Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Page 45

Author	All Replies
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL 1 edit	reply to MGD Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto said by MGD : ... .. Currently the record holder for still active longest surviving fraud operation is EBSEBOOKS.COM AKA Electronic Business Resources 412-927-0410 »ebsebooks.com Snapped 2009-07-08 13:31:59 »ebsebooks.com Snapped 2009-07-08 13:31:41 »ebsebooks.com/contacts.php Snapped 2009-07-08 13:31:23 »ebsebooks.com/robots.txt They were listed as actively processing fraud charges in the very first post of this thread on 12/14/2007 and they are still processing fraud charges. .. Based on the results of a recent audit the above information is incorrect. Though EBSEBOOKS.COM AKA Electronic Business Resources 412-927-0410 has been exclusively processing fraud laundering charges since 2007, and still is, it is not the longest still active fraud operation. The record holder by far KCSOFTLLC was removed from the still active list in December of 2008, as that was when the merchant account was believed to have been revoked. I am not sure if that information was correct, and they subsequently obtained another merchant account, however, an audit has revealed that they have continued to process fraud charges. The last report was a month ago at the end of June. Samples of June 2009 : quote: Janet Jun 28th, 2009 at 12:46 pm I just got hit!!! June 28, 2009! I cannot believe these people! There is a charge on my debit card for $9.99. I am so glad that I found this website. How can they operate like this with impunity!!! I just cancelled my accounts! This is such a hassle and all because some *****!!! ========================================= Victim1234 Jun 16th, 2009 at 2:48 pm I was just victimized by KCSOFTLLC last week. They have been doing this for 4 years now based on reviews above. Give me a break. This has wasted hours of my time to have accounts and pay online bills changed. I am sick that our government has done a single thing about this for 4 years. It even makes me sicker that the banks just go along here and charge us fees to issue new cards and numbers. I think the banks are invloved in this too. ============================================= Kris Jun 11th, 2009 at 4:15 am I seemed to remember clicking on an ad for some type of amazing lightbulb that lasted “forever” or something shortly before noticing the charge on my credit card… It was quite a while ago, and I don’t remember if I filled out any personal information before getting off the link… Does anyone else remember doing this? I hope that the Obama administration establishes some kind of task force to go after these scammers and starts to make “examples” out of these guys, because up til now, it seems they can carry out this scam indefinitely without any repercussions for them. At least four years now and counting and they STILL haven’t shut them down… I wrote to my state senators here in Alabama and got back a nice and polite (but totally USELESS) reply from Jeff Sessions and Robert Shelby telling me basically that there was NOTHING they could do about it. I also wrote to the US Attorney General who I believe referred me to the Secret Service. I faxed a whole bunch of information to them and apparently they probably just threw the stack of papers I sent them in the trash…. ho hum… ============================================= customer Jun 10th, 2009 at 11:09 pm I just told B of A my kcsoftllc.com charge. So any idea on how these companies get your number in the first place? ============================================= Tim Jun 10th, 2009 at 5:24 pm In doing my taxes for ‘08 (sorry), I just noticed a repeat charge for $9.95 from the scamsters kcsoftllc.com - the first one occurred last year and reversed last June, Called B of A and the first agent said that since the charge was more than 60 days old, they couldn’t do anything about it. They transferred me to another agent who ‘made me happy’ by agreeing to reverse the charge. I noted to her that B of A is aware of these guys (see Mar 17 post here). I have a new cc# now (as of 1/09), and haven’t noticed any other kcsoftllc.com charges, but the year is young. The above are all from one blog which has a chronological list exclusively of KCSOFTLLC fraud charges from the end of June 2009 back to the original fraud charge posted by the author on June 11th, 2005. »vaguelyaware.com/2005/06/11/chec···d-bills/ My records show that the first reported fraud charge that I picked up was from almost a year before that first one, all the way back to July of 2004. That is a 5 year, yes, FIVE YEAR run of a single entity of the OCS. quote: Report: Devbill Hosting Kcsoftllc Devbill Hosting Kcsoftllc Phone: 509-461-1556 Fax: 590-461-1556 www.kcsoftllc.com Submitted: 7/26/2004 5:48:47 AM I just recently receive a charge on my credit card for $9.95 and when researching the charge I found that KCSOFTLLC was responsible. So when I was filling out their form to report an unauthorized charge I found that they had a bogus security certificate provided by the bogus devbill hosting company. Now I found this website and am reporting them so hopefull this won't happen to anyone else in the future. I have no idea how they retrieved my credit card information, but one common link I have seen with devbill is paypal. I hope that paypal is not the leak because it is a highly dependable website. Dave Cumberland, Maryland U.S.A. Ref:»www.ripoffreport.com/reports/0/1···0521.htm In fact Ripoffreport.com alone has two pages of KCSOFTLLC fraud reports: »www.ripoffreport.com/searchresul···&start=0 This shatters a few records for the organized crime syndicate. Obviously the highest award for cyber-mule extraordinaire, with a half decade of service, goes to: ============================= Andrey Mar 8th, 2009 at 10:38 pm Visa card-National City bank. Today is March 08 2009 Got the same charge. 03/09/2009 VISA CHECKCARD DB-POINT OF SALE KCSOFTLLC COM ROCHESTER NY** Debit $9.95 ============================== In this case, at least one of the line item charges makes it not exactly rocket science to track down. If this was one acquirer bank for the entire 5 years, it would mean that they missed trigger criteria to file SARs (Suspicious Activity Reports) close to 120 consecutive times over the period, assuming two foreign wires a month of the fraud proceeds. I suspect though that multiple merchant accounts were used over the period, as the line item format changed several times. On the cyber-mule awards podium, Ms. Constanza would be flanked on the lower left in 2nd by the Scottsdale, Arizona husband and wife team, of Steve Rogan & Carol Richey for the most websites record. I believe it was eight of the orange web templates, in a litle over twelve months. On the right in third position, holding the "dumbest cyber-mule" award would be Mike Allision, League City, Texas., of "globus / photo" fame. After a forty five minute phone conversation detailing the fraud operation, followed by email documentation, he ceased all communication, with a last sentence being "This is not a fraud, I even plan on expanding and adding more websites. In fact I am hiring employees to help, this is too much for one person to do" KCSOFTLLC has been operating for do long that its original website was from version 2.0: That domain has long ago disappeared, the original domain registration even has the devbill.com name servers aka "Developer Billing", which was common to an entire run of the fraud sites. Registrar: ENOM, INC. . Registration Service Provided By: Registerfly.com Contact: support@registerflysupport.com . Domain name: kcsoftllc.com . RegisterFly.com - Ref# 10639240 Whois Protection Service - ProtectFly.com (10639240.fly@spamfly.com) +1.2122952121 Fax: +1.2122952153 230 Park Avenue Suite 864 New York, NY 10169 US . Status: Active . Name Servers: ns1.devbill.com ns2.devbill.com . Creation date: 31 Mar 2004 16:31:55 Expiration date: 31 Mar 2005 16:31:55 As you can see from this DSLR search link: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Doctor Olds was hit with fraud charges circa 2005 from both KCSOFTLLC and "DIGITAL AGE" Cyprus. It was at that time that the process of correlating all of the cross charging of the same cards, began to reveal that this was a massive layered operation under a central command and control. Even though there was a wide range of themes and designs, they were all hitting the same card data. In fact it was KCSOFTLLC that linked a new apparently unrelated themed Globus / Photo group to the same organization: quote: Stockphotoportal.com And Kcsoftllc.com These were transactions from the web on my wifes debit without a pin# Internet Submitted: 4/3/2008 12:37:28 PM We first noticed an odd transaction pending on our bank account for under $10.00. I looked up the name (stockphotoportal.com) and noticed the domain name had been removed last year. Today I went to check again and there was a new one for under $10.00. This one (kcsoftllc.com) is live and still going and is the subject of many ripoff notices. The bank is now investigating and crediting both transactions, killing the card as well. Hopefully both of them get a hard look eventually with so many complaints piling up. Watch out for those small transactions a week or so apart. I'm just glad we caught it before someone tried a larger transaction. Jls tulalip, Washington U.S.A. Ref: »www.ripoffreport.com/reports/0/3···3406.htm MGD
	to forum · permalink · · 2009-08-03 13:22:00 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL 1 edit	reply to Lizzotaj said by Lizzotaj : Here's an email I received in regards to one of these fraudulent job offers from Riddick-Design. I share it here in the hopes that someone else sees it and doesn't fall for it. ... . Thanks for posting Lizzotaj, if you check back in I would like to know how contact was made, and from where. Was the original contact made under a different name, since they refer to Riddick-Design as their "partner"?. I do not see any job postings that mention Riddick-Design, it appears well hidden and only shows in follow up conversations. Also, any email addresses that they send from, and where, how, and the name they used for the first contact would be very helpful. A fresh audit of the hosting IP: Server Type: Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/0.9.7a PHP/4.4.8 IP Address: 69.80.200.112 IP Location - California - San Jose - Deep Technology now shows that besides the known Riddick-design.com and Redline-webdesign.com there is also Recruit-center.org Snapped 2009-08-03 16:45:32 »www.recruit-center.org/ "Every 8 Minutes RECRUIT CENTER Recruits Another New Hire" I do not doubt that, but the victims certainly do not find your site first: Snapped 2009-08-03 16:45:17 »www.recruit-center.org/robots.txt Though privacy cloaked since two days after it was registered: Whois Record Domain ID:D154918033-LROR Domain Name:RECRUIT-CENTER.ORG Created On:17-Dec-2008 00:45:13 UTC Last Updated On:22-Jul-2009 10:06:00 UTC Expiration Date:17-Dec-2009 00:45:13 UTC Sponsoring Registrar:eNom, Inc. (R39-LROR) Status:CLIENT TRANSFER PROHIBITED Registrant ID:c0a986865626886b Registrant Name:Whois Agent Registrant Organization: Whois Privacy Protection Service, Inc. Registrant Street1:PMB 368, 14150 NE 20th St - F1 Registrant Street2: Registrant Street3: Registrant City:Bellevue Registrant State/Province:WA Registrant Postal Code:98007 Registrant Country:US Registrant Phone:+1.4252740657 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: . The first 48 hours showed a suspended DNS and this: Domain ID:D154883868-LROR Domain Name:RECRUIT-CENTER.ORG Created On:11-Dec-2008 21:50:02 UTC Last Updated On:11-Dec-2008 23:36:13 UTC Expiration Date:11-Dec-2009 21:50:02 UTC Sponsoring Registrar:Wild West Domains, Inc. (R120-LROR) Status:CLIENT DELETE PROHIBITED Status:CLIENT RENEW PROHIBITED Status:CLIENT TRANSFER PROHIBITED Status:CLIENT UPDATE PROHIBITED Status:TRANSFER PROHIBITED Status:ADDPERIOD Registrant ID:GODA-056815196 Registrant Name:Alicia Blair Registrant Street1:105 Lagoon Ave Registrant Street2: Registrant Street3: Registrant City:Melbourne Registrant State/Province:Florida Registrant Postal Code:32901 Registrant Country:US Registrant Phone:+1.3862591186 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email: ssmail445@gmail.com . Name Server:NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM Name Server:NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM I am not sure what that meant originally. SCAM JOB FRAUD = Recruit-center.org = FRAUD JOB SCAM SCAM JOB FRAUD = Redline-webdesign.com = FRAUD JOB SCAM SCAM JOB FRAUD = Riddick-design.com = FRAUD JOB SCAM Any info from anyone about how initial contact is made, and the names and email addresses that are used. MGD
	to forum · permalink · · 2009-08-03 16:45:43 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL	reply to jamaica said by jamaica : Regarding E-RPM SOFT.COM and fraudulent charges, ... .. However, in watching for it I noticed I was just charged $11.49 by someone named "E-RPM Soft Com." After googling it, I discovered pages of references to e-book fraud, so I called my credit card company and reported it immediately and cancelled my card. said by Noemi from LA : Today I checked my CC Account activity and I saw this on my account: Collapse details for this transaction 07/16/2009 E-RPM SOFT COM Purchase $11.49 Transaction Date: 07/14/2009 Card Type: -- Transaction Type: Purchase Merchant Description: E-RPM SOFT COM Merchant Information: 336-7930285 NC I only have my DirectTV automatically bill to my credit card and never use it for anything else... Thank you for posting, I wrote a request on 800notes.com »800notes.com/Phone.aspx/1-336-793-0285 for fraud victims to list the line item charge. I needed to narrow down the location of the acquirer bank and merchant account to a specific state. All show that it is originating from North Carolina. I initially reviewed a list of all Corps/ LLCs formed in N.C. during the entire months of February and March of 2009. (The domain was registered in March). However, that search did not produce any relatively apparent match for this entity. A complete search of the entire database only produces one possible related name that was formed in 2005: »www.secretary.state.nc.us/corpor···=7754394 I wont post the actual name, as further research is needed in order to establish if they are connected. it is not unusual for an existing LLC /Corp to be used, and the syndicate even promotes doing so. However in the above case the originator of the LLC has moved to CA. There does not appear to be any other close possibilities, and this is a close fit. However, confirmation is needed since there is a possibility that E-RPMSOFT.COM 336-793-0285 could be a DBA / FBN. MGD
	to forum · permalink · · 2009-08-03 18:49:10 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL	reply to MGD Another card fraud laundering website uncovered: OLMOSSOFT.COM AKA OLMOS SOFTWARE LLC 281-724-8673 Snapped 2009-08-07 19:15:29 »olmossoft.com =============================== Name of Company : OLMOSSOFT.COM Phone : (281) 724-8673 Email : support@olmossoft.com ============================== The usual search engine blocking: The cyber-mule and LLC have been traced to a residential address in SHAVANO PARK, TEXAS: TEXAS DIVISION OF CORPORATIONS . 32038970763 . 05/11/2009 . OLMOS SOFTWARE LLC . 106 LIMESTONE OAK, SHAVANO PARK, TX, 78230 . The fraud domain registration is identical to that of WRISOFT.NET AKA White Royal Indigo LLC 256-251-5229: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM . Registration Service Provided By: HIGH QUALITY HOST COMPANY Contact: +1.6462130098 . Domain Name: OLMOSSOFT.COM . Registrant: KASSON ltd SCOT KASSON (s.kasson@mail15.com) 1052 LOVELL AVE ROSEVILLE Minnesota,55113 US Tel. +651.2304612 . Creation Date: 06-Mar-2009 Expiration Date: 06-Mar-2010 . Domain servers in listed order: ns.masterhost.ru ns2.masterhost.ru ns1.masterhost.ru . Once again forum spammed starting around the end of April: Snapped 2009-08-07 19:15:10 »www.google.com/search?hl=en&q=%2···oq=&aqi= OLMOSSOFT.COM, WRISOFT.NET and the last dozen fraud websites were all forum spammed from an IP address on starnet.md in Chisinau, Moldova owned by -------------------------------------- StarNet Internet Solutions Provider Adresa: str. Maria Cebotari, 28, Chisinau, MD-2012 »www.starnet.md -------------------------------------- OLMOSSOFT.COM AKA OLMOS SOFTWARE LLC 281-724-8673 was originally hosted in the Ukraine, then moved to Russia: IP Location: Ukraine Tov Data-xata Resolve Host: webtex-1-a1.data-xata.net IP Address: 91.197.128.251 Then moved to: Server Type: Apache IP Address: 90.156.153.48 IP Location - Moscow City - Moscow - Masterhost.ru Is A Hosting And Technical Support Organization Domain Status: Registered And Active Website Action Pre-Action IP Post-Action IP 2009-03-16 New -none- 91.197.128.251 . 2009-05-04 Change 91.197.128.251 90.156.153.48 . MGD
	to forum · permalink · · 2009-08-07 19:19:18 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL	reply to MGD The card fraud laundering website of RAGDESIGN.COM 206-666-4778 was originally published in this thread back on July 7th: »Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Snapped 2009-08-10 17:29:15 »ragdesign.com EDIT= SInce the website is all in flash it prevents live DSLR screen shots from being captured. Snapped 2009-08-10 17:51:30 »ragdesign.com/contacts.php At that time the cyber-mule and corresponding US business registration had not been uncovered. However, it was believed at the time that they were already in fraud charging mode, as the fraudulent site was already being forum spammed in order to manipulate search results. To assist in combating search manipulation, a fraud alert was also posted on 800notes.com. In addition, I asked fraud victims to post the line charge in order to assist in locating the possible state of origin of the fraudulent business bank and merchant accounts. This post just came in a few hours ago: quote: MGD - 23 Jul 2009 If you receive a fraud charge from RAGDESIGN.COM 206-666-4778 please post the line item details of the charge. I am looking for the two letter state abbreviation, which will narrow down the state where the fraudulent merchant account was obtained from, and where the acquirer bank is located. Thanks, MGD ============================================= Reply LRH - 3 hours 49 minutes ago i RECEIVED A CHARGE FROM THIS COMPANY ON MY BANK ACCOUNT. RAGDESIGN.COM 206-666-4778 FL »800notes.com/Phone.aspx/1-206-666-4778 I am not sure if this is part of the organized crime syndicate's new uber obfuscation tactics, however they instructed the cyber-mule to register a corporation in Florida on 05/12/2009 named REMOTE ACCESS GROUP, INC ==================================== Florida Profit Corporation REMOTE ACCESS GROUP, INC Filing Information Document Number P09000042170 FEI/EIN Number NONE Date Filed 05/12/2009 State FL Status ACTIVE Effective Date 05/12/2009 Principal Address 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 Mailing Address 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 Registered Agent Name & Address SALAZAR, SADIE 2100 NW 99TH TERRACE PEMBROKE PINES FL 33025 US Officer/Director Detail Name & Address Title P SALAZAR, SADIE 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US ==================================== Seventeen days later, on 05/29/2009 they registered a Fictitious Business name under the umbrella of REMOTE ACCESS GROUP, INC and called it RAGDESIGN.COM: ==================================== Fictitious Name RAGDESIGN.COM Filing Information Document Number G09000111925 Status ACTIVE Filed Date 05/29/2009 Expiration Date 12/31/2014 Current Owners 1 County CHARLOTTE Total Pages 1 Events Filed NONE FEI/EIN Number NONE Mailing Address 2100 NW 99TH TER PEMBROKE PINES, FL 33024 Owner Information REMOTE ACCESS GROUP, INC. 2100 NW 99TH TER PEMBROKE PINES, FL 33024 FEI/EIN Number: 27-0183168 Document Number: P09000042170 ==================================== I am not sure if this was the result of merchant account application approval and the name disparity between the website and the Inc. It is also possible that this Corp. and a merchant account under a sub FBN was part of a strategy to enable multiple merchant accounts under a holding Corp, or just the super stealth mode that the organized crime syndicate is now practicing in order to remain hidden from view. Based on the first report today, it is apparent that they commenced fraud charging sometime in June. During the start up phase they will mimic a legit business by seasoning the merchant account, starting with a small flow of fraud charges. Then they increase the flow until they ramp up to full volume within a month or two. MGD
	to forum · permalink · · 2009-08-10 17:59:49 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL 1 edit	Though Ms. Salazar is probably not aware of this, I can guarantee you 100% that there will be no activity performed under this name which will even remotely fall under the "Article 3" definition: I am confused by one issue in the above document filings. Take note of the Florida Fictitious Name filing documents for RAGDESIGN.COM. which list the county as "Charlotte". The listed address for REMOTE ACCESS GROUP, INC. is in southern Broward County, on the east coast. Charlotte county is on the Gulf side of Florida. MGD
	to forum · permalink · · 2009-08-10 18:17:05 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL 4 edits	When a fraudulent LLC / Corp., and corresponding cyber-mule is uncovered, and identified as belonging to the organized crime syndicate's operation, a profile search is usually conducted on the cyber-mule. That has become more vital recently as the Organized Crime Syndicate has now pursued a path of exteme stealth behavior. When several attempts to silence the expose of their multi year massive fraud and laundering operation failed, they revamped and changed many of their common tactics which they believed were used to track and shadow their operation. This multi million dollar a year operation, which is an industry within itself that is now embedded within the financial system, needed to return back to its silent hidden operational format. This has resulted in many of the established long term monitoring points being abandoned, and has made them considerably more difficult to shadow. Even though this thread really only scratched the surface of the operation, it was still an Achilles heel, because it published and documented that this multi year organized fraud has existed unchallenged for years. Their current goal is to return the operation to its former status of apparent non existence. While there have been articles which discussed Russian organized crime infiltrating and hacking card data systems, such as these prophetic predictions over eight years ago, by some sharp individuals: From circa 2001: Tuesday, July 17, 2001 The Russian Mob is recruiting The Russian Mob is recruiting hackers to raid e-commerce sites for credit-card numbers. Security experts said the Russian Mafia hacking rings are often run by former KGB agents who recruit hackers in their 20s to do the dirty work. The young hackers typically answer Internet advertisements for computer programmers, planted by organized crime outfits in Moscow, St. Petersburg and Murmansk. .. . Spearheading the organized hacking rings is the Russian mafia, security experts say. The Russian mafia has infiltrated many businesses in the former Soviet Union, and is becoming increasingly sophisticated in computer crimes. These groups are penetrating computers in the US and other Western countries to obtain illegal profits, said John Collingwood, FBI assistant director for public affairs, during a briefing at FBI headquarters in Washington, DC, recently. "For the foreseeable future, we are going to see an explosion in this area," Collingwood said. "It's literally a brand new area for us. And it is one where no one is sure of what the implications will be." ... .. »www.zdnetasia.com/news/business/···5,00.htm There has not been much published of an actual long term operation that has infiltrated and embedded itself within the financial systems, virtually undetected for such an extended period. Especially one which still manages to launder millions a year out of the country via the US banking system, despite the increased regulations of the Patriot Act, which, in theory, should make this an impossible feat. As an IT security evangelist, one of the primary goals was to identify the OCS's sources of the millions of card data accounts which they obtained every year. Regardless of whether the ring leaders can be identified and prosecuted, identifying the methods and source of the hacked data, is a crucial component to any strategy in disrupting this multi year fraud operation. The anticipated compromise of many of the shadowing tactics being exposed to the criminals by going public, was considered a worthwhile trade off, in order to generate attention to the data sources. Much of the acquired knowledge of their tactics could still be utilized in tracking them, even if they subsequently radically altered their modus operandi in order to remain hidden. From a forensic standpoint, very little data has been uncovered about the card data sourcing operations. There has been much speculation as to potential sources, including the well publicized connection by many of the victims to a very common, and sometimes sole prior transaction with Equifax. That connection was a focal point of Bob Sullivan's Red Tape Chronicles article in November of 2007. There have been numerous other articles over the years, focusing on the apparent common link du jour among victims. However, none have reached the level needed to make irrefutable confirmations. In fact, there has only ever been one absolute 100% confirmation of a source, and that was for a very small portion of the overall hijacked data processed by this syndicate. That revealing fact can be attributed to a failure of the syndicate to recognize the unique characteristics of the card data which they hijacked. Even the usual tactic of mixing multiple source data within fraud charge runs, in order to preserve the sources, would not dilute the unique tracking characteristics of that data. That mixing tactic is one of the reasons that a minimum requirement for focusing on the data source, is to combine the billing records from at least a hundred or more fraud sites over an extended period, in order to have a large enough analysis database that will overcome the dilution tactics. It was the crime syndicate's hacking of the entire multiple year database of Ranger Joes customer's card data via an Sql exploit, which left a trail that led right to their front door. Within days of the data hacking, the hijacked Ranger Joes card data was processed with fraud charges spread across a dozen or more of the organized crime syndicate's fraud sites. Though it was mixed in with other hijacked data in submitted charge batches across the multiple sites, the unique identifier of the source could not be diluted. Ranger Joes card data had such a unique client identifier that rarely exists in any order database. All of the card holders represented a very small subset of the overall population, they were all either current or former Military or Law Enforcement personnel. So within a week or two following the hack, military personnel stationed in Germany, Iraq, Saudi Arabia, along with some in the US, all began reporting fraud charges originating from various active fraud laundering websites of the crime syndicate. The pattern stuck out like a red flare. Never before had such a unique group all with one prior event in common report their first fraudulent card activity as coming from one the known active group of fraud websites. The syndicate's error in not recognizing the unique data qualifiers, and its ramifications, is an inherent flaw which lacks localized context due to their location and native language. With respect to the now crucial profile checking of cyber-mules, to detect new patterns of the crime syndicate, I just completed a thorough check of the above listed cyber-mule of the REMOTE ACCESS GROUP, INC aka RAGDESIGN.COM 206-666-4778 operation, it produced valuable intelligence, and it was certainly worth the time. Running the cyber-mule through multiple data bases shows that she did not appear to have any prior formal business related activities. However, after her duped recruitment by the Russian crime syndicate, she has become a prolific business entrepreneur. Two months after the 05/12/09 formation of REMOTE ACCESS GROUP corporation, Ms. Salazar formed another Florida corporation called ILLUSTRATIVE STUDIO, INC. Based on the electronic format of all the filings, it is likely that the criminals are setting them up via an online service, then the service is sending the documents to Ms. Salazar. ==================================== Florida Profit Corporation ILLUSTRATIVE STUDIO, INC. Filing Information Document Number P09000060438 FEI/EIN Number NONE Date Filed 07/16/2009 State FL Status ACTIVE Effective Date 07/15/2009 Principal Address 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US Mailing Address 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US Registered Agent Name & Address SALAZAR, SADIE 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US Officer/Director Detail Name & Address Title P SALAZAR, SADIE 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US ==================================== Regular readers, may already have a good idea what themed website group that the above INC name may be for. I picked it too up front, but was absolutely postive when I then tracked down a sub Fictitious Business Name (FBN) that was registered under ILLUSTRATIVE STUDIO, INC, three weeks later on 08/06/2009, called BIGSTUDIODESIGN.COM ==================================== Fictitious Name BIGSTUDIODESIGN.COM Filing Information Document Number G09000143178 Status ACTIVE Filed Date 08/06/2009 Expiration Date 12/31/2014 Current Owners 1 County CLAY Total Pages 1 Events Filed NONE FEI/EIN Number NONE Mailing Address 2100 NW 99TH TERRACE PEMBROKE PINES, FL 33024 Owner Information ILLUSTRATIVE STUDIO, INC 2100 NW 99TH TERRACE PEMBROKE PINES, FL 33024 FEI/EIN Number: 27-0556632 Document Number: P09000060438 ==================================== Note that the above FBN lists "CLAY COUNTY" Florida as the primary place of business. As noted above, RAGDESIGN.COM listed "CHARLOTTE COUNTY" Florida as its primary place of business, though Broward County is where the listed address is. I am still not sure of the purpose of the wilful false statement on the documents, maybe an attempt by the syndicate to hide the cyber-mule. Or it could be a factor in creating multiple merchant accounts, and hiding the fact that other businesses exist. I do not really know at this point, just speculations, but they apparently have an intended purpose. Even before I went to the website which was undetected up until now, I knew it would be a "Gargoyle" a la Nuranstudio.com ILLUSTRATIVE STUDIO, INC. aka BIGSTUDIODESIGN.COM 206-350-6215 »bigstudiodesign.com ==================== Bigstudiodesign.com bigstudiodesign.com 1-(206)-350-6215 =================== Server Data: BIGSTUDIODESIGN.COM IP Address: 205.178.145.65 IP Location - Massachusetts - West Springfield - Network Solutions Llc Response Code: 200 Domain Status: Registered And Active Website NOTE = BIGSTUDIODESIGN.COM and RAGDESIGN.COM are hosted on the same sever. ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. = YAWN !! D/B/A PUBLICDOMAINREGISTRY.COM . Registration Service Provided By: EVERITY, INC. Contact: +1.8005538470 Website: >http://www.everity.com . Domain Name: BIGSTUDIODESIGN.COM . Registrant: N/A Karl Fischer (fisher_karl9@yahoo.com) 25 Autumn St. Everett MA,02149 US Tel. +01.2707210588 . Creation Date: 15-Jul-2009 Expiration Date: 15-Jul-2010 . Domain servers in listed order: ns38.worldnic.com ns37.worldnic.com . A check of that registration shows that same address in MA, with a different name, was used back in March of 2008 to register a Black Flash Template fraud site AS-MULTISERVICES.COM. Running the name Karl Fischer through my records reveals that his name was used in conjunction with a Florida address back in November of 2008 to register one of the Orange template fraud sites: CONNECTDIZ.COM AKA Web Connections, Inc. 205-705-3265. Over the years, these criminals have acquired a vast data base, and apparently utilize it. Snapped 2009-08-12 06:19:20 »bigstudiodesign.com/robots.txt In what can be best described as a "MARY ATTALLA" flashback, digging further revealed that on 07/16/2009 a week prior to the registration of ILLUSTRATIVE STUDIO, INC, Salazar had registered a third Florida corporation on 07/08/2009 called MOBILE INTERFACE, INC. ==================================== Florida Profit Corporation MOBILE INTERFACE, INC Filing Information Document Number P09000058491 FEI/EIN Number NONE Date Filed 07/08/2009 State FL Status ACTIVE Effective Date 07/08/2009 Principal Address 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US Mailing Address 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US Registered Agent Name & Address SALAZAR, SADIE 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US Officer/Director Detail Name & Address Title P SALAZAR, SADIE 2100 NW 99TH TERRACE PEMBROKE PINES FL 33024 US ==================================== Are you thinking maybe this one is for the mobile themes download group?, I was too. Cross checking the Florida Fictitious Business Name database for any registered FBN filed under ownership of MOBILE INTERFACE, INC produced this, JAZZIPHONE.COM ==================================== Fictitious Name JAZZIPHONE.COM Filing Information Document Number G09000135485 Status ACTIVE Filed Date 07/15/2009 Expiration Date 12/31/2014 Current Owners 1 County BROWARD Total Pages 1 Events Filed NONE FEI/EIN Number NONE Mailing Address 2100 NW 99TH TER PEMBROKE PINES, FL 33024 Owner Information MOBILE INTERFACE, INC. 2100 NW 99TH TER PEMBROKE PINES, FL 33024 FEI/EIN Number: 27-0515844 Document Number: P09000058491 ==================================== Chalk up a fresh new design to this group: MOBILE INTERFACE, INC aka JAZZIPHONE.COM 206-338-6018 »jazziphone.com ==================================== Contacts Please feel free to contact us anytime. JazziPhone.com + 1-(206)-338-6018 support@jazziphone.com ==================================== Server Data JAZZIPHONE.COM Server Type: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.8 IP Address: 174.132.217.242 IP Location - Texas - Dallas - Theplanet.com Internet Services Inc Response Code: 200 SSL Cert: beacon.ihostsupport.net expires in 250 days. Domain Status: Registered And Active Website ICANN Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM . Whois Record Registration Service Provided By: EVERITY, INC. Contact: +1.8005538470 Website: »www.everity.com . Domain Name: JAZZIPHONE.COM . Registrant: N/A Karl Fischer (fisher_karl9@yahoo.com) 25 Autumn St. Everett MA,02149 US Tel. +01.2707210588 . Creation Date: 07-Jul-2009 Expiration Date: 07-Jul-2010 . Domain servers in listed order: ns14.everity.com ns13.everity.com . A duplicate of the BIGSTUDIODESIGN.COM registration. Snapped 2009-08-12 06:18:58 »jazziphone.com/robots.txt The organized crime syndicate is clearly well underway with the new stealth strategy of creating layers upon layers of registrations in order to make it far more difficult, if not impossible, to track down and identify then close down the individual operations. Combining this tactic with the robots.txt files, which block search archiving, and now spreading the websites across individual hosts around the globe, is intended to make the operation once again disappear from public view. Only the recruited duped cyber-mule, the merchant account underwriter, and eventually a fraud victim, are the only ones intended to know that a website even exists. These two newly discovered ventures are right in the setup phase. It is now rare for an exhaustive digging session to produce these kind of results in one hunting expedition. It is sort of an icing on the cake, as it followed an earlier reconnaissance mission which targeted and successfully infiltrated the organized crime syndicate's computer systems. That foray included the recovery of a database which contained a large pool of resumes and applicants from a recent mass job posting campaign. Though resumes and applications by themselves are not usually considered to be identity theft risks, reviewing the captured data indicates that when combined with the syndicate's usual follow ups, which include the applicant submitting a picture id along with other bio data for the "security background check", may pose enormous risks. Having such massive detailed biographical data of US residents, in the hands of a Russian organized crime syndicate, especially when combined with picture identities, is, in my opinion a startling security risk. More on that in later posts. The only evidence uncovered to date of even quasi identity theft, has been the use of the data to register domains, and obtain hosting and other supporting services for the fraud. In fact, in one specific case where a domain registration was contested as being fraudulent, the crime syndicate responded by producing a picture id (a driver's license) which matched the domain registration. The criminal respondent assumed that identity, and protested that the registration was legitimate. It is also suspected, though I have yet to review the data, that these identities are used to registered prepaid debit cards obtained domestically using the fraud proceeds. These massive city by city carpet bombing job campaigns utilizing Careerbuilder.com and others, produce thousands of applicants and resumes. We already know that the organized crime syndicate operates within the shadows of online Drug Pharma, Extreme Porn, HYIP and other online Ponzi scams, and child porn. So it is not unreasonable to conclude that such an identity database could serve many purposes in hiding the real criminals. Could they assume some of those identities and obtain real or forged travel documents?, who knows for sure. MGD
	to forum · permalink · · 2009-08-12 06:43:11 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL	reply to MGD Another round of forum spamming is ready to start for E-RPMSOFT.COM 336-793-0285 »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto Within the past 48 hours there have been numerous forum registrations under E-RPMSOFT.COM. and Confirmation that the new registrations are once again originating from the Moldova, can be seen on forums where the member's country of origin is auto entered based on the geo location of the IP address of the applicant. Though there are now numerous victim reports of the fraud charging, it is likely that this new round of spamming is intended to counteract the E-RPMSOFT.COM 336-793-0285 operation going into full blast fraud mode. The intent is to push any reference of the fraud charging off the first few pages of Google: »www.google.com/search?hl=en&q=E-···oq=&aqi= Snapped 2009-08-13 17:18:18 »www.google.com/search?hl=en&q=E-···oq=&aqi= The posts are all copy and pastes of previous posts on the thread topic. It is obvious that the poster has no command of the English language. Similar postings on Russian forums are however unique and not copies of previous posts. MGD
	to forum · permalink · · 2009-08-13 17:18:21 ·
music man join:2008-08-12	reply to MGD OK- add »worldinyourmobile.com to the list of fakers Snapped 2009-08-14 15:00:11 »worldinyourmobile.com/contacts.php Phone number (804-3351435) is a cellphone, site has that phone number as an image. Registrant details Domain Name: WORLDINYOURMOBILE.COM Created on: 14-Apr-08 Expires on: 14-Apr-10 Last Updated on: 20-Jan-09 Administrative Contact: Singer, Arthur 24346 Sparta Rd Milford, Virginia 22514 United States 8043351435 Fax -- Technical Contact: Singer, Arthur 24346 Sparta Rd Milford, Virginia 22514 United States 8043351435 Fax -- Domain servers in listed order: NS51.DOMAINCONTROL.COM NS52.DOMAINCONTROL.COM
	to forum · permalink · · 2009-08-14 15:00:38 ·
music man join:2008-08-12	reply to MGD Next you can add »www.intlibrary.biz Snapped 2009-08-14 15:13:45 »www.intlibrary.biz/about.php No contact phone number Whois Whois Record Domain Name: INTLIBRARY.BIZ Domain ID: D31342974-BIZ Sponsoring Registrar: ENOM, INC. Sponsoring Registrar IANA ID: 48 Domain Status: clientTransferProhibited Registrant ID: BB7CCA32B33232A2 Registrant Name: Thomas Soles Registrant Organization: - Registrant Address1: 4433 Glen Rose St Registrant City: Fairfax Registrant State/Province: VA Registrant Postal Code: 22032 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +1.5016219448 Phone number from whois comes out to Little Rock ,AR!! Same registrant, same web template, different domain- Snapped 2009-08-14 15:13:28 »intellectlibrary.com/contacts.php
	to forum · permalink · · 2009-08-14 15:15:08 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL 2 edits	reply to music man said by music man : OK- add »worldinyourmobile.com to the list of fakers Excellent work music man I am searching for fraud charge reports. Some may be dormant, possibly the result of cyber-mule failure, or other events. In fact this post you made on 07/11 regarding sibersoftllc.net aka Siberian Software LLC »Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto was another great find: said by music man : Not too sure about this one but it shares some of the same text as E-RPMSOFT.COM Snapped 2009-07-11 03:06:02 »sibersoftllc.net/contactus.aspx Recent domain registration Registry Data ICANN Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE Created: 2009-04-16 Expires: 2010-04-16 Updated: 2009-04-16 Registrar Status: clientTransferProhibited Name Server: NS1.OFFICELIVE.COM (has 649,658 domains) Name Server: NS2.OFFICELIVE.COM (has 649,658 domains) Whois Server: whois.melbourneit.com Detroit cellphone number for contact Information on phone number range +1 313 999XXXX Number billable as mobile number Country or destination United States City or exchange location Detroit, MI Original network provider* Nextel Communications, Inc. No contact address . sibersoftllc.net aka Siberian Software LLC is confirmed as one of the organized crime syndicate's set ups. However, it is now dormant, and failed during the set up phase. In fact, the website, in its current configuration, is a good example to merchant providers and others, to see how the OCS can adapt and morph the websites during the approval and merchant account aplication process. That site was abandoned upon completion of the set up phase. In many cases, the criminals will display the full legitimate contact information, and have everything match to the registrant and LLC owner. The intention is to make the merchant account underwriter believe that it is indeed a legitimate operation. Thus the details listed will be transparent and match. Only after the approval process will the criminals then remove this information, and change it to the usual impossible to track configuration. So the websites that an underwriter may review, will not necessarily be the same ones that are subsequently seen by the fraud victims, with respect to the listed contact details. These criminals are totally adept at manipulating every phase and component of the operation. sibersoftllc.net aka Siberian Software LLC proved to be a lucky break for both the cyber-mule and the merchant account underwriter. The cyber-mule was recruited by the cloned recruiting fraud: Redstone Software, Ltd. aka Redstonesoft.com . . . He was recruited by Redstone Software, Ltd. aka Redstonesoft.com as a result of the massive carpet bombing job fraud recruiting campaign on careerbuilder.com: . . . . . Believing it to be a legitimate job offer, the cyber-mule completed the application process and background check. As instructed, he set up an LLC, and opened a business bank account, and applied for, and was approved, for a merchant card processing account. He, as instructed by the crime syndicate, contacted Authorize.net, and applied for and obtained gateway services from them. The costs associated with registering and setting up the LLC, the initial banking fees, and the Authorize.net gateway fees, were immediately reimbursed to the cyber-mule. That reimbursement was sent to the cyber-mule via PayPal from: Sergey Chuksin serega_zlt@mail.ru from Zlatoust, Russia. . . Sergey Chuksin serega_zlt@mail.ru . Everything was in place and cleared, all were ready go. The lucky break came a week later during a phone call that the duped cyber-mule had with the merchant account underwriter. During that casual conversation something the cyber-mule mentioned set off an alert with the merchant account underwriter. ( I will not state the specifics, as that will be of value to the organized crime syndicate, who are avid readers of this thread.) Within 30 minutes the underwriter called the cyber-mule back, and told him that he locked the merchant processing account, and was in the process of cancelling it. The underwriter then explained to the cyber-mule that he had reviewed the entire set up, and had identifird that he, the cyber-mule, was the victim of a recruiting fraud. Kudos to the very alert merchant account underwriter, who, not only immediately cancelled the prior approved account, but also explained the process in detail to the cyber-mule. Doing so removes the cyber-mule from the available victim pool. In prior cases where the underwriter would just cancel an account, the uninformed cyber-mule would be sent elsewhere by the OCS to apply for and open a new one. The massive multi million dollar multi year fraud documented in this thread, has been well disseminated across multiple layers of the financial system. The benefits and results of that have been apparent for some time now. The cyber-mule obviously immediatly dropped out, and the crime syndicate subsequently abandoned the website, sibersoftllc.net MGD EDIT = Corrected typos, added text
	to forum · permalink · · 2009-08-15 16:59:01 ·
janon @gibsonins.com	reply to MGD »www.huffingtonpost.com/2009/08/1···378.html
	to forum · permalink · 2009-08-19 10:02:57 ·
hoyleysox join:2003-11-07 Long Beach, CA	The circumstances described in this thread seem like an efficient way to exploit those 170 million credit card account numbers. The current US population is about 300 million people!
	to forum · permalink · · 2009-08-19 11:58:21 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL 2 edits	reply to MGD I posted victim alerts on 800notes.com for the group of cyber-mule SADIE SALAZAR's card fraud laundering websites: 1) RAGDESIGN.COM aka REMOTE ACCESS GROUP INC. 206-666-4778 2) BIGSTUDIODESIGN.COM aka ILLUSTRATIVE STUDIO, INC. 206-350-6215 3) JAZZIPHONE.COM aka MOBILE INTERFACE, INC 206-338-6018 RAGDESIGN.COM was the first posted, and generated victim reports which assisted in tracking down the Corporation. There have been numerous search referrals from search engines on JAZZIPHONE.COM, a sure sign that there are many fraud victims finding charges from them. Within three days of posting the BIGSTUDIODESIGN.COM three victims reported in to the thread, of which one was of particular interest: quote: lml - 19 Aug 2009 Received a fraudulent charge of $13.15 from Bigstudiodesign.com on 8-16-2009 also from gamarton $9.45, NWFRESH $20.00 and adaptablechargers $54.95 These have all been reported as farud to Chase.com Ref: »800notes.com/Phone.aspx/1-206-350-6215 In addition to the $13.15 Bigstudiodesign.com they also reported tadem charges from: gamarton $9.45, NWFRESH $20.00 and adaptablechargers $54.95 I am trying to find info on both NWFRESH and adaptablechargers to see if they are fraud laundering or syndicate use of the card for self purchases. NWFRESH appears to be a fraud laundering for sure, but I cannot locate anything on that. On the other hand the tandem fraud charge from "gamarton $9.45" has been traced to another new crime syndicate operation: GAMARTON.COM aka PROCESSING PROMISE LLC 231-480-4869 »gamarton.com ======================== Home :: Contact Us gamarton.com Sales: Tasha Blake 124 Evart street, Cadillac MI 49601 USA (+1)(231) 480-4869 If you want to contact us for any reason please write email to: sales@gamarton.com or fill the form below: ======================== Snapped 2009-08-21 03:14:28 »gamarton.com/index.php?main_page=contact_us The website is hosted on a GoDaddy dedicated IP, and the domain is registered to the cyber-mule: Server Data Server Type: Apache IP Address: 208.109.156.230 IP Location - Arizona - Scottsdale - Godaddy.com Inc Response Code: 200 SSL Cert: www.gamarton.com expires in 216 days. Domain Status: Registered And Active Website Whois Record Registrant: Tasha Blake admin@gamarton.com 124 Evart St. Cadillac, Michigan 49601 United States . Domain Name: GAMARTON.COM Created on: 24-Mar-09 Expires on: 24-Mar-10 . Domain servers in listed order: NS21.DOMAINCONTROL.COM NS22.DOMAINCONTROL.COM . First PROCESSING PROMISE LLC was registered on March 18th 2009: . MICHIGAN DIVISION OF CORPORATIONS . Name PROCESSING PROMISE, LLC . Type: Domestic Limited Liability Company . Resident Agent: TASHA BLAKE . Registered Office Address: . 124 EVART ST., CADILLAC, MI 49601 . Mailing/Office Address: . Formation/Qualification Date:3-19-2009 . Jurisdiction of Origin:MICHIGAN . Managed by: Members . Status: ACTIVE Date: Present . Then on April 6th 2009 TASHA BLAKE filed an Assumed Name of GAMARTON.COM under the ownership of PROCESSING PROMISE, LLC: . Assumed Names: GAMARTON.COM . Id Num E46279 . Creation Date: 4-6-2009 Renewal Date: 12-31-2014 Name:PROCESSING PROMISE, LLC . Take note of this fake price list, which also incudes items for 4 cents !!. Place a bet that they are also pinging card data for validation with this set up as well. The last time they ran many thousands of ping charges through those Texas set sites specifically set up for card validation, it made the national media. In keeping with the new strategy of going in to complte hide mode, they may plan on mingling the ping validations in with regular fraud processing. By listing a .04 priced item the hope to fool anyone who suspects card testing. They may well run the pinged cards thorugh their other fraud sites the following month. GAMARTON.COM aka PROCESSING PROMISE LLC 231-480-4869 already has numerous fraud reports starting about 12 days ago: ref: »www.numberinvestigator.com/phone···869.html There are likely to be several more in this themed group currently in operation, all will be GoDaddy hosted. EDIT ADD: A close examination of the documents shows that an online service called "Start Biz Here Inc" »STARTBIZHERE.COM was used by the crime syndicate to process the Michigan LLC registration. It is really a clueless move for that US based business to have a cloaked Canadian domain registration. What were they thinking !! Whois Record Registrant: Contactprivacy.com 96 Mowat Ave Toronto, ON M6K 3M1 CA Domain name: STARTBIZHERE.COM »www.majon.com/advanced/pressrele···inc.html MGD
	to forum · permalink · · 2009-08-21 03:27:55 ·
kvm @qwest.net	reply to MGD I have a charge of $13.15 on my CA based card
	to forum · permalink · 2009-08-25 11:00:29 ·
iDeceive join:2008-11-03	reply to MGD The Recruiter Network A correspondent has asked me about the following recruitment offer. I've advised him that it's a money mule job of the sort discussed here (and pointed him to the forum). I don't know how useful this information will prove to be -- there's not much to go on -- but I'm posting it here for future reference, just in case. (Also useful if anyone searches based on this text.) From: Klara Jagerhon <klara.jagerhon@therecruiternetwork.org> Subject: Assistant Director Positon To: [redacted] Date: Wednesday, August 26, 2009, xx:xx Dear Applicant, I represent the The Recruiter Network, Sweden based company that provides recruitment services globally. We work in partnership with our candidates and clients to provide both with our expertise in every part of the recruitment process, to delivery added value to our candidates and clients. Our client, Swedish web-design studio "Rich Productions", is looking for managers in the USA to create Rich Productions' subsidiaries. I have found you resume on »www.monster.com/ and I suppose that this position could be a good opportunity for you to get additional income. Your mission in this project is to establish business tools (to register a business entity, to set up business and merchant bank accounts), and, basically, after that all you will have to do is to spend a couple of hours a week to monitor sales level, incoming and outgoing payments, and perform simple tasks from Rich Productions' manager. Rich Productions will create a web-site (online store, Rich Productions' subsidiary) that will sell their products. The operation of this web-site impossible without a merchant account, that is why your mission of establishing the listed above business tools is so important for the project. Certainly, you will be reimbursed for all expenses. If you already have a company, you can use it instead of registering a new one, it will make the start up yet faster. Your commission will be 5% from gross sales (you'll earn about 1500-2000$ a month). You will get this commission in any case regardless any fees applied to business. Your income will increase as the business progresses. And, as you can see, everything is very simple and all partnership activities are absolutely transparent. Please e-mail me at alva.stahrberg@1stclassrecruitment.com, and I will provide you with all the details. Even if you are not interested in this position, let me know and I will contact you if we have any other, more suitable for you, opportunity. Sincerely, Klara Jagerhon, HR Agent The Recruiter Network Gjorwellsgatan 28, 112 60 Stockholm, Sweden Note that 1stclassrecruitment.com is registered anonymously, created on 13-jan-2009; therecruiternetwork.org is registered under the name "Doris Weeks" (address info exists), created on 23-Jul-2009 21:31:03 UTC. -- Suckers Wanted -- Employment Opportunities That Will Cost You
	to forum · permalink · · 2009-08-27 11:23:11 ·
Jeenester @sbcglobal.net	reply to hoyleysox Gamatron fraud charges, Devbill/DigitalAge/Pluto This company also charged my BofA account in the amount $9.45 in August of 2009. I tried calling their number and going to their website but there was little to zero helpful information. Be very careful and do dispute and report them should you see Gamatron charges on your statement and please cancel your card and request a new one.
	to forum · permalink · 2009-08-27 15:24:55 ·
K Patterson Premium,MVM join:2006-03-12 Columbus, OH	Pllease DO NO dispute the charge. Insist that the card copany process it as fraudulent. If it is reported as disputed, the fraudsters will protest, anything to keep the site up a few more days.
	to forum · permalink · · 2009-08-27 16:03:08 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL 1 edit	reply to iDeceive Re: The Recruiter Network said by iDeceive : A correspondent has asked me about the following recruitment offer. I've advised him that it's a money mule job of the sort discussed here (and pointed him to the forum). I don't know how useful this information will prove to be -- there's not much to go on -- but I'm posting it here for future reference, just in case. (Also useful if anyone searches based on this text.) Excellent decision to post iDeceive . said by iDeceive : ..... I don't know how useful this information will prove to be -- there's not much to go on -- More than you thought, sometimes all that is needed is a mere crumb of information. Not only is the mention of setting up an LLC /Corp and obtaining merchant services a primary clue, which ties it to this organized crime syndicate. I can confirm absolutely that it is the same criminals. Several of the graphic images that have been used before are on here: Snapped 2009-08-27 12:59:43 »therecruiternetwork.org Snapped 2009-08-27 13:18:32 »therecruiternetwork.org/images/cand.jpg Snapped 2009-08-27 13:18:30 »therecruiternetwork.org/images/pic.jpg Despite listing a born on 2007 date the therecruiternetwork.org image files were uploaded on 08/10: Snapped 2009-08-27 13:18:27 »therecruiternetwork.org/images/ It belongs to the download themed group whose recruiting C&C repeatedly projects itself as being based in Sweden. They are also using the same address as a recently posted recruiting email for the known fraud Riddick-Design. Riddick is a subset of a large group of let's pretend we are in Sweden fraud cyber-mule recruiting sites. Not only is the SCAM therecruiternetwork.org FRAUD hidden such that only those whose resumes are targeted can find it: According to the source code of the main index page that are no more that a few text words on there. Everything is in a graphic non searchable format including the contact details: Snapped 2009-08-27 12:59:25 »therecruiternetwork.org/contact.php therecruiternetwork.org Server Data Server Type: Apache IP Address: 72.34.55.197 IP Location - California - Encino - Ih Networks Response Code: 200 Domain Status: Registered And Active Website Not only is this group associated with recruiting for the mobile themes, but the scam recruiting website therecruiternetwork.org is hosted on the same server as Cheapestthemes.com IP Address: 72.34.55.197 Hosting Audit 045. Cheapestthemes.com 192. Therecruiternetwork.org The fraud website Cheapestthemes.com has been processing fraud charges since early February with the latest report less than 24 hours ago An audit of the 200 odd websites hosted on IP Address: 72.34.55.197 reveals that in addition to Therecruiternetwork.org and Cheapestthemes.com a mobile themed download fraud website imagestudiodesign.com is also hosted on that server: Snapped 2009-08-27 17:01:58 »imagestudiodesign.com Administrative Contact: Whois Privacy Protection Service, Inc. Whois Agent () +1.4252740657 Fax: +1.4256960234 PMB 368, 14150 NE 20th St - F1 C/O imagestudiodesign.com Bellevue, WA 98007 US . Status: Locked . Name Servers: ns1.uswebhosting.com ns2.uswebhosting.com . Creation date: 05 Feb 2009 23:52:25 Expiration date: 05 Feb 2010 23:52:00 . Snapped 2009-08-27 17:01:36 »imagestudiodesign.com/contacts.php The imagestudiodesign.com contact phone number of 813-200-4105 is cloaked as an image file: Snapped 2009-08-27 17:01:18 »imagestudiodesign.com/Fd56nf.php···7e11&t=p That image format is identical to the contact details of Therecruiternetwork.org same php script: Snapped 2009-08-27 17:11:00 »therecruiternetwork.org/txt2img.···5663&t=p Snapped 2009-08-27 17:10:59 »therecruiternetwork.org/txt2img.···5663&t=a RECRUIT FRAUD = therecruiternetwork.org =JOB SCAM RECRUIT FRAUD = klara.jagerhon@therecruiternetwork.org =JOB SCAM RECRUIT FRAUD = Klara Jagerhon =JOB SCAM RECRUIT FRAUD = The Recruiter Network =JOB SCAM Gjorwellsgatan 28, 112 60Stockholm, Sweden RECRUIT FRAUD= Swedish web-design studio "Rich Productions" =JOB SCAM MGD
	to forum · permalink · · 2009-08-27 17:15:43 ·
music man join:2008-08-12	reply to MGD Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto And yet another one- »this1isawesome.com Snapped 2009-08-29 15:20:08 »this1isawesome.com/index.php Even comes with its own dedicated refund page!! Snapped 2009-08-29 15:19:52 »this1isawesome.com/moneyback.php Usual vlad tactics - no contact phone number, no address. Email addy is obfuscated by being an image. Registry Data ICANN Registrar: ENOM, INC. Created: 2009-06-11 Expires: 2010-06-11 Privacyprotected registration as well.
	to forum · permalink · · 2009-08-29 15:19:44 ·


Wednesday, 25-Nov 05:43:05	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. republican-creole page compression OFF