how-to block ads
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD  :======================= Domain Name:1STCLASSRECRUITMENT.ORG IP Address:205.178.145.65 IP Location: - Virginia - Herndon - Network Solutions Llc Response Code:200 Domain Status:Registered And Active Website ======================= Why am I not surprised that Network Solutions is playing a major role in all this?
All the scum know Network solutions is a go to company | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to MGD
Thanks to a heads up from BobBear.com »www.bobbear.co.uk for this active cyber-mule fraud recruiting website.
1STCLASSRECRUITMENT.ORG = FRAUD RECRUIT SCAM »1stclassrecruitment.org
==============================================
From: Linda Caradonna [mailto:hr@1stclassrecruitment.org]
Sent: Thursday, November 26, 2009 12:23 PM
To:
Subject: Re: Concerning your resume at CarrerBuilder.com
Dear ,
Thank you for your reply, I'm glad that our offer is interesting for you and
try to explain what did this position entails and how everything works.
Our client is the Swedish company Red Line web studio which wants to enter
the american market now because almost all on-line business are located in
the USA. So we have to search managers in the USA to create their
subsidiaries. Below this manager is called Assistant Director. Theh
Assistant Director's mission in the project is to create business tools
(registering a business, setting up business and merchant bank accounts) and
it is for these services that he or she will be paid.
Red Line, Inc creates a web-site (online store or subsidiary another words)
which will sell their products. They want to sell small-size low-price
downloadable content advertizing through the banners. This way makes
possible to reach a good profit because of large volume of sales.
The work of this web-store is impossible without a company and that's why
Assistant Director's first step is the LLC or Sole Proprietorship
registration. If you don't have enough of funds to register the LLC we have
an opportunity to register the business for you using on-line incorporation
agency. In this case you don't spend your own money. If you already have a
company, it's great and will make the start up yet faster. You just should
open bank business and merchant account and Gateway on Authorize.net.
You will never do any sales, advertising, presentation or something like
this. All promoting of the Web store will be done using on-line ADS
services. All expenses relating to ads placement will be on Red Line studio
at full. The specialists of marketing department of Brahe Design studio will
take care about reaching the stable profit of the store not less than
$30.000 each month. You will be paid 5% of this sum so it is guaranteed that
your income will be not less than $1500 monthly.
The position af Assistant Director doesn't require any special skills. You
should just be in touch with your personal manager and follow his/her
instructions. If you don't know how to do all this your personal manager
will explain you all actions step-by-step. You always can ask a question and
will be provided by the detailed instructions.
All work can be done on-line (Internet access is necessary requirement) so
you don't need to spent a lot of time. It is needed just 3-4 hours a week
and it is enough, so it is possible to combine
it with your direct work.
Please, take most seriously to this project and inform me about what do you
think about this offer as soon as you can and feel free for asking you
questions. I'm always glad to provide you with detailed information. If you
wish to join us please let me know and I will send you the Contractor
Agreement.
==============================================
==================================
Contact 1st Class Recruitment
We welcome your feedback and questions regarding our company, services and web site.
• Email: jobs@1stclassrecruitment.org
• Phone / Fax: +46-08-369-80-781
• Address: Gjorwellsgatan 28, 112 60 Stockholm, Sweden
==================================
»1stclassrecruitment.org/contact.php
Same template format as several previous ones, including: therecruiternetwork.org »therecruiternetwork.org webrecruit.org »webrecruit.org
Cloaked 08/26/09 domain registration:
Domain ID:D156963983-LROR
Domain Name:1STCLASSRECRUITMENT.ORG
Created On:26-Aug-2009 20:06:37 UTC
Last Updated On:26-Oct-2009 03:53:43 UTC
Expiration Date:26-Aug-2010 20:06:37 UTC
Sponsoring Registrar:Melbourne IT, Ltd. dba Internet Names Worldwide (R52-LROR)
Status:OK
Registrant ID:C125130853280358
Registrant Name:Andrea Anderson
Registrant Organization:Private Registration US
Registrant Street1:PO Box 61359
Registrant Street2:
Registrant Street3:
Registrant City:Sunnyvale
Registrant State/Province:CA
Registrant Postal Code:94088
Registrant Country:US
Registrant Phone:+1.5105952002
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Name Server:NS15.WORLDNIC.COM
Name Server:NS16.WORLDNIC.COM
Hosted on a familiar and repeatedly used IP / Host.
=======================
Domain Name:1STCLASSRECRUITMENT.ORG
IP Address:205.178.145.65
IP Location: - Virginia - Herndon - Network Solutions Llc
Response Code:200
Domain Status:Registered And Active Website
=======================
The recruitinlg letter's reference to "Our client is the Swedish company Red Line web studio" is an established ruse theme and so is the long term ruse of being based in Sweden.
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
2 edits | reply to MGD
In the last few hours, some more crumbs are surfacing with regard to UNIQUEDESKTOPSTYLE aka UNIQUEDESKTOPSTYLE.BIZ. and from Australia no less.
An Australian victim posted this today in the whirlpool.net.au forums:
quote:
User #215473
posted 2009-Nov-24,
wmh9
The credit card that I have for internet purchases has just been debited for $7.89US in favour of "uniquedesktopstylecom 573-3214029 MO". I dont recognise this crowd and I haven't used this card since before August.
I notice on the web that there are a couple of other people in the same boat so it must be a scam.
Ref:
»forums.whirlpool.net.au/forum-re···274.html
Kudos, they posted the exact line item charge. If you notice the line item lists com and not biz:
UNIQUEDESKTOPSTYLECOM 573-321-4029 MO There is no webpage for the .com domain:
=============================
namecheap.com
Domain name: uniquedesktopstyle.com
Registrant Contact:
VIVIDMOBILETHEMES.COM
Alice Snow (AliceSnow23@gmail.com)
+1.6013730167
Fax: +1.5555555555
144 Carpenter Dr
Jackson, MS 39212
US
Status: Locked
Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
Creation date: 30 Aug 2009 08:14:54
Expiration date: 30 Aug 2010 08:14:54
=============================
It appears that there was a website at one time, and it was null routed ~ 11/08/09, possible carded registration:
UNIQUEDESKTOPSTYLE.COM
.
IP Address History
.
Event Date Action Pre-Action IP Post-Action IP
==============================================
2009-08-31 New -none- 67.228.23.32
2009-09-02 Change 67.228.23.32 205.178.145.65
2009-11-08 Change 205.178.145.65 127.0.0.1
.
The revoking on 11/08 makes sense also because UNIQUEDESKTOPSTYLE.BIZ was registered the next day on 11/09, as listed in the original post:»Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
A search of Missouri State records turns up a hit in the Fictitious Business registrations:
=======================================
Filed Documents
Business Name History
------------------------------------------
Name:
UNIQUEDESKTOPSTYLE.COM
Type: Legal
------------------------------------------
Fictitious Registration - Domestic - Information
Charter Number: X00993823
Status: Fictitious Active
Entity Creation Date: 9/2/2009
State of Business.: MO
Expiration Date: 9/2/2014
------------------------------------------
Owners
Name: ONLINE BUSINESS, LLC
Address: 300 N. Fourth Street # 607
St. Louis MO 63102
=======================================
So the the FBN UNIQUEDESKTOPSTYLE.COM is owned by ONLINE BUSINESS, LLC. That in turn leads to the cyber-mule:
=======================================
Missouri Division Of Corporations
Business Name History
------------------------------------------
Name Name Type
ONLINE BUSINESS, LLC
Type Legal
------------------------------------------
Limited Liability Company - Domestic - Information
Charter Number: LC0993815
Status: Active
Entity Creation Date: 9/2/2009
State of Business.: MO
Expiration Date: Perpetual
------------------------------------------
Registered Agent
Agent Name: Mark, John L.
Office Address: 300 N. Fourth Street, #607
St. Louis MO 63102
Mailing Address:
------------------------------------------
=======================================
Based on the dates of formation, it is likely that UNIQUEDESKTOPSTYLE.COM aka ONLINE BUSINESS, LLC 573-321-4029 began processing fraud charges around a month ago, and are now coming to the attention of some of the fraud victims.
Note the use of VIVIDMOBILETHEMES.COM in the uniquedesktopstyle.com registration. That domain is cloaked and is now expired:
==========================
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Domain name: VIVIDMOBILETHEMES.COM
Registrant Contact:
WhoisGuard
WhoisGuard Protected ()
Fax:
8939 S. Sepulveda Blvd. #110 - 732
Westchester, CA 90045
US
Creation date: 21 Nov 2008
Expiration date: 21 Nov 2009
==========================
However, in researching the historical changes made to the domain registration, it shows that back in December of 2008 the domain was not privacy cloaked at that time. The domain had the identical registration as UNIQUEDESKTOPSTYLE.COM
==========================
Domain name: VIVIDMOBILETHEMES.COM
Registrant Contact:
VIVIDMOBILETHEMES.COM
Alice Snow (AliceSnow23@gmail.com)
+1.6013730167
Fax: +1.5555555555
144 Carpenter Dr
Jackson, MS 39212
US
Status: Locked
Name Servers:
ns19.worldnic.com
ns20.worldnic.com
Creation date: 21 Nov 2008
Expiration date: 21 Nov 2009
==========================
I cannot find any search returns on the domain name, However the hosting history of IP addresses:
VIVIDMOBILETHEMES.COM
.
IP Address History
.
Event Date Action Pre-Action IP Post-Action IP
==============================================
2008-11-23 New -none- 205.178.145.65
2008-11-24 Not Resolvable 205.178.145.65 -none-
2008-12-01 New -none- 205.178.145.65
2009-11-08 Change 205.178.145.65 69.64.156.62
2009-11-23 Change 69.64.156.62 69.64.155.126
are not only the same as UNIQUEDESKTOPSTYLE.COM, they are also share the same IP as ECONTENTNOW.COM
==========================
ECONTENTNOW.COM
IP Address:205.178.145.65
IP Location: - Virginia - Herndon - Network Solutions Llc
Response Code:200
Domain Status:Registered And Active Website
==========================
This grouping:
LAVRI.NET aka LAVRI LLC 239-451-7017
ECONTENTNOW aka ECONTENTNOW.COM
UNIQUEDESKTOPSTYLE aka UNIQUEDESKTOPSTYLE.BIZ
aka UNIQUEDESKTOPSTYLECOM 573-321-4029
are all part of the design genre of which the longest active charge fraud entity is CHEAPESTTHEMES.COM, running since early January of this year: »www.google.com/search?hl=en&q=ch···oq=&aqi=
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | reply to SnowyOne
LOL !! I believe that is why it is turned off, they probably consider it a "security risk" to the criminal operation. Though I know it is configured to work in some cases during the initial merchant account set up. I am aware of it being tested during the final approval process. Also, on at least one occasion they told a suspicious cyber-mule to "try it" to see that it worked. Though later when I arrived on the scene it was disabled.
Back in 2005 when the financial processing system was relatively ignorant, the syndicate used to batch the card data in bulk lots. Now they are more sophisticated. The data comes in individually, spaced apart time wise, to more closely mimic a real scenario, in order to fool any form of fraud detection triggers. I reviewed logs that indicate the data may be scripted to come in via bots in an irregular fashion from various domestic IPs.
The interesting thing is that my first major break came in the case which allowed me to "get in the door" in 2007 at the height of the "Inowest Enterprises Inc" laundering aka Fethard Finance, aka Fethard.biz »/r0/download/1···as_3.wav When a cyber-mule under the C&C of "Tomas Lasinkas"
»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto contacted me after he became suspicious during an ongoing operation.
The final suspicious straw for the cyber-mule that prompted him to contact me, was when he decided to go ahead and "order a template" from the site that was assigned to him, which had been running for several months. He completed a purchase using his own card data, and nothing happened. However two days later he got an email from "Lasinkas" asking him why he had entered his credit card on the website.
That convinced the cyber-mule that all the daily transaction purchase reports that he was getting from Authorize.net, were not the result of the card holders making purchases from the site. After contacting me the cyber-mule agreed to stay dumb for a week or two which enabled a lot of intelligence gathering. We created numerous problems as to why the foreign wire transfers could never complete. As I recall, the account at that time had accumulated somewhere between $15,000 and $20,000 of fraud proceeds. So I was sure a scenario could be created to draw them out in the open to collect the money. I was convinced that they would do back flips for that amount of funds. We kept "trying" to complete the transfers as instructed to Inowest Enterprises Inc, at Eurobank, in Sofia, Bulgaria, then asked for other alternatives, including a domestic drop due to the "failures". They would not budge, and eventually became suspicious and walked away. I was shocked, most criminals would sell their mothers five times over for that amount. Little did I know at the time that this was just a drop in the bucket compared to the total ongoing operation. That became the first gauntlet in the "interference operation", cutting off the outbound fraud proceeds of the organized crime operation, and the most effective interference tactic. Prior to that, killing the website hosting had little or no effect on the operation whatsoever. The latter however, appeared to create severe anger management problems in Eastern Europe.
The intelligence gathered revealed for the first time how the whole process functioned. Recruiting and duping cyber-mules, and how it was done. Registering LLCs / Corps, obtaining IRS ein numbers, setting up business bank accounts, and obtaining merchant accounts. Also the mandatory non variable of always using Authorize.net for the merchant gateway for card fraud processing. Even though I thought it was still vary hard to subsequently identify and locate other cyber-mules, it was comparatively easy, unlike now. In circa 2006 through 2007, the contact phone number listed on the fraud websites could be used to identify the state where the LLC/Corp was registered, and thus where the cyber-mule lived. The geographic area code of the number was always the state where the corresponding LLC was registered. The syndicate caught on from the failure rate, they then made sure that both the registered domain address and the area code of the contact number were both from different states than where the cyber-mule was located. Later they also stopped the practice of having production factory servers, where batches of the fraud websites were initially created. Find one and shadow it, and you would then find twenty or more.
MGD | |
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to MGD
said by MGD :All they need to process fraudulent card data is to interface a script directly with authorize.net. That's about control, total control of what is piped into their processor. As I've mentioned before, if they had working carts on their sites all it would take is one jerk such as myself to start pumping a few hundred working credentials into the system on a daily basis & they'd become involuntarily disconnected in a hurry! | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to SnowyOne
said by SnowyOne :There is a front end shopping cart interface but the back end is DOA. The credentials should have had smooth sailing... Thanks, good catch. In many cases the front end billing to the site is not hooked up. The syndicate scripts the hijacked card data processing directly to the merchant interface. The card fraud processing is automated.
During the merchant account application process they do sometimes have the web interface functioning, but will then unhook it. Depending on the merchant company they will test the interface and confirm SSL functionality etc.
In fact once they are approved for a merchant account, they do not even need the website. Card data can be entered directly at the Authorize.net gateway interface.
In recent times they are having a much higher failure rate with the standard bank originated merchant accounts. Many are now caught either during the enrollment process and rejected, or interdiction takes place shortly thereafter. AS a result they syndicate has been testing new methods and vendors for merchant processing, a la Transfirst. In this case I suspect that UNIQUEDESKTOPSTYLE.BIZ might have dealt directly with the hosting company for merchant services.
The ideal set up for the criminals is to obtain merchant services via the cyber-mule from the bank where the business account is located. That is the least restrictive process in terms of vetting, as it involves one on one human contact with an individual who meets a minimum credit score requirement. Consequently the merchant and website vetting is only subjected to a peripheral check.
One reliable indicator that the merchant account is bank originated along with a cyber-mule who has a high credit score, can be seen when the domain has a fraudulent registration. The banks never check it, and the OCS knows that they don't. A domain with a cloaked registration can be indicative that the merchant account was obtained in the secondary market. Accounts obtained in that field are more high risk and subjected to a higher level of scrutiny. In many cases there is no face to face meeting with the applicant, the process is done online. The domain registration data is required to be submitted as part of the approval process.
That was why I am suspicious that they may be testing this hosting service because it may offer an integrated merchant account. However, SSL does not appear to be active, and the source code on the ordering pages appears not to be incomplete:
=====================
form name = "purchase" action = "Li3O06mIeRh9U.php" method = "post"
input name="authscr" type="hidden" value="on"
input name="prid" type="hidden" value=""
input name="cust_country" type="hidden" value="US"
=====================
All they need to process fraudulent card data is to interface a script directly with authorize.net.
MGD | |
SnowyOne
Premium
join:2003-04-05
Kailua, HI
·RoadRunner Cable
·Clearwire Wireless
| reply to MGD
DOA |
The credentials should have had smooth sailing... | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | reply to MGD
Kudos again to that JGB victim who posted a link over on 800notes.com »800notes.com/Phone.aspx/1-770-451-9777
I am still perplexed that the card validation processing using SAT-N-SOUND 770-451-9777 could go on for over a year. Something is clearly broken in the system. There is no external ability to globally block or blacklist a merchant account from processing. Individual banks can block or blacklist or generate alerts on specific incoming charges, but there is no system to block them at the root level. Some victims report that their instition flagged their card when the SAT-N-SOUND charge hit, so it is clear that some banks have blacklisted them.
If a victim of the SAT-N-SOUND 770-451-9777 fraud can provide the transaction ARN id on the charge, it may be possible to track down the bank where the merchant account is located, and have it closed.
Likewise listing the line item of any additional fraudulent charges will be helpfull.
In fact, the latest victim reports over on merchantcircle.com are providing additional evidence that attributes the overall operation to this organized crime syndicate. SInce my original posting, these reports have surfaced:
quote:
=============================================
Fraudulent charges on my BoA credit card
I received several bogus charges on my Bank of America credit card starting on November 2nd including NewEgg, Buy, Uniquedesktopstyle, Kahphoto, and SAT N Sound. I have canceled the card but Bank of America is not aware of any fraud leaks from their computers.
November 11, 2009 by Mark in Beverly Hills, CA
=============================================
Unauthorized credit card charges were made from helps247.com followed by Sat N Sound and Kahphoto.com.
All under 2 dollars. Beaware! Notify your banks, some of them still have no clues!
November 10, 2009 by Oxana in San Diego, CA
=============================================
Multiple people are reporting tandem ping charges from Kahphoto.com. However, if that name is correct, it is a legitimate webiste and business that has been around for several years. I do not yet know if it is a cloned or hijacked merchant account. It could be a copycat cloned domain, though I have checked all the TLDs.
In addtion to Kahphoto.com there are multiple reports of: helps247.com and Uniquedesktopstyle I have checked variations of helps247.com and its TLDs, and cannot nail it. On the other hand Uniquedesktopstyle is confirmed as a second OCS card fraud laundering website in addition to Konstantin Stuka's LAVRI.NET aka LAVRI LLC 239-451-7017
UNIQUEDESKTOPSTYLE aka UNIQUEDESKTOPSTYLE.BIZ
No phone number, only email contact with an image cloaked address:
The usual money back request form in order to issue a credit and avoid chargebacks for the few who catch the fraud charge and pursue it:
Hidden in plain sight with a "deny all" robots.txt file:
Though the design is different, the wording on the main page is a cloned copy of a previous card fraud laundering website acrossthescreenuniverse.com 786-522-9361 uncovered by music man on 08/29/2009 »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
It would be a great help if victims of the SAT-N-SOUND 770-451-9777, Kahphoto.com, helps247.com, Uniquedesktopstyle can provide additional info from the line item charges that is not already known. Also, if other names show up in tandem.
UNIQUEDESKTOPSTYLE.BIZ has a cloaked domain registration:
Domain Name: UNIQUEDESKTOPSTYLE.BIZ
Domain ID: D36803626-BIZ
Sponsoring Registrar: ACTIVE REGISTRAR, INC.
Sponsoring Registrar IANA ID: 1090
Domain Status: clientTransferProhibited
Registrant ID: DI_10654557
Registrant Name: Whois Manager
Registrant Organization: Whois Proof LLP
Registrant Address1: PO Box 4120
Registrant City: Portland
Registrant State/Province: OR
Registrant Postal Code: 97208-4120
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.2024700599
Registrant Facsimile Number: +1.8663666681
Registrant Email: jb8310x2e@whoisproof.com
Name Server: NS37.WORLDNIC.COM
Name Server: NS38.WORLDNIC.COM
Created by Registrar: ACTIVE REGISTRAR, INC.
Last Updated by Registrar: ACTIVE REGISTRAR, INC.
Domain Registration Date: Mon Nov 09 18:54:27 GMT 2009
Domain Expiration Date: Mon Nov 08 23:59:59 GMT 2010
Hosting:
IP Location: United States Belleville Monstercommerce Llc
IP Address: 206.188.193.62
Reverse IP: 1 other sites hosted on this server.
Blacklist Status: Clear
OrgName: MonsterCommerce, LLC
OrgID: MONST-1
Address: 8 Park Place
Address: Suite B
City: Belleville
StateProv: IL
PostalCode: 62226
Country: US
NetRange: 206.188.192.0 - 206.188.223.255
CIDR: 206.188.192.0/19
NetName: MONSTERCOMMERCE
NetHandle: NET-206-188-192-0-1
Parent: NET-206-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.MONSTERCOMMERCE.COM
NameServer: DNS2.MONSTERCOMMERCE.COM
First time that hosting location has been observed. There is some concern, because that host may offer packaged merchant accounts or proxy card billing »www.networksolutions.com/e-comme···fits.jsp
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Whip
Yes, that makes sense. Interesting that you brought it up, as that motivated me to pull the history. Though the cvurrent registration began in April of this year, it was not registered at first to this Florida name address:
Domain Name: FUNBOXPORTAL.COM
Registrant:
Funbox
CHERYL ARCHER (jm@4ordered.com)
21 Hickory Avenue
Shalimar
fl,32579
US
Tel. +850.000000
Creation Date: 17-Apr-2009
Expiration Date: 17-Apr-2010
The above configuration came into place sometime betwen 09/25 and 11/05. Between its original 04/29/09 date and 09/24 it was listed as follows;
==============================
DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By:
REAL INTERNATIONAL BUSINESS CORP.
Contact: +1.6462130098
Domain Name: FUNBOXPORTAL.COM
Registrant:
atm-master
MARTHA RIVERA (AxelHegel@gmx.de)
3064 brighton 3rd st ,
apt 2
brooklyn
NY,11235
US
Tel. +951.7553423
Creation Date: 17-Apr-2009
Expiration Date: 17-Apr-2010
Domain servers in listed order:
ns1.hqhost.net
ns0.hqhost.net
============================
Can you say carded !!
A prior unrelated registration expired in 09/2006, so a 2007 deletion would make sense. The name was then picked up and registered in April of this year. It is clear that neither of those names / addresses are likely to be the "owners".
I only glanced through the 148 site names on that server. Even though it does not appear completed, »www.funboxportal.com/ caught my attention because of its configuration. The domian reg added to that suspicion.
MGD | |
Whip
join:2009-01-23
Califon, NJ
| reply to MGD
I don't know the validity of this site but:
»www.expiresoft.com/domains/avail···6-46.htm
shows that funboxportal was deleted sometime in 2007. I would imagine that it was once operational before. | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to MGD
The tip that led to this operation came as a result of search referrals to ths thread. Apparently an astute charge victim noticed the similarities between his fraud charge and the operation documented here.
Though there appears to be some strange anomolies occurring here, it is not without precedent. We know going back over five years that a portion of the card data that this organized crime syndicate uses is pre-validated via hijacked legtitimate merchant accounts. As far back as the Digital Age fraud operation many victims reported that their cards were ping charged prior to the fraud charges. The first revelation was in 2005 where a shop in Pennsylvania reported that its merchant account was used over a weekend to ping charge several thousand cards. Those victims were subsequently hit with various fraud charges from the crime syndicate.
In this current case multiple victims are reporting small fraud charges under $2.00 coming from a company in Georgia called SAT-N-SOUND 770-451-9777. The strange thing is that the first report of this goes back to March 26th 2009 on 800notes.com:
quote:
mcb - 26 Mar 2009
Credit card shows small amount ($1.96) from company called SAT-N-SOUND. Tuyrns out the phone number 770-451-9777 belongs to a company in Atlanta. Called the number, the company says they have had there records compromised and that these charges are not being made by them. If you see this on your debit or credit card, call you cc company. I cancelled my card and re-issuing - just to be safe. Be careful with the small initial "test" withdrawl attempt
However, during this month, November 2009, there are a flood of angry victims reporting these fraud charges:
Ref:»www.merchantcircle.com/business/···986-9998
Ref:»www.merchantcircle.com/business/···out/list
The more you dig, shows that this has been going on for almost a year. Not uncommon also, even a victim form Australia:
quote:
Shamsters - I've been hit in Australia
The other day I noticed a charge of $1.99 (Australian dollars) so spoke to my bank and the guy found the other reviews on this site and advised that I cancel my card immediately, which I did. These people need to be stopped. Does anyone know what we can do? They are obviously trying to rip people off world-wide.
March 18, 2009 by Tania
Ref:»www.merchantcircle.com/business/···iew/list
And:
Ref:»www.merchantcircle.com/business/···start=30
And:
Ref:»www.merchantcircle.com/business/···start=60
Though they are subjected to a large amount of cyber abuse SAT-N-SOUND 770-451-9777 ARE CLEARLY VICTIMS in this case. Though it is astonishing that this merchant account whether hijacked or fraudulently set up can continue to function for this considerable period of time. I will wager however, that the account uses authorize.net / Cybersource as a gateway.
quote:
Close your CC/Debit card ASAP!
Called the company (ATL DTH aka Sat n Sound) with this number (770) 451-9777, dialed for the Accounting Dept..spoke to a Chinese lady who notified me that someone has used their company as a front to make charges and steal CCs. They deal in satalite equipment apparently. She said she has notified the FBI and local police about their breach. In the meantime, close your cards ASAP and file for a refund through your bank. Good luck and f*ck these low life thieves!!!
November 06, 2009 by Nice try..but NO
Not only does SAT-N-SOUND 770-451-9777 have a fraud alert recording on option 6 of that phone number, they also have a website alert posted:
»www.satnsound.com/Fraud%20Page.html
. . . CREDIT CARD FRAUD ALERT
From October 30th 2008 and on, we have received many phone calls regarding small charges (mostly under $2) appearing on people's credit or debit card statements. These charges appear to have been made by us because they have a "Sat 'N Sound" notation and our Georgia phone number.
Please be advised that, Atlanta DTH, Inc., dba Sat ‘N Sound, did NOT initiate the charge(s). What happened is the result of Credit Card Fraud, and Theft of Corporate Identity.
A thief has apparently,
1) Set up a credit card merchant account using our company name and phone number
2) Stolen your credit card or debit card number
Then they charged a small amount to your card, hoping you would not notice it.
Please IMMEDIATELY notify your credit card company and inform them of this incident.
At this time, we have notified the FBI, the local law authority, and credit agencies about this fraud.
Thank you for contacting us and alerting us about it. If you have additional questions, please contact us at (770)451-9777 or the address as appeared on this letterhead.
Atlanta DTH, Inc.
Take note of the first reported date 10/30/2008
It is difficult to track subsequent charges as a result of the ping validation, because only victims who catch the ping charging are posting, and they subsequently cancel their cards. However in reviewing the numerous complaints throughout the net, I came across this valuable morsel:
quote:
BOA - 6 Nov 2009
I also got a charge for a $1.82 that originated from SAT N SOUND that I found today while I was canceling my card from an unauthorized charge from LAVRI.NET, phone number 239-451-7017 which appears to be a website run out of a residence in Lehigh Acres FL. Both of these charges were unsolicited. True to form the person I talked to at LAVRI.NET said she will refund my account after she gave me the cryptic email address of the the alleged purchase......Thanks JGB for the info on the ebook article
Ref:»800notes.com/Phone.aspx/1-770-451-9777
I am very interested in hearing from anyone who had subsequent charges after the SAT N SOUND fraud charge, and what they were.
Organized crime syndicate's Card fraud laundering:
LAVRI.NET aka LAVRI LLC 239-451-7017 »lavri.net
=======================
• client@lavri.net
• support@lavri.net
Sandra Trapp
4625 deleon st, apt 231,
fort mayers, fl, 33907
+1 (239) 491 7017
=======================
This genre and theme has been used multiple times over the years.
Lavri.net has been cloned from hexisoft.com & ppt2video.com
Checking the domain registration:
================================
ICANN Registrar:DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
.
Registration Service Provided By: REAL INTERNATIONAL BUSINESS CORP.
Contact: +1.6462130098
.
Domain Name: LAVRI.NET
.
Registrant:
lavri
Sandra Trapp (lavrigroup@gmail.com)
11657 oxnarrd st. suit 229
Hollywood
null,91606
US
Tel. +372.253403775
.
Creation Date: 18-Sep-2008
Expiration Date: 18-Sep-2010
.
Domain servers in listed order:
ns0.hqhost.net
ns1.hqhost.net
.
Administrative Contact:
lavri
Konstantin Stuka (lavrigroup@gmail.com)
11657 oxnarrd st. suit 229
Hollywood
CA,91606
US
Tel. +372.253403775
================================
It is unlikely that "Sandra Trapp" is fluent in Russian, though that lavrigroup@gmail.com email account was set up via a Google Rusian language tld.
Note the regisration in September of 2008, compared to the october 2008 date noted by the alert from SAT N SOUND. Also note that the contact phone number contains the country code for Estonia. A check of Florida public records shows nothing for a Sandra Trapp at that address. (it could be a recent move). Also a check of Florida corporate records and DBA business registrations shows nothing relevant to LAVRI or Sandra Trapp.
Several days ago I called the number listed on the website 239-451-7017. The call was forwarded to another number. A female answered who sounded eastern European and a non native English speaker. I asked her what her relationship to the company was. She said that she answered the calls for them. I said "for who", she said for "Lavri net". I asked "Who do you work for", she replied " Sandra Trapp". I said "where is Sandra Trap at", she said Florida. I asked if it was a Florida company, she said "Yes". "Are they licensed and registered in Florida", she said "yes", though I had already checked and found no record. Is it a "corp / LL or DBA", I said, she said DBA. I asked "how I can reach Sandra Trapp", she said "I do not want to give that information out". I asked "what do you do when people call complaining of charges to their cards". She replied that "I email the information to the company". I said "what is their email address", she said "I do not want to give that information out".
I advised her that she is participating in an organized criminal operation of card fraud, money laundering, and identity theft, very serious crimes. She said "that is not possible, I do not believe that, we have been in operation since last year". I said that I am positive that you are, she said "this is very disturbing, can you call back tomorrow" and hung up. Several calls the next day went unanswered and were forwarded to voice mail.
I dug a little further, the domain registrant's name of Sandra Trapp, and that Florida address are new. They were added when the one year domain registration was renewed in September of 2009.
Prior to that date it was registered to:
================================
Registration Service Provided By:
REAL INTERNATIONAL BUSINESS CORP.
Contact: +1.6462130098
Domain Name: LAVRI.NET
Registrant:
lavri
Konstantin Stuka (lavrigroup@gmail.com)
11657 oxnarrd st. suit 229
Hollywood
CA,91606
US
Tel. +372.253403775
Creation Date: 18-Sep-2008
Expiration Date: 18-Sep-2009
Domain servers in listed order:
ns1.hqhost.net
ns0.hqhost.net
================================
A check of that address in Calfornia shows that "suit 229" is an apartment at "la Nouvelle Apartments" at that address. Furthermore, a check of California division of corporations records shows:
============================
LP/LLC
LAVRI LLC
Number: 200824710133
Date Filed: 8/26/2008
Status: active
Jurisdiction: CALIFORNIA
Address
11657 OXNARD ST UNIT 229
NORTH HOLLYWOOD, CA 91606
Agent for Service of Process:
KONSTANTIN STUKA
11657 OXNARD ST UNIT 229
NORTH HOLLYWOOD, CA 91606
============================
I am now wondering if the individual who was on the phone is related to the above name.
Many of the buy options on lavri.net do not function correctly. Those that do, not suprisingly, show an Authorize.net logo:
The website has been hosted from its inception in the UK, on IP 88.214.204.40. Though it lists the name as Hosting Solutions Ltd. GB, they are from the Ukraine:
IP Location: United Kingdom Hosting Solutions Ltd
IP Address: 88.214.204.40
Reverse IP: 149 other sites hosted on this server.
Blacklist Status: Clear
inetnum: 88.214.192.0 - 88.214.255.255
netname: UK-UAONLINE-20060118
descr: Hosting Solutions Ltd.
country: GB
org: ORG-RIBC1-RIPE
admin-c: HSLD1-RIPE
tech-c: HSLT1-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: uaonline
mnt-lower: hqhost
mnt-domains: uaonline
mnt-domains: hqhost
mnt-routes: uaonline
mnt-routes: hqhost
source: RIPE # Filtered
organisation: ORG-RIBC1-RIPE
org-name: Hosting Solutions Ltd.
org-type: LIR
address: Hosting Solutions LTD.
Sergiy Sabyetyev
145-157 St John Street
2nd Floor
EC1V 4PY LONDON
UNITED KINGDOM
phone: +16462333035
fax-no: +442032921594
admin-c: MS9776-ripe
admin-c: EA2-RIPE
mnt-ref: uaonline
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: hqhost
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
role: Hosting Solutions Ltd. DBM
nic-hdl: HSLD1-RIPE
org: ORG-RIBC1-RIPE
address: Hosting Solutions LTD
address: Sergiy Sabyetyev
address: 145-157 St John Street
address: 2nd Floor
address: EC1V 4PY LONDON
address: UNITED KINGDOM
phone: +16462333035
fax-no: +442032921594
abuse-mailbox:
admin-c: MS9776-RIPE
admin-c: EA2-RIPE
tech-c: MS9776-RIPE
tech-c: EA2-RIPE
mnt-by: hqhost
source: RIPE # Filtered
role: Hosting Solutions Ltd. Tech
nic-hdl: HSLT1-RIPE
org: ORG-RIBC1-RIPE
address: Hosting Solutions LTD
address: Sergiy Sabyetyev
address: 145-157 St John Street
address: 2nd Floor
address: EC1V 4PY LONDON
address: UNITED KINGDOM
phone: +16462333035
fax-no: +442032921594
abuse-mailbox:
admin-c: HSLD1-RIPE
tech-c: HSLD1-RIPE
mnt-by: hqhost
.
An audit of the servers contents at that IP address 88.214.204.40 yields another suspicious domain FUNBOXPORTAL.COM »funboxportal.com . Note that there are no nefarious reports, it is the registration which is suspicious, and not likely to be legit:
ICANN Registrar:DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
Registration Service Provided By:
REAL INTERNATIONAL BUSINESS CORP.
Contact: +1.6462130098
Domain Name: FUNBOXPORTAL.COM
Registrant:
Funbox
CHERYL ARCHER (jm@4ordered.com)
21 Hickory Avenue
Shalimar
fl,32579
US
Tel. +850.000000
Creation Date: 17-Apr-2009
Expiration Date: 17-Apr-2010
Domain servers in listed order:
ns0.hqhost.net
ns1.hqhost.net
.
To reiterate, as I mentioned earlier, testing a portion of the compromised card data via hijacked or bogus merchant accounts prior to charging them, has been a known tactic of this crime syndicate for many years. You can find that identical modus operadi going back over half a decade with this fraud operation:
For example, over 4 years ago in September of 2005
said by Doctor Olds :A triple header. September 11th, 2005 First a test charge authorization of $1.00 dollar from: Telecommunications Equipment Coastal Wave Internet Port Clinton, OH +++++++++++++++++++++++++ September 23rd, 2005 Then a $9.95 charge from: KCSOFTLLC.com Rochester, NY Listed on BBB Warning page since March 24th, 2005 »www.spokane.bbb.org/alerts/alert···wstype=1 +++++++++++++++++++++++++ September 24rd, 2005 Then a $24.99 charge from: Digital Age Cypress ++++++++++++++++++++++++++ It looks like someone is testing the card and if the Auth goes through, then the other companies hit the card for their charges. Or is it just unrelated? One company is apparently legit. Anyone else with these 3? Regards, Doctor Olds Ref:»[scam] Digital Age, KCSOFTLLC and Coastal Wave Int
from 02/18/2005:
said by legalbegal :Pluto Data Credit Card Charge I got a charge for $29.99 on my credit card that read: 888 323 8955 PLUTO D - Nicosia When I called the number, I was told that the charge was dfrom a company called "Folk and Tribal" and it was for a DVD. However, on the date that the purchase was made, I had just had surgery so there was no way I was buying stuff online or out shopping. I could not find the charge anywhere in my records OR this company anywhere online. So I called back and demanded the name and contact information for the company. They said that they do not keep those records. When I demanded a refund, I was then told that they would contact the company to request my refund. WTF? I thought they did not have that info???? .... . A third post later that day:
said by legalbegal :Ah HA!! I found yet ANOTHER charge on my card from: Fpb Enterprises 119 Wildwood Cir Gainesville, GA 30501 770-536-1736 I called this lady and she said that someone has used her company and made over 9000 transactions within a month for under $3.00. SHe said that 5000+ have been reveresed. They shut down her website and everything and the Department of Homeland Security and the FBI are paying her a visit. She said that they are "pinging" people's credit cards and that she has nothing to do with it. She said that she runs a small website "Pamperedpreemies" and did not know what was happening when they called her. This is obviously some scam. Yawl better check your credit card statements for pings from strange companies. Ref: »Pluto Data Credit Card Charge
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to MGD
This crime syndicate's card fraud laundering operation was nipped in the bud by a third party before it got too far off the ground.
MVP123ONLINE.COM aka MVP123Online LLC 215-337-4653
===================================
MVP123Online
ph, +1 (215) 337-4653
sales@mvp123online
Please enter the required information below, to complete your order.
Please use the comments field to describe your order more specifically.
Icons: 9.95$
Logo: 9.45$
Vector: 8.75$
Vector from your image: 8.45$
Change your own logo/icon: 0.05$ ---> Cover for card pinging
=================================
Domain was registered to the cyber-mule:
Server Type:Apache
IP Address: 97.74.188.231
IP Location: - Arizona - Scottsdale - Godaddy.com Inc
Domain Status: Registered And Active Website
ICANN Registrar:GODADDY.COM, INC.
Registrant:
Marina Petcherskaia
12 Monica Drive
Holland, Pennsylvania 18966
United States
Domain Name: MVP123ONLINE.COM
Created on: 08-Sep-09
Expires on: 08-Sep-10
Last Updated on: 08-Sep-09
Administrative Contact:
Petcherskaia, Marina admin@mvp123online.com
12 Monica Drive
Holland, Pennsylvania 18966
United States
+1.2153998579 Fax --
Domain servers in listed order:
NS09.DOMAINCONTROL.COM
NS10.DOMAINCONTROL.COM
Cyber-mule was recruited from an online resume by SIA Digitala Pasaule claiming to be in Latvia:
JOB FRAUD SCAM = DIGITALAPASAULE.COM = JOB FRAUD SCAM »digitalapasaule.com
Fraudulent domain registration:
Server Type:Apache
IP Address:97.74.144.134
IP Location - Arizona - Scottsdale - Godaddy.com Inc
Response Code:200
Domain Status:Registered And Active Website
Registrant:
David McAllister davidalisters@yahoo.com
2672 West Church Street
Eden, New York 14057
United States
Domain Name: DIGITALAPASAULE.COM
Created on: 06-Apr-09
Expires on: 06-Apr-10
Last Updated on: 28-May-09
Administrative Contact:
McAllister, David davidalisters@yahoo.com
2672 West Church Street
Eden, New York 14057
United States
(585) 502-4102 Fax --
Domain servers in listed order:
NS33.DOMAINCONTROL.COM
NS34.DOMAINCONTROL.COM
quote:
Welcome to the official home page of "SIA Digitala Pasaule".
We offer a wide variety of services and products for all your needs.
We hope you will find what are looking for with www.digitalapasaule.com
Feel free to browse our company website for products or services available.
Our customer support managers are always ready to assist you in your search.
"SIA Digitala Pasaule" works on the market of online sales and provides qualified assistance to individuals and product manufactures on different steps of a journey called "successful business operation" We will always help you find new clients or points of sale for your products or services. Our qualified staff will analyze your needs and desires to improve your business situation. We are so proud of our services that we even offer a full money back guarantee to all new clients.
HR Department: recruitment@digitalapasaule.com
IT Department: web@digitalapasaule.com
Billing Department: payments@digitalapasaule.com
Customer Service: products@digitalapasaule.com ordelivery@digitalapasaule.com
services@digitalapasaule.com
Existing clients please use the login page to access your account information.
New clients please contact the customer service department for any questions regarding your products or delivery times. You will receive the login information after your order will be verified and approved.
=================================
Description: Office Employee.
Currently we do not have any available openings in our office.
Description: Representative/Contractor/Freelancer/Home-based Jobs.
We offer different jobs for freelancers in multiple countries.
Available home-based jobs are different every week.
To apply for the next available job vacancy please email your resume, motivation letter and references from your previous employment to our recruitment department at recruitment@digitalapasaule.com This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Please also provide a list of the preferred jobs you would like to accept, additional benefits and the minimal monthly salary.
Your resume and additional information will be reviewed and stored for company records. The company will create a unique profile of your characteristics and skills. You will receive different job offers from the company, based on your profile, as soon as they will be available.
Job offers provided to you will have detailed information regarding the job, the salary, company benefits, working hours, location, responsibilities and duties, employment agreement and a detailed description of the available position.
Information in this section of the site is updated weekly, please check for updates later.
There was a thread on a Monster.com forum from several months back, where multiple people posted of receiving job offers. Ref:»saleshq.monster.com/topics/1488-···ny/posts
It is particularly important that potential cyber-mule recruits pay attention to this potential recruits post:
(emphasis added)
quote:
will be glad to forward anyone the information that I've received so far about the company. A couple of things I know for sure. Read on for the bottom line info: The company is based out of Latvia. I signed the contract - after speaking to someone on the phone from the company. I also had a very proficient lawyer friend look over the contract and he couldn't see any loopholes or tricks tied into it (to make sure this wouldn't come back to bite me in the butt in any way shape or form). They haven't asked for a penny of investment on my part . The contract clearly states that I will receive 1500 dollars biweekly from the company for managing one of their online stores and 5% of revenue from each additional online store I choose to manage. What I'm gathering as our "business relationship" is progressing is that they don't have any online stores, but really train people how to START THEIR OWN online stores. This assessment could be a tad premature, but I'll followup and inform everyone on what develops. - Joe Davis -
Joe never did post back, however, multiple cyber-mules who became involved in this massive fraud operation have told me that they also had a lawyer review the proposal and documents and were told that they appeared to be legitimate. Cyber-mules who were initially hesitant, went forward, and became involved thinking that they had performed due diligence on the job offer.
MGD
| |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | reply to MGD
JOB FRAUD SCAM = Bright Art aka BRIGHTARRT.BIZ = JOB FRAUD SCAM
Hijacked Card data fraud laundering cyber-mule recruiting operation.
==============================
Give us a call:
+46-08-599 26 319
or contact online
info@brightart.biz
Rich Productions 2001 - 2009
Frejgatan 13 11479
Stockholm
Sweden
==============================
»brightart.biz
• employment opportunities
-----------------------------
If you are an ambitious, high-energy person who enjoys a fast-paced team environment laced with challenges and opportunities, you've come to the right place. Read on to discover how to pursue employment opportunities with us. Bright Art offers great jobs, great pay, great benefits and a great place to work!
• we want you to be part of our team
---------------------------------------
Email us to info@brightart.biz or just complete the form at Contact page. Our customer service will provide you with details regarding the position of Affiliate Company Director.
Hidden from everyone, except targeted recruits:
• e-commerce websites
--------------------------
Our developers are well versed with the implementation of shopping carts and integration with payment gateways to enable online shopping and processing of credit card payments.
LOL!! well versed is right. This OCS has "implemented" several thousand websites since the early 2000s for "online shopping and processing of credit card payments."
Every one of them to exclusively process fraud charges against consumer's hacked card data.
Problem with the extra monthly payment for domain registration privacy protection:
Circa 09/03/2009
Domain Name: BRIGHTART.BIZ
Domain ID: D33482294-BIZ
Sponsoring Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Domain Status: clientTransferProhibited
Registrant ID: F66F7EBC713B9797
Registrant Name: Whois Agent
Registrant Organization: Whois Privacy Protection Service, Inc.
Registrant Address1: PMB 368, 14150 NE 20th St - F1
Registrant City: Bellevue
Registrant State/Province: WA
Registrant Postal Code: 98007
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.4252740657
Registrant Email: wqwssgrj@whoisprivacyprotect.com
Circa 09/10/2009:
Not that you need any additional evidence, but the largest users of
"domain cloaking" are criminals and scammers.
Domain Name: BRIGHTART.BIZ
Domain ID: D33543124-BIZ
Sponsoring Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Domain Status: clientTransferProhibited
Registrant ID: 96D4D7FCD42CF61D
Registrant Name: Linda Ray
Registrant Address1: 126 Bittercreek Dr
Registrant City: Folsom
Registrant State/Province: CA
Registrant Postal Code: 95630
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.2393447607
Registrant Email: rozvel345@gmx.com
Administrative Contact ID: F4402907AC132993
Administrative Contact Name: William Vacher
Administrative Contact Organization: USWebHosting
Administrative Contact Address1: 6 Harcourt Terrace
Administrative Contact Address2: Headington
Administrative Contact City: Oxford
Administrative Contact State/Province: OXON
Administrative Contact Postal Code: OX3 7QF
Administrative Contact Country: United Kingdom
Administrative Contact Country Code: UK
Administrative Contact Phone Number: +44.1865451641
Administrative Contact Email: support@uswebhosting.com
Billing Contact ID: 96D4D7FCD42CF61D
Billing Contact Name: Linda Ray
Billing Contact Address1: 126 Bittercreek Dr
Billing Contact City: Folsom
Billing Contact State/Province: CA
Billing Contact Postal Code: 95630
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +1.2393447607
Billing Contact Email: rozvel345@gmx.com
Technical Contact ID: F4402907AC132993
Technical Contact Name: William Vacher
Technical Contact Organization: USWebHosting
Technical Contact Address1: 6 Harcourt Terrace
Technical Contact Address2: Headington
Technical Contact City: Oxford
Technical Contact State/Province: OXON
Technical Contact Postal Code: OX3 7QF
Technical Contact Country: United Kingdom
Technical Contact Country Code: UK
Technical Contact Phone Number: +44.1865451641
Technical Contact Email: support@uswebhosting.com
Name Server: NS1.USWEBHOSTING.COM
Name Server: NS2.USWEBHOSTING.COM
Created by Registrar: ENOM, INC.
Last Updated by Registrar: ENOM, INC.
Domain Registration Date: Tue Sep 08 21:02:52 GMT 2009
Domain Expiration Date: Tue Sep 07 23:59:59 GMT 2010
Domain Last Updated Date: Tue Sep 08 21:02:54 GMT 2009
The twin fraud cyber-mule recruiting clone:
JOB FRAUD SCAM = The Design 4 You aka THEDESIGN4YOU.COM = JOB FRAUD SCAM
Different phone number (voip)
==============================
Give us a call:
+46-08-599 26 863
or contact online
info@thedesign4you.com
Rich Productions 2001 - 2009
Frejgatan 13 11479
Stockholm
Sweden
==============================
»thedesign4you.com
Both fraud recruiting websites Bright Art aka BRIGHTARRT.BIZ and The Design 4 You aka THEDESIGN4YOU.COM are hosted on:
Server Type: Apache
IP Address: 72.34.55.197
IP Location - California - Encino - Ih Networks
Response Code:200
Domain Status: Registered And Active Website
================================
Registration Service Provided By: USWebHosting
Contact: support@uswebhosting.com
Visit: >http://elahost.com/
Domain name: thedesign4you.com
Registrant Contact:
USWebHosting
William Vacher ()
Fax:
6 Harcourt Terrace
Headington
Oxford, OXON OX3 7QF
GB
Administrative Contact:
USWebHosting
William Vacher (support@uswebhosting.com)
+1.1865451641
Fax:
6 Harcourt Terrace
Headington
Oxford, OXON OX3 7QF
GB
Technical Contact:
USWebHosting
William Vacher (support@uswebhosting.com)
+1.1865451641
Fax:
6 Harcourt Terrace
Headington
Oxford, OXON OX3 7QF
GB
Status: Active
Name Servers:
ns1.uswebhosting.com
ns2.uswebhosting.com
Creation date: 30 Aug 2009 14:13:01
Expiration date: 30 Aug 2010 14:13:00
================================
MGD
JOB FRAUD SCAM = Bright Art aka BRIGHTARRT.BIZ = JOB FRAUD SCAM
JOB FRAUD SCAM = The Design 4 You aka THEDESIGN4YOU.COM = JOB FRAUD SCAM | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
2 edits | reply to Naive
said by Naive :
I just set up an LLC and merchant acct for Riddick-Design. I was in last stages when I read this. I have frozen the bank acct and changed the authorize.net password. What else should I do. I certainly have been naive, and I certainly don't want to get into trouble.
Thank you for posting,
Naive, maybe yes, however, congratulations for being very astute and deciding to do some early research. At this stage you have stopped the fraud before it got off the ground, and there should be no additional issues, Kudos !!.
• Were any charges ran through the account ?
You should check the authorize.net account again and make sure that no cards have been ran since you changed the password.
For further protection you can set the authorize.net account into TEST MODE. Though card data can be entered, they will not be processed.
=========================================
Follow these instructions:
To set the authorize.net account in test mode:
1. Log into your Merchant Interface at »https://account.authorize.net.
2. Click Settings in the main left side menu.
3. Click Test Mode.
4. Click the Turn Test ON button. The interface will confirm that the Test Mode Settings have been Successfully Applied
Setting the accounts to TEST MODE will prevent any processing of real charges to credit cards.
=========================================
It would be helpful in tracking these criminals if you can provide some information.
• How did Riddick-Design recruit you ?. Did you have a resume posted on Monster or Careerbuilder ?.
• Did they specify the name of the LLC/Corp to be registered?.
• Did they process the LLC/Corp registration via an online service, if so, with who, or did you handle that process directly?.
• Did the criminals reimburse you for the set up costs up front, or did you pay for it, and they stated that you would be reimbursed from the initial proceeds?.
If they paid you up front were the funds sent via Paypal or via Western Union, or some other method.
• Did they provide you a list of banks affiliated with authorize.net on where to open a business bank account at?. Did they state a preference on which bank to use?. Did they direct you to a specific provider to apply for a merchant account at, such as Transfirst ?.
• Did they specifically state which bank/s not to use, or, state a specific merchant provider/s not to use?. If so who
• Did they insist that you send them a picture indentification as part of the "employee background check" procedure. Did you send them your SSN number ?
Again, congratulations on your sixth sense, and decision to research them. You have caught this very early, well before any trouble. There are hundreds of others who wish they had done what you did this early in the game.
MGD | |
Naive
@litzia.com
| reply to MGD
I just set up an LLC and merchant acct for Riddick-Design. I was in last stages when I read this. I have frozen the bank acct and changed the authorize.net password. What else should I do. I certainly have been naive, and I certainly don't want to get into trouble. | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to MGD
Two of the organized crime syndicate's card fraud laundering websites recently suspended by GoDaddy.
DPOCOLLC.COM aka DPOCO, LLC 423-436-0167
=================================================
Contact details
Dpocollc.com support is available during normal business hours Monday though Friday, 10:00am to 5:00pm EST. If a support engineer is not available, you will receive a call back based on a first come, first served basis.
support@dpocollc.com (24/7 based).
Contact form (24/7 based. average response time 1 hour)
(423)-436-0167 (10am - 5pm Mon-Fri)
=================================================
Cyber-mule registered the LLC in Tennessee:
Server Data
Server Type: Apache
IP Address: 208.109.165.52
IP Location - Arizona - Scottsdale - Godaddy.com Inc
Response Code: 200
SSL Cert: www.dpocollc.com expires in 181 days.
Domain Status: Registered And Active Website
Whois Record
Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Domain Name: DPOCOLLC.COM
Created on: 09-Feb-09
Expires on: 09-Feb-10
Last Updated on: 09-Feb-09
Administrative Contact:
Private, Registration
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598
==============================
08-09-2009,
garethsk:
Wondering if anyone here as seen a charge on their CC from anything resembling this:
X BC FORESTRY, NORTH HAMPTON, VA
I have an account that I rarely use except for play
.... Today I have a $20.00 pending charge from whatever X BC Forestry is.
==============================
08-10-2009,
garethsk:
Great...new charge just showed up.
PRE-AUTHORIZATION DEBIT AT DPOCOLLC COM, CHATTANOOGA, TN
==============================
08-26-2009
zooyorq:
Not to hash up a dead thread but I had the same charge for roughly 7 dollars on one card on the 15th of August and 12 dollars on another card of mine also on the 15th.
Odd thing is these two cards are used by me for business purposes only. I've obviously charged alot of things with them but I bet I could find a pattern of two places I've used both cards in the last year or so. If you're interested in seeing if any match where you've used yours let me know and I'll whip up a list.
Fyi, I'm in IT. So I purchase alot of tech goods.
==============================
»www.tngunowners.com/forums/gener···rry.html
==============================
New CC likely fraud
August 22, 2009 by atthecrux
Not that this’ll be interesting to most people, but posting it for the benefit of anyone searching for info in a similar situation.
I recently had a charge for $5.18 come through from DPOCOLLC.COM 423-4360167 TN on my Bank of America card. The odd thing is, they used a number that hasn’t been active for a number of years. (It’s a card I had with Fleet before they were merged into Bank of America.) I just called B of A and they said they’d credit me for the amount, and asked me to call the company and tell them never to charge me again. I’m not sure that they actually processed it as a fraud issue, but I guess it’s no skin off of my nose if they wait to call it “fraud” and more charges come through (though it does seem ridiculous that they’re still allowing charges through using the old number!).
==============================
»atthecrux.wordpress.com/
DPOCOLLC.COM appears to now be down, this one did not appear to make it off the ground, merchant interception.
ONECLICKPPC.COM aka ONECLICKPPC.COM LLC 253-345-4666
=================================================
Contact details
OneClickPPC.com support is available during normal business hours Monday though Friday, 10:00am to 5:00pm EST. If a support engineer is not available, you will receive a call back based on a first come, first served basis.
support@oneclickppc.com (24/7 based).
Contact form (24/7 based. average response time 1 hour)
(253)-345-4666 (10am - 5pm Mon-Fri)
When submitting a request via email, please include all relevant information pertaining to the problem, your name and the best time to contact you.
=================================================
Washington state LLC:
Server Data
Server Type: Apache
IP Address: 97.74.39.142
IP Location - Arizona - Scottsdale - Godaddy.com Inc
Response Code: 200
SSL Cert: www.oneclickppc.com expires in 294 days.
Domain Status: Registered And Active Website
Whois Record
Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Domain Name: ONECLICKPPC.COM
Created on: 11-Jun-09
Expires on: 11-Jun-10
Last Updated on: 11-Jun-09
Administrative Contact:
Private, Registration
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598
Both are from the genre of the previously listed grouping: »Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
ANKERSOLUTIONSLLC.COM AKA ANKER SOLUTIONS LLC 262-510-0045 706-819-4216
DDV-ENTERPRISES.COM aka DDV ENTERPRISES LLC 636-364-9432 706-819-4216
RET-NEK.COM AKA Ret-Nek LLC, 913-232-2266 706-819-4216
RAPIDADVERTS.COM AKA DWG Consulting & Services 803-667-3922
FLARETRAFFIC.COM aka FLARETRAFFIC = Assumed Name of DAVES ENTERPRISES LLC
865-940-0556
MGD | |
Whip
join:2009-01-23
Califon, NJ | reply to MGD
quote:
A domain registered to a Butler, PA address (fraudulent).
Well, they tried to imitate a Pa address anyway. | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to MGD
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM
There are two known names that they are using to communicate with potential cyber-mules:
Donald Chan
donaldchan@hongkongsolutions.com
Harry Wong
harrywong@hongkongsolutions.com
Hosting information for hongkongsolutions.com:
Server Type: Apache
IP Address: 72.167.232.158
Godaddy.com Inc
Response Code:200
Domain Status:Registered And Active Website
IP Information for 72.167.232.158
IP Location: United States Scottsdale Godaddy.com Inc
Resolve Host: p3nlh078.shr.prod.phx3.secureserver.net
IP Address: 72.167.232.158
Reverse IP: 3,538 other sites hosted on this server.
Blacklist Status: Clear
OrgName: GoDaddy.com, Inc.
OrgID: GODAD
Address: 14455 N Hayden Road
Address: Suite 226
City: Scottsdale
StateProv: AZ
PostalCode: 85260
Country: US
NetRange: 72.167.0.0 - 72.167.255.255
CIDR: 72.167.0.0/16
OriginAS: AS26496
NetName: GO-DADDY-SOFTWARE-INC
NetHandle: NET-72-167-0-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: CNS1.SECURESERVER.NET
NameServer: CNS2.SECURESERVER.NET
NameServer: CNS3.SECURESERVER.NET
Comment:
RegDate: 2007-07-05
Updated: 2008-01-18
The domain hongkongsolutions.com has a fraudulent registration:
ICANN Registrar:GODADDY.COM, INC.
Created:2009-05-23
Expires:2010-05-23
Registrant:
Gary Herrit garyherrit@yahoo.com
208 E. Metzger Ave.
Butler, Para 16001
United States
Domain Name: HONGKONGSOLUTIONS.COM
Created on: 23-May-09
Expires on: 23-May-10
Last Updated on: 23-May-09
Administrative Contact:
Herrit, Gary garyherrit@yahoo.com
208 E. Metzger Ave.
Butler, Para 16001
United States
4259847064 Fax --
Technical Contact:
Herrit, Gary
208 E. Metzger Ave.
Butler, Para 16001
United States
4259847064 Fax --
Domain servers in listed order:
NS35.DOMAINCONTROL.COM
NS36.DOMAINCONTROL.COM
A very smart potential cyber-mule, who, when contacted recognizes it as a scam:
quote:
SCAM:
Yes, it is - www.hongkongsolutions.com - a website and SEO company. I received a "business offer" from them too. I think they saw my resume on Monster or Careerbuilder. In a nutshell they say you'll make about 50K a year simply by starting an S-Corp and opening-up some kind of online store so they can run their US sales through it. 50K for basically doing nothing sounded fishy. I've got a lot more info in saved emails from "Harry" (if that's his real name) who is with Hong Kong Solutions. If anyone wants to see them let me know...
Ref:»www.trustlink.org/ViewQuestion.a···onID=224
HONGKONGSOLUTIONS.COM
Lists an address in:
=========================
Hong Kong Solutions Inc. aka hongkongsolutions.com
RM 1315 Ctr 45 Chong
Yip St Kwub Tong Kl
Hong Kong,
Telephone +1-(206)-203-1947
=========================
With a Washington state IPKall VOIP forwarding phone number. A domain registered to a Butler, PA address (fraudulent).
Priors:
World Creative Studio Inc. aka worldcreativestudio.com pretending to be in Warsaw Poland.
Balaton Design, Inc. aka balatondesign.com pretending to be in Balatonföldvár, Hungary.
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
3 edits | reply to MGD
Cyber_Mule recruiting alert !!
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM
Continuing in the Russian Organized Crime syndicate's theme of the 100% Flash and text as an image fraud recruiting website:»www.hongkongsolutions.com
=========================
Hong Kong Solutions Inc. aka hongkongsolutions.com
RM 1315 Ctr 45 Chong
Yip St Kwub Tong Kl
Hong Kong,
Telephone +1-(206)-203-1947
=========================
Our company is a multiple-discipline Internet company (please visit www.hongkongsolutions.com). One of our direction is a creating web-products (iPhone themes,PocketPC themes, Mobile themes, wallpapers, games.), which are intended for many clients. Our company carries on this business for 8 years.
HK Solutions, Inc is one of the leaders in our country of the companies which do these services. In Present days Internet influences all the areas of human activity. That's why our company develops rapidly every year. We aren't the waiting for the fortune company. We do the success ourselves. Our marketing department elaborated a plan, which will help us to get international market and the USA first of all.
We need some managers who will produce our company in the USA. It is a very profitable project not only for our company but for our representatives too. Future trends of this business are unlimited. We guarantee a stable growth of your income and professional skills. From you we need only some efforts in the first stage to develop our business. Later you will not spend much time to keep the project.
Attention: No skills and experience in programming and web design are required from you. This is not a technical position. If you've got a burning desire to succeed and are interested in maximizing your personal and professional growth, please kindly get back to us via our email address
Harry Wong
harrywong@hongkongsolutions.com
NOTE: careerbuilder.com, Monster.com, et all, by default allow cyber criminals to obtain employer accounts. (All you need is a credit card, anyone's will do) An Employer account gives criminals access to entire databases of job seeker resumes. This enables career criminals and organized crime syndicates to target job hunters, and solicit them.
DO NOT ASSUME, that because an email from a prospective employer comes via Careerbuilder, or monster's system, that it in any way confirms legitimacy. Careerbuilder's and Montser's systems are wide open for anyone to join as an employer. No distinction is made between criminals, scammers, and legitimate employers. That burden is left to the prospective employee to do.
From Harry Wong harrywong@hongkongsolutions.com
In this email I will explain you about this job offer.
Also I forward you our Instructions, FAQ and Agreement. Use Adobe
Acrobat Reader to view the above files. If you do not have this
software on your computer, please go to
>http://www.adobe.com/products/acrobat/readstep2.html and download the
program for free.
Our company enters the american market now because almost all online
business are located in the USA. So we have to search managers in the
USA to create our subsidiaries.
Our Marketing Department has developed a perfect idea to boost sales.
The idea is to have more subsidiaries that would resell our items
(iPhone themes,PocketPC themes, Mobile themes, wallpapers, games etc).
The more subsidiaries we have the more things we sell and our profit
grows accordingly.
Your mission in the project is to create business tools (registering a
business, setting up business and merchant bank accounts) and it is
for these services that you will be paid.
Hong Kong Solutions, Inc creates a web-site (online store or
subsidiary another words) which will sell our products. The work of
this web site is impossible without a company and that's why your
first step will be the opening of company (the company may be
registered as a Corporation, LLC, Sole Proprietorship or other
business entity).
If you already have a company, it's great and will make the start up
yet faster. Next you open bank business and merchant account and
Gateway on Authorize.net.
Your commission will be 10 percent from all the sales (you'll earn
about 4000-5000$ a month). Also all bank and merchant fees will be
paid by our company. You will get your 10 percent in any case not
depending what fees we will have. Your income will increase as the
business progresses.
About the taxes:
The taxes in this kind of business we will need to pay only in
starting the 2nd year.
US taxes are not conventional; is one makes more than a certain amount
of $ in a year through a corporation, they need to pay taxes every
three months. This is called Estimated Quarterly Taxes.
In our situation, these aren't paid the first year, only starting the
2nd year. All taxes will be go through your company but you will take
the necessary funds from our part when it's time to pay for taxes. So
our company will pay all taxes not you.
Since what we sell isn't tangible (can't be touched), we don't file
Sales tax. Only thing we pay is income tax, to the federal
governement.
If you are interested please send me the signed agreement (I sent you
it. did you get it?) or via email or via fax (206)339-1058.
If you have any questions else please ask me.
Best regards,
Harry Wong,
Hong Kong Solutions, Inc
>http://www.hongkongsolutions.com/
»www.google.com/search?hl=en&sour···oq=&aqi=
A previous and still operating fraud job recruiting site of this clone is:
World Creative Studio Inc. aka worldcreativestudio.com
Prior postings
»worldcreativestudio.com
=========================
worldcreativestudio.com
World Creative Studio Inc.
Ul Chmielna 26 #5
Warsaw, 00020
Poland
Telephone: +1 954-208-7279
=========================
And before that, we had another clone:
Balaton Design, Inc. aka balatondesign.com
=========================
Balaton Design, Inc., balatondesign.com
Somogyi Bela u. 1.,
8623, Balatonfildvar,
Hungary,
Telephone +1 801-926-8016
=========================
Prior postings
MGD
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM
FRAUD ALERT JOB SCAM = Hong Kong Solutions Inc. aka hongkongsolutions.com = FRAUD ALERT JOB SCAM | |
|
