dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
4308
share rss forum feed


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18

2 edits

1 recommendation

pictureglobus.com, imaglobus.com, and templateglobus.com now

Looks like they have added Stock Pictures to the E-book and Template Scam fronts.

• www.Pictureglobus.com

»www.pictureglobus.com/robots.txt
User-agent: *
Disallow: /

• www.Imaglobus.com

»www.imaglobus.com/robots.txt
User-agent: *
Disallow: /

• www.Templateglobus.com

»www.templateglobus.com/robots.txt
User-agent: *
Disallow: /


»Am i hacked

»www.google.com/search?hl=en&q=im···G=Search

Honorable mention of MGD here praising his dedication and hard work.

»www.fatwallet.com/forums/message···start=40
said by kayah :
It seems like they can get anyone- people who use credit cards frequently, people who hardly ever use them- new cards, old cards... it is amazing that this kind of scam is going on on such a huge scale and there is no sign of the authorities, or the banks (except for mine, bless them) doing anything.

Has the ATM rejection happened to anyone else?
This forum has the most comprehensive information about it that I have read, thanks to a poster named MGD who has been tracking this like a bloodhound.HERE.






Regards,

Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?


Trimline
Premium
join:2004-10-24
Windermere, FL

1 recommendation

Re: pictureglobus.com, imaglobus.com, and templateglobus now

Looks like the others. I went to the support page and Googled 210 807-4272.... see what comes up for you.
--
FWD#537129

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

reply to Doctor Olds

Re: pictureglobus.com, imaglobus.com, and templateglobus.com now

Excellent catch on the search engine blocking Doctor Olds See Profile. I see this group has some unique characteristics as well. They are even supplying bogus account set up and login data to victims, in order to hide the fact that they are a criminal fraudulent front operation laundering card data.

I saw that on the mpix.com thread. Another interesting item on that thread was the email of a refund notice:

quote:
From: MALLISON@HERMESELECTRO.COM
Subject: PICTUREGLOBUS.COM Customer Receipt/Purchase Confirmation
Date: December 13, 2007 8:34:35 AM PST
To: (my email address redacted)

========= GENERAL INFORMATION =========

Merchant : PICTUREGLOBUS.COM
Date/Time : 13-Dec-2007 09:34:34 AM
Transaction ID : 1657880268

========= ORDER INFORMATION =========
Type : REFUND
Invoice Number :
Description :
Total : 9.87 (USD)
Payment Method : Visa

..SNIP


That HERMESELECTRO.COM caught my attention, it is a site with all bogus info.



»hermeselectro.com

Including the address:




and is also hidden from search engines: »hermeselectro.com/robots.txt




I see that the three laundering domains are all cloaked by the "hide a criminal" service of:


Registrant:
Domains by Proxy, Inc.
.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: IMAGLOBUS.COM
Created on: 26-Aug-07
Expires on: 26-Aug-08
Last Updated on: 26-Aug-07
.
Administrative Contact:
Private, Registration IMAGLOBUS.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599


All of these are the same:

pictureglobus.com IP 72.167.106.230
Support: Eric Robertson
e-mail: support@pictureglobus.com
tel: (210) 807-4272

templateglobus.com IP 72.167.23.251
Support: Eric Robertson
support@templateglobus.com
tel: (210) 807-4272

imaglobus.com IP 72.167.3.161
Support: Eric Robertson
support@imaglobus.com
tel: (210) 807-4272

hermeselectro.com IP 208.109.138.8 is registered to an individual in the UK, I assume a carded domain, "meshmesh1231@yahoo.com" is a give away:


Registrant:
GILLARD, SUSAN meshmesh1231@yahoo.com
11,MALLARD CLOSE
BEVERLEY, NORTH HUMBERSIDE HU17 7QG
United Kingdom
(01482) 873892
.
Registered through: GoDaddy.com, Inc.
Domain Name: HERMESELECTRO.COM
Created on: 15-Aug-07
Expires on: 15-Aug-08
Last Updated on: 15-Aug-07
.
Domain servers in listed order:
NS53.DOMAINCONTROL.COM
NS54.DOMAINCONTROL.COM


I also thought that I read a post probably by the mule somewhere, saying something like "Please stop making negative posts about our company, you are hurting sales". I will have to look back for it, amusing.

Trying to hunt down the a business registration that they need, in order to set up the merchant and bank accounts needed to launder the stolen money out of the country.

One of the questions is, if "Eric Robertson" is a real name. If so, obviously it would be the cyber-mules. I see the phone number used 210-807-4272 was originally assigned to Verizon Wireless in San Antonio, TX. It could have been subsequently ported, however, it clearly indicates that a local cyber-mule would have set this up. It could not have been done online.

I checked fictitious business name registrations in 3 Texas counties that may be relevant to this operation, Bexar County, Galveston County, and Harris County. So far, have not found anything relating to those web names, or for a Eric Robertson.

I suspect it will be a State of Texas LLC filing. I presume that they may use just the name "Globus", doing so would make it a catch all for the multiple domains that end in globus. However, a check with the State of Texas produces only a Globus Corp registered in 04/2006, to an individual with the last name Singh in Irving, TX. That is not a match, plus the name Globus is used by several legit entities. The search is still ongoing, as there is a need to identify the rest of the processing operation that is in place with this group.

The merchant account vetting process never ceases to amaze me.

Here we have a new web only businesses applying for, and receiving, a merchant account to process cards. As Doctor Olds See Profile points out, they are completly blocked from anyone finding them. Combine that with the fact that their domain registration is cloaked, and you have two ingredients that should immediately flag, and mostly definitely deny a merchant application. No internet only commercial venture should have a hidden domain registration, that procedure alone is synonymous with fraud.

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

reply to Doctor Olds
Here is the post that I was talking about by the mule, quoted on fatwallet:

»www.fatwallet.com/t/52/782097/11···11594686

MGD


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18
said by MGD:

Here is the post that I was talking about by the mule, quoted on fatwallet:

»www.fatwallet.com/t/52/782097/11···11594686

MGD
Wow, that Mule has big brass ones to PM that load of excrement to someone and think it would be believed, LOL. That is really brazen unless the overseas gang has these replies made up ready to send to the Mule and the Mule forwards them to the victims and really thinks he's legit?

BTW, Did you see the four names, addresses and numbers listed at the mpix forum on page two posted by stanmead?

Eric T Robertson of 1215 Oleander Ln |
Donna L & Michael Z Allison of 563 Birdsong Dr |
Michael C & Pamela J Allison of 2035 Pembroke Bay Dr |
Mike Allison of 563 Birdsong Dr |

all in League City, Texas. I didn't post the numbers here since it is unknown yet if they are truly the mules or not. I'll bow out and let you if interested look into that area.

Thanks for all your hard work.

Regards,

Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

said by Doctor Olds:

.....BTW, Did you see the four names, addresses and numbers listed at the mpix forum on page two posted by stanmead?
........
Yes I did, which is why I included Galveston County in an initial FBN check. However, I believe those numbers were just pulled from a directory listing based on the names used in the emails and the local exchange of the 210-807-4272 number.

I would need to have more data that connects someone to the operation. A State LLC or a county FBN that ties a name and/or address directly to the operation. Lacking that, it is difficult to even speculate. If that number is still a cell phone then the cyber-mule could really be anywhere. Also lacking any filing data we don't know if those names are real. Plus Robertson is a very common name in that area.
Having a real name posted on the site would not be needed nor validated for merchant account vetting. The account applicant would have to show that the company is registered, and that they are an officer or registered agent. They would also need to supply proof that they own the domain.

It does appear that most of the correspondence with victims is coming from the cyber-mule.

There is something unusual with this group too, it appears that banks are now flagging the victim's accounts as compromised as soon as some of the charges appear. There are several reports of that happening. Makes me wonder if they have now flagged the fraudulent vendor in the system, or if they are aware some of those cards may have been compromised already from other data that they have, and were already categorized as such.

I have not checked to see who the merchant account gateway is with, or if that can be determined. Finding some of the business filings that would have been needed to open the merchant account is key.

MGD