how-to block ads
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to teetimeii
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Excellent thanks, by the way also ask if you can use gatways other than Authorize.net, and if there are specific entitles that you should NOT apply for a merchant account at.
worldcreativestudio.com = FRAUD ALERT, JOB SCAM
»worldcreativestudio.com
World Creative Studio Inc.
Ul Chmielna 26 #5
Warsaw, 00020
Poland
Telephone: +1 954-208-7279
That design was posted once before under another name, anyone remember where it was?
Registration Service Provided By:
Active-Domain LLC
.
Domain Name: worldcreativestudio.com
Expiry Date: 19-Feb-2010
Creation Date: 19-Feb-2009
.
Name servers:
ns51.domaincontrol.com
ns52.domaincontrol.com
.
Registrant Name: Jeff Freeman jeff_freeman17@yahoo.com
Registrant Company: worldcreativestudio.com
Registrant Email Address:
Registrant Address: 687 east 230th street 2b
Registrant City: bronx
Registrant State/Region/Province: NY
Registrant Postal Code: 10466
Registrant Country: US
Registrant Tel No: +1.4256633316
Registrant Fax No:
.
Hosting Data:
World Creative Studio Inc.
worldcreativestudio.com
IP Information for 72.167.232.228
IP Location: United States Scottsdale Godaddy.com Inc
Resolve Host: p3nlh089.shr.prod.phx3.secureserver.net
OrgName: GoDaddy.com, Inc.
OrgID: GODAD
Address: 14455 N Hayden Road
Address: Suite 226
City: Scottsdale
StateProv: AZ
PostalCode: 85260
Country: US
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to music man
said by music man  :A website composed entirely using Flash!! Nice! Definitely our Russian friends then. Perusing the contractor agreement we find another , old , Slav friend "www.albenadesign.com" ....... Excellent Catch !!
That ties albenadesign.com aka albenaDIZ.com aka albena Design Inc, directly to World Creative Studio Inc aka worldcreativestudio.com and covers a vast area: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thank you for your reply.
In this email I will explain you about this job offer. Also I forward you our Instructions, FAQ and Agreement. Use Adobe Acrobat Reader to view the above files. If you do not have this software on your computer, please go to >http://www.adobe.com/products/acrobat/readstep2.html and download the program for free.
Our company enters the american market now because almost all online business are located in the USA. So we have to search managers in the USA to create our subsidiaries. Our Marketing Department has developed a perfect idea to boost sales. The idea is to have more subsidiaries that would resell our items (for example web-templates). The more subsidiaries we have the more things we sell and our profit grows accordingly. Your mission in the project is to create business tools (registering a business, setting up business and merchant bank accounts) and it is for these services that you will be paid.
World Creative Studio, Inc., Inc. creates a web-site (online store or subsidiary another words) which will sell our products (webtemplates, flash intro and web logos). The work of this web site is impossible without a company and that’s why your first step will be the opening of company (the company may be registered as a Corporation, LLC, Sole Proprietorship or other business entity). If you already have a company, it’s great and will make the start up yet faster. Next you open bank business and merchant account and Gateway on Authorize.net.
Your commission will be 10% from all the sales (you’ll earn about$4000-5000 a month). Also all bank and merchant fees will be paid by our company. You will get your 10% in any case not depending what fees we will have. Your income will increase as the business progresses. You will be responsible to pay taxes only on your 10% commission; the rest taxable 90% is the responsibility of World Creative Studio, Inc., Inc. You will need the W-2 form or 1099 for taxes. Find out about it and you will see that you will be responsible only for your 10%. Add here absolute transparence of all partnership activities and full control in your hands.
If you are interested you need to do next: You need to send the signed agreement, the copy of your ID (it can be just DL) and copy of your any utility bill. You can send all these documents or to this email either by fax (708) 842-8482.
If you have any questions please ask me.
Best regards,
Kamil Kowalski
-------------------------------------------
Hello Danielle,
How are you? Do you interest to our offer of job?
I hoped you will be the good manager.
If you refuse, write the cause of denial, please.
Best regards,
Kamil Kowalski
Ref: »answers.yahoo.com/question/index···2AASg2nF
quote:
.... I wasn't sure, plus they got my resume off Yahoo HotJobs, so I figured Yahoo wouldn't give access to junk like that!
Big Mistake, posted resumes on Yahoo, Careerbuilder.com, Monster.com, et all, are equally accessible to criminals, as well as legitimate entities, Caveat Emptor !!
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to MGD
Found the previous version of the all flash format World Creative Studio Inc. aka worldcreativestudio.com C&C.
Circa February 2009 Balaton Design, Inc aka balatondesign.com
Faking their location as Hungary versus the current Poland, neiher of which is the location of the crime syndicate.
The previous write up also connects this to Albena Designs and to the US and UK strawberry fraud program, also to the Orange, and Black template group, et all. »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
MGD | |
teetimeii
@verizon.net
| reply to MGD
MGD,
Here is one of the last notes they sent, once they realized I was cancelled from my first processor:'
Hello xxxx,
We suppose because of the world finance crisis many banks don't want
to risk with new businesses.
Please try this merchant service www.transfirst.com
Or what other merchant service would like to use?
Best regards,
Adrian Nowak.
Chief manager of World Creative Studio, Inc.
adrian_nowak@worldcreativestudio.com
Phone/Fax for the USA: (954) 208-7279 | |
teetimeii
@verizon.net
1 edit | reply to MGD
MGD,
Thanks for your kind words, it does make me feel a little better.
The fake front site: »wdsstudio.com was up until a few days ago. It was almost entirely flash, just like the mother site: »worldcreativestudio.com.
I'm only sorry I wasn't aware of this thread earlier, again thanks to the risk manager that forwarded me this link.
If you'd like his direct contact info, I'd be happy to provide. He deserves a lot of thanks from me.
teetimeii(at)yahoo.com | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
2 edits | said by teetimeii :
MGD,
Thanks for your kind words, it does make me feel a little better. ...
You are welcome !
So the website assigned to you that the merchant account was to be used for was wdsstudio.com which is NLA, but was identical to, and a clone of, worldcreativestudio.com, correct ? If so, that is unusual as the C&C recruiting websites are usually kept separate from the fake template fraud processing sites assigned to the cyber-mules.
Question: How was the LLC set up costs paid ?.
There are three typical methods used:
1) The cyber-mule pays for the LLC and merchant account set up fees out of pocket, and is reimbursed from the initial fraud proceeds of the card processing.
2) The organized crime syndicate registers the LLC themselves using the cyber-mules credentials, via one of many online registration services. They use prepaid debit cards to pay the fees, which were purchased with previous fraud proceeds. The registration documents are then sent via courier to the cyber-mule.
3) The OCS either sends cash via Western Union / MoneyGram, or the more recent method via PayPal from a Russian ecurrency convertor.
I suspect in your case it may have been #2.
This entire organized fraud operation functions on a multiple hub and spoke basis, where there is always multiple duplicate conduits set up for a given function. That way if any one conduit is quickly cut off, the operational effect is minimal. Lessons learned from the long running exclusive use of the Fethard Finace conduits of Inowest Enterprises, and the Midtown Group.
The info that you have provided so far, has now led to the uncovering of an enitre new design format of fraud charge laundering websites. Does this look familiar?. Here is a full body shot of a new card fraud charge processing website:
The "diz" factor again:
makewebdiz.com »makewebdiz.com
Edit = Add
The usual robots.txt file blocking all search engine archiving of the website:
End Edit
makewebdiz.com
makewebdiz.com
1-(516)-320-6036
Or you can send us email directly: support@hfdiz.com
That image needs to be distrubted to and posted by merchant account underwriters. Flag on sight !!.
ICANN Registrar: ACTIVE REGISTRAR, INC
.
Registration Service Provided By:
Active-Domain LLC
.
Domain Name: makewebdiz.com
Expiry Date: 27-Mar-2010
Creation Date: 27-Mar-2009
.
Name servers:
ns57.1and1.com
ns58.1and1.com
.
Registrant Name: Joseph Blakely
Registrant Company: makewebdiz.com
Registrant Email Address: murphy_joe01@yahoo.com
Registrant Address: 5735 W Montrose Ave Unit 1
Registrant City: Chicago
Registrant State/Region/Province: IL
Registrant Postal Code: 60634
Registrant Country: US
Registrant Tel No: +1.4355188979
Registrant Fax No:
.
The essence of good cyber forensics, leave no stone unturned. Every cyber criminal can ultimately be indentified, no matter where they are, and no matter how smart and sharp they are. These Russian cyber criminals are creatures of habit, follow them closely enough and identify every pattern of behavior. the email contact >murphy_joe01@yahoo.com used for the domain reg of makewebdiz.com must be an address that the criminals have access to in order to coplete the registration process. In fact it is the only part of the registration credential that is guaranteed to be under their control. That contact address has a long history:
quote:
J B Electronics, Inc.
etechdiz.com
1-(505)-999-1311
support@etechdiz.com
Registrar: GODADDY.COM, INC.
.
Domain Name: ETECHDIZ.COM
Created on: 08-Dec-08
Expires on: 08-Dec-09
Last Updated on: 08-Dec-08
.
Administrative Contact:
Murphy, Edward murphy_joe01@yahoo.com
1060 Park Row North
Atlanta, Georgia 30312
United States
(435) 518-8979 Fax --
.
Domain servers in listed order:
NS1.HOSTDONE.COM
NS2.HOSTDONE.COM
.
Regular readers may remember Mr. Murphy as the cyber-mule who fronted two sites back in earlly 2008 mvwebtemplates.com AKA Most Valuable WebTemplates / MURPHY VENTURES, INC 404-474-3440 and 123gettemplates.com AKA 123GETITDONE, INC 404-474-0491
Another clone:
hfdiz.com »Hfdiz.com
hfdiz.com
hfdiz.com
1-(224)-333-2000
Or you can send us email directly: support@hfdiz.com
ICANN Registrar: ACTIVE REGISTRAR, INC.
.
Registration Service Provided By:
Active-Domain LLC
.
Domain Name: hfdiz.com
Expiry Date: 10-Apr-2010
Creation Date: 10-Apr-2009
.
Name servers:
ns57.1and1.com
ns58.1and1.com
.
Registrant Name:Evelio Areas
Registrant Company: hfdiz.com
Registrant Email Address:
Registrant Address: :2710 Sheldon Court
Registrant City: :El Sobrante
Registrant State/Region/Province: :CA
Registrant Postal Code: :94803
Registrant Country::US
Registrant Tel No: +1.7274952168
Registrant Fax No:
.
Note the typical use of a prior recruited cyber-mule's identity to register a new cyber-mules domain for obsfucation purposes. Remember they have his picture ID, which can be forwarded to support the validity of the reqistration if it is flagged. Evelio Areas has no clue that the identity documents which he scanned and and emailed to the Russian organized crime syndicate, along with a utility bill, as part of the application process, will be used for various nefarious purposes, long after his stint as a cyber-mule has expired.
Evelio Areas was the cyber-mule for the orange template Eatemplates.com AKA EA Web Designs 434-878-3659 »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
quote:
Gayle - 12 Sep 2008
I also had a debit to my banking account for $9.45 to Online Service Group and this month I was tapped $11.49 to someone called MC-EA WEB DESIGNS EL SOBRANTE when I called the bank they told me to call the fraud line and report it and I will get my money back, this seems to be a national problem, and usually these charges are under $15.00.
Caller ID: 188-241-2101
Caller: unknown
Also used as the registrant for:
Sewebtemplates.com
IP 66.152.173.190
.
Registrant:
Evelio Areas
2710 Sheldon Court
El Sobrante, California 94803
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: SEWEBTEMPLATES.COM
Created on: 12-Dec-08
Expires on: 12-Dec-09
Last Updated on: 12-Dec-08
.
Administrative Contact:
Areas, Evelio evelio_areas@yahoo.com
2710 Sheldon Court
El Sobrante, California 94803
United States
(702) 446-5062
.
Domain servers in listed order:
NS1.HOSTDONE.COM
NS2.HOSTDONE.COM
.
said by teetimeii :
... I'm only sorry I wasn't aware of this thread earlier, again thanks to the risk manager that forwarded me this link.
I can tell you that the work that is being done at that end, has had the most significant impact to date, on this organized crime syndicate's abilty to launder hijacked card data into cash. Only the interdiction of the foreign wire transfers comes close to matching the effect that these alert and sharp underwriters have had.
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
3 edits | reply to MGD
Cyber_Mule recruiting alert !!
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM
Continuing in the Russian Organized Crime syndicate's theme of the 100% Flash and text as an image fraud recruiting website:»www.hongkongsolutions.com
=========================
Hong Kong Solutions Inc. aka hongkongsolutions.com
RM 1315 Ctr 45 Chong
Yip St Kwub Tong Kl
Hong Kong,
Telephone +1-(206)-203-1947
=========================
Our company is a multiple-discipline Internet company (please visit www.hongkongsolutions.com). One of our direction is a creating web-products (iPhone themes,PocketPC themes, Mobile themes, wallpapers, games.), which are intended for many clients. Our company carries on this business for 8 years.
HK Solutions, Inc is one of the leaders in our country of the companies which do these services. In Present days Internet influences all the areas of human activity. That's why our company develops rapidly every year. We aren't the waiting for the fortune company. We do the success ourselves. Our marketing department elaborated a plan, which will help us to get international market and the USA first of all.
We need some managers who will produce our company in the USA. It is a very profitable project not only for our company but for our representatives too. Future trends of this business are unlimited. We guarantee a stable growth of your income and professional skills. From you we need only some efforts in the first stage to develop our business. Later you will not spend much time to keep the project.
Attention: No skills and experience in programming and web design are required from you. This is not a technical position. If you've got a burning desire to succeed and are interested in maximizing your personal and professional growth, please kindly get back to us via our email address
Harry Wong
harrywong@hongkongsolutions.com
NOTE: careerbuilder.com, Monster.com, et all, by default allow cyber criminals to obtain employer accounts. (All you need is a credit card, anyone's will do) An Employer account gives criminals access to entire databases of job seeker resumes. This enables career criminals and organized crime syndicates to target job hunters, and solicit them.
DO NOT ASSUME, that because an email from a prospective employer comes via Careerbuilder, or monster's system, that it in any way confirms legitimacy. Careerbuilder's and Montser's systems are wide open for anyone to join as an employer. No distinction is made between criminals, scammers, and legitimate employers. That burden is left to the prospective employee to do.
From Harry Wong harrywong@hongkongsolutions.com
In this email I will explain you about this job offer.
Also I forward you our Instructions, FAQ and Agreement. Use Adobe
Acrobat Reader to view the above files. If you do not have this
software on your computer, please go to
>http://www.adobe.com/products/acrobat/readstep2.html and download the
program for free.
Our company enters the american market now because almost all online
business are located in the USA. So we have to search managers in the
USA to create our subsidiaries.
Our Marketing Department has developed a perfect idea to boost sales.
The idea is to have more subsidiaries that would resell our items
(iPhone themes,PocketPC themes, Mobile themes, wallpapers, games etc).
The more subsidiaries we have the more things we sell and our profit
grows accordingly.
Your mission in the project is to create business tools (registering a
business, setting up business and merchant bank accounts) and it is
for these services that you will be paid.
Hong Kong Solutions, Inc creates a web-site (online store or
subsidiary another words) which will sell our products. The work of
this web site is impossible without a company and that's why your
first step will be the opening of company (the company may be
registered as a Corporation, LLC, Sole Proprietorship or other
business entity).
If you already have a company, it's great and will make the start up
yet faster. Next you open bank business and merchant account and
Gateway on Authorize.net.
Your commission will be 10 percent from all the sales (you'll earn
about 4000-5000$ a month). Also all bank and merchant fees will be
paid by our company. You will get your 10 percent in any case not
depending what fees we will have. Your income will increase as the
business progresses.
About the taxes:
The taxes in this kind of business we will need to pay only in
starting the 2nd year.
US taxes are not conventional; is one makes more than a certain amount
of $ in a year through a corporation, they need to pay taxes every
three months. This is called Estimated Quarterly Taxes.
In our situation, these aren't paid the first year, only starting the
2nd year. All taxes will be go through your company but you will take
the necessary funds from our part when it's time to pay for taxes. So
our company will pay all taxes not you.
Since what we sell isn't tangible (can't be touched), we don't file
Sales tax. Only thing we pay is income tax, to the federal
governement.
If you are interested please send me the signed agreement (I sent you
it. did you get it?) or via email or via fax (206)339-1058.
If you have any questions else please ask me.
Best regards,
Harry Wong,
Hong Kong Solutions, Inc
>http://www.hongkongsolutions.com/
»www.google.com/search?hl=en&sour···oq=&aqi=
A previous and still operating fraud job recruiting site of this clone is:
World Creative Studio Inc. aka worldcreativestudio.com
Prior postings
»worldcreativestudio.com
=========================
worldcreativestudio.com
World Creative Studio Inc.
Ul Chmielna 26 #5
Warsaw, 00020
Poland
Telephone: +1 954-208-7279
=========================
And before that, we had another clone:
Balaton Design, Inc. aka balatondesign.com
=========================
Balaton Design, Inc., balatondesign.com
Somogyi Bela u. 1.,
8623, Balatonfildvar,
Hungary,
Telephone +1 801-926-8016
=========================
Prior postings
MGD
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM
There are two known names that they are using to communicate with potential cyber-mules:
Donald Chan
donaldchan@hongkongsolutions.com
Harry Wong
harrywong@hongkongsolutions.com
Hosting information for hongkongsolutions.com:
Server Type: Apache
IP Address: 72.167.232.158
Godaddy.com Inc
Response Code:200
Domain Status:Registered And Active Website
IP Information for 72.167.232.158
IP Location: United States Scottsdale Godaddy.com Inc
Resolve Host: p3nlh078.shr.prod.phx3.secureserver.net
IP Address: 72.167.232.158
Reverse IP: 3,538 other sites hosted on this server.
Blacklist Status: Clear
OrgName: GoDaddy.com, Inc.
OrgID: GODAD
Address: 14455 N Hayden Road
Address: Suite 226
City: Scottsdale
StateProv: AZ
PostalCode: 85260
Country: US
NetRange: 72.167.0.0 - 72.167.255.255
CIDR: 72.167.0.0/16
OriginAS: AS26496
NetName: GO-DADDY-SOFTWARE-INC
NetHandle: NET-72-167-0-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: CNS1.SECURESERVER.NET
NameServer: CNS2.SECURESERVER.NET
NameServer: CNS3.SECURESERVER.NET
Comment:
RegDate: 2007-07-05
Updated: 2008-01-18
The domain hongkongsolutions.com has a fraudulent registration:
ICANN Registrar:GODADDY.COM, INC.
Created:2009-05-23
Expires:2010-05-23
Registrant:
Gary Herrit garyherrit@yahoo.com
208 E. Metzger Ave.
Butler, Para 16001
United States
Domain Name: HONGKONGSOLUTIONS.COM
Created on: 23-May-09
Expires on: 23-May-10
Last Updated on: 23-May-09
Administrative Contact:
Herrit, Gary garyherrit@yahoo.com
208 E. Metzger Ave.
Butler, Para 16001
United States
4259847064 Fax --
Technical Contact:
Herrit, Gary
208 E. Metzger Ave.
Butler, Para 16001
United States
4259847064 Fax --
Domain servers in listed order:
NS35.DOMAINCONTROL.COM
NS36.DOMAINCONTROL.COM
A very smart potential cyber-mule, who, when contacted recognizes it as a scam:
quote:
SCAM:
Yes, it is - www.hongkongsolutions.com - a website and SEO company. I received a "business offer" from them too. I think they saw my resume on Monster or Careerbuilder. In a nutshell they say you'll make about 50K a year simply by starting an S-Corp and opening-up some kind of online store so they can run their US sales through it. 50K for basically doing nothing sounded fishy. I've got a lot more info in saved emails from "Harry" (if that's his real name) who is with Hong Kong Solutions. If anyone wants to see them let me know...
Ref:»www.trustlink.org/ViewQuestion.a···onID=224
HONGKONGSOLUTIONS.COM
Lists an address in:
=========================
Hong Kong Solutions Inc. aka hongkongsolutions.com
RM 1315 Ctr 45 Chong
Yip St Kwub Tong Kl
Hong Kong,
Telephone +1-(206)-203-1947
=========================
With a Washington state IPKall VOIP forwarding phone number. A domain registered to a Butler, PA address (fraudulent).
Priors:
World Creative Studio Inc. aka worldcreativestudio.com pretending to be in Warsaw Poland.
Balaton Design, Inc. aka balatondesign.com pretending to be in Balatonföldvár, Hungary.
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | reply to MGD
Back in April of 2009 I came across communications from the organized crime syndicate which indicated that they might be targeting transfirst.com as a merchant account provider for the recruited cyber-mules:
==============================================
From: Tatyana Wang [mailto:hr@unitelsoftware.com]
Sent: Friday, April 03, 2009 8:21 AM
To: XXXXXXX
Subject: Re: What's Next?
Good day XXXXXX,
How are things moving forward? You can full out the application form to
receive the merchant account at the Wells Fargo Bank, and at the same time
you can submit the application to receive the merchant account at the
TransFirst ( >http://www.transfirst.com). At the TransFirst, everything can be done online, you will not need to go to the local bank, and therefore, if you are rejected at the Wells Fargo, we can be certain that everything will be alright at the Transfirst.
Have a great day!
Best Regards,
Tatyana Wang.
==============================================
If you recall, unitelsoftware.com was one of almost a dozen fraud recruiting domains cloned from a subsidiary of EMC Corpration, and hosted in the Russian Federation on a series of Wahome.ru dedicated IPs. The modus-operandi of that first quarter 2009 cyber-mule recruiting campaign involved intensive solicitations via fraudulent employer accounts courtesy of Careerbuilder.com.
Subsequent communications from the crime syndicate in the second half of this year further indicated that transfirst.com was now a default back up merchant provider if the cyber-mule's account application was rejected by the bank:
==============================================
Hello,
We suppose because of the world finance crisis many banks don't want
to risk with new businesses.
Please try this merchant service www.transfirst.com
Or what other merchant service would like to use?
Best regards,
Adrian Nowak.
Chief manager of World Creative Studio, Inc.
adrian_nowak@worldcreativestudio.com
Phone/Fax for the USA: (954) 208-7279
==============================================
.
World Creative Studio, Inc. aka worldcreativestudio.com 954-208-7279 is part of a trifecta of mule recruiting domains which also includes Hong Kong Solutions Inc. aka hongkongsolutions.com 206-203-1947
Security at Transfirst was subsequently alerted and briefed to the organized card fraud laundering operation, once additional communications indicated that they were now selected as a primary target for merchant account processing. Recent fraud accounts subsequently identified as having obtained merchant processing via Transfirst, include: RAGDESIGN.COM aka REMOTE ACCESS GROUP INC. 206-666-4778 also BIGSTUDIODESIGN.COM aka ILLUSTRATIVE STUDIO, INC. 206-350-6215 and JAZZIPHONE.COM aka MOBILE INTERFACE, INC 206-338-6018.
Another recent find of a twin website card fraud laundering operation that was flushed out by Transfirst within the first few weeks of operation: REALPOCKETPC.COM and OPENDESIGNTEMPLATE.COM. The duped Florida cyber-mule originally registered CNCEVE SOLUTIONS, LLC on 06/23/2009 after being recruited by Hong Kong Solutions Inc. aka hongkongsolutions.com 206-203-1947:
==================================
Florida Limited Liability Company
CNCEVE SOLUTIONS, LLC
Filing Information
Document Number L09000060682
FEI/EIN Number NONE
Date Filed 06/23/2009
State FL
Status ACTIVE
Effective Date 06/22/2009
Principal Address
1786 OTISCO WAY
WINTER SPRINGS FL 32708 US
Mailing Address
1786 OTISCO WAY
WINTER SPRINGS FL 32708 US
Registered Agent Name & Address
AMERICAN SAFETY COUNCIL, INC.
5125 ADANSON ST.
SUITE 500
ORLANDO FL 32804 US
Manager/Member Detail
Name & Address
Title MGRM
CALKIN, W. DAVID
1786 OTISCO WAY
WINTER SPRINGS FL 32708 US
==================================
On 08/21/2009 two Florida Fictitious Business Names (FBN) were registered for REALPOCKETPC.COM
==================================
Fictitious Name
REALPOCKETPC.COM
Filing Information
Document Number G09000148240
Status ACTIVE
Filed Date 08/21/2009
Expiration Date 12/31/2014
Current Owners 1
County MULTIPLE
Total Pages 1
Events Filed NONE
FEI/EIN Number 27-0417302
Mailing Address
1786 OTISCO WAY
WINTER SPRINGS, FL 32708
Owner Information
CNCEVE SOLUTIONS, LLC
1786 OTISCO WAY
WINTER SPRINGS, FL 32708
FEI/EIN Number: 27-0417302
Document Number: L09000060682
==================================
and also OPENDESIGNTEMPLATE.COM
==================================
Fictitious Name
OPENDESIGNTEMPLATE.COM
Filing Information
Document Number G09000148251
Status ACTIVE
Filed Date 08/21/2009
Expiration Date 12/31/2014
Current Owners 1
County MULTIPLE
Total Pages 1
Events Filed NONE
FEI/EIN Number 27-0417302
Mailing Address
1786 OTISCO WAY
WINTER SPRINGS, FL 32708
Owner Information
CNCEVE SOLUTIONS, LLC
1786 OTISCO WAY
WINTER SPRINGS, FL 32708
FEI/EIN Number: 27-0417302
Document Number: L09000060682
==================================
We can tell that the cyber-mule was specifically told to apply for a merchant processing account at Transfirst.com because the cyber-mule's business bank account was set up at Bank of America. The default process at Bank of America would have directed the cyber-mule to apply for a business merchant account directly through them, and not Transfirst. Unknown to the duped cyber-mule at the time, but the trail of who is who, Hong Kong Solutions Inc, Bank of America, Transfirst, and of course the organized crime syndicate's exclusive and dedicated gateway processor for over half a decade, Authorize.net / Cybersource, are all listed on the required public notification for the FBN on 8/28/2009:
===========================================================================
NOTICE UNDER FICTITIOUS NAME STATUTE
TO WHOM IT MAY CONCERN:
Notice is Posted:
Location: Orlando, FL
Event Date: 8/28/2009
Description: CSE1014463
NOTICE UNDER FICTITIOUS NAME STATUTE TO WHOM IT MAY CONCERN:
Notice is hereby given that the undersigned pursuant to the "Fictitious Name
Statute", Chapter 865.09, Florida Statutes, will register with the Division
of Corporations, Department of State, State of Florida upon receipt of proof
of the publication of this notice, the fictitious name, to-wit:
opendesigntemplate.com under which we expect to engage in business at 1786
Otisco Way, Winter Springs, FL 32708. That the parties interested in said
business enterprise are follows: CNCeve Solutions, LLC, Hong Kong Solutions,
Inc., Bank of America, TransFirst Corporation, AuthorizeNet.com -CyberSource
Corporation. Phone# 407-340-8918. Dated 8-26-2009, Winter Springs, Seminole
County, FL.
===========================================================================
Transfirst subsequently neutered the setup, and advised the cyber-mule within the first few weeks of the operation. It never got off the ground.
From time to time several have asked how the dots of this over half decade massive card fraud operation by this eastern European organized crime syndicate are connected. There are mutiple pieces of evidence that connects all the operations listed in this thread, from the Digital Age fraud, the Pluto Data, and all the other fraud laundering websites up through these two. They are tied together in an intricate pattern of common connections, including the cross charging of the same hijacked card data.
With respect to this case, one of the items that ties Hong Kong Solutions Inc. aka hongkongsolutions.com 206-203-1947 and CNCEVE SOLUTIONS, LLC and its subsidiary FBNs, REALPOCKETPC.COM and OPENDESIGNTEMPLATE.COM together are the domain registrations. The websites were taken down shortly after the operation was exposed, however, the fraudulent domain registrations yield the trail:
==================================
REALPOCKETPC.COM
Domain Name: realpocketpc.com
Expiry Date: 10-Jul-2010
Creation Date: 10-Jul-2009
Name servers:
ns1.domain.com
ns2.domain.com
Registrant Name: Claudia Thorstensen
Registrant Company: realpocketpc.com
Registrant Email Address: claudia_tt60@yahoo.com
Registrant Address: 37 Bancroft Ave
Registrant City: 37 Bancroft Ave
Registrant State/Region/Province: MA
Registrant Postal Code: 01867
Registrant Country: US
Registrant Tel No: +1.9132738915
Registrant Fax No:
IP: 174.133.212.214
Domain Status: Registered And No Website
==================================
The name and address of Claudia Thorstensen was used back in January of 2008 to register the card fraud laundering domain of DRGTEMPLATES.COM:
==================================
Registrar: ENOM, INC.
Registration Service Provided By: NameCheap.com
Domain name: drgtemplates.com
IP 66.152.162.116
Registrant Contact: DRG
Claudia Thorstensen (drginter58@yahoo.com)
37 Bancroft Ave
Reading, MA 01867 US.
Tel: +1.3203868193
Fax: +1.3203868193
Status: Locked.
Name Servers: ns1.hostdone.com
Name Servers: ns2.hostdone.com
Creation date: 03 Jan 2008 22:22:35
Expiration date: 03 Jan 2009 22:22:35
==================================
The duped cyber-mule assigned to drgtemplates.com was recruited by "Gundars Kristopans" of Atala Designs, Inc aka Ataladesigns.com fame, supposedly from Riga, Latvia. This connects an entire chain of recent recruiting and card fraud domains back to the entire early 2008 operation.
Furthermore, the OPENDESIGNTEMPLATE.COM domain registration cements the structural connections to the long term massive fraud operation by this organized crime syndicate even more.
==================================
OPENDESIGNTEMPLATE.COM
ICANN Registrar:GODADDY.COM, INC.
Created:2009-08-10
Expires:2010-08-10
Registrant:
Charalampos Tyligadas
288 New York Ave #7
Brooklyn, New York 11216
United States
Domain Name: OPENDESIGNTEMPLATE.COM
Created on: 10-Aug-09
Expires on: 10-Aug-10
Last Updated on: 10-Aug-09
Administrative Contact:
Tyligadas, Charalampos charalampos_t@yahoo.com
288 New York Ave #7
Brooklyn, New York 11216
United States
2063375041 Fax --
IP: 97.74.181.128
==================================
I chuckled as soon as I looked up that registration for OPENDESIGNTEMPLATE.COM, but you will not find a prior reference to it in this thread. That name Charalampos Tyligadas, was used back in February 2008, to register a card fraud laundering domain called IPD-TECHNOLOGIES.COM
==================================
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: www.NameCheap.com
Domain name: ipd-technologies.com
Registrant Contact:
IPD LLC
Charalampos Tyligadas (charalam_tylig@yahoo.com)
+1.3094025302
Fax: +1.3094025302
338 E44th StreetApt. 14N
New York, NY 10017
US
Status: Locked
Name Servers:
Creation date: 01 Feb 2008 20:28:09
Expiration date: 01 Feb 2009 20:28:09
==================================
Though the IPD-TECHNOLOGIES.COM website did exist back then, the fraud operation never got off the ground. The reason for that is a very sharp potential cyber-mule, who had responded to a job offer on Craigslist in January of 2008. He received a reply to his initial inquiry from Aleksandr Kostanda aleksandr_kostanda7@fellowsolutions.com which was posted along with screen shots of FELLOWSOLUTIONS.COM who listed their address as being in Sophia, Bulgaria.
The cyber-mule became suspicious as the recruitment and enrollment process got underway.
quote:
==================================
From: aleksandr_kostanda7@fellowsolutions.com
To: XXXXXXXXXXX
Sent: Thu, 24 Jan 2008 5:57 am
Subject: Aleksandr Kostanda
Hello XXXXXXXXX,
We are glad you want to work with our company.
Yes, we can wait while you investigate incorporation procedures.
The company may be registered as a Corporation, LLC, Sole
Proprietorship or other business entity. Also you can see the
file "How to incorporate" I sent you before.
I can assure you that our company is absolutely legal and we offer
absolutely legal job offer. I understand your concers about it. The
USA's market is the biggest online market and we want to work on it.
You will have full control in your hands because the company will be
your property and you will get your 10% in any case not depending what
fees we will have.
We can do 2 or 3 or more web sites for you.
Yes, we can do all this here in Europa. But to open the
merchant account costs approx. $4000-5000 and they take fees 5-10% of
all sales. It's ok for big online stores who sell the goods for
millions dollars. It's not for small business. So many companies as
our company can't allow this big fees and have to search the agetns in
the USA. Because to open the merchant account (it's required for
online purchases) costs $100-150 and they take fees for 1-2% of sales.
So we have to open this business in the USA. And we have to search
the agents in the USA to help us in our business and for this we pay
10%. It's real good for the agent (because he can work as usual and
plus work with our company and it's not required much time; and the
agents monitor only the bank account and do the transfer 1-2 times a
week) and for our company. We have good specialists (technical,
desing, support and others) and we can create really good templates
and we just need to sell them. It's usual business.
It's more easy and less costs to find the agent in the USA and pay
10% of sales for managing accounts that open merchant account here.
In this business the main is advertising to get as many customers as
possible. So we spend for advertising apporox. 40% of sales. Yes it's
much but it gives good results even in the first days of the working
the website.
And second (the main thing) that it's small business and one merchant
account allow to have the sales not above than $50,000.00 for each
account a month. If you open a merchant account that allows to have more than
$50,000.00 that means we will have to pay more fees and in this case
the merchant account hold the money first month (and for this business
the main is advertising and as more you advertise the website as more
you get customers and it's impossible for this business that merchant
account hold the money at all). So we have to search several agents
and open several websites because we know that we will have more than
$50,000.00 for each website (of course it will take 1-2 months to
reach such level; we don't promise gold mountains for our agents at
once, just a good level of additional profit). It's good opportunity
for the agent because for this work he spends not too much time and
can work for his usual work and for our company because we have the
opportunity to enter to the USA's market and have US merchant account
that allow to have a profit if your business is not too big.
As more you have the websites as more you can get new customers and of
course you get more profit. It's business strategy.
You will be responsible to pay taxes only on your 10% commission; the
rest taxable 90% is the responsibility of Fellow Solutions, Inc.
You will need the W-2 form or 1099 for taxes. Find out about it and
you will see that you will be responsible only for your 10%.
Our company produces webdesign and templates - primary web pages
with no content.
We sell: Web Template, Logo template, Flash Intro Template.
As for our customers. Most of them are the people who
only started to create their own websites, students who learn the
internet skills because the cost of our products is less than most of
other webshops have. And we can competite with them. We can offer such
low price because here the salary of our desingers and other workers
less than in the USA and we can do such low price.
If you have any questions please ask me
Best regards,
Aleksandr Kostanda,
Fellow Solutions, Inc.
==================================
The potential mule became increasingly suspicious as the process progressed
quote:
==================================
From: Aleksandr Kostanda
To: XXXXXXXXXXXXXXXXXX
Sent: Wed, 6 Feb 2008 5:58 am
Subject: Aleksandr Kostanda
Hello XXXXXXXXXXXX,
I got your email.
I can't understand why you don't get my emails from
aleksandrkostanda@fellowsolutions.com
Please confirm if you get it now. I send from both email account.
This email and yahoo.
I didn't understand you correctly about this phrase:
" I don't fully understand why I can't go to the site directly without
going to ipd... first. "
Can you no go to the website www.ipd-technologies.com or what?
This website we will sell from.
I explain you how all works:
The customer goes to our webstore, chose the item he likes, then put
his credit card's info in the special page, then that info goes to
Gateway on authorize.net (they check the credit card's info if it's
valid and all datas is correct). If all is ok then that info goes to
the merchant account (they charge
the credit card) and then our system
gets the result and send the download link to the customer's email
where from he download template he chosed. Of course it's all
automatically and very quickly. Then after 1-2 days the money from the
merchant account (sales) goes to bank business account.
You will need to show the website? www.ipd-technologies.com to the
merchant manager in ane case I suppose.
If you ask you how much we are going to sell. Aprox. 2500-3500 a
month. Average price for each template is $12.00. So average sales in
dollars are $35,000 - $45,000.
When you get the merchant account you need to put this phone number
+1-(315)-359-6506 in the merchant service as our support phone number.
The individual receive a credit card statement from the issuer of
their card and in this statement must be put this phone number if he
did the purchase in our web shop.
It's necessary for our support.
Best regards,
Aleksandr Kostanda.
==================================
They ran multiple searches looking for any information or history on the proposed partnership function. That led to them contacting me, and, like several others in the same situation he agreed to assist me in gathering intelligence on the crime syndicate. Based on the stage that he was at, which was pending merchant account approval, it offered an opportunity for me to try and validate conclusions previously adopted about the syndicate's operation. The timing was perfect, as the syndicate would continue to communicate with the mule as long as they believed the merchant account application process was underway, which of course it was not once the cyber-mule had made contact with me. The window of opportunity would be short as once the syndicate realized it was not going to happen, they would move on.
One of the puzzling issues that I was addressing at the time was why the syndicate was not registering the domains to the cyber-mules. The obvious reason not to, was so that the mules could not be readily identified once the card fraud operation was underway, and the fraud charges surfaced. The question was why were they not concerned that this fraudulent domain registration would not be discovered during the merchant account application vetting process. The fact was that if they applied to any third party processors for a merchant account, especially in the double high risk category of internet sales, combined with intangibles, those third party processors will always check and confirm that the applicant is also the registered domain owner. With third party processing that verification check is considered vetting 101. So why when insisting that the merchant account applications be originated through the Banks where the business account was located, was this not an issue for the syndicate. I suspected that they knew that banks would not perform this verification which was a fundamental procedure with aftermarket providers.
During this narrow window of opportunity I wanted to present fictitious issues to the syndicate which were holding up the approval of the merchant account application to see what the responses were. The cyber-mule agreed to become an email proxy and forward communications as if they were his own.
A surprise, the bank wants to know why the domain assigned to the mule, IPD-TECHNOLOGIES.COM is registered to someone other than the applicant:
quote:
==================================
To: aleksandrkostanda@yahoo.com
Sent: Fri, 15 Feb 2008 12:00 pm
Subject: Merchant Account
Hello Aleksandr,
I have a curious question that needs to be answered before I can proceed any
further. The merchant provider called me to ask who "Charalampos Tyligadas
is. I told them I did not know that person. They then told me that
Charalampos Tyligadas from New York is who registered the
ipd-technologies.com web domain and that is the URL that is listed on the
merchant account application. I told them that I did not know that name but
would find out.
Can you please explain this? It is getting embarrassing and hard to come up
with answers that I do not know.
Best regards,
XXXXXXXXXX
==================================
The response clearly shows that the organized crime syndicate already knows that the banks do not check that the registration matches the applicant:
quote:
=====================================
From: Aleksandr Kostanda
To: XXXXXXXXXX
Sent: Fri, 15 Feb 2008 1:02 pm
Subject: Aleksandr Kostanda
Hello XXXXXXXXXX,
Charalampos Tyligadas is a man who registered the domain name
ipd-technologies.com for us. I didn't know that merchant service can
ask you about it.
Best regards,
Aleksandr Kostanda.
=====================================
After multiple attempts to obtain a merchant account failed I wanted to try and see if they would allow any other gateway processor other than Authorize.net - Cybersource to be used. They would not, it was an absolute that Authorize.net - Cybersource must be used as the gateway to processing the fraudulent card charges. So then we proposed that our only option left to use Authorize.net - Cybersource as a processing gateway was to use a third party, would that be okay:
quote:
=====================================
To: aleksandrkostanda@yahoo.com
Sent: XXXXXX Feb 2008 12:00 pm
Subject: Merchant Account
Aleksandr,
I have got nothing but the run around from these banks.
Rather than waste more time trying, I propose setting up the
merchant account with a reliable reseller who I trust.
She has the gateway for authorize.net as well as merchant services.
If this is OK with your company I would liketo proceed.
I think this would be much easier and quicker than shopping
around for a bank that will accept this business.
Please let me know ASAP.
=====================================
Well, as long as authorize.net is used for the processing gateway.:
quote:
=====================================
From: Aleksandr Kostanda
To: XXXXXXXXXXXXXXX
Sent: Thu, 14 Feb 2008 1:40 pm
Subject: Aleksandr Kostanda
Hello XXXXXXXX,
Ok, chose the merchant service not in bank.
Only please don't open the account in Cardservice International
company. They work very bad.
Best regards,
Aleksandr Kostanda.
=====================================
Also noteworthy, is that this operation also produced the first known record of the organized crime syndicate sending funds into the US. Up to this point all that is known is how and where the fraudulent funds exit the US and go to, various foreign banks to the beneficiary of Inowest Enterprises Inc and Midtown Intergroup Ltd.. Up until then all previous debriefed cyber-mules stated that they had paid all the set up costs out of pocket, and were reimbursed later from the initial fraud proceeds out of the business bank account.
quote:
=====================================
From: Aleksandr Kostanda
To: XXXXXXXXXXXXXXX
We sent the money through Western Union. You can pick up the money in
any their branch.
We sent to these datas:
[Redacted]
You will need to know the datas of the sender:
The first name: NATALYA
The second name: MITROFANOVA
MTCN: 814-678-XXXX
Address: Nikolaev, Ukraine
Sum: $500
Yes you need to set up the Company and get FEIN and only then you are
able to open the bank, merchant and authorize.net accounts.
You can set up the Company and get FEIN yourself. Just go to home
state’s Secretary of State Office there and fill our all necessary
papers.
Best regards,
Aleksandr Kostanda.
=====================================
Remember, Fellow Solutions, Inc aka fellowsolutions.com although they listed two US phone numbers: 530-618-6428 & 606-764-1922, they stated that they were from Sophia, Bulgaria:
Aleksandr Kostanda,
Fellow Solutions, Inc.
36 Dragan Tsankov Blvd.,
Sophia, 1057
Bulgaria,
Phone/Fax for US: (606) 764-1922
So a follow up was sent in order to explain why the funds to pay the set up costs were sent from the Ukraine via Western Union:
quote:
=====================================
From: Aleksandr Kostanda
To: XXXXXXXXXXXXXXX
Subject: Aleksandr Kostanda
We sent $500 through the Western Union. You can pick up the money.
The datas to get the money:
Sender:
The first name: NATALYA
The second name: MITROFANOVA
MTCN: 814-678-XXXX
Address: Nikolaev, Ukraine
Sum: $500
We sent it from Ukraine because it's the cheapest way to send the
money for us.
Best regards,
Aleksandr Kostanda.
=====================================
From that time forward sending inbound support funds from various names and cities throughout the Ukraine in a somewhat Hawala type fashion, would become common place, and has been used again very recently in an operation that will be published in a later story.
At the time of initial contact with the cyber-mule Fellow Solutions, Inc aka fellowsolutions.com was unknown to me. However, when I asked the cyber-mule if a website had been assigned to him yet, and he confirmed that it was IPD-TECHNOLOGIES.COM then I was able to immediately confirm that it was this organized crime syndicate. Though I had not uncovered fellowsolutions.com prior to that, I was already shadowing IPD-TECHNOLOGIES.COM. They were identified from cyber forensic audits of various servers which served as organized crime syndicate "factories" for producing and stashing the card fraud laundering websites. At the time that he gave me the assigned website name, a quick search from notes made during the first quarter of 2008 of stashed sites on servers in Australia and the US produced a hit:
An extract of the February 2008 file at that time, which produced the result:
quote:
Audit results
Extracted hosting from shadowed servers:
IP 64.74.223.77 [no reverse DNS set]
1. Mvwebtemplates.com
2. Naturalordertemplate.com
3. Webperfecttemplates.com
-----------------------
[mcawebtechnology.com IP 66.152.162.116]
01/07/2008
[mcawebtechnology.com]
-----------------------
Round trip time to 202.60.92.179: 216 ms
Results for
202.60.92.179 [reverse DNS - ns1.aussiednsserver.com]
170 Results for 202.60.92.179
Identified fraud websites:
033. Ccdtemplates.com
081. Interactiveconsults.com
105. Monroviadesigns.com
106. Mcatemplates.com
107. Mcawebtechnology.com
113. Mvwebtemplates.com
117. Naturalordertemplate.com
156. Ulcsolutions.com
157. Ulcwebdesign.com
164. Webperfecttemplates.com
173. Dp-websolutions.com
------------------------------------
66.152.162.116 [reverse DNS - 116-162-152-66-dedicated.HostDone.com]
183 Results for 66.152.162.116
IP = 66.152.162.116
001. 100percent-solutions.com
003. 123gettemplates.com
017. Bg-websolutions.com
047. Digisoft-technologies.com
052. Drgtemplates.com
059. Everton-templates.com
060. Eyecontemplates.com
069. Fs-webconcepts.com
071. Funwork-design.com
075. Genesusinfoproducts.com
077. Gordontemplates.com
087. Infinitysonstemplates.com
108. Mi-webdesign.com
112. Mydcsolutions.com
118. Palaciantechnologies.com
122. Posicion-web.com
123. Profadminservices.com
143. Sds-websolutions.com
153. Superior-webconcepts.com
154. Supremewebtech.com
156. Synergetic-design.com
166. Wabbytraffic.com
167. Wameltraffic.com
172. Wst-design.com
175. Zgravitywebdesign.com
178. Bst-design.com
179. Wolfentechconcepts.com
180. Cca-templates.com
181. Cjb-concepts.com
182. Ipd-technologies.com
183. Fv-solutions.com
172. Xenontemplates.com
054. Dmnelsonenterprises.com
037. Coastwebtech.com
021. Bsi-concepts.com
019. Blueparaisosolutions.com
017. Bg-websolutions.com
187. Ts-webtemplates.com
--------------------------------------
To be updated:
Wrw-templates.com
Wrw-technologies.com
Synergetic-design.com
Supremewebtech.com
Superior-webconcepts.com
Stonegate-templates.com
Sc-webtemplates.com
Rpr-design.com
Ronztemplatestore.com
Rg-webtechnologies.com
Rd-webconcepts.com
Profadminservices.com
Pgp-concepts.com
Pg-templates.com
Palaciantechnologies.com
Mydcsolutions.com
Mi-webdesign.com
Mcg-websolutions.com
Mcawebtechnology.com
Mcatemplates.com
Infosystemplates.com
Gordontemplates.com
Funworksolutions.com
Ed-webtechnologies.com
Drgtemplates.com
Dmnelsonenterprises.com
Digisoft-technologies.com
Dhtraffic.com
Delamoratemplates.com
Cybernettemplates.com
Cjb-concepts.com (orange template)
Ccdtemplates.com
Bsi-concepts.com
-----------------------------
Besides the cross charging of the same hijacked card data which, weaves a connecting thread through the crime syndicate's operation. There are numerous other pieces of evidence, which, when combined, yield the connected infrastructure of a massive multi year, multi million dollar, well organized crime syndicate.
MGD | |
|
