dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
683934
share rss forum feed

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

reply to jd08

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

said by jd08 :

.....I got a call from my bank's fraud dept. yesterday. I was also hit with the fraudulent charge from Monrovia Designs. They charged $12.79. A few days prior, I noticed an unfamiliar hold on my account from "Triprents.com" for $6. I tried to dispute this charge but my bank does not allow holds to be disputed until they post to the account. When the charge didn't go through, I thought nothing of it until I received the call yesterday...............
You are the first to report the pre authorization or card ping from "Triprents.com" that I have read.

"Triprents.com" is owned by the same group that also owns "arealhome.com". Arealhome.com has been repeatedly reported for showing up as a ping charge right before the fraud charge proper. This pre validation procedure has been a common tactic, going all the way back to the height of the Digital Age Fraud in 2005.

In fact Doctor Olds See Profile posted back in Sptember 2005 how his card was first pinged with a small charge to test it. Then he was hit with a KCSOFTLLC.com template charge, which was then folowed by a Digital Age charge: »[scam] Digital Age, KCSOFTLLC and Coastal Wave Int

The people at Travelegia.com who own both arealhome.com and Triprents.com have stated that their billing account has been hijacked, the password to the account was hacked.

They said that they are fielding numerous calls from people complaining about this. They stated that many many cards were processed through their merchant account. they said that they are victims too, and are left with a mess to clean up. They also said that they have filed a police report.

As stated in a previous post Travelegia appears to be a legitimate established business entity, and is one of numerous entities that has been hacked in order to use their accounts for card list cleaning.

They may be willing to provide more details publicly on what happened.

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

reply to MGD

This fresh fraud charge from the organized crime syndicate is one for the record books:

a recent report from a fraud victim:

$9.95 charge from KCSOFTLLC COM 509-461-1556 NY

As unbelievable as it may seem, the syndicate's KCSOFT LLC has been processing nothing but fraudulent charges for over four years

KCSOFT first showed up on DSLR in the security forum back in 2005: »$9.95 scam.. check your bank statements. That poster, Wrath See Profile was trying to add to an existing thread in the security forum started by TongSama See Profile in mid 2004 about fraud charges from pansalcorp.com, which was another of this crime syndicate's fraud entities. It is clear that over the years they went through multiple merchant account set ups, as a circa 2005 fraud report lists the line item as:

quote:
They hit me on 8/25 for 9.95. Number listed as
KC SOFTWARECOM LLC 509-4611556 NY Standard Purch 9.95
»Re: $9.95 scam, now from KCSOFTLLC.com

justin See Profile's ominous post over three years ago in the above thread:
quote:
The google searches are starting to find this topic as people look at their bank statements and say, WTF?. I wonder how big it will get.

pcdebb See Profile was subsequently proven to be right on the money when she posted:
quote:
i was thinking the same thing. might be Pluto Data part II

»Re: $9.95 scam, now from KCSOFTLLC.com

KCSOFT LLC was prolific and went on to tandem bill fraud charges alongside the "Digital Age" fraud charges

In September of 2005 Doctor Olds See Profile's card was hit with a $9.95 fraud charge from KCSOFTLLC. Followed in 24 hours by a $24.99 fraud charge from: Digital Age Cypress: »[scam] Digital Age, KCSOFTLLC and Coastal Wave Int

The phone number listed on the current fraud charge 509-461-1556 has been NLA for some time. I am not sure if there is a new associated website, the domain KCSOFTLLC.com is also NLA. However the fraud site circa 2005 looked like this:




That was a clone of the common version 2.0 template fraud site used in dozens of fraudulent LLC set ups: »I got the same changes .... and »[non-PC related] Credit Card Fraud security and »Credit card criminals Devbill have a new home !!!

Thank you to the current victim of this fraud charge who forwarded the transaction reference number (ARN) to me, which will help identify the acquiring bank, and related merchant account which originated and processed the charge.

KCSOFTLLC COM 509-461-1556 NY has now been tracked down to a New York LLC named KC SOFTWARECOM LLC which was registered on MARCH 09, 2004 by a KIMBERLY COSTANZA, 282 EMBURY ROAD, ROCHESTER, NEW YORK, 14625.





Selected Entity Name: KC SOFTWARECOM LLC
.
Selected Entity Status Information
Current Entity Name: KC SOFTWARECOM LLC
Initial DOS Filing Date: MARCH 09, 2004
County: MONROE
Jurisdiction: NEW YORK
Entity Type: DOMESTIC LIMITED LIABILITY COMPANY
Current Entity Status: ACTIVE
.
Selected Entity Address Information DOS Process
.
KIMBERLY COSTANZA
282 EMBURY ROAD
ROCHESTER, NEW YORK, 14625
Registered Agent
NONE


A four and a half year survival rate for a fraud set up, even for this crime syndicate must be a record, or close to it.

Besides over 140 hits on a DSLR search going back to February 2005: »/nsearch?q=KCS···70263807 there are a half dozen pages of fraud reports on Google: »www.google.com/search?hl=en&safe···G=Search

MGD


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18

said by MGD:

This fresh fraud charge from the organized crime syndicate is one for the record books:

a recent report from a fraud victim:

$9.95 charge from KCSOFTLLC COM 509-461-1556 NY

As unbelievable as it may seem, the syndicate's KCSOFT LLC has been processing nothing but fraudulent charges for over four years
Not them again?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

MGD
Premium,MVM
join:2002-07-31
kudos:9
reply to moike

said by moike:

No new activity for a period of time.... it makes me wonder if Authorize.net got a clue stick, .......
Not likely, after more than 5 years as the crime syndicate's sole designated gateway provider into the card processing system, the odds are not good that they will wake up to it now.

I can tell you that in the last 5 years for sure, there has never been a time that this massive fraud operation has not been fully active, draining millions of dollars a year out of the country. Do not assume that any "quiet period" equates to any lull in fraud charges. By design, this criminal enterprise has embedded themselves within several layers of the financial system. Both with their ability to extract sustained volumes of victim card data, and the subsequent sophisticated laundering of the card data into cash and extracting it out of the country. Their massive fraud operation is so widely dispersed and well organized that unless someone is pointing it out in real time, it is never noticed. The constant evolution of new fraud entities are difficult to track due to the search engine blocking. The only hint are the numerous fraud charge reports that come in under the various names and phone numbers. Unless you know what they are on a constant basis, they are very difficult to locate.

Right now there are numerous searches that link to all the fake orange template sites and the mobile theme theme download group. A few examples:

themobileclub.org 231-225-0410
»www.google.com/search?hl=en&q=23···G=Search

eawebsolutions.com AKA E W Designs 857-995-3434
»www.google.com/search?hl=en&q=85···G=Search

nlmdesign.com AKA New Liberty Management, Inc. 417-423-7523
»www.google.com/search?hl=en&q=41···G=Search

pdatemplates.com AKA PDA press, Inc. 352-353-0375 »www.google.com/search?hl=en&q=35···G=Search

Of course only fraud sites and phone numbers listed in the thread will generate search hits. The hundreds that have not been listed here will go un-noticed.

In addition, there are a host of new fraud entities that are being shadowed, and I am in the process of reporting on some of them. Since the organized crime syndicate monitors the discussion only a portion of the current activity is reported. The syndicate is constantly adapting their tactics, in order to keep their operation from gaining any sustained media attention. They now have widely dispersed groups of themed websites and are constantly evolving. Also remember, some of these groups, especially the "toll free" number division, are still functioning and actively processing fraud charges over two years later. Thanks to the concentrated efforts of an insider, KCSOFTLLC has been recently terminated after three plus years of fraud operation.

.. to be continued.

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 edit

1 recommendation

reply to MGD

said by MGD:

...
..
Currently the record holder for still active longest surviving fraud operation is EBSEBOOKS.COM AKA Electronic Business Resources 412-927-0410 »ebsebooks.com


»ebsebooks.com
Snapped 2009-07-08 13:31:59



»ebsebooks.com/contacts.php
Snapped 2009-07-08 13:31:41



»ebsebooks.com/robots.txt
Snapped 2009-07-08 13:31:23


They were listed as actively processing fraud charges in the very first post of this thread on 12/14/2007 and they are still processing fraud charges.
..
Based on the results of a recent audit the above information is incorrect. Though EBSEBOOKS.COM AKA Electronic Business Resources 412-927-0410 has been exclusively processing fraud laundering charges since 2007, and still is, it is not the longest still active fraud operation.

The record holder by far KCSOFTLLC was removed from the still active list in December of 2008, as that was when the merchant account was believed to have been revoked. I am not sure if that information was correct, and they subsequently obtained another merchant account, however, an audit has revealed that they have continued to process fraud charges. The last report was a month ago at the end of June.

Samples of June 2009 :

quote:
Janet
Jun 28th, 2009 at 12:46 pm

I just got hit!!! June 28, 2009! I cannot believe these people! There is a charge on my debit card for $9.99. I am so glad that I found this website. How can they operate like this with impunity!!! I just cancelled my accounts! This is such a hassle and all because some *******!!!

=========================================

Victim1234
Jun 16th, 2009 at 2:48 pm

I was just victimized by KCSOFTLLC last week. They have been doing this for 4 years now based on reviews above. Give me a break. This has wasted hours of my time to have accounts and pay online bills changed. I am sick that our government has done a single thing about this for 4 years. It even makes me sicker that the banks just go along here and charge us fees to issue new cards and numbers.

I think the banks are invloved in this too.

=============================================

Kris
Jun 11th, 2009 at 4:15 am

I seemed to remember clicking on an ad for some type of amazing lightbulb that lasted “forever” or something shortly before noticing the charge on my credit card… It was quite a while ago, and I don’t remember if I filled out any personal information before getting off the link… Does anyone else remember doing this?

I hope that the Obama administration establishes some kind of task force to go after these scammers and starts to make “examples” out of these guys, because up til now, it seems they can carry out this scam indefinitely without any repercussions for them. At least four years now and counting and they STILL haven’t shut them down…

I wrote to my state senators here in Alabama and got back a nice and polite (but totally USELESS) reply from Jeff Sessions and Robert Shelby telling me basically that there was NOTHING they could do about it. I also wrote to the US Attorney General who I believe referred me to the Secret Service. I faxed a whole bunch of information to them and apparently they probably just threw the stack of papers I sent them in the trash…. ho hum…

=============================================

customer
Jun 10th, 2009 at 11:09 pm

I just told B of A my KCSOFTLLC.com charge. So any idea on how these companies get your number in the first place?

=============================================

Tim
Jun 10th, 2009 at 5:24 pm

In doing my taxes for ‘08 (sorry), I just noticed a repeat charge for $9.95 from the scamsters KCSOFTLLC.com - the first one occurred last year and reversed last June, Called B of A and the first agent said that since the charge was more than 60 days old, they couldn’t do anything about it. They transferred me to another agent who ‘made me happy’ by agreeing to reverse the charge. I noted to her that B of A is aware of these guys (see Mar 17 post here). I have a new cc# now (as of 1/09), and haven’t noticed any other KCSOFTLLC.com charges, but the year is young.

The above are all from one blog which has a chronological list exclusively of KCSOFTLLC fraud charges from the end of June 2009 back to the original fraud charge posted by the author on June 11th, 2005. »vaguelyaware.com/2005/06/11/chec···d-bills/

My records show that the first reported fraud charge that I picked up was from almost a year before that first one, all the way back to July of 2004. That is a 5 year, yes, FIVE YEAR run of a single entity of the OCS.

quote:
Report: Devbill Hosting KCSOFTLLC

Devbill Hosting KCSOFTLLC
Phone: 509-461-1556
Fax: 590-461-1556
www.KCSOFTLLC.com

Submitted: 7/26/2004 5:48:47 AM

I just recently receive a charge on my credit card for $9.95 and when researching the charge I found that KCSOFTLLC was responsible. So when I was filling out their form to report an unauthorized charge I found that they had a bogus security certificate provided by the bogus devbill hosting company. Now I found this website and am reporting them so hopefull this won't happen to anyone else in the future. I have no idea how they retrieved my credit card information, but one common link I have seen with devbill is paypal. I hope that paypal is not the leak because it is a highly dependable website.

Dave
Cumberland, Maryland
U.S.A.

Ref:»www.ripoffreport.com/reports/0/1···0521.htm

In fact Ripoffreport.com alone has two pages of KCSOFTLLC fraud reports:
»www.ripoffreport.com/searchresul···&start=0 This shatters a few records for the organized crime syndicate.

Obviously the highest award for cyber-mule extraordinaire, with a half decade of service, goes to:

»/r0/download/1···_LLC.png

=============================
Andrey
Mar 8th, 2009 at 10:38 pm

Visa card-National City bank. Today is March 08 2009

Got the same charge.
03/09/2009 VISA CHECKCARD DB-POINT OF SALE
KCSOFTLLC COM ROCHESTER NY Debit $9.95
==============================

In this case, at least one of the line item charges makes it not exactly rocket science to track down. If this was one acquirer bank for the entire 5 years, it would mean that they missed trigger criteria to file SARs (Suspicious Activity Reports) close to 120 consecutive times over the period, assuming two foreign wires a month of the fraud proceeds. I suspect though that multiple merchant accounts were used over the period, as the line item format changed several times.

On the cyber-mule awards podium, Ms. Constanza would be flanked on the lower left in 2nd by the Scottsdale, Arizona husband and wife team, of Steve Rogan & Carol Richey for the most websites record. I believe it was eight of the orange web templates, in a litle over twelve months. On the right in third position, holding the "dumbest cyber-mule" award would be Mike Allision, League City, Texas., of "globus / photo" fame. After a forty five minute phone conversation detailing the fraud operation, followed by email documentation, he ceased all communication, with a last sentence being "This is not a fraud, I even plan on expanding and adding more websites. In fact I am hiring employees to help, this is too much for one person to do"

KCSOFTLLC has been operating for do long that its original website was from version 2.0:




That domain has long ago disappeared, the original domain registration even has the devbill.com name servers aka "Developer Billing", which was common to an entire run of the fraud sites.


Registrar: ENOM, INC.
.
Registration Service Provided By: Registerfly.com
Contact: support@registerflysupport.com
.
Domain name: KCSOFTLLC.com
.
RegisterFly.com - Ref# 10639240
Whois Protection Service - ProtectFly.com
(10639240.fly@spamfly.com)
+1.2122952121
Fax: +1.2122952153
230 Park Avenue
Suite 864
New York, NY 10169
US
.
Status: Active
.
Name Servers:
ns1.devbill.com
ns2.devbill.com
.
Creation date: 31 Mar 2004 16:31:55
Expiration date: 31 Mar 2005 16:31:55


As you can see from this DSLR search link: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Doctor Olds See Profile was hit with fraud charges circa 2005 from both KCSOFTLLC and "DIGITAL AGE" Cyprus. It was at that time that the process of correlating all of the cross charging of the same cards, began to reveal that this was a massive layered operation under a central command and control. Even though there was a wide range of themes and designs, they were all hitting the same card data. In fact it was KCSOFTLLC that linked a new apparently unrelated themed Globus / Photo group to the same organization:

quote:
Stockphotoportal.com And KCSOFTLLC.com

These were transactions from the web on my wifes debit without a pin# Internet

Submitted: 4/3/2008 12:37:28 PM

We first noticed an odd transaction pending on our bank account for under $10.00. I looked up the name (stockphotoportal.com) and noticed the domain name had been removed last year. Today I went to check again and there was a new one for under $10.00. This one (KCSOFTLLC.com) is live and still going and is the subject of many ripoff notices.

The bank is now investigating and crediting both transactions, killing the card as well. Hopefully both of them get a hard look eventually with so many complaints piling up. Watch out for those small transactions a week or so apart. I'm just glad we caught it before someone tried a larger transaction.

Jls
tulalip, Washington
U.S.A.

Ref: »www.ripoffreport.com/reports/0/3···3406.htm

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

2 recommendations

reply to MGD

The tip that led to this operation came as a result of search referrals to ths thread. Apparently an astute charge victim noticed the similarities between his fraud charge and the operation documented here.

Though there appears to be some strange anomolies occurring here, it is not without precedent. We know going back over five years that a portion of the card data that this organized crime syndicate uses is pre-validated via hijacked legtitimate merchant accounts. As far back as the Digital Age fraud operation many victims reported that their cards were ping charged prior to the fraud charges. The first revelation was in 2005 where a shop in Pennsylvania reported that its merchant account was used over a weekend to ping charge several thousand cards. Those victims were subsequently hit with various fraud charges from the crime syndicate.

In this current case multiple victims are reporting small fraud charges under $2.00 coming from a company in Georgia called SAT-N-SOUND 770-451-9777. The strange thing is that the first report of this goes back to March 26th 2009 on 800notes.com:

quote:
mcb - 26 Mar 2009
Credit card shows small amount ($1.96) from company called SAT-N-SOUND. Tuyrns out the phone number 770-451-9777 belongs to a company in Atlanta. Called the number, the company says they have had there records compromised and that these charges are not being made by them. If you see this on your debit or credit card, call you cc company. I cancelled my card and re-issuing - just to be safe. Be careful with the small initial "test" withdrawl attempt

However, during this month, November 2009, there are a flood of angry victims reporting these fraud charges:








Ref:»www.merchantcircle.com/business/···986-9998

Ref:»www.merchantcircle.com/business/···out/list

The more you dig, shows that this has been going on for almost a year. Not uncommon also, even a victim form Australia:

quote:
Shamsters - I've been hit in Australia
The other day I noticed a charge of $1.99 (Australian dollars) so spoke to my bank and the guy found the other reviews on this site and advised that I cancel my card immediately, which I did. These people need to be stopped. Does anyone know what we can do? They are obviously trying to rip people off world-wide.

March 18, 2009 by Tania






Ref:»www.merchantcircle.com/business/···iew/list
And:
Ref:»www.merchantcircle.com/business/···start=30
And:
Ref:»www.merchantcircle.com/business/···start=60

Though they are subjected to a large amount of cyber abuse SAT-N-SOUND 770-451-9777 ARE CLEARLY VICTIMS in this case. Though it is astonishing that this merchant account whether hijacked or fraudulently set up can continue to function for this considerable period of time. I will wager however, that the account uses authorize.net / Cybersource as a gateway.

quote:
Close your CC/Debit card ASAP!

Called the company (ATL DTH aka Sat n Sound) with this number (770) 451-9777, dialed for the Accounting Dept..spoke to a Chinese lady who notified me that someone has used their company as a front to make charges and steal CCs. They deal in satalite equipment apparently. She said she has notified the FBI and local police about their breach. In the meantime, close your cards ASAP and file for a refund through your bank. Good luck and f*ck these low life thieves!!!

November 06, 2009 by Nice try..but NO

Not only does SAT-N-SOUND 770-451-9777 have a fraud alert recording on option 6 of that phone number, they also have a website alert posted:




»www.satnsound.com/Fraud%20Page.html

. . . CREDIT CARD FRAUD ALERT

From October 30th 2008 and on, we have received many phone calls regarding small charges (mostly under $2) appearing on people's credit or debit card statements. These charges appear to have been made by us because they have a "Sat 'N Sound" notation and our Georgia phone number.

Please be advised that, Atlanta DTH, Inc., dba Sat ‘N Sound, did NOT initiate the charge(s). What happened is the result of Credit Card Fraud, and Theft of Corporate Identity.

A thief has apparently,

1) Set up a credit card merchant account using our company name and phone number

2) Stolen your credit card or debit card number

Then they charged a small amount to your card, hoping you would not notice it.

Please IMMEDIATELY notify your credit card company and inform them of this incident.

At this time, we have notified the FBI, the local law authority, and credit agencies about this fraud.

Thank you for contacting us and alerting us about it. If you have additional questions, please contact us at (770)451-9777 or the address as appeared on this letterhead.

Atlanta DTH, Inc.
Take note of the first reported date 10/30/2008

It is difficult to track subsequent charges as a result of the ping validation, because only victims who catch the ping charging are posting, and they subsequently cancel their cards. However in reviewing the numerous complaints throughout the net, I came across this valuable morsel:

quote:
BOA - 6 Nov 2009
I also got a charge for a $1.82 that originated from SAT N SOUND that I found today while I was canceling my card from an unauthorized charge from LAVRI.NET, phone number 239-451-7017 which appears to be a website run out of a residence in Lehigh Acres FL. Both of these charges were unsolicited. True to form the person I talked to at LAVRI.NET said she will refund my account after she gave me the cryptic email address of the the alleged purchase......Thanks JGB for the info on the ebook article

Ref:»800notes.com/Phone.aspx/1-770-451-9777

I am very interested in hearing from anyone who had subsequent charges after the SAT N SOUND fraud charge, and what they were.

Organized crime syndicate's Card fraud laundering:

LAVRI.NET aka LAVRI LLC 239-451-7017 »lavri.net




=======================

• client@lavri.net

• support@lavri.net

Sandra Trapp
4625 deleon st, apt 231,
fort mayers, fl, 33907

+1 (239) 491 7017

=======================

This genre and theme has been used multiple times over the years.




Lavri.net has been cloned from hexisoft.com & ppt2video.com

Checking the domain registration:

================================
ICANN Registrar:DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
.
Registration Service Provided By: REAL INTERNATIONAL BUSINESS CORP.
Contact: +1.6462130098
.
Domain Name: LAVRI.NET
.
Registrant:
lavri
Sandra Trapp (lavrigroup@gmail.com)
11657 oxnarrd st. suit 229
Hollywood
null,91606
US
Tel. +372.253403775
.
Creation Date: 18-Sep-2008
Expiration Date: 18-Sep-2010
.
Domain servers in listed order:
ns0.hqhost.net
ns1.hqhost.net
.
Administrative Contact:
lavri
Konstantin Stuka (lavrigroup@gmail.com)
11657 oxnarrd st. suit 229
Hollywood
CA,91606
US
Tel. +372.253403775
================================

It is unlikely that "Sandra Trapp" is fluent in Russian, though that lavrigroup@gmail.com email account was set up via a Google Rusian language tld.




Note the regisration in September of 2008, compared to the october 2008 date noted by the alert from SAT N SOUND. Also note that the contact phone number contains the country code for Estonia. A check of Florida public records shows nothing for a Sandra Trapp at that address. (it could be a recent move). Also a check of Florida corporate records and DBA business registrations shows nothing relevant to LAVRI or Sandra Trapp.

Several days ago I called the number listed on the website 239-451-7017. The call was forwarded to another number. A female answered who sounded eastern European and a non native English speaker. I asked her what her relationship to the company was. She said that she answered the calls for them. I said "for who", she said for "Lavri net". I asked "Who do you work for", she replied " Sandra Trapp". I said "where is Sandra Trap at", she said Florida. I asked if it was a Florida company, she said "Yes". "Are they licensed and registered in Florida", she said "yes", though I had already checked and found no record. Is it a "corp / LL or DBA", I said, she said DBA. I asked "how I can reach Sandra Trapp", she said "I do not want to give that information out". I asked "what do you do when people call complaining of charges to their cards". She replied that "I email the information to the company". I said "what is their email address", she said "I do not want to give that information out".

I advised her that she is participating in an organized criminal operation of card fraud, money laundering, and identity theft, very serious crimes. She said "that is not possible, I do not believe that, we have been in operation since last year". I said that I am positive that you are, she said "this is very disturbing, can you call back tomorrow" and hung up. Several calls the next day went unanswered and were forwarded to voice mail.

I dug a little further, the domain registrant's name of Sandra Trapp, and that Florida address are new. They were added when the one year domain registration was renewed in September of 2009.

Prior to that date it was registered to:

================================
Registration Service Provided By:
REAL INTERNATIONAL BUSINESS CORP.
Contact: +1.6462130098

Domain Name: LAVRI.NET

Registrant:
lavri
Konstantin Stuka (lavrigroup@gmail.com)
11657 oxnarrd st. suit 229
Hollywood
CA,91606
US
Tel. +372.253403775

Creation Date: 18-Sep-2008
Expiration Date: 18-Sep-2009

Domain servers in listed order:
ns1.hqhost.net
ns0.hqhost.net
================================

A check of that address in Calfornia shows that "suit 229" is an apartment at "la Nouvelle Apartments" at that address. Furthermore, a check of California division of corporations records shows:




============================
LP/LLC

LAVRI LLC

Number: 200824710133
Date Filed: 8/26/2008
Status: active

Jurisdiction: CALIFORNIA

Address
11657 OXNARD ST UNIT 229
NORTH HOLLYWOOD, CA 91606

Agent for Service of Process:

KONSTANTIN STUKA
11657 OXNARD ST UNIT 229
NORTH HOLLYWOOD, CA 91606
============================

I am now wondering if the individual who was on the phone is related to the above name.

Many of the buy options on lavri.net do not function correctly. Those that do, not suprisingly, show an Authorize.net logo:




The website has been hosted from its inception in the UK, on IP 88.214.204.40. Though it lists the name as Hosting Solutions Ltd. GB, they are from the Ukraine:


IP Location: United Kingdom Hosting Solutions Ltd
IP Address: 88.214.204.40
Reverse IP: 149 other sites hosted on this server.
Blacklist Status: Clear

inetnum: 88.214.192.0 - 88.214.255.255
netname: UK-UAONLINE-20060118
descr: Hosting Solutions Ltd.
country: GB
org: ORG-RIBC1-RIPE
admin-c: HSLD1-RIPE
tech-c: HSLT1-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: uaonline
mnt-lower: hqhost
mnt-domains: uaonline
mnt-domains: hqhost
mnt-routes: uaonline
mnt-routes: hqhost
source: RIPE # Filtered

organisation: ORG-RIBC1-RIPE
org-name: Hosting Solutions Ltd.
org-type: LIR
address: Hosting Solutions LTD.
Sergiy Sabyetyev
145-157 St John Street
2nd Floor
EC1V 4PY LONDON
UNITED KINGDOM
phone: +16462333035
fax-no: +442032921594
admin-c: MS9776-ripe
admin-c: EA2-RIPE
mnt-ref: uaonline
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: hqhost
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

role: Hosting Solutions Ltd. DBM
nic-hdl: HSLD1-RIPE
org: ORG-RIBC1-RIPE
address: Hosting Solutions LTD
address: Sergiy Sabyetyev
address: 145-157 St John Street
address: 2nd Floor
address: EC1V 4PY LONDON
address: UNITED KINGDOM
phone: +16462333035
fax-no: +442032921594
abuse-mailbox:
admin-c: MS9776-RIPE
admin-c: EA2-RIPE
tech-c: MS9776-RIPE
tech-c: EA2-RIPE
mnt-by: hqhost
source: RIPE # Filtered

role: Hosting Solutions Ltd. Tech
nic-hdl: HSLT1-RIPE
org: ORG-RIBC1-RIPE
address: Hosting Solutions LTD
address: Sergiy Sabyetyev
address: 145-157 St John Street
address: 2nd Floor
address: EC1V 4PY LONDON
address: UNITED KINGDOM
phone: +16462333035
fax-no: +442032921594
abuse-mailbox:
admin-c: HSLD1-RIPE
tech-c: HSLD1-RIPE
mnt-by: hqhost

.
An audit of the servers contents at that IP address 88.214.204.40 yields another suspicious domain FUNBOXPORTAL.COM »funboxportal.com . Note that there are no nefarious reports, it is the registration which is suspicious, and not likely to be legit:


ICANN Registrar:DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM

Registration Service Provided By:
REAL INTERNATIONAL BUSINESS CORP.
Contact: +1.6462130098

Domain Name: FUNBOXPORTAL.COM

Registrant:
Funbox
CHERYL ARCHER (jm@4ordered.com)
21 Hickory Avenue
Shalimar
fl,32579
US
Tel. +850.000000

Creation Date: 17-Apr-2009
Expiration Date: 17-Apr-2010

Domain servers in listed order:
ns0.hqhost.net
ns1.hqhost.net

.

To reiterate, as I mentioned earlier, testing a portion of the compromised card data via hijacked or bogus merchant accounts prior to charging them, has been a known tactic of this crime syndicate for many years. You can find that identical modus operadi going back over half a decade with this fraud operation:

For example, over 4 years ago in September of 2005

said by Doctor Olds:

A triple header.

September 11th, 2005

First a test charge authorization of $1.00 dollar from:

Telecommunications Equipment
Coastal Wave Internet
Port Clinton, OH

+++++++++++++++++++++++++

September 23rd, 2005

Then a $9.95 charge from:

KCSOFTLLC.com
Rochester, NY

Listed on BBB Warning page since March 24th, 2005
»www.spokane.bbb.org/alerts/alert···wstype=1

+++++++++++++++++++++++++

September 24rd, 2005

Then a $24.99 charge from:

Digital Age
Cypress

++++++++++++++++++++++++++

It looks like someone is testing the card and if the Auth goes through, then the other companies hit the card for their charges. Or is it just unrelated? One company is apparently legit.

Anyone else with these 3?

Regards,

Doctor Olds
Ref:»[scam] Digital Age, KCSOFTLLC and Coastal Wave Int

from 02/18/2005:

said by legalbegal:

Pluto Data Credit Card Charge

I got a charge for $29.99 on my credit card that read:

888 323 8955 PLUTO D - Nicosia

When I called the number, I was told that the charge was dfrom a company called "Folk and Tribal" and it was for a DVD. However, on the date that the purchase was made, I had just had surgery so there was no way I was buying stuff online or out shopping.

I could not find the charge anywhere in my records OR this company anywhere online.

So I called back and demanded the name and contact information for the company. They said that they do not keep those records. When I demanded a refund, I was then told that they would contact the company to request my refund.

WTF? I thought they did not have that info????
....
.
A third post later that day:

said by legalbegal:

Ah HA!!

I found yet ANOTHER charge on my card from:

Fpb Enterprises
119 Wildwood Cir
Gainesville, GA 30501
770-536-1736

I called this lady and she said that someone has used her company and made over 9000 transactions within a month for under $3.00. SHe said that 5000+ have been reveresed. They shut down her website and everything and the Department of Homeland Security and the FBI are paying her a visit.

She said that they are "pinging" people's credit cards and that she has nothing to do with it. She said that she runs a small website "Pamperedpreemies" and did not know what was happening when they called her.

This is obviously some scam. Yawl better check your credit card statements for pings from strange companies.
Ref: »Pluto Data Credit Card Charge

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

4 edits

1 recommendation

reply to Doctor Olds

On several occasions over the past few years I have awarded the title of the organized crime syndicate's current "longest running card fraud money laundering LLC / website" which is still actively charging. It should also be noted that the award can only be assigned to the "longest known" fraud site. Despite over 6 years and thousands of postings on over a half dozen threads on DSLR, we still only scratch the surface of this massive operation.

I made the mistake back in July of 2009 of assigning that longest running active fraud title to: EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410. At the time, I had presumed that the prior record holder of four and half years of continuous fraud charging, KCSOFTWARECOM LLC aka KCSOFTLLC.COM had been shut down after THIS POST in October of 2008.

Unfortunately, 10 months later in October of 2009, I had to issue THIS RETRACTION when it was discoverd that KCSOFTWARECOM LLC aka KCSOFTLLC.COM.com had continued processing fraud charges and laundering the proceeds out the country as late as Jun 10th, 2009. Since KCSOFTWARECOM LLC aka KCSOFTLLC.COM began operation in March of 2004, that meant they had racked up over 5 years, or half a decade of continuous fraud charging:

»/r0/download/1···tllc.jpg

The corresponding business LLC registration:

»/r0/download/1···_LLC.png

Not long after that, a security insider at a major financial institution went on an intensive hunt to track down the associated business bank account, and have it closed down for fraud and money laundering. There have been no reported fraud charges since that time.

Several days ago when I saw more fraud charging coming in from EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 a 2006 organized crime syndicate's fraud entity, I decided it was time to firmly plant them in the # 1 spot again. I must admit, I am a little gun shy. Though there have been no fraud reports for over 6 months on KCSOFTWARECOM LLC aka KCSOFTLLC.COM, the cyber mule Ms. Kimberly Costanza continues to list it as her occupation:




I do not know about everyone else, but I would be tempted to remove it from my resume, if it had clearly sank in that for over half a decade I had been duped into setting up a card fraud money laundering business entity for a Russian organized crime syndicate:

=================================
Kimberly Costanza’s Experience
owner/partnership
Business Software

(Computer Software industry)

January 2004 — Present (6 years 4 months)

Selling web software design products on the business website in the United States. In partnership with a software company.

=================================




Ref:»www.linkedin.com/pub/kimberly-co···/6a7/6ba

Just doing a Google search of one's business entity KCSOFTLLC, would return a staggering over 1,400 hits and none of them are from anyone who actually made a legitimate purchase in the 5 plus years. I will agree that it is extremely difficult to comprehend how an individual could remain duped for such an extended period. If you only Googled the name of your fraudulent business entity just once in half a decade, even out of curiosity, what a story it would tell. While you shuttle and launder the fraud proceeds out of the country blissfully ignorant, companies as far away as France with almost identical names are being hounded by defrauded consumers. In August of 2005, in response to another round of fraud complaints in the security forum Snowy See Profile posted a link about the French company kcsoftwares.com, in the third entry here: »$9.95 scam, now from KCSOFTLLC.com who, at that time had posted an alert due to all the complaints that it was mistakingly receiving:

===========================
About Fraudulent purchases

Many persons have contacted us concerning fraudulent purchases charged on their credit cards with a name very similar to our company's name : KCSOFTWARE.COM LLC (from the United States of America).
We are not such company. We are KC Softwares SARL, based in France.

Charged made by our company are explicitly labeled KC Softwares SARL or Yaskifo. If not then we are NOT the company in cause. We have tried to contact KCSOFTWARE.COM LLC, but without any succes
==========================

The flooding of innocent companies with fraud charge complaints, is, and has been, a recurring issue. In that case the letter "s" was the only distinguishing item. I don't know when Ms. Costanza's LinkedIn page went up, but I do not recall seeing it in the latter half of 2009 when I last conducted a detail audit. So is it possible that a new bank and merchant account were set up for a replacement website for KCSOFTLLC.COM. It is clear to me that there were multiple merchant accounts supporting KCSOFTLLC.COM in the half decade that it existed. I can tell that based on the way victims reported the fraud charges over the years. The quoted line item charge known as a "billing descriptor" varies over the period. Since that bill descriptor is set by the merchant account provider, the most likely reason it changed over time is because the merchant provider changed. In this organized crime syndicate's operation the only reason for multiple merchant account providers is because the prior one gets canceled to excessive charge backs and fraud complaints. That would put KCSOFTWARE.COM LLC in the "Steve John Rogan" of Arizona category. However, it might be unfair to question the reasoning, logic, and intuitive, skills of Ms. Costanza without also including the similar but professional version of those skills at Authorize.net / Cybersource. After all, they were, and are, the preferred and so far as I can tell the sole provider of every payment gateway access for all of the organized crime syndicate's decade long card fraud and money laundering operation.

In any event, and presuming Ms. Costanza has retired from:
..."Selling web software design products on the business website in the United States. In partnership with a software company". ...., I feel it is appropriate to now crown:

EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 as the OCS's reigning longest continuous and still active card fraud laundering operation.


»ebsebooks.com
Snapped 2009-01-26 03:27:06



»ebsebooks.com
Snapped 2009-07-08 13:31:59



»ebsebooks.com/contacts.php
Snapped 2009-07-08 13:31:41



»ebsebooks.com/robots.txt
Snapped 2009-07-08 13:31:23


Although the card fraud charging and laundering of EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 is believed to have began long before this first public report in December of 2007:

quote:
Amanda
28 Dec 2007
Found online that the number belongs to ebsebooks.com AKA Electronic Business Resources 412-927-0410

Ref: »800notes.com/Phone.aspx/1-412-927-0410

The most recent fraud charge report is from a few days ago, March 31st., on whocallsme.com:
quote:
Mike G
31 Mar 2010
I was reviewing my statement and found a 4.95 charge for which I know nothing. It looks as though I am not the only one being fraudly charged by this company

»whocallsme.com/Phone-Number.aspx···270410/4

The first report on that forum is in February of 2008. But we know that the Pennsylvanian cyber mule, Terra Milbourne registered the Electronic Business Resources LLC on February 6th. 2006, which makes it over 4 years old:

»/r0/download/1···sLLC.png

It is also possible that there was a previosu website, as EBSEBOOKS.COM was not registered until May 30th., 2006, then repeatedly renewed, as I am sure it passed all expectations of the organized crime syndicate's longevity:


Registration Service Provided By:
Jaguar Technologies LLC
Contact: sales[@]jaguarpc.com

Domain name: ebsebooks.com

Administrative Contact: ------>FRAUDULENT
-
Richard Stewart (ebsebooks@yahoo.com)
+1.3094077237
Fax: -
910 Freeport Road
Pittsburgh, PA 15238
US

Name Servers:
ns3.jaguarpc.net
ns4.jaguarpc.net

Creation date: 30 May 2006 20:43:47
Expiration date: 30 May 2008 20:43:47
Expiration date: 30 May 2009 20:43:47
Expiration date: 30 May 2010 20:43:47


.

The documented hosting and nameserver activity history shows:

EBSEBOOKS.COM


IP Address History
===================
Event Date Action Pre-Action IP Post-Action IP
======================================================
2006-06-01 New -none- 207.210.81.180
2006-10-14 Change 207.210.81.180 69.73.180.196
2007-04-22 Change 69.73.180.196 69.73.139.29
2007-10-21 Not Resolvable 69.73.139.29 -none-
2008-06-02 Change 69.73.139.29 8.15.231.113
2008-06-04 Change 8.15.231.113 69.73.139.29

Name Server History
===================
Event Date Action Pre-Action Serve Post-Action Server
============================================================
2006-06-01 New -none- Jaguarpc.net
2008-06-02 Transfer Jaguarpc.net Name-services.com
2008-06-04 Transfer Name-services.com Jaguarpc.net

.

The fact that it goes back over 4 years is a reminder of how the Crime Syndicate routinely and repeatedly used jaguarpc.net, for numerous domain registrations and hosting, which is now owned by Landis Holdings Inc, and was once the OCS's preferred provider. In fact a search for "Jaguar" of the entire DSLR records, will produce 3 pages of results all related to this card fraud and money laundering crime syndicate going back to September of 2005

Repeated efforts to track Ms. Milbourne down have failed. The Pittsburgh, PA., website of magicalhandsmassage.com, which once had a listing for a matching name, is now NLA:

quote:
Terra Milbourne received her massage and body work training from the Pittsburgh School of Massage Therapy. While trained in numerous therapies, her area of specialty is Thai Massage, also know as the lazy man's yoga. She comes from a long line of Native American Healers and uses this healing knowledge in massage. Terra is skilled in the use of herbs, essential oils and their healing properties.

Magical Hands Massage · 5817 Forward Ave · 412.422.2284 · M-F 10am - 7pm, Sat 10am - 4pm

Ref: »magicalhandsmassage.com/who_we_are.html

Other digging may indicate that Ms. Milbourne, believed to be in her early thirties, could be related to a famous baseball player from the mid 70's to mid 80's, who played with the Astros, and Yankees, possibly a daughter.

Since the fraud charging and money laundering entity: EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 just passed its 4th birthday, and is now in its 5th year of operation, it really needs to be shut down. The financial system security contact responsible for tracking down and terminating the last know accounts of KCSOFTWARECOM LLC aka KCSOFTLLC.COM, has know begun the process of trying to travk down the associated fraud accounts for EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410. This wizard has developed a sixth sense whereby they can smell the aroma of any of the Organized Crime syndicate's card fraud laundering operations if any related paperwork passes within 250ft of them, regardless of how well disguised it is. However, the task will be significantly easier if a fraud victim can provide the 21 digit ARN (Acquirer Reference Number) of the related fraud charge from EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410. Even the 2nd through 7th digits would be of help.

I will return to EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 in the second post from now as they are uniquely linked to the new card fraud laundering operation that this Organized Crime Syndicate has now morphed into. During the second half of 2009, the overall merchant account fraud detection rate at enrollment time peaked at an all time high. The modus operandi became well know within the system and thus the detection at set up time was significant. Since them the OCS has totally changed the way they operate. They had long ago abandoned the factory servers where over a 100 fraud websites were stashed in various stages of construction and operation. The days of shadowing the operation as they shuttled the production between servers in Australia and the US are no more. The multi year configurations of fake Web Templates, E-Books, Mobile Games, etc are fading fast. They have been replaced with an entirely new genre, designed to co-mingle with legitimate startups and be undetected. Single server hosting scattered individually, all around the globe, along with the strategy of reducing the monthly fraud throughput per site by 50% has produced an entirely new operation totally unlike the prior history. Though the output per unit is dropped to avoid detection and complaints the number of performing units has been increased to compensate. We will return to this rebirth facade, and how the 4 plus year EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 fraud operation is directly linked to it.

But next we will head over to the UK and take a peek at a database of the new matching recruiting operation ...

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

2 edits

1 recommendation

reply to MGD

said by music man:

.............
You mentioned the UK!! You have my full attention!
.
Interesting that you mention the UK, though I have repeatedly searched, I have not seen any actual UK based operation from this crime syndicate since the 2008 UK Strawberry card fraud operation, which you had a bird's eye view of from its birth. I suspect there may be some as they are difficult to detect in this form of stealth mode. What does occur from time to time is UK card victim data is ran through the fraudulent US merchant accounts. The lack of noise is probably due to the fact that the data is dispersed an mixed simultaneously through multiple card fraud laundering entities of the crime syndicate.

Ironically, I ran across just such an example of UK victims a few days ago during the unmasking of the latest tangible items fraud laundering group. A financial security systems insider with whom I have collaborated with over the last two years, has been vigorously preventing and shutting down the organized crime syndicate's card fraud laundering entities. This individual who is now an expert on sniffing them out of the system, has done more by far, of anyone on the inside, in disrupting and preventing the crime syndicate from functioning. They are the unsung hero when comes to who has been the most effective at targeting the card fraud laundering operation. In fact, it was they who went above and beyond the call of duty, and spend hours tracking down and terminating the accounts of the half decade long fraud operation of KCSOFTWARECOM LLC aka KCSOFTLLC.COM.

One of the OCS's new tangible theme card fraud laundering entities unmasked in the past week while in its infancy was SUPPATOYS.COM 303-261-8619, a product of the SANTAREX TOYS recruitment campaign:

As usual, a DIRECTI bogus domain registration:


Registration Service Provided By:
HIGH QUALITY HOST COMPANY
Contact: +1.6462130098

Domain Name: SUPPATOYS.COM

Registrant:
HERRING llc.
ARTHUR HERRING (nortonbjstove@hotmail.com)
cowpath rd. 358
lansdale
Pennsylvania,19446
US
Tel. +178.9756342

Creation Date: 26-Nov-2009
Expiration Date: 26-Nov-2010

Domain servers in listed order:
ns2.r01.ru
ns1.r01.ru

Server Type: Apache/2.2.3 (Linux/SUSE)
IP Address: 195.24.66.108
IP Location: - Moskva - Moscow - Garant-park-telecom
Response Code: 200
Domain Status: Registered And Active Website

IP Address History SUPPATOYS.COM


Event Date Action Pre-Action IP Post-Action IP
==========================================================
2009-12-03 New -none- 213.155.7.168 Ruslan Zhavrud Ukraine
2009-12-13 Change 213.155.7.168 213.155.7.172 Ruslan Zhavrud Ukraine
2010-02-15 Change 213.155.7.172 213.155.25.172 Ruslan Zhavrud Ukraine
2010-02-25 Change 213.155.25.172 195.24.66.108 (Moscow State University)


The first and so far only reports of fraud charges are coming from victims in the UK posting on the UK moneysavingexpert.com forum:

quote:
05-04-2010, 6:29 PM #1
alibongo42
MoneySaving Stalwart

Weird credit card transaction

I have just discovered a small value credit card transaction that I don't believe I actioned. I need to wait until tomorrow to call my card company, but having done a bit of research, it seems really weird. I wanted to canvas opinion and see if anyone has heard of anything like this.

The transaction was on 16 Mar 10, and is for £6.19 and came from "WWW SUPPATOYS COM". Turns out this was a US transaction, converted from dollars. I have not been in the US since Jan, and did not use this card there. I also don't recall making any online transactions that would fit.

The website is a blank page. Nothing interesting when I view the source code either. When I ping the IP address, it belongs to somewhere in Russia.

On googling the website, it is listed as the homepage for a variety of usernames on a variety of forums (spanning a vast array of topics). In each case, the user has only registered from 23rd - 26th March 10, and made only one post. The posts are coherent, but usually have no significance to the subject of the forum. In some cases the user has a status of BANNED. The most common username is MSMILLER36.

I can find no online reference to anyone else commenting on potentially fraudulent activity from this site.

Has anyone heard of anything like this before? Even if my card company change my card, I will still be curious as to what this is all about!

================================================================

05-04-2010, 7:56 PM #3
Wml
MoneySaving Newbie

Another weird card tranaction

Hello, I too have a transaction from www suppatoys com, like you I know I didn't make this tranaction and have had my card blocked!
The transaction was on 17th March and was for £7.01, also converted from US dollars. Looks like someone is setting up a nice big scam!!!!!

================================================================
05-04-2010, 9:03 PM #8
alibongo42
MoneySaving Stalwart

Card now stopped, and I'm not the first customer to have called with the same query!


Ref:»forums.moneysavingexpert.com/sho···31598811

Interestingly, and as noted by the first victim who posted on moneysavingexpert.com, there are numerous SEO seeding with forum posts using "suppatoys.com 303-261-8619" as a signature:





Ref:»www.google.com/search?hl=en&q=su···gs_rfai=

If you are wondering about the apparently native English skills of the seed postings, which in the past have been documented as originating from IP addresses in both Moldova and the Russian Federation, it is because they copy and paste postings from other forums.

An observant analysis will conclude that there was an intentional fraud processing run of known UK card data, because unlike past SEO forum post seeding, some of these appear to intentionally target UK based forums. In addition, the fact that some of the posts were originally copied from UK forums can be derived from the EU spelling of "favorite" in this subject title "Your favourite toy of your childhood?"

Once again, smart ... but not smart enough !!

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

reply to MGD

said by MGD:

On several occasions over the past few years I have awarded the title of the organized crime syndicate's current "longest running card fraud money laundering LLC / website" which is still actively charging. It should also be noted that the award can only be assigned to the "longest known" fraud site. Despite over 6 years and thousands of postings on over a half dozen threads on DSLR, we still only scratch the surface of this massive operation.

I made the mistake back in July of 2009 of assigning that longest running active fraud title to: EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410. At the time, I had presumed that the prior record holder of four and half years of continuous fraud charging, KCSOFTWARECOM LLC aka KCSOFTLLC.COM had been shut down after THIS POST in October of 2008.

Unfortunately, 10 months later in October of 2009, I had to issue THIS RETRACTION when it was discoverd that KCSOFTWARECOM LLC aka KCSOFTLLC.COM.com had continued processing fraud charges and laundering the proceeds out the country as late as Jun 10th, 2009. Since KCSOFTWARECOM LLC aka KCSOFTLLC.COM began operation in March of 2004, that meant they had racked up over 5 years, or half a decade of continuous fraud charging:
...
..
Not long after that, a security insider at a major financial institution went on an intensive hunt to track down the associated business bank account, and have it closed down for fraud and money laundering. There have been no reported fraud charges since that time.

Several days ago when I saw more fraud charging coming in from EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 a 2006 organized crime syndicate's fraud entity, I decided it was time to firmly plant them in the # 1 spot again.
...
You can now scratch the organized crime syndicate's current longevity record holder off the map.

Finally: EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410 is no more. Thanks once again to the same financial systems security individual who nailed KCSOFTLLC.COM.com aka KCSOFTWARECOM LLC and then took on the difficult task of rooting EBSEBOOKS out of the system. Apparently it was not an easy task, and required repeated efforts to snuff them out. There are clearly eCommerce and business account financial providers out there who are not adept in the current environment.

EBSEBOOKS was finally terminated at the end of the second week in April, and I have not seen any additional reports of fraud charges. The last one to surface was for charges at the end of the first week of April:
EBSEBOOKS.COM aka Electronic Business Resources 412-927-0410
quote:
Elkton, FL
26 Apr 2010
Whoever this is is quite busy. I think the company aforementioned has something to do with it, too.

We did not get a call from this company, but we got a charge on our Debit card for 4.95 on 4/7/2010. We don't know this company, did not order an e-book. Also called the number; got a message that the number is not in service. We called twice to make sure. I'm going to check our credit cards to see if there are similar fraudulent charges.

We are going to call our bank and get reimbursed as well as get another card issued.

The longevity of EBSEBOOKS was repeatedly leveraged in order to uncover many of the organized crime syndicate's latest hidden operations. Victims who either did not catch the monthly charges over an extended period, or ignored them, became a revealing source for the other cross charging entities.

Most recently it was EBSEBOOKS who revealed the latest tactic of now using fake tangible sites which revealed the entire fake "Electronics" themed fraud websites:

This EBSEBOOKS complaint in March:

quote:
quote:
Matt
20 Mar 2010
I had this scam hit my one bank account last year about 4 times (each time it was a different electronics company name with a phone number that went direct to voicemail). I went to my bank (a federal credit union) and canceled my debit card and went back to ATM cards. However, i have 2 accounts there and kept my Debit card with the other account. Now, that account just got hit with 2 charges this month (one from Electronic Business and one from Planet of Electronics). Same deal as everyone - one $4.95 charge, 1 $2.95 charge. I will now be going back to a regular ATM card for the 2nd account as well as our other one has been fraud-free since i got rid of the debit card.

coughed up Planet of Electronics aka PLANETOFELECTRONICS.COM 206-426-2670 which has now also been closed down. The existence of PLANETOFELECTRONICS.COM led to the discovery of several other clones.

EBSEBOOKS also contributed to the revelation and subsequent confirmation that the organized crime syndicate had other new groups:

You need to read this victim's post more than once for the significance of their attitude to sink in, and wonder how many other victims unknowingly support the syndicate's fraud tax by choice.

quote:
melvin Says:

March 5th, 2010 at 1:24 pm

I got hit by this scam with three charges over the last two months from 'Amp Games Com'

On the same card, I also noticed 4 changes for 4.95 from 'Electronic Business Re' every three months in 2009.

I'm reluctant to call my bank because I don't want to go through the effort of changing credit card number.

Frustrating !!

But the upside then confirmed the organized crime syndicate's:

MG Online Games Enterprises aka MGGAMEZONE.COM 330-536-7675

and

IM-GAMED.COM LLC aka IM-GAMED.COM 303-872-7857

Then flushed these out:

FRAUD SCAM = AMP-GAMES.COM aka AMP GAMES (FL) 407-412-9664

FRAUD SCAM = COSTICTSKYRYNGAMES.COM Address: Slidell, LA 70460 504- 322-3530

FRAUD SCAM = DREAMS-GAMEROOM.COM aka HOPES & DREAMS 478-394-4394 (GA)

FRAUD SCAM = GAMES-N-BOOKS-4FAMILYFUN.COM FAMILY FUN-GAMES&BOOKS (AZ) 520-762-7185

FRAUD SCAM = GAMING-EXPRESS4U.COM

FRAUD SCAM = MYGAMESONTHEGO.COM

FRAUD SCAM = TKM-GAMES.COM aka TKM Games 719-387-0811, CO

FRAUD SCAM = SKYRNGAMES.NET SKYRYN GAMES 504-322-3530 LA also 504-610-3983

FRAUD SCAM = FERICULGAMES.COM FERICUL GAMES Houston TX

FRAUD SCAM = VPNMONSTER.COM

These domains were ID's by profile but may not have made it off the ground:

DARRELLS-GAMES.COM

DAWN1GAMES.COM

PANDORASBOX1-GAMES.COM

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 edit

1 recommendation

reply to MGD

said by Robert McMillan :
"We're going to aggressively seek to identify the ultimate masterminds behind this scheme," Wernikoff said. According to him, the scammers found loopholes in the credit card processing system that allowed them to set up fake U.S. companies that then ran more than a million phony credit card transactions through legitimate credit card processing companies.

Wernikoff doesn't know where the scammers obtained the credit card numbers they charged, but they could have been purchased from online carder forums, black market Web sites where criminal buy and sell stolen information.

It became apparent as far back as 2004 that the OCS was a vertical operation, and was directly infiltrating the financial system to obtain the card data. That conclusion did not come solely from monitoring the going rate at that time for card dumps on multiple hidden underworld forums, did not make the operation economically viable. Back then, at $9 per fraud hit, it would have taken 3 successful hits to a card before a profit was turned.

More than that, it was the repeated reports of some of the victim's card history which pointed to something far more sinister. Take the CENTER COMPANY --> EBSEBOOKS connection above, the "DAVID BERGMAN" bogus deflection replies all the way back to the 2004 era of the ABSOLUTE-SOFT.COM version 2.O and this forum:

Circa early 2004:



»Who is Absolute-soft???

Then: »$9.95 scam.. check your bank statements. security

By 2005 the growing appearance of the real extent of the operation: »Re: I got the same changes ....

The beginning of a comprehensive monitoring of the unusual circumstances of some of the victim card data:

But this is now TWO YEARS Later, one fraud entity is still going:

quote:
===========================================
Mark says:
January 21, 2006 at 8:39 am
Hi all,

I got hit in December on a CC that has NEVER been used at NewEgg, Buy.com, etc, and has never been typed online for that matter. It was only used once with a PHONECALL order. The credit card has been in my safe for months, so ANY charge I get is fraudulent. I am making an educated guess that the breakdown is somewhere in the mechanism that communicates the CC number and info for approval. Maybe the common denomincator is the company that certain merchants are using for CC authentication.

Just a thought…
===========================================

I wondered if there was a connection:

State of California

Entity Name: ABSOLUTE SOFTWARE CONSULTING LLC
Entity Number: 200336010080
Date Filed: 12/22/2003
Status: CANCELED
Jurisdiction: CALIFORNIA
Entity Address: 22806 SAILWIND WAY
Entity City, State, Zip: LAKE FOREST CA 92630
Agent for Service of Process: EVELYN NAZARIO
Agent Address: 22806 SAILWIND WAY
Agent City, State, Zip: LAKE FOREST CA 92630
Digging even deeper, there appeared to be:

quote:
Credit card charged by absolute-soft.com

August 18, 2005

Absolute-soft.com, CA.

They charged my credit card $9.95. I never heard of this company and I never ordered or bought anything from them. I sent them an email detailing the problem. I received an email back from

This is what the email said:

--------------------------------

"My name is David Bergman and I represent Absolute Software Consulting LLC Customer Service.

We got an e-mail from you reporting a charge of $9.95 on your credit card. Thank you for reporting about this situation promptly. I guess I should explain everything to you. Our company produces web design products, mostly website templates - primary web pages with no content. The price of each template is $9.95

thus your card was charged for the price of a template bought on our website. In this regard I have a very important question for you: Are you sure that nobody but you has access to your credit card information(name and number)? You see, if your card was charged and you didn't know about that somebody does have your card information and can use it. Please check it. We have already removed the charge you reported. The refund will be stated in the account within three or four business days. Nevertheless I strongly recommend you to call your bank and ask them to issue another card for you. Because if your card was once charged without your notification there's no guarantee that the person

having access to the CC information wouldn't use it again. It is also possible that some banking error occurred and your card was charged by mistake but still please call them and talk it over. Best regards,

===========================================
joe says:
July 26, 2006 at 3:45 pm

I had this charge, got a new bank card and the charge has appeared again. How did they get my new number that is only a week old. Someone is getting hacked, the bank or the merchants!
===========================================
Eric says:
July 27, 2006 at 6:37 pm

I got this charge back in May on 1 of my cards. I had it corrected and got a new credit card number. Just last week the charge came up again on a different card from a different company. Got that fixed 3 days ago and wouldn’t you know another charge from them yesterday on another different card. PLEASE somebody find out how to stop this. We shouldn’t have to change all our cards because of 1 fake company!
===========================================
Jim says:
August 17, 2006 at 10:10 am

I recieved this charge on my bank account 8/9. I am trying to get it refunded.
===========================================
DC says:
August 17, 2006 at 5:39 pm

Absolute-Soft.com hit me today for 9.95 on my debit card. Called the bank to close/change account. How they can get away with this for over 2 years is beyond me. You’d think the banks would set up some sort of common list where companies like Absolute-Soft wouldn’t even be able to submit charges at major institutions. A 5 minute internet search shows the level of this scam. Ridiculous.

absolute-soft.com
===========================================

This was far more than someone buying card dumps. In several instances over time it appeared that all the cards a victim had, issued by several institutions, were sequentially charged with fraud. It was if they were also accessing combined lists of card data alphabetically.

By 2006 not only are reports of fraud charging all over DSLR, but forum pockets all over the internet can be found of the same fraud reports. Start collecting names:

»www.jerseysmarts.com/2004/11/22/···y-fraud/

I knew back then that killing the websites had no effect on their ability to keep merchant processing accounts:

»www.jerseysmarts.com/2006/03/10/···d-fraud/

They could just resurface anywhere, but remain hidden with the first use of "no index" and "no follow" meta tags:

»Credit card criminals Devbill have a new home !!!

Was the four year and plus, card fraud laundering runs of KCSOFTLLC and EBSEBOOKS.COM aka Electronic Business Resource an aberration, a quirk within the financial system that they managed to slip through and continue fraud processing?.

No, they are just two of many examples. Absolute-soft.com aka ABSOLUTE SOFTWARE CONSULTING LLC began fraud charging in early 2004. Five years, HALF A DECADE later, this crops up in April of 2009:





Let's go back and have another look at that California corporation's database:

Entity Name: ABSOLUTE SOFTWARE CONSULTING LLC
Entity Number: 200924410303
Date Filed: 09/01/2009
Status: ACTIVE
Jurisdiction: CALIFORNIA
Entity Address: 22806 SAILWIND WAY
Entity City, State, Zip: LAKE FOREST CA 92630
Agent for Service of Process: BUSINESS FILINGS INCORPORATED
(C2113485)
Agent Address: *
Agent City, State, Zip: *
Apparently a 2009 refreshed registration.
.

MGD