
.
Name Server:NS1.GETNEWONE.ORG 66.199.253.242
Name Server:NS2.GETNEWONE.ORG 66.199.253.243
As noted, some are reporting the charge as GETNEWONE.COM which has been a Suspended Domain, since at least July of 2008:
GETNEWONE.COM
ICANN Registrar: GODADDY.COM, INC.
Created: 2007-11-29
Expires: 2009-11-29
Updated: 2008-07-11
.
Name Server: NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
Name Server: NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
.
Registrant:
Andrew Bransford
4469 Stella Drive
Atlanta, Georgia 30342
United States
.
Domain Name: GETNEWONE.COM
Created on: 29-Nov-07
Expires on: 30-Nov-09
Last Updated on: 19-Apr-08
.
Administrative Contact:
Bransford, Andrew andrew4807@gmail.com
4469 Stella Drive
Atlanta, Georgia 30342
United States
(717) 657-7821 Fax --
.
andrew4807@gmail.com is associated with about 12 domains
So I am not sure if this is another .com confusion a la rebatesoft or if these criminals are just all over the map of confusion. GETNEWITEMS / GETNEWONE.ORG is hosted on EZZI.NET at IP 66.199.253.246 [reverse DNS - 66-199-253-246.reverse.ezzi.net] A subsequent audit of the neighborhood surrounding GETNEWONE.ORG yields an identical cloned site right next door called HQS HOSTING AKA HQSOSTING.COM at IP 66.199.253.245 [reverse DNS - 66-199-253-245.reverse.ezzi.net] 
There is no "about us" or "contact us" page...yet, so no listed number is on file. Compare: GETNEWONE.ORGHQSHOSTING.COMhqshosting.com was registered identically as getnewone.org on the previous day.
Domain Name: HQSHOSTING.COM
Registrar: MONIKER ONLINE SERVICES, INC.
.
Registrant [1554880]:
Moniker, Privacy Services HQSHOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
.
Administrative Contact [1554880]:
Moniker, Privacy Services HQSHOSTING.COM@domainservice.com
Moniker Privacy Services
20 SW 27th Ave.
Suite 201
Pompano Beach
FL
33069
US
Phone: +1.9549848445
Fax: +1.9549699155
.
Domain servers in listed order:
.
NS1.HQSHOSTING.COM 66.199.253.242
NS2.HQSHOSTING.COM 66.199.253.243
.
Record created on: 2008-10-08 14:06:51.0
Domain Expires on: 2009-10-08 14:06:51.0
. MGD | | MGD
2 edits
1 recommendation |
to Doctor Four
said by Doctor Four:A post today on the Sunbelt Blog is related: US FTC Goes After $10 M Micropayment Scam quote:
The U.S. Federal Trade Commission has said it brought an action in U.S. Federal court that shuts down an identity theft scheme that stole more than $10 million from victims’ credit card accounts in small amounts and sent the money out of the country.
The scammers recruited 14 money mules to set up dummy corporations and open bank accounts to receive payments of $10 or less from victims’ credit card accounts. Each account was charged only once. The FTC said it did not know how the scammers obtained the victims’ credit card information.
The money mules, recruited via spam email, sent the stolen funds to bank accounts in Bulgaria, Cyprus, Estonia, Latvia, Lithuania, and Kyrgyzstan.
» sunbeltblog.blogspot.com ··· ent.htmlThe cybermule companies named are different, but the M.O. here is the same. Outstanding catch Doctor Four  , same Organized Crime Syndicate, long ago tied directly to many of the names which are mentioned below. In various sections of the thread many are referred to as the 3 letter "Toll Free Group", read on: Thanks for the link. Snowy [Note the FTC case file is labeled as (FTC File No. 0923051)( Adele Services)] Actually, they are part of the Organized Crime Syndicate's multiple hub and spoke fraud operation, and many of the names are listed in this thread. Unfortunately the Chicago branch of the FTC has only taken a tiny bite out of the huge apple. It is as if they have reached into a 20LB. bag of ice and puled out a handful of cubes. While I congratulate the Chicago office of the FTC and what they have done. However this action amounts to a minor hiccup within the entire operation of the OCS. Not only has it not been shut down, it is flourishing, hundreds of thousands of dollars are still leaving the US every week en route back to the OCS. The FTC really needs to speak with other three letter government agencies whose primary focus is on criminal action and not civil. They can best describe to the FTC the larger and global picture of what is going on. In defense of the FTC, the entire hub and spoke format of the syndicate's network, is, by design, configured to obfuscate and hide the entire scope of the global operation. Thus any infiltration will be unlikely to lead to a complete exposure without comprehensive and in dept forensics being performed. In fact, during their investigation had the FTC just Googled the country names where they then knew the fraud proceeds were being wired to, they would have found almost several pages of almost 70 fraud alert listings from me of fraud entity names that were not on their list:» www.google.com/search?q= ··· filter=0
The FTC is in good company though, investigations in the past into the "Digital Age" and "Pluto Data" mass fraud charging also failed to unearth the full scope of the operation. quoted from news articles: .."U.S. consumers footed most of the bill for the scam because, amazingly, about 94 percent of all charges went uncontested by the victims."Over a much larger and longer period sample, the percentage is between 80% to 85%. .." According to the FTC, the fraudsters charged 1.35 million credit cards a total of $9.5 million, but only 78,724 of these fake charges were ever noticed."Using the same time period that the FTC is referring to, 2004 to now, the actual number is well over 20 times that amount. Well in excess of $250 to $300 million in fraud proceeds, .25 billion, and well over 50 million cards fraudulently charged. If you add in the associated costs of the fraud including an industry average of $15 to $20 for institutions to replace a compromised card then the total cost to date could well be barking at $1 billion. .."Typically they floated just one charge per card number, billing on behalf of made-up business names such as Adele Services or Bartelca LLC."Absolutely not true, over a very small sampling period it may appear as " floated just one charge per card number", however if you examine a much larger transaction time period of the card you will see that in the vast majority of the cases victims will be continually charged month after month. I have seen as many as 16 fraud charges on a single card over an 18 month period. The FTC action is titled ADELE SERVICES, you can see here where cross charging between Adele and an already known and confirmed syndicate site of "Looper Enterprises" 
An initial cursory review of the FTC's documents, raises questions about the some of the behavior of the cyber-mules. Though the OCS will never confide in a cyber-mule about the fraud, I always checked on how the cyber-mule set up the entities to see if they tried to hide or obfuscate the set up. My theory in sizing up the cyber-mules in advance was that if the business set ups were hidden and difficult to trace then that indicated to me that the cyber-mule was suspicious of the deal and might be indicative of some culpability. The cursory review of the FTC documents clearly indicate to me that some of the cyber-mules created hidden and hard to trace trails. That indicates to me suspicious behavior. Some of these business entities had over 70 business bank accounts. Who in their right mind would think that a business needing 70 bank accounts was engaged in anything remotely legitimate. ============================================== • API Trade, LLC, a Pennsylvania limited liability company incorporated in 2006, which has at least four bank accounts in its name; API's registered office address is 9926 Haldeman Avenue, #45 B, Philadelphia, Pennsylvania 19115 • ARA Auto Parts Trading LLC, a limited liability company, which has at least two bank accounts in its name; ARA's principal address is 14202 Barcalow Avenue, Philadelphia, Pennsylvania 19116 • Bend Transfer Services, LLC, a Nevada limited liability company incorporated in 2007, which has at least thirty bank accounts in its name; Bend's registered office address is 21285 East Highway 20, #169, Bend, Oregon 97701. • B-Texas European, LLC, a Texas limited liability company incorporated in 2006, which has at least sixteen bank accounts in its name; B-Texas' registered office address is 701 Brazos Street, Suite 1050, Austin, Texas 78701. B-Texas also conducts business at 8070 County Road, 603, Brownwood, Texas 76801. • CBTC, LLC, a Delaware limited liability company incorporated in 2007, which has at least four bank accounts in its name; CBTC's registered office address is 151 Evergreen Drive, Dover, Delaware 19901. It also conducts business at 9926 Haldeman Avenue, #45 B, Philadelphia, Pennsylvania 19115. • CMG Global, LLC, a Pennsylvania limited liability company incorporated in 2006, which has at least eleven bank accounts in its name; CMG's registered office address is 7400 Roosevelt Boulevard, #52602, Philadelphia, Pennsylvania 19115. It also conducts business at 7400 Roosevelt Boulevard, Apartment A303, Philadelphia, Pennsylvania 19152 and P.O. Box 52602, Philadelphia, Pennsylvania 19115. • Confident Incorporation, a California company incorporated in 2002, which has at least three bank accounts in its name; Confident's registered office address is 17800 Castleton Street, Suite 386, City of Industry, California 91748. Confident also conducts business at 30616 Sand Trap Drive, Agoura Hills, California 91301. • HDPL Trade LLC, a Pennsylvania limited liability company incorporated in 2008, which has at least nine bank accounts in its name; HDPL's registered office address is 1143 Northern Boulevard, #263, Clarks Summit, Pennsylvania 18411. • Hometown Homebuyers, LLC, a Texas limited liability company incorporated in 2002, which has at least thirty-seven bank accounts in its name; Hometown's registered office address is 413 East Highway 121, Lewisville, Texas 75057. It also conducts business at 8070 County Road 603, Brownwood, Texas 7680l. • IAS Group LLC, a California limited liability company incorporated in 2008, which has at least five bank accounts in its name; Highway 121, Lewisville, Texas 75057. It also conducts business at 8070 County Road 603, Brownwood, Texas 7680l. • IHC Trade LLC, a New York limited liability company incorporated in 2007, which has at least seventy-one bank accounts in its name; IHC's registered office address is 5823 North Burdick Street, East Syracuse, New York 13057. • MZ Services, LLC, an Arizona limited liability company incorporated in 2004, which has at least fifty-three bank accounts in its name; MZ Services's registered office address is located at 2910 North Casa Tomas Court, Phoenix, Arizona 85016. • New World Enterprizes, LLC, a New Jersey limited liability company incorporated in 2005, which has at least fourteen bank accounts in its name; New World's registered office address is 115 Magnolia Avenue, Suite 10, Jersey City, New Jersey 07306. New World also conducts business using the following addresses: (1) 441 Tomlinson Road, Apartment G 12, Philadelphia, Pennsylvania 19116, (2) P.O. Box 2645, Newark, New Jersey 07114, (3) 2400 East 3rd Street, Apartment 705, Brooklyn, New York 11223, and (4) 504 Florida Grove Road, Keasby, New Jersey 08832. • Parts Imports LLC, a Louisiana limited liability company incorporated in 2006, which has at least forty-two bank accounts in its name; Parts Imports' registered office address is 617 Elm Drive, Bogalusa, Louisiana 70427. • SMI Imports, LLC, a Florida limited liability company incorporated in 2006, which has at least fourteen bank accounts in its name; SMI's registered office address is 2329 North Tamiami Trail, Apartment #10, Sarasota, Florida 34234. SMI also conducts business at 8122 45th Court East, Apartment 7, Sarasota, Florida 34243. • SVT Services, LLC, a New York limited liability company incorporated in 2008, which has at least eight bank accounts in its name. SVT's registered office address is 800 East 13th Street, Apartment K, Brooklyn, New York 11230. ============================================== 
According to the FTC the above companies had merchant accounts and billed under the following names: 
============================================== ACM » Ebook websites, fraud charges, Devbill/DigitalAge/PlutoAdele Services» Ebook websites, fraud charges, Devbill/DigitalAge/Pluto» www.google.com/search?hl ··· gs_rfai=Advanced Global Tech
AEI
Albion Group
Alpha Cell
ALS
ALS LLC» www.google.com/search?q= ··· =en&sa=2ALS cross charges a victim who 24 hours earlier was hit by Eatemplates.com AKA EA Web Designs 434-878-3659 
BEI
BIT
BusinessWorks
Center Company
Centrum Group
CFM
CFR
COS
Data Services
Den Enterprises
Dgen
Digest Limited
Don Partners
DwellTech
Edge
ESTA
Eureka
Extra Path» Ebook websites, fraud charges, Devbill/DigitalAge/PlutoForm Limited
Foto Fast
Gamma
GFDL» Ebook websites, fraud charges, Devbill/DigitalAge/PlutoGLOBO
Green Stone
Harry Dean
HBS» Ebook websites, fraud charges, Devbill/DigitalAge/PlutoHBS was identified by multiple victims as cross charging with known OCS entities. Including this September 2009 posting showing "HBS" and "Daye Traffic" and "CJ Financials" all hitting the same victim's card: 
CJ Financials was subsequently linked to a cyber-mule LLc in Maryland: » Ebook websites, fraud charges, Devbill/DigitalAge/Pluto and of course "Daye Traffic" was tied to a cyber-mule KEVIN L. DAYE in Nebraska » Re: Ebook websites, fraud charges, Devbill/DigitalAge/PlutoHome Port
Homebase» Ebook websites, fraud charges, Devbill/DigitalAge/PlutoICH Services
IHS
Image Company
Image Services
IPS
ISSO
IVA
Lang Group
Light Flow
Link Group
Link Services» www.google.com/search?hl ··· gs_rfai=Another one of numerous cross charges which ties the Organized Crime Syndicate's operation together. "LINK SERVICES" on the FTC's list and "Daye Traffic" a known OCS bothe hit the same victim's card sequentially: quote:
...Just got my credit card statement with a fraudulent charge of $9.00 on it from "LINK SERVICES" out of California with the phone number of 866-473-8739. I also got one from "DAYE TRAFFIC LLC" with the phone number of 402-408-6643.
» Re: Ebook websites, fraud charges, Devbill/DigitalAge/PlutoDAYE TRAFFIC was one of numerous identical floral themed fraud charging websites List Services
Mark Silver
MARX
Mera
MFG
Name Services
NETT
New Eight
Office Development
Office Services
OM Extra
ONE
Online Group
Prc Services
Presi
Rasna
RSIPartners
RSS Inc.
Safeworks
Search Company
Search Management
Search Services
SFR
Sigma
Site Group
Site Management
Site Services» Ebook websites, fraud charges, Devbill/DigitalAge/PlutoSource Limited
Standard Six
SYS INC
System Development
Terra
THQ
TIMO
TLC Inc.
Union Green
United Services
VIVOS
WELLE
Will Services
World Trade
World Wide Services
YES============================================== Back in 2008 I posted how even the folks at 800notes.com had noticed the well known obfuscation tactic by the OCS of post seeding the phone numbers of the fraud entity: 
800NOTES Credit Card Thieves Trying to Hide Their Trails30 Jun 2008 We have recently discovered that many phone numbers, reported to be connected with unauthorized charges, are being targeted by spammers, who come to the website and make unrelated postings to the discussion threads. At first it didn’t make any sense, we would see a thread where almost every user was reporting something completely different than all the others. Some said that the number belongs to a collection agency, some claimed that a telemarketer calls from it, others reported that the number belongs to a newspaper subscription service. After a while a pattern emerged, all of these threads had one thing in common: “true” users were reporting unauthorized charges while other postings were made by bots. We started to monitor the threads and discovered that someone has been spamming these particular discussions. It seems they do it for one purpose: to confuse the audience and keep it off track. In many cases they even create a discussion thread for a particular number well in advance before any fraudulent charges are noticed and reported. They then spam it with unrelated postings. Like, for example, in this thread the first posting was made on Feb 16th2008, and then only on March 5th users started reporting strange transactions (we didn't remove the 'bot' postings for demonstration purposes and will clean it up shortly). We are now building the list of the phone numbers that match this pattern and so far have 60 phone numbers responsible for fraudulent charges. All the numbers are from 888, 877, 866, and 800 area code. The fraudulent charges are placed using the following company names:'Link Services', 'Link Group', 'Source Limited', 'System Development', 'HBS', 'Electronic Business Resources', 'Image company', 'World Wide Services', 'World Trade', 'ICS Services', 'Homebase', 'Home Port', 'DEN Enterprises', 'EST Company', 'BEI', 'Site Services', 'Search Services', 'ESTA', 'SENSATE TECHNOLOGY', 'Market Billing', 'MCA Templates', 'Web Templates', Will Services, 'Office Services', 'Terra', 'World Development', 'UNITED SERVICES', 'SITE DEVELPOMENT', 'ALS', 'Mera', 'Search Management', 'ONLINE GROUP', and 'ACM'. We are looking into ways to prevent them from posting. If you find a thread with the pattern described above, please use the 'Report Abuse' button to alert us. Ref:» 800notes.com/news/Lvz7S1 ··· jKqPx8Ag
You can clearly see how the seeding tactic was used across the entire range of groups, including the Orange template group, and including those listed by the FTC. Not only has the current FTC action not even come close to shutting the operation down, being generous, it barely covers 5% of the known activity.On the surface the FTC found that some of the fraud proceeds were used to pay for the set ups and support services. Note Red underline: 
If the FTC had of dug a lot deeper, they would have found that in one instance alone over $15,000 from the fraud charging proceeds of just one fraud entity were transferred from a Bank of America business account to buy an entire sequence of prepaid debit cards in $500 and $300 increments. These purchases were made in two trips where the cyber-mule was directed by the crime syndicate to a specific mall in Texas, and told to buy the prepaid cards at a Simon Group Mall store: 
The Organized Crime Syndicate then had the cyber-mule go online and register the $15,000 worth of prepaid debit cards to various names and addresses which they provided to the mule via email. Once the mule completed the online registration of the prepaid cards then they could be used by the criminals directly from Eastern Europe to go online and purchase anything the wanted in the US. This is a form of "Virtual Money laundering" that the FBI has been loudly complaining to Congress and the banking industry about for some time now. It has been impossible to track this form of virtual money laundering, since no "money" physically moves between countries or banks. If you have noticed how difficult it has become recently to buy a prepaid debit card anonymously this should explain why. Criminals and money launderers have taken to to the prepaid debit card system like a duck to water. So much so that new legislation is about to go in effect shortly that requires all prepaid debit card purchases to be documented, including the recording of identity submits used to make the purchase. Subsequent tracking of the OCS's card data above showed that it was used to pay for numerous forms of criminal support services, including hosting at GoDaddy, Voip phone service from Vonage, and online registration services for other fraud LLCs and corporations. Obviously the FTC has apparently tracked the fraud proceeds from the group going to "bank accounts in Bulgaria, Cyprus, Estonia, Latvia, Lithuania, and Kyrgyzstan." 
You can place a strong bet that if the FTC were to run these known bank wire drops of the Organized Crime Syndicate, where the card fraud proceeds were tracked going to against their own FTC list, bells should ring from the matching hits: ==============================================
Beneficiary Name: BETA-METAL LTD
Beneficiary Address: Grushevskogo 28/2, Kyev, Ukraine. 01021
IBAN: LV55 RTMB 0006 0380 6245
(multicurrency)
Bank: JSC Rietumu Banka
Bank address: 54 Brivibas street, Riga, LV-1011,
LATVIA S.W.I.F.T.: RTMBLV2X
==============================================
==============================================
Beneficiary Account: Name: VIDESS S.A No.: 073725
IBAN: CY2011501002073725USDCACC001
Beneficiary Bank: FBME BANK Limited,
Nicosia, Cyprus
Swift Code: FBMECY2N
Correspondent Bank: Deutsche Bank Trust Company,
New York, USA Swift
Code: BKTRUS33
Account No: 04-053-863
==============================================
==============================================
Beneficiary's Bank Name: FBME BANK Limited
Beneficiary's Bank SWIFT code: FBMECY2N
Beneficiary's Bank Address: Nicosia, Cyprus
Beneficiary Account: CY5611501002074923USDCACC001
Beneficiary Name: WESTA HOLDINGS LTD
==============================================
==============================================
NAME OF COMPANY : MARMION PACIFIC CORPORATION
COMPANY ADDRESS : 95 Athalassas Avenue
3rd Floor, CY-2024, Nicosia, Cyprus
BANK NAME : BANK OF CYPRUS
BANK ADDRESS : 28 Michalakopoulou Street,
CY-1075 Ayji Omologitae, Nicosia
Account number : 0155-40-642688-06
SWIFT : BCYPCY2N
==============================================
==============================================
Beneficiary's Bank Name: EUROBANK PLC
Beneficiary's Bank SWIFT code: EUBKBGSF
Beneficiary's Bank Address: 43 Cherni Vrah Blvd.,
1407 Sofia, Bulgaria
Beneficiary Account: BG96PIRB91701745144579
Beneficiary Name: Inowest Enterprises Inc
==============================================
==============================================
Beneficiary's Bank Name: Piraeus Bank
Beneficiary's Bank SWIFT code:
Beneficiary's Bank Address: 43 Cherni Vrah Blvd.,
1407 Sofia, Bulgaria
Beneficiary Account: BG73PIRB74051735052201
Beneficiary Name: Midtown Intergroup Ltd.
==============================================
==============================================
Beneficiary's bank name: ASIAUNIVERSALBANK
Beneficiary's Bank SWIFT code: ASUJK22
Bank address: 59, togolok moldo str., 720033,
BISKHEK, KYRGYZSTAN REPUBLIC
Beneficiary account: 1231128530000131
Beneficiary name: Inowest Enterprises
Beneficiary address: same as bank address
==============================================
==============================================
Intermediary bank:
NATIONAL BANK OF CANADA
MONTREAL, CANADA
ACC. 10233724000200101
SWIFT code: BNDCCAMMINT
Beneficiary Bank:
Trasta Komercbanka (Trust Commercial Bank)
Miesnieku iela 9, Riga LV 1050, Latvia
SWIFT code: KBRBLV2X
Beneficiary:
Name: VELNAR TRADE LLP
Account number: LV40KBRB1111212307001
Address: Cornwall Buildings, Birmingham, B3 3QR, UK
==============================================
==============================================
Beneficiary's Bank Name: Parex banka.
Beneficiary's Bank SWIFT code: PARXLV22.
Beneficiary's Bank Address: 3, Smilshu str., Riga, LV-1522, Latvia.
Beneficiary Account: LV83PARX0009490320001.
Beneficiary Name: Omtron Limited.
Beneficiary address: 60 market Square P.O.Box 1906, Belize City, Belize
==============================================
==============================================
Benificiary's Bank Name: Hellenic Bank
Benificiary's Bank SWIFT code: HEBACY2N
Benificiary's Bank Address: 173, Athalassas Ave. Stovolos, 2025, Nicosia, Cyprus
Benificiary's Account: CY69005001400001400734734801
Benificiary's Name: Omtron Limited
Benificiary's Address: 60 Market Square P.O. Box 1906, Beliz City, Beliz
==============================================
==============================================
Beneficiary's Bank Name: Parex banka
Beneficiary's Bank SWIFT code: PARXLV22
Beneficiary's Bank Address: 3, Smilshu str., Riga, LV-1522, Latvia
Beneficiary Account: LV83PARX0009490320001
Beneficiary Name: Omtron Limited
Beneficiary address: 60 market Square P.O.Box 1906, Belize City, Belize
Detail of the payment:
Law and consulting services.
Description: Consultations on introduction of accounting system of
documents. Documentation creation. Processing and filling
==============================================
==============================================
Beneficiary’s Bank Name: Aizkraukles banka
Beneficiary’s Bank SWIFT code: AIZKLV22
Beneficiary’s Bank Address: Elizabetes 23, LV-1010, Riga, Latvia.
Beneficiary Account: LV29AIZK0001140110388
Beneficiary Name: DIMELFIELD MANAGEMENT LTD
Beneficiary address: Geneva place Waterfront Drive Road, Town Tortola,
British Virgin Islands
Detail of the payment: For law consulting invoice 29072009/1
==============================================
==============================================
Please pay via Bank Wire Transfer (SWIFT transfer) to:
BANK: BANCO POPULAR DOMINICANO
BANK ADDRESS: TORRE POPULAR FLOOR 4 AVENIDA JOHN F. KENNEDY/MAXIMO GOMEZ
BANK CITY: SANTO DOMINGO
BANK COUNTRY: DOMINICAN REPUBLIC
SWIFT CODE: BPDODOSXXXX
ACCOUNT NUMBER: 735904526
ACCOUNT HOLDER: FREE WAY CORPORATION C por A
ACCOUNT HOLDER ADDRESS: CALLE B, CASA 17, SANTO DOMINGO, DOMINICAN REPUBLIC
REASON FOR PAYMENT: PAYMENT FOR SERVICES / PAGO DE SERVICIOS
The account currency is USD, so please execute the wire in USD
==============================================
. MGD | |
|
