how-to block ads
|
Scammed Princess
@verizon.net
thumbs down from:
Doctor Olds 
| reply to Doctor Olds
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I understood exactly what he said and was very grateful to him for all his incredible work. I don't know if you work for Digital because I know they've been out there doing damage control in some of these threads online, but too many of us have had the exact same scenario happen coincidentally enough directly after making a purchase to a site hosted by Freemerchant.Com! instantly each and every time! So if it walks like a duck, quacks like a duck and acts like a duck it's not? Please do not insult my intelligence. I do understand what he is saying and realize that the syndicate is a much bigger problem on a larger scale using all kinds of hosts. FreeMerchant was merely one of them and if you tell me that they are not than you need to check yourself not the other way around. That took a lot of time to type up sharing my particular story and it was very honest. It's exactly what happened to me. Your immediate defensiveness is a little suspicious to me. My sharing my story should not have elicited that type of reaction and hasn't anywhere else where I have participated in this discussion. If anything people have thanked me for sharing and shedding a little light on what was a total mystery to some at the time.
Finally, I know what I saw happen to me and how it happened. I made no purchases through Paypal or Amazon and I know what happened to me particularly. I realize that the syndicate has many ways to get you but they got a huge lot of us after we purchased products from sites hosted by FreeMerchant and that's a fact. Many of us got together and realized exactly what the common denominator was for US. It may not be the case for everyone because their breaches may have occurred elsewhere. Nobody is saying that others didn't get their credit cards stolen in other places at one time or another. We're just saying (and there are other threads online where there are many of us saying the EXACT SAME THING), that it happened to us after using THIS particular host. End of story.
Your attack on me was unnecessary and rather disappointing considering that most of us (emphasis on most) are here not to do damage control for some company known for their breaches and admitting to their breaches (in fact to me personally on the damn phone not two months ago) but because we are victims of these nasty creatures that call themselves human beings. I won't be answering you again. I'm not going to waste my time. I am however extremely grateful to this person who has gathered all of this for us because it had to be incredibly time consuming. He should get hugs and medals.  | |
Scammed Princess
@verizon.net
| reply to Doctor Olds
Oh and one more thing if I may. There's a guy who posted his story (not here) and he has never had a credit card before period. He's new to credit in general. He placed his first order on his first card for collector baseball cards through a small mom and pop site that uses Freemerchant.Com and was hit with a charge from Sensate Technology a week later. Nobody is blaming the mom and pop candy store nor the mom and pop baseball card store, but it was because of FreeMerchant.Com which is obviously one of many that the syndicate has targeted and breached so I understood perfectly what was being said here. I can't speak for everyone's exact situation. I was merely relaying my own story and that is where MY particular breach occurred. | |
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
1 edit | reply to Scammed Princess
Please don't spread FUD here. My post wasn't an attack (paranoid much?), but it does make us question who you work for yourself.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Scammed Princess
said by Scammed Princess :
... Here is how I got hit twice....... Thank you for sharing, I am interested in all circumstances surrounding the charges, and spend a lot of time reading reports of them. Based on what you wrote, I now recall seeing some of your other postings. The fact that you had two cards hit in that manner does indeed raise some compelling issues.
I welcome and I am interested in all opinions regarding the potential source or sources of the compromised data. I do not have hard evidence of what has, or has not been compromised. Mine are conclusions based over a longer period, however, they are no more valid than anyone elses opinion. Lacking hard evidence I would indeed be foolish to discard other scenarios as potential sources.
One reason I voice my conclusion is to be a sort of balancing effect on the focal points that are reached from different groups of victims that do have common denominators. Part of the problem is the lack of a large enough statistical sample. If Sensate is typical, then they are processing fraudulent charges at around 10,000 cards a month, over 30,000 cards to date maybe. Of course you then have to multiply that times the dozens of active sites that are known to be ran by this syndicate. The issue then becomes what conclusion you can come to if there are several hundred people that have a recent card processor in common. Is that sample just a random event from within the larger pool anyway.
A brief look at Digital River, which is a public company, shows that they claim over 40,000 accounts worldwide. They generated third quarter 2007 revenues of $82.5 million. I don't know if they publish transaction quantities or not. Nor if they break the figures down by card present versus card not present transactions(CNP). However, they likely process close to a million or more transactions a month.
Could their data base be leaking?, yes of course it could. However, in my opinion, I would then expect an overwhelming amount of reports of that common link. The syndicate could be mixing data up from multiple locations. Also, the people that actually end reporting these frauds on the net are only a fraction of those being charged. A significant amount don't even catch it, or pursue it if they do. One site that came online two months ago and has processed several thousand charges has yet to appear in complaints anywhere on the internet. The operation is now shut down, however I was surprised not to see any mention of them.
I do not want to dissuade your conclusions in any way. Based on those circumstances they are indeed logical. You even bring up the possible coincidence factor. Did they already have both card account data when they made the first hit, and the second card was already in the pipeline. Would that second card have had the charge anyway, whether you used it then or not?. Who knows for sure. Hopefully one day we will have the answer.
I do admire you for taking the time to become active in this issue. The ones that do not owe you gratitude, for it is people like yourself who will ultimately be the reason that this all comes to an end.
MGD | |
Scammed Princess
@verizon.net
| Thank you so much MGD. You have done all of us a huge service here. You are a class act as well. I am grateful to you more than you can possibly know (and thank you for making me feel welcome here)
I was really scared when this first happened because I honestly did not know how my card got compromised. If it had not been for Gary posting the link to all of your wonderful work in our thread discussing this, we would not have the whole picture like we do now and that's truly thanks to you. A huge thank you to Gary as well for running over to where we were to post this link! What an eye opener this was! I spoke to the Ventura County Sheriff's office and faxed over my affidavit and a long letter explaining my findings and what little information I had on Sensate at the time to a female detective there. I'm not sure how much it helped but I told myself I was not going to let these people get away with this and do whatever I could do, even if it's but a drop in the collective bucket.
I canceled my cards and went through a huge hassle of making many phone calls and filling out forms but the real legacy is that I will never feel comfortable again using my credit cards online.
The behavior of the credit card companies freaked me out the most. They act as if everything is fine once the money has been returned. I had to reiterate a few times to a clerk I spoke to that the money was stolen to begin with. That I had not clicked on a banner or made a mistake. That these people are not real. They are a dummy company running a dummy web site stealing our money so nothing they do is OK. Now I see how this has gone on for so long. There are so many holes in the system! They are endless! You report it to the server and of course they get defensive and want to dismiss you and turn you away (and hope it will quietly go away though Digital did admit they were getting lots of calls so I was not the only one there). You tell your banks and they say no problem, fill out this form and we will issue you a new card and that is the extent of their investigation most of the time. You tell the police and they are so swamped and than see a small amount so it gets buried under a pile of papers. I pray that the FBI is truly on this. You have basically handed them their case here! You have saved some FBI agent somewhere so much time! I am still in awe of all of this. You should be a journalist and you would do quite well I might add.
The last thing are the mules. I don't understand why someone hasn't broken down their doors with a badge and a shovel (OK well the shovel part is my idea...lol). Don't these people know they are doing something wrong? You would think they have googled or something and seen what they got themselves into (if any are innocent at all to begin with that is). What a mess!
I really think we should all take a few minutes out of our busy lives and make copies of this thread and some of the others and just turn them in with our reports and affidavits. If nothing else it will save that bank officer, police officer and anyone else time. They won't have any doubts as to what the nature of the charge was on our cards anymore. They will finally have some answers.
At the risk of sounding like a broken record, THANK YOU SO MUCH! Seriously this is not only incredibly impressive but you may be the reason these people go down finally. You took the time to outline the whole bloody mess and it may be their undoing. If there is any justice in this world it will be! | |
pcdebb
RIP dadkins
Premium
join:2000-12-03
Tampa, FL
clubs: 
| reply to Scammed Princess
said by Scammed Princess :
I understood exactly what he said and was very grateful to him for all his incredible work. I don't know if you work for Digital because I know they've been out there doing damage control in some of these threads online.... trust me, he doesnt work for them. And MGD knows his worth here already
--
a time for change... | 1st & 10 | Ham is good | |
garys_2k
join:2004-05-07
Farmington, MI
 ·Future Nine Corpor..
·Vonage
| reply to Scammed Princess
SP, I'm glad I could help in even that small way. PLEASE pass the link to this thread onto other forums where these types of frauds are discussed. The more that victims and mules can learn about this, and let MGD know what they've learned, the better. | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
4 edits | reply to MGD
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
Continued, Part 2,
The search for information on one of the three group charges listed as:
"$13.95 E NAT NATALIYA MAKOVCARMICHAEL CA"
ended up locating another website, site # 8 of interest on IP 64.202.102.8
E nat turns out to be another Sacramento Fictitious Business name registered on 06/14/2007 by a Natalie Makoviy:
County of Sacramento, California
Fictitious Business Name
File Number: 0706914
Filing Date: 06/14/2007
Expiration Date: 06/14/2012
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
.
Business Name(s): E-NAT
Owner Name(s): MAKOVIY, NATALIE
A lookup of Natalie's name produced records under Nataliya for 8063 Joe Rodgers CT., Granite Bay, CA 95746, and a listing under Natalie at ABC Realty & Mortgages, Inc. in Carmichael, CA. They said she no longer works there. This came up also:
Natalie Makoviy
work
Job title: Owner
Company: E Nat
4037 Mcclain Way, Apt 52
Carmichael, CA 95608-2488
(916) 534-2848
That response from that phone number behaved a lot like the typical phone set ups on the fake sites. Running a check on it showed that it was also listed on a website: newmobile-shark.com 916-534-2848 »newmobile-shark.com which is also hosted at IP 64.202.102.8 and became number eight on the list.
A check of that domain registration shows that it is registered to none other than Vladimir Mironyuk, of VR-S.com fame. AKA Vlad's Designs, small world!.
Registered through: GoDaddy.com, Inc.
Domain Name: NEWMOBILE-SHARK.COM
Created on: 05-Jul-07
Expires on: 05-Jul-09
Last Updated on: 05-Jul-07
.
Administrative Contact:
mironyuk, vlladimir albert_mur@yahoo.com
4840 buffwood wa
Sact, California 95841
United States
(916) 308-3108
.
Domain servers in listed order:
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
Running a check of the last name MAKOVIY through the Sacramento County FBN records shows:
Business Name Owner Name File Number Filing Date
E-NAT MAKOVIY , NATALIE 0706914 06/14/2007
SMS USA MAKOVIY , SERHIY 0706911 06/14/2007
There is something new, a Serihy Makovivy registered "SMS USA" on 06/14 the same day that Natalie Makovivy registered E-NAT. Have not seen anything yet on SMS USA. A check on Serhiy yields one of the same addresses as Natalie or Nataliya:
Serhiy Makoviy
8063 Joe Rodgers Ct
Granite Bay, CA 95746-9391
phone number unavailable
The only reference to other names or an address on the newmobile-shark.com site is:
NEWMOBILE-SHARK (a division of mobileHomeGAME LLC )
newMobileShark, New Way, SF, 90075, USA
Not sure what they had in mind with these price reductions, hope it is not an omen of future charge amounts.
The ssl cert on the server, which may be the default is:
E = root@mobiulehome.com
CN = 64.202.102.8
O = mobilehome
L = New York
S = NY
C = US
More to follow,
Part 3.
MGD | |
omgdave
join:2006-12-31
United State | MGD,
Any useful purpose served from a visual look at the N. Cal./Sacramento sites listed above? | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| At this stage I don't believe so, I have now found two other phone numbers, and I am in the process of working that angle. At this point we can presume that this division is the same modus operandi as the others. In that the names that are on the recorded documents are recruited cybermules. No doubt that the individuals listed on the corporate filings, and the fictitious business name registrations, will also be the ones who set up the bank and merchant accounts to process the fraud charges.
This group is somewhat unique in that so far all the reports of fraud charges that specify a card, list American Express as the one hit. This genre of "Game Download" sites, however, is not unique. A group of similarly cloned sites was used by this criminal enterprise back in 2006. Charges from the "Game Download" group appeared either alongside the Devbill web templates fraud charges or immediately following them.
This victim report from May 2006 on DSLR is one example listing a fraud charge from Moball along with the template charges. The entire thread is HERE
I also mentioned this genre at the beginning of this thread, and here are some screen shots circa May 2006.
Moball, moballtech.com
McColgan Games out of Canada, mobilegamejuice.com
Generex, generextech.com
Also, JamesPC.com:
Generex was a cybermule driven LLC set up in Ohio, and Moball was fronted by a retired physician in Virginia.
I also provided links to early 2006 audio recordings from the contact numbers:
»/r0/download/1···mple.wav
»/r0/download/1···mple.wav
This has all the appearances of repeat performance.
MGD | |
shrew
@embarqhsd.net | reply to Not A Mule
Re: Almost a Cyber Mule!!!
The people that own these corporations have to wire money every week to the people who are ripping the public off. THis is a bad deal. I don't know how people could think that it is legitimate. | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | reply to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
mcawebtechnology.com AKA M.C.A. 623-742-3769
.
mcatemplates.com AKA M.C.A. 623-444-2173
Both of these were listed previously, and were assumed to be fronted by a single mule, as the domains were registered to the same individual, Steve Rogan in Arizona. Since a corporate LLC filing was not found, it was not know if the domain was carded, or actually registered to the mule.
Well it now appears that they are registered to the mule, and add a third one, just found this:
.
ulcsolutions.com AKA U.L.C. 623-444-2964 also 602-476-1845
»ulcsolutions.com »800notes.com/Phone.aspx/1-623-444-2964
This ulcsolutions.com domain is registered as follows:
Registration Service Provided By: NameCheap.com
Domain name: ulcsolutions.com
Registrant Contact:
NL LLC
Steve Rogan (steve_rogan1298@yahoo.com)
+1.7088429740
Fax: +1.7088429740
8912 E. Pinnacle Pear Ro #174
Scottsdale, AZ 85255
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 20 Jul 2007 19:44:19
Expiration date: 20 Jul 2008 19:44:19
This time a check of the Arizona Corporate filings shows a filing just completed yesterday for ULC:
and as you can see it is registered to Steve Rogan, so that is the cyber mule. It is reasonable to assume that he has all three.
Running a check on ULC shows that it was originally just a registered trade name used by Steve Rogan, and assigned as a Mortgage Consulting entity. Probably needed to be an LLC in order to have the correct bank account type.
So mcawebtechnology and mcatemplates.com are probably Steve Rogan's too. At least one cyber mule has reported that the crime syndicate has been actively soliciting existing mules to set up additional business names to increase their revenue. Not sure if that is the result of a growing card inventory or a reduction on the supply of mules.
EDIT= The address 8912 E. Pinnacle Pear Road #174, aomes back as a Mail Boxes Etc location.
MGD | |
pcdebb
RIP dadkins
Premium
join:2000-12-03
Tampa, FL
clubs:
| reply to shrew
Re: Almost a Cyber Mule!!!
said by shrew :
I don't know how people could think that it is legitimate.
i'll tell you why, it's because you have daily radio advertisements on being an "internet salesman" in the comfort of your own home. I hear the same ad everyday (but forget to catch the email and url advertised)
--
a time for change... | 1st & 10 | Ham is good | |
feline
@olympus.net
| reply to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Our Dec USAA Visa statement has the (now infamous) $4.95 charge from MFBPSITE.COM phone # 310-237-6452 CA.
However, I am a ruthless financial manager for our home finances. I knew we had not made a purchase from their website. I googled their name and found your website and all the wealth of information.
I immediately called my Credit Card Services at 11pm, reported the fraud and had the cards canceled.
They were kind enough to take the Fraud report over the phone and not request a letter. However, after reading your entire postings, I drafted a certified letter to their Fraud Division. I referred them to your website and stressed the need for investigating this TYPE of Fraud and not to focus on the miniscule dollar amount.
Thank you! Thank you! Thank you! | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to MGD
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
Part 3,
There are additional fraudulent charge reports from this group continuing to roll in on Chris Jupin's blog. There now seems to be little doubt that the earlier characterization of this as the "American Express" fraud division of the syndicate is true. The reported fraud charges from this group appear to be specifically targeting American Express compromised card accounts.
While Cybersource / Authorize.net is to be heavily criticized for their utter failure to implement appropriate procedures in the vetting process to remove these fraudulent laundering accounts, apparently American Express fares no better. Authorize.net has been the criminal enterprise's provider of choice for several years. Part of the issue is that merchant account providers make maximum profits from charge back fees. They may initially be reluctant to address the distorted frequency of charge backs and credits associated with these fraud accounts.
In the case of the VALL-JRSX, VIN-DESIGN, E NAT, PARADISE WEB group, it appears that American Express has provided these criminals with the perfect opportunity to use their own system to launder their customer's compromised cards. There was an initial report on the blog from a victim who quoted an AE csr as saying that they had a "reversal arrangement" with the fraud group. originally I brushed that off as a statement from an overzealous AE csr. However, now there is an additional report of the exact same arrangement.
quote:
Marti on 01.10.08 at 6:27 pm
I checked my Amex account online this morning and saw a charge I didn’t recognize from Paradise Web for $9.59 on 01/06/08:
Transaction Date: 01/06/2008
Transaction Description: PARADISE WEB PARADISPLUMAS LAKE
...........................Amex was very willing to reverse the charge, as they said they had an agreement with the company to automatically reverse disputed charges (!). Another poster mentioned this also. I find it incredible that the credit card companies seem to be facilitating these scams (in the sense that they do not seem to investigate or want to do anything to stop it). ...........
Incredible !! that plays straight into the criminals hands. I am sure that this type of pre-arranged reversal agreement does not contain the usual high "charge back" fees. In effect, American Express is now performing one of the criminal's intensive tasks of mitigating charge back fees to maximize the take.
In addition the process of setting up this type of merchant billing account directly with American Express appears to be only one step above the "honor system". The entire process can be done online, and subsequently administered and managed from there.
Have a look at the application: »https://www209.americanexpress.com/merch···=regular
Apparently neither American Express nor Cybersource realize that there is no accreditation process for setting up an LLC, or establishing an EIN number. Criminals, even those offshore can easily arrange for that kind of setup. Possession of those credentials does not establish any form of legitimacy to an operation, that process is not intended to. In addition the merchant account application is done "online". American Express states that approval comes "within the hour".
Combine this with various card data storage and processing systems that are about as secure as a sieve, and you could not write nor invent a more efficient crime magnet. One wonders why Cybercrime is such an epidemic.
Future callers to American Express from card holders who are victims of this group's fraud charges, should alert them that they need to reverse any and all charges from this group. In addition, they can use the submit reports for an up to date list of AE compromised accounts. They should automatically issue new cards to any account holder's card that is submitted from this criminal enterprise.
As of yesterday, the status of the additional domains of interest on the VALL-JRSX, VIN-DESIGN, E NAT, PARADISE WEB, server at IP 64.202.102.8 hosting the sites are:
ez-booksonline.com was still a work in progress, no contact data listed yet, nor is the refund page completed. Same for ibook-space.com and best-ebooks4you.com
ebooks-tfw.com, ebooks-tfw.com, and az-bookspace.com, did not have any webpages configured..yet.
They all currently have "cloaked" domain registration:
Registered Through
GoDaddy.com, Inc.
Domain Name: best-ebooks4you.com
Created on: 2007-09-03 04:10:49
Expires on: 2009-09-03 09:10:49
Last Updated on: 2007-09-03 04:10:50
Domain Servers
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
.
Administrative Contact
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
best-ebooks4you.com@domainsbyproxy.com
.
.
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Domain servers in listed order:
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM
ibook-space.com@domainsbyproxy.com
Registered Through
GoDaddy.com, Inc.
Domain Name: ibook-space.com
Created on: 2007-08-27 14:46:34
Expires on: 2009-08-27 19:46:34
Last Updated on: 2007-08-27 14:46:35
Domain Servers
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
.
.
EZ-BOOKSONLINE.COM
Administrative Contact
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Registered through:
GoDaddy.com, Inc. om)
Domain Name: EZ-BOOKSONLINE.COM
Created on: 01-Aug-07
Expires on: 01-Aug-09
Last Updated on: 01-Aug-07
MGD | |
Diggdotcom
@rr.com | reply to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Attention Diggers, »digg.com/business_finance/Credit···_Company - Help get the word out! | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to pcdebb
Re: Almost a Cyber Mule!!!
said by pcdebb :i'll tell you why, it's because you have daily radio advertisements on being an "internet salesman" in the comfort of your own home...... That is an excellent point, it sets the idea, and conditions those that lack a robust understanding of the net, that there is lots of money to be made, for very little effort.It certainly makes this syndicates business proposal more palatable.
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to feline
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by feline :
...However, I am a ruthless financial manager for our home finances. I knew we had not made a purchase from their website. ...... Congratulations!... you see that kind of diligence is worth far more than any monitoring or subscription service that money can buy. It is not the trivial amount of the charge as much as it is the alert and immediate recognition that your account was compromised. Your best practices not only detected it, but also acted upon it. Time well spent looking it up, you have saved yourself numerous headaches down the road.
If all consumers were as fastidious as you are, this long running criminal enterprise would have ended long ago.
MGD | |
informed
@rr.com
| reply to MGD
»yolo.courts.ca.gov/Calendars/Dai···bmit.y=9
VALENTIN SHIKHANTSOV AKA VALL-JRSX ARRESTED/ARRAIGNED! | |
HostDone
@cosmoweb.net
| reply to MGD
Hello
HostDone is working very close to all forum posted to stop any bad hosting accounts runs in our servers to keep internet clean as possible from all this kind of fraud going around.
We do say it clear that we do not allow this kind of fraud going around in our servers and we will do all possible to stop all fraud website and suspended immediately.
Best Regards
»www.HostDone.com
HostDone Inc.
Working on clean internet hosting service | |
|
