dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
97
MGD
MVM
join:2002-07-31

4 edits

MGD

MVM

Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB

Continued, Part 2,

The search for information on one of the three group charges listed as:
"$13.95 E NAT NATALIYA MAKOVCARMICHAEL CA"
ended up locating another website, site # 8 of interest on IP 64.202.102.8

E nat turns out to be another Sacramento Fictitious Business name registered on 06/14/2007 by a Natalie Makoviy:





County of Sacramento, California
Fictitious Business Name
File Number: 0706914
Filing Date: 06/14/2007
Expiration Date: 06/14/2012
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
.
Business Name(s): E-NAT
Owner Name(s): MAKOVIY, NATALIE


A lookup of Natalie's name produced records under Nataliya for 8063 Joe Rodgers CT., Granite Bay, CA 95746, and a listing under Natalie at ABC Realty & Mortgages, Inc. in Carmichael, CA. They said she no longer works there. This came up also:

Natalie Makoviy
work
Job title: Owner
Company: E Nat
4037 Mcclain Way, Apt 52
Carmichael, CA 95608-2488
(916) 534-2848

That response from that phone number behaved a lot like the typical phone set ups on the fake sites. Running a check on it showed that it was also listed on a website: newmobile-shark.com 916-534-2848 »newmobile-shark.com which is also hosted at IP 64.202.102.8 and became number eight on the list.




A check of that domain registration shows that it is registered to none other than Vladimir Mironyuk, of VR-S.com fame. AKA Vlad's Designs, small world!.


Registered through: GoDaddy.com, Inc.
Domain Name: NEWMOBILE-SHARK.COM
Created on: 05-Jul-07
Expires on: 05-Jul-09
Last Updated on: 05-Jul-07
.
Administrative Contact:
mironyuk, vlladimir albert_mur@yahoo.com
4840 buffwood wa
Sact, California 95841
United States
(916) 308-3108
.
Domain servers in listed order:
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM


Running a check of the last name MAKOVIY through the Sacramento County FBN records shows:





Business Name Owner Name File Number Filing Date
E-NAT MAKOVIY , NATALIE 0706914 06/14/2007
SMS USA MAKOVIY , SERHIY 0706911 06/14/2007


There is something new, a Serihy Makovivy registered "SMS USA" on 06/14 the same day that Natalie Makovivy registered E-NAT. Have not seen anything yet on SMS USA. A check on Serhiy yields one of the same addresses as Natalie or Nataliya:


Serhiy Makoviy
8063 Joe Rodgers Ct
Granite Bay, CA 95746-9391
phone number unavailable


The only reference to other names or an address on the newmobile-shark.com site is:

NEWMOBILE-SHARK (a division of mobileHomeGAME LLC )
newMobileShark, New Way, SF, 90075, USA





Not sure what they had in mind with these price reductions, hope it is not an omen of future charge amounts.




The ssl cert on the server, which may be the default is:


E = root@mobiulehome.com
CN = 64.202.102.8
O = mobilehome
L = New York
S = NY
C = US


More to follow,

Part 3.

MGD
omgdave3
join:2006-12-31
United State

omgdave3

Member

MGD,

Any useful purpose served from a visual look at the N. Cal./Sacramento sites listed above?
MGD
MVM
join:2002-07-31

1 recommendation

MGD

MVM

At this stage I don't believe so, I have now found two other phone numbers, and I am in the process of working that angle. At this point we can presume that this division is the same modus operandi as the others. In that the names that are on the recorded documents are recruited cybermules. No doubt that the individuals listed on the corporate filings, and the fictitious business name registrations, will also be the ones who set up the bank and merchant accounts to process the fraud charges.

This group is somewhat unique in that so far all the reports of fraud charges that specify a card, list American Express as the one hit. This genre of "Game Download" sites, however, is not unique. A group of similarly cloned sites was used by this criminal enterprise back in 2006. Charges from the "Game Download" group appeared either alongside the Devbill web templates fraud charges or immediately following them.

This victim report from May 2006 on DSLR is one example listing a fraud charge from Moball along with the template charges. The entire thread is HERE

I also mentioned this genre at the beginning of this thread, and here are some screen shots circa May 2006.

Moball, moballtech.com




McColgan Games out of Canada, mobilegamejuice.com




Generex, generextech.com




Also, JamesPC.com:




Generex was a cybermule driven LLC set up in Ohio, and Moball was fronted by a retired physician in Virginia.




I also provided links to early 2006 audio recordings from the contact numbers:
»/r0/do ··· mple.wav
»/r0/do ··· mple.wav

This has all the appearances of repeat performance.

MGD
MGD

MGD

MVM

VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB

Part 3,

There are additional fraudulent charge reports from this group continuing to roll in on Chris Jupin's blog. There now seems to be little doubt that the earlier characterization of this as the "American Express" fraud division of the syndicate is true. The reported fraud charges from this group appear to be specifically targeting American Express compromised card accounts.

While Cybersource / Authorize.net is to be heavily criticized for their utter failure to implement appropriate procedures in the vetting process to remove these fraudulent laundering accounts, apparently American Express fares no better. Authorize.net has been the criminal enterprise's provider of choice for several years. Part of the issue is that merchant account providers make maximum profits from charge back fees. They may initially be reluctant to address the distorted frequency of charge backs and credits associated with these fraud accounts.

In the case of the VALL-JRSX, VIN-DESIGN, E NAT, PARADISE WEB group, it appears that American Express has provided these criminals with the perfect opportunity to use their own system to launder their customer's compromised cards. There was an initial report on the blog from a victim who quoted an AE csr as saying that they had a "reversal arrangement" with the fraud group. originally I brushed that off as a statement from an overzealous AE csr. However, now there is an additional report of the exact same arrangement.
quote:
Marti on 01.10.08 at 6:27 pm

I checked my Amex account online this morning and saw a charge I didn’t recognize from Paradise Web for $9.59 on 01/06/08:
Transaction Date: 01/06/2008
Transaction Description: PARADISE WEB PARADISPLUMAS LAKE

...........................Amex was very willing to reverse the charge, as they said they had an agreement with the company to automatically reverse disputed charges (!). Another poster mentioned this also. I find it incredible that the credit card companies seem to be facilitating these scams (in the sense that they do not seem to investigate or want to do anything to stop it). ...........

Incredible !! that plays straight into the criminals hands. I am sure that this type of pre-arranged reversal agreement does not contain the usual high "charge back" fees. In effect, American Express is now performing one of the criminal's intensive tasks of mitigating charge back fees to maximize the take.

In addition the process of setting up this type of merchant billing account directly with American Express appears to be only one step above the "honor system". The entire process can be done online, and subsequently administered and managed from there.

Have a look at the application: »www209.americanexpress.c ··· =regular

Apparently neither American Express nor Cybersource realize that there is no accreditation process for setting up an LLC, or establishing an EIN number. Criminals, even those offshore can easily arrange for that kind of setup. Possession of those credentials does not establish any form of legitimacy to an operation, that process is not intended to. In addition the merchant account application is done "online". American Express states that approval comes "within the hour".

Combine this with various card data storage and processing systems that are about as secure as a sieve, and you could not write nor invent a more efficient crime magnet. One wonders why Cybercrime is such an epidemic.

Future callers to American Express from card holders who are victims of this group's fraud charges, should alert them that they need to reverse any and all charges from this group. In addition, they can use the submit reports for an up to date list of AE compromised accounts. They should automatically issue new cards to any account holder's card that is submitted from this criminal enterprise.

As of yesterday, the status of the additional domains of interest on the VALL-JRSX, VIN-DESIGN, E NAT, PARADISE WEB, server at IP 64.202.102.8 hosting the sites are:

ez-booksonline.com was still a work in progress, no contact data listed yet, nor is the refund page completed. Same for ibook-space.com and best-ebooks4you.com

ebooks-tfw.com, ebooks-tfw.com, and az-bookspace.com, did not have any webpages configured..yet.






They all currently have "cloaked" domain registration:



Registered Through
GoDaddy.com, Inc.
Domain Name: best-ebooks4you.com
Created on: 2007-09-03 04:10:49
Expires on: 2009-09-03 09:10:49
Last Updated on: 2007-09-03 04:10:50
Domain Servers
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
.
Administrative Contact
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
best-ebooks4you.com@domainsbyproxy.com
.
.
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Domain servers in listed order:
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM

ibook-space.com@domainsbyproxy.com
Registered Through
GoDaddy.com, Inc.
Domain Name: ibook-space.com
Created on: 2007-08-27 14:46:34
Expires on: 2009-08-27 19:46:34
Last Updated on: 2007-08-27 14:46:35
Domain Servers
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
.
.
EZ-BOOKSONLINE.COM
Administrative Contact
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through:
GoDaddy.com, Inc. om)
Domain Name: EZ-BOOKSONLINE.COM
Created on: 01-Aug-07
Expires on: 01-Aug-09
Last Updated on: 01-Aug-07


MGD