how-to block ads
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
A new card fraud laundering site in the malware AV theme:
E-RPMSOFT.COM 336-793-0285 »e-rpmsoft.com
-----------------------------------
Name of Company : E-RPMSOFT.COM
Phone : (336) 793-0285
Email : support@e-rpmsoft.com
----------------------------------
Already processing fraud charges as the above voip number forwards to a human answering service.
Forum link spamming:
Active "Deny All" robots file blocking any search archiving.
Some interesting behavior while the operation was being shadowed. Initially the fraud site E-RPMSOFT.COM was hosted on a HOSTNOC.NET US IP 64.191.33.70 leased to ZLATHOST.RU:
-------------------------------
Server Type: nginx/0.6.36
IP Address: 64.191.33.70
IP Location - Pennsylvania - Scranton - Network Operations Center Inc
SSL Cert: zlathost.net.ru expires in 31 days.
-------------------------------
At that time, the domain was registered as followed:
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
.
Registration Service Provided By: HIGH QUALITY HOST COMPANY
.
Domain Name: E-RPMSOFT.COM
.
Registrant:
Bausemer ltd.
Stephen Bausemer (st.baus@gmail.com)
17145 North Bay Rd Apt 4405
Sunny Isles
Florida,33160
US
Tel. +786.2741710
.
Creation Date: 18-Mar-2009
Expiration Date: 18-Mar-2010
.
Domain servers in listed order:
ns2.serverside.name
ns1.serverside.name
The domain now shows as suspended, with a different registration, possibly originally carded, though I am not sure:
Domain Name: E-RPMSOFT.COM
.
Registrant:
E-RPMSOFT DOT COM
Ivan Burkin (st.baus@gmail.com)
Krasnobogatirskaya street 79-65
Moscow
Moskovskaya oblast,107076
RU
Tel. +336.7930285
.
Creation Date: 18-Mar-2009
Expiration Date: 18-Mar-2010
.
Domain servers in listed order:
ns2.serverside.name
ns1.serverside.name
.
Status:SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.
.
However the website is still reachable, now on IP 84.16.228.146:
Domain Name: E-RPMSOFT.COM
-------------------------------
Server Type: nginx/0.6.35
IP Address: 84.16.228.146
IP Location - Berlin - Berlin - Netdirekt E.k
Domain Status: On-hold (generic)
-------------------------------
Also, the manual link spamming for many of the card fraud websites has been originating from an IP address from Chisinau the capital city of the republic of MOLDOVA a former Soviet Bloc state that lies between the Ukraine and Romania.
It is also clear that the forum link spammer has additional information that is not listed on the fraud websites. Over a half dozen of the fraud websites have been spammed from Chisinau in Moldova.
E-RPMSOFT.COM is a clone of the not ready for prime time, and now defunct, MRBSOFT.COM previously listed in this 04/28/2009 post
MGD | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
2 edits | reply to MGD
Another new themed card fraud laundering website design from the organized crime syndicate:
RAGDESIGN.COM 206-666-4778 »ragdesign.com
------------------
RAGDESIGN.COM
ragdesign.com
1-(206)-666-4778
support@ragdesign.com
---------------------
Hosted:
IP Address: 205.178.145.65
IP Location - Virginia - Herndon - Network Solutions Llc
Response Code: 200
Domain Status: Registered And Active Website
Search engine archive blocking:
Again, Multiple Forum spamming from Chisinau, Moldova:
Many posts within the past week:
ICANN Registrar: ACTIVE REGISTRAR, INC.
.
Registration Service Provided By: Active-Domain LLC
.
Domain Name: ragdesign.com
Expiry Date: 25-May-2010
Creation Date: 25-May-2009
.
Name servers:
ns41.worldnic.com
ns42.worldnic.com
.
Registrant Name: kazuko fuller
Registrant Company: ragdesign.com
Registrant Email Address: robyn_wise47@yahoo.com
Registrant Address: 1705 stilton arch
Registrant City: chesapeake
Registrant State/Region/Province: VA
Registrant Postal Code: 23323
Registrant Country: US
Registrant Tel No: +1.9289625224
Registrant Fax No:
.
It is possible that the cyber-mule is named Robyn Wise
.
==============================================
HTFCREATIVE.COM 206-338-2535 »htfcreative.com
------------------
HTFCREATIVE.COM
htfcreative.com
1-(206)-338-2535
support@htfcreative.com
------------------
Registered and hosted via GoDaddy:
IP Address: 72.167.232.34
IP Location - Arizona - Scottsdale - Godaddy.com Inc
Response Code: 200
Domain Status: Registered And Active Website
Search engine archive blocking:
Group forum spamming from Chisinau, Moldova:
Same domain reg as HTFCREATIVE.COM, different email address:
ICANN Registrar: GODADDY.COM, INC.
.
Registrant:
kazuko fuller
1705 stilton arch
chesapeake, Virginia 23323
United States
.
Domain Name: HTFCREATIVE.COM
Created on: 25-May-09
Expires on: 25-May-10
Last Updated on: 25-May-09
.
Administrative Contact:
fuller, kazuko kazuko_fuller@yahoo.com
1705 stilton arch
chesapeake, Virginia 23323
United States
9289625224 Fax -- 9289625224
.
Domain servers in listed order:
NS35.DOMAINCONTROL.COM
NS36.DOMAINCONTROL.COM
.
MGD | |
garys_2k
join:2004-05-07
Farmington, MI
 ·Future Nine Corpor..
·Vonage
| reply to MGD
I just submitted those last two sites to Firefox for inclusion in their fraud alert system, but I wonder if that does any good at all. Assuming their main reasons to exist are to give an appearance of legitimacy to anyone seeing if they should issue a merchant account, and for fraud victims to see who they should complain to, the usefulness of the fraud list is questionable.
Assuming the bank's already vetted them (a certainty once fraud charges start to hit) then they won't get to see an alert. Victims going there may get some benefit, to at least know they should look further.
Anyway, thanks again, MGD! Amazing work. | |
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| said by garys_2k  :Assuming the bank's already vetted them (a certainty once fraud charges start to hit) I'm confused, I thought vetting is where they stop fraudulent sites from getting a Merchant Account in the first place, yet you make it sound the opposite as no charges are processed on vetted applications from my understanding.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
3 edits | said by Doctor Olds :said by garys_2k :Assuming the bank's already vetted them (a certainty once fraud charges start to hit) I'm confused, I thought vetting is where they stop fraudulent sites from getting a Merchant Account in the first place, yet you make it sound the opposite as no charges are processed on vetted applications from my understanding. The vetting or approval process of the cyber-mule's application for a merchant account, includes the underwriter reviewing the website that is listed on the application for which the merchant account will be used for. In that review process the underwriter may check that the shopping cart has SSL encryption, and that there is a refund and privacy policy stated:
quote:
Notes re [EffectiveSoft Ltd AKA effectivesoft.com]
From: Marek Shulcovicz shulcovicz2002@gmail.com
Sent: Thursday, February XX, 20XX XX:XX PM
To: REDACTED
Subject: Re: Another Questtion
Hello REDACTED,
You must receive the merchant account at the same bank that you opened the company's account at.
For example:
• Bank of America
• Citizens Bank
• Wachovia Bank
• Wells Fargo Bank
• Washington Mutual Bank
We recommend the Wachovia, as the most convenient and reliable bank. As soon as you have received the merchant account, you can proceed with the registration of Authorize.Net, which is the payment gateway – it will allow your website and merchant account to interact and serve as the platform for accepting payments made with credit cards.
Q: What is the phone number for your customer support?
(it is necessary to indicate when you register a Merchant account in a bank, and also an account in Authorize.net.
(660)-6XX-XXXX
(660)-6XX-XXXX
P.S.
I have forgotten to mention that the company Vonage, our partners in the field of telecommunications, which provides us with phone numbers for the support service, has sent you a Phone Adapter – it is an option that comes with their packet of service. You will not need it in your future work, so this Phone Adapter can be simply put aside, as you will not be using it for work. As I said, it is just a free option included in the service packet of our partners, the company Vonage.
Best Regards,
Marek
During the vetting / approval process Wachovia noted that there was no encryption on the website, and held up the account until a cert was installed.
quote:
From: XXXX Wachovia
Sent: REDACTED
To: REDACTED
Subject: FW: 801XXXXXXX
FYI- Please read below. Secure checkout page all that is needed.
Thanks,
REDACTED
What Wachovia, the merchant account underwriter, and the cyber-mule , did not know, was that they and the criminals were the only ones that knew that website existed. The website was essentially hidden from everyone else, and that is how the crime syndicate intended it to be. Later fraud victims may find it, which is why they always have a phone number and a contact support@ listed. Once the account is approved and up and running, there is nothing that will stop it, other than excessive charge backs. However, that can be a gradual process that includes alert warnings. the crime syndicate will attempt to overcome those initial warnings by flooding the account with fresh charges in order to dilute the current ratio of charge backs. Remember it can over 30 days from the time a charge is processed for a victim to report it. The criminals intend for any victim who does catch it to contact them first so that they can issue a refund, thus avoiding the charge back.
Many of the card fraud laundering accounts may take considerable time to exceed the charge back thresh hold, if at all. The SOP for a victim who contacts their bank and just questions the charge, is to be told to first contact the vendor. That drives many of them straight to the crime syndicate and allows a credit to be issued.
Currently the record holder for still active longest surviving fraud operation is EBSEBOOKS.COM AKA Electronic Business Resources 412-927-0410 »ebsebooks.com
They were listed as actively processing fraud charges in the very first post of this thread on 12/14/2007 and they are still processing fraud charges. The cyber-mule was later identified as Terra Milbourne:
Note the February 2006 date, which makes this almost two and a half years old. I believe the first reported fraud charge from a victim was in December of 2007: »800notes.com/Phone.aspx/1-412-927-0410 and has continued, with the most recent one being a few days ago:
quote:
Nan - 3 Jul 2009
A $4.95 charge was posted to my 03/2009 acct. and now it's impossible to make the credit card people understand.
Caller ID: 4129270410
Caller: Elec.Bus. Resolutions
»whocallsme.com/Phone-Number.aspx···270410/4
Depending on the bank where the fraudulent business account was opened at, it can be near impossible to have it shut down if the charge back ratios are within spec. CitiBank refused to close a fraud processing account down that was way over a year old, until industry insiders put pressure on them.
I personally went through an unbelievable nightmare with PNC Bank trying to close one down. Believe it or not, a cyber-mule whom I had contacted and sent them to the bank to immediately stop an outbound foreign wire transfer of the fraud proceeds, called me from the bank and said that they would not allow them to shut their own account down. Flabbergasted I asked for an explanation, the mule said that they informed the bank rep as to why they wanted to freeze everything based on the fact that I had just contacted them and revealed the true nature of the operation. A security executive at the PNC bank HQ in Pittsburgh, reviewed the account charge backs to date, and informed the cyber-mule that they were probably being fed a ruse story by a competitor. Not being amused by the ignorance of the bank fraud security official I tracked him down and immediately called him.
A very frustrating conversation followed which revealed the complete lack of cyber awareness of at least some bank security officials. Explaining the fact that the site could not have any customers as it was hidden, and leading him to the robots.txt file, was way above his understanding level. Showed him that the domain was registered to someone other than the cyber-mule in another state, who they did not even know was explained off by him that many start ups do not manage their own websites. Proceeded to give him a lesson on domain registration, showing him that the "registrant" is the domain name owner, and should match the business and merchant account. If the website was being managed by a professional, then that info would be appropriately listed under the "Administrative Contact" data. However the legal domain owner needed to be the same as the merchant account, and was not. Then proceeded to tell him that he could pull as many charge records randomly from the to date billing as he wanted, contact the card holders, and no one would have made a purchase at the site.
Again, reiterated that every single charge processed though that account was fraudulent. He said that the website may be factor billing for other entities. That was not possible since factored billing is prohibited under most TOS, and besides these fraud operations are completely documented. The conversation ended with telling him to look at the overall behavior of that business account at his bank. It generated all of its proceeds from credit card billing of intangible purchases on a website that had no search hit returns. All of the proceeds less 10% were then wired out of the country from the bank to locations that rank high on the list of money laundering conduits. If he checked the federal regulations for financial institutions SAR reporting requirements, he would find several criteria that fit this operation. Luckily PNC routed the merchant processing account through Firstdata.com, and a follow call to firstdata resulted in the merchant account being immediately frozen at their end, which started the rest of the ball rolling.
Even though they have a posted "Terms of Service", don't expect any vetting to come from Authorize.net / cybersource. Vetting appears to be a word that is missing from their vocabulary, though they need to make sure that they add "malfeasance" in there. If the merchant account applicant has a business bank account and pays the fee, authnet will give them the keys to the card processing highway. That toll booth is just a formality.
garys_2k 's idea of reporting active websites as fraud may be beneficial:
said by garys_2k :I just submitted those last two sites to Firefox for inclusion in their fraud alert system, but I wonder if that does any good at all. Assuming their main reasons to exist are to give an appearance of legitimacy to anyone seeing if they should issue a merchant account, and for fraud victims to see who they should complain to, the usefulness of the fraud list is questionable. Assuming the bank's already vetted them (a certainty once fraud charges start to hit) then they won't get to see an alert. Victims going there may get some benefit, to at least know they should look further. .... . If they are in operation, and they show up on a fraud alert when searched or visited, that could trigger an alert to institutions / underwriters who are checking based on several fraud complaints which have yet to qualify as excessive charge backs.
Some institutions have already put procedures in place to filter and catch these fraud merchant processing accounts, and that is having a noticeable effect. Though I do not know the specific reasons, I see several set ups that only survive for no more than a few weeks, if even that.
For example:
SICREATIVE.NET 720-897-7619 only lasted for ~ 7 weeks »www.google.com/search?hl=en&q=%2···oq=&aqi=
The card fraud laundering site was hosted on IP 93.174.92.114 from ~ 02/16/09 until ~ 04/20/09
-------------------------------
IP Location: Netherlands Amsterdam As29073 Ecatel Ltd
IP Address: 93.174.92.114
Blacklist Status: Clear
-------------------------------
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
.
Registration Service Provided By:
HIGH QUALITY HOST COMPANY
.
Domain Name: SICREATIVE.NET
.
Registrant:
weblink llc
Carlos Morris (cm0328@gmail.com)
3022 K Street SE
Washington
Washington,20019
US
Tel. +202.4373922
.
Creation Date: 06-Feb-2009
Expiration Date: 06-Feb-2010
.
Domain servers in listed order:
ns2.sicreative.net
ns1.sicreative.net
.
SICREATIVE.NET never made it to "prime time", as its assigned contact phone number 720-897-7619 was also used by:
SYNVIAWEB.COM AKA SYNIVA INVESTMENT CO. 720-897-7619
-------------------------
Server Type: Apache/2
IP Address: 93.174.92.114 IP Location - Noord-holland - Amsterdam - As29073 Ecatel Ltd
Response Code: 200
Domain Status: Registered And Active Website
-------------------------
The website is not active, but it moved to that current location ~ 02/16/09
-------------------------
Event Date Action Pre-Action IP Post-Action IP
2009-02-02 New -none- 216.120.237.8
2009-02-16 Change 216.120.237.8 93.174.92.114
-------------------------
It was also forum spammed: »www.google.com/search?hl=en&q=%2···B.COM%22
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
.
Registration Service Provided By:
HIGH QUALITY HOST COMPANY
.
Domain Name: SYNVIAWEB.COM
.
Registrant:
Nic Company LLC
Nic Stamoulis (nic.stamoulis@mail333.com)
2719 E. 2nd St.
Long Beach
California,90803
US
Tel. +818.3249089
.
Creation Date: 24-Jan-2009
Expiration Date: 24-Jan-2010
.
Domain servers in listed order:
ns1.synviaweb.com
ns2.synviaweb.com
.
Another failure was:
KOOLBD.COM 530-554-2980
»www.google.com/search?hl=en&q=%2···oq=&aqi=
Ran from around 03/16 to ~ 05/18 on:
-------------------------
IP Location: Ukraine Kiev Volia Dc
Resolve Host: 148.220.144.82.colo.static.dc.volia.com
IP Address: 82.144.220.148
-------------------------
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
.
Registration Service Provided By:
HIGH QUALITY HOST COMPANY
.
Domain Name: KOOLBD.COM
.
Registrant:
Nichol ltd
Thomas Nichol (t.nichol@mail333.com)
122 E. McNair Hall
Houghton
Michigan,49931
US
Tel. +906.4836212
.
Creation Date: 06-Mar-2009
Expiration Date: 06-Mar-2010
.
Domain servers in listed order:
ns2.koolbd.com
ns1.koolbd.com
.
The failure rate at start up has grown significantly
MGD | |
garys_2k
join:2004-05-07
Farmington, MI
·Future Nine Corpor..
·Vonage
| Well, I just rechecked htfcreative.com and it's still not showing up as a fraud in FF. I included a blurb about it not being a phishing site, but a fraudulent card processing site with a link to this thread, but so far nothing.
I wonder if we could get in touch with a real person in the Firefox organization that could help to get those pages in asap. | |
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
|  reply to MGD
Thanks for the detailed clarification MGD I now understand where my confusion was. I had assumed wrongly that vetting was cut/dried process that always stopped fraud sites when it is a process depending on the individual companies vetting/checking criteria instead which may have holes in their process large enough to drive a Mack truck through. 
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
Fraud PI
join:2009-07-08
Saint Petersburg, FL
| reply to MGD
MGD, I am a retired federal agent newly working for a merchant services company. I am interested in learning more and am seeking someone at the federal level interested in prosecuting these cases. (Most agents find them way to complex and therefore aren't interested.) I sent you an instant message with my contact information. Would love to talk to you. | |
MeanPeepsSuk
Premium
join:2004-11-21
Muddy Field
clubs:
| reply to MGD
said by MGD :said by K Patterson :OK, which one of you guys set fire to the Authorize.net data center? LOL!! » Credit Card Processing Company Authorize.net Knocked OfflineGateway down for over 13 hours, that is probably the longest break in the last decade that consumers have gone without having organized fraud charges processed against their card data. No doubt sections of eastern Europe were in crisis mode for several hours. If it went on any longer the GDP projections of some areas would need to be revised. MGD ROFL!!!
No sh*t. | |
moike
join:2007-03-31
Atlanta, GA
| reply to MGD
said by MGD :I personally went through an unbelievable nightmare with PNC Bank trying to close one down. Believe it or not, a cyber-mule whom I had contacted and sent them to the bank to immediately stop an outbound foreign wire transfer of the fraud proceeds, called me from the bank and said that they would not allow them to shut their own account down. Flabbergasted I asked for an explanation, the mule said that they informed the bank rep as to why they wanted to freeze everything based on the fact that I had just contacted them and revealed the true nature of the operation. A security executive at the PNC bank HQ in Pittsburgh, reviewed the account charge backs to date, and informed the cyber-mule that they were probably being fed a ruse story by a competitor. Unbelievable - one down, but I wonder how many other security officers have this level of understanding? | |
music man
join:2008-08-12
| reply to MGD
Not too sure about this one but it shares some of the same text as E-RPMSOFT.COM
Recent domain registration
Registry Data
ICANN Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Created: 2009-04-16
Expires: 2010-04-16
Updated: 2009-04-16
Registrar Status: clientTransferProhibited
Name Server: NS1.OFFICELIVE.COM (has 649,658 domains)
Name Server: NS2.OFFICELIVE.COM (has 649,658 domains)
Whois Server: whois.melbourneit.com Detroit cellphone number for contact
Information on phone number range +1 313 999XXXX
Number billable as mobile number
Country or destination United States
City or exchange location Detroit, MI
Original network provider* Nextel Communications, Inc. No contact address | |
music man
join:2008-08-12
| reply to MGD
I think you can probably add CFAMSOFT.com to the "failed" pile.
Same text, recent registration ( Directi!  )
Google has a cached copy but I can't get to the contact details | |
Lizzotaj
@rr.com
| reply to MGD
Here's an email I received in regards to one of these fraudulent job offers from Riddick-Design. I share it here in the hopes that someone else sees it and doesn't fall for it.
Thank you for your answer. I believe our cooperation will bring us a
lot of positive experience. Please see below the detailed description
of the position of Assistant Director.
Our Swedish partner - Riddick-Design, is looking for a
candidate to the position of Assistant Director. They've applied to us
to find the proper person for this position according to their
requirements.
Riddick-Design provides their customers with wide variety of design
services for many years already and has a great experience in this
sphere. Recently, the management of the company has decided to enter
the US market, and for this purpose they need an associated business
unit in US. This decision was also caused by the difficulties existing
for European companies who wish to sell products and services to US
customers as well as by intention to avoid heavy domestic taxes (as
you might know, Swedish taxation is probably one of the heaviest in
the world).
Riddick-Design's engineers will create a Web-store for US company to
sell their original products online. They will promote this Web-store
and provide it with hosting, development and support. To accept
payments online, it will be necessary to have a merchant account.
Unfortunately it is impossible for European company, which has a
merchant account in European bank, to accept payments online from US
customers (basically, it is possible, but with a lot of limitations
that make it impossible). So the Assistant Director, as a company
representative, will need to open a merchant account in US. True
Design Art will provide you with all necessary information and
instructions.
The primary duties of Assistant Director are:
a. Business bank account and Merchant account maintaining and
monitoring;
b. Handling business correspondence and transmitting it to
Riddick-Design by fax or by mail (all expenses are reimbursed).
c. Being in touch with Riddick-Design's representative by e-mail and
accurately following his/her instructions.
First of all you'll need to register the LLC in your Secretary of
State or at »instacorp.com. (Feel free to ask for my help with
this question at any time). Your company will operate as an on-line
store and will sell a digital content for PC provided by
Riddick-Design. Also Riddick-Design will be responsible
for customers and technical support. You will be responsible only
for performing the duties above.
Riddick-Design's requirements:
1. A punctuality, clear background.
2. Deep desire to achieve financial success.
3. Computer / Internet / e-mail skills.
4. Internet and e-mail access.
5. US citizenship or Green Card.
Your commission will be 5% from the store revenues (you'll earn about
2,500-3,000$ per month). Also all bank and merchant fees will be paid
by the parent company. You will get your 5% in any case not depending
what fees we will have. Your income will increase along with business
boost. You will be responsible to pay taxes only on your commission;
the rest taxable 95% is a responsibility of the parent company.
Let me sum up all I said above about your duties briefly in few clear
steps:
1. You need to file a legal entity in your state (city) (it can be a
LLC or Sole Proprietorship). If you already have a company, it's
great, it will save us some time. The cost of registering a small
business starts from $200, but it strongly depends on the State. The
time frame for a company set-up also differs from state to state and
normally the process of registration takes 2-10 business days. The
parent company will reimburse you for these start up expenses from the
first revenues your web-store produces.
2. After the LLC is registered you'll need to open a business checking
account in any bank in your area.
After that your personal manager will provide you with instructions on
how to open the merchant account for the store. Here ends the start up
process and your duties will be just to monitor the accounts and take
your regular commission.
As you can see, all steps are very easy.
Feel free to ask any questions you have and let me know your decision.
In case it is positive I'll send you an Agreement to sign that
welcomes you to the Riddick-Design successful team.
Best regards, Maria Olson
Gjorwellsgatan 28, 112 60 Stockholm, Sweden | |
jamaica
join:2009-07-23
Thousand Oaks, CA
|  reply to MGD
Regarding E-RPM SOFT.COM and fraudulent charges, please note that they are getting card numbers from click through ads for supposed work-from-home schemes, using Google Keywords and Blazing Words as business entities. I was reading what I thought was an online article with the Los Angeles Times about a person who was recently unemployed and got a job working from home keying in links for Google Ads...Please don't think I am an idiot. I am usually pretty savvy about such things, especially work-from-home schemes, but this sounded very credible.
The claims were not overly extravagant, and they were offering to send a "How to get started" booklet for just the cost of shipping-$1.99. Well, I clicked on it and agreed, and a few days later I saw a charge for Blazing Words on my card for $1.99 and another for $15.95. A few days after that there was what was listed as a monthly subscription to a similar service (I don't remember the name) and it was for $74.95. If I hadn't caught this, I would have been charged that $75 every month till I noticed it!
I did call the company and pleaded insanity over not noticing any such fine print, and they claim to have reversed the charges--although they still hasn't shown up. However, in watching for it I noticed I was just charged $11.49 by someone named "E-RPM Soft Com." After googling it, I discovered pages of references to e-book fraud, so I called my credit card company and reported it immediately and cancelled my card. Most of the references reported multiple charges after the initial fraud, so I didn't waste any more time.
So please note, they seem to have expanded into a new area, and they are using working for Google to make it seem legitimate. I hope this helps someone--I am still watching and waiting for the repercussions. (By the way, don't cancel your card BEFORE you print out the online statement with all the charges and identities. Once you do, they pull the card information off the website--now I have to go look for my hard copies of statements! Ugh! | |
Noemi from LA
@nasa.gov
| reply to MGD
Today I checked my CC Account activity and I saw this on my account:
Collapse details for this transaction 07/16/2009 E-RPM SOFT COM Purchase $11.49
Transaction Date: 07/14/2009
Card Type: --
Transaction Type: Purchase
Merchant Description: E-RPM SOFT COM
Merchant Information: 336-7930285 NC
I only have my DirectTV automatically bill to my credit card and never use it for anything else...this is why I was quickly able to spot it. I did an online chat session with BofA on this and they suggested I call the vendor. Of course the vendor either 1. Will not answer the phone or 2. Will argue that I did make a purchase. I will simply call BofA's Dispute's line at: 1-866-266-0202.
This time it was $11.49...what will it be next time?!
Hope this doesn't happen to you! | |
rzaruba
join:2000-08-04 | DO NOT call the dispute line.
It is a fraud and should be reported as such, and your card should be canceled and reissued | |
music man
join:2008-08-12
| reply to MGD
Rzaruba is absolutely spot-on! Do not call E-RPMSoft. Do not give them the chance to credit your account and reduce their chargeback ratio. The only way is to report this as a fraud and get your CC company to get off their arses and actually do something about this scam.
MGD has been chronicling and documenting this fraud for years and still none of the CC companies ( and certainly not Authorize.con) have done a thing about it! | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to music man
said by music man :I think you can probably add CFAMSOFT.com to the "failed" pile. Same text, recent registration ( Directi! :uhh:) Google has a cached copy but I can't get to the contact details Great catch, that one is confirmed, but never made it to prime time.
CFAMSOFT.COM aka CFAM SOFTWARE LLC 201-467-5618
Caches taken 07/11/2009:
Name of Company : CFAMSOFT.COM
Phone :(201) 467-5618
Email : support@cfamsoft.com
Tracked cyber-mule to a Texas LLC CFAM SOFTWARE LLC registered on 03/20/2009 by a RAMON CASTRO
TEXAS DIVISION OF CORPORAATIONS
.
32039147502
.
CFAM SOFTWARE LLC
2200 N YARBROUGH DR STE B181
EL PASO, TX 79925
.
801100951
.
03 20 2009
.
RAMON CASTRO
2200 N. YARBROUGH, SUITE B181
EL PASO, TX 79925
.
Domain was registered on 04/01/09
ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD.
D/B/A PUBLICDOMAINREGISTRY.COM
.
Registration Service Provided By:
HIGH QUALITY HOST COMPANY
Contact: +1.6462130098
.
Domain Name: CFAMSOFT.COM
.
Registrant:
myron ltd.
myron harris (myron.harris@mail15.com)
7562 quail wood dr
charlotte
New York,28226
US
Tel. +980.7228125
.
Creation Date: 01-Apr-2009
Expiration Date: 01-Apr-2010
.
Domain servers in listed order:
slave.hostsila.net
.
The website now shows as suspended, but began hosting on:
Event Date Action Pre-Action IP Post-Action IP
.
2009-04-06 New -none- 91.197.129.16
.
IP Location: Ukraine Tov Data-xata
Resolve Host: webtex-1-a3.data-xata.net
IP Address: 91.197.129.16
Then moved to:
Event Date Action Pre-Action IP Post-Action IP
.
2009-05-04 Change 91.197.129.16 62.149.18.63
.
IP Address: 62.149.18.63
IP Location - Kyyiv - Kiev - Hostpro Hosting
It is possible that the cyber-mule may have been alerted while attempting to obtain merchant account services. There is no forum spamming for the name and phone number. That indicates that it never got as far as a merchant account.
MGD | |
scoutmom
@mindspring.com
| reply to MGD
Thank you so much for this information as it has been so valuable in the last day. I have a new website that I have not seen mentioned on here. They just charged my CC $4.81 for a screensaver. I have reported it as fraud to my bank. They go by the name of www.cheapestthemes.com
I did happen to find this info on the BBB-
Name: cheapestthemes.com
Phone: (510) 595-2002
Address: P O Box 99800
Emeryville, CA 94662
Principal: Cheryl Winston
Customer Contact: Cheryl Winston - (510) 595-2002
File Open Date: March 2009
TOB Classification: Internet Service Provider
Hopefully they can be stopped as well.
Thank you for all you do-
Ellen | |
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by scoutmom :
Thank you so much for this information as it has been so valuable in the last day. I have a new website that I have not seen mentioned on here. They just charged my CC $4.81 for a screensaver. I have reported it as fraud to my bank. They go by the name of www.cheapestthemes.com
...
.
Hi scoutmom, and you are welcome.
This thread has over 870 posts and 44 pages, so it is hard to find some of them on here. Plus it only shows at the end of the second page of a Google search. Thanks to a tip from Whip cheapestthemes.com 904-352-1238 had a short entry back on 03/07/09 »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto However, I am glad that you brought it up again, because the mobile games / themes fraud sites are difficult to track to a specific state where the merchant account and cyber-mule are located. Did your line item charge by chance contain a two letter state abbreviation?.
I see they recently made the headlines on the Ocean City, Maryland, official police blog: »ocpdmdinfo.blogspot.com/2009/07/···est.html That's a sure sign that someone in the PD got hit with a fraud charge. $2.81, $4.81, and $6.81 are the 3 charges that they use.
MGD | |
|
