how-to block ads
|
|  
Trimline
Premium
join:2004-10-24
Orlando, FL | Re: pictureglobus.com, imaglobus.com, and templateglobus now Looks like the others. I went to the support page and Googled 210 807-4272.... see what comes up for you. 
--
FWD#537129 | |
| MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Re: pictureglobus.com, imaglobus.com, and templateglobus.com nowExcellent catch on the search engine blocking Doctor Olds  . I see this group has some unique characteristics as well. They are even supplying bogus account set up and login data to victims, in order to hide the fact that they are a criminal fraudulent front operation laundering card data.
I saw that on the mpix.com thread. Another interesting item on that thread was the email of a refund notice:
quote:
From: MALLISON@HERMESELECTRO.COM
Subject: PICTUREGLOBUS.COM Customer Receipt/Purchase Confirmation
Date: December 13, 2007 8:34:35 AM PST
To: (my email address redacted)
========= GENERAL INFORMATION =========
Merchant : PICTUREGLOBUS.COM
Date/Time : 13-Dec-2007 09:34:34 AM
Transaction ID : 1657880268
========= ORDER INFORMATION =========
Type : REFUND
Invoice Number :
Description :
Total : 9.87 (USD)
Payment Method : Visa
..SNIP
That HERMESELECTRO.COM caught my attention, it is a site with all bogus info.
»hermeselectro.com
Including the address:
and is also hidden from search engines: »hermeselectro.com/robots.txt
I see that the three laundering domains are all cloaked by the "hide a criminal" service of:
Registrant:
Domains by Proxy, Inc.
.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: IMAGLOBUS.COM
Created on: 26-Aug-07
Expires on: 26-Aug-08
Last Updated on: 26-Aug-07
.
Administrative Contact:
Private, Registration IMAGLOBUS.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599
All of these are the same:
pictureglobus.com IP 72.167.106.230
Support: Eric Robertson
e-mail: support@pictureglobus.com
tel: (210) 807-4272
templateglobus.com IP 72.167.23.251
Support: Eric Robertson
support@templateglobus.com
tel: (210) 807-4272
imaglobus.com IP 72.167.3.161
Support: Eric Robertson
support@imaglobus.com
tel: (210) 807-4272
hermeselectro.com IP 208.109.138.8 is registered to an individual in the UK, I assume a carded domain, "meshmesh1231@yahoo.com" is a give away:
Registrant:
GILLARD, SUSAN meshmesh1231@yahoo.com
11,MALLARD CLOSE
BEVERLEY, NORTH HUMBERSIDE HU17 7QG
United Kingdom
(01482) 873892
.
Registered through: GoDaddy.com, Inc.
Domain Name: HERMESELECTRO.COM
Created on: 15-Aug-07
Expires on: 15-Aug-08
Last Updated on: 15-Aug-07
.
Domain servers in listed order:
NS53.DOMAINCONTROL.COM
NS54.DOMAINCONTROL.COM
I also thought that I read a post probably by the mule somewhere, saying something like "Please stop making negative posts about our company, you are hurting sales". I will have to look back for it, amusing.
Trying to hunt down the a business registration that they need, in order to set up the merchant and bank accounts needed to launder the stolen money out of the country.
One of the questions is, if "Eric Robertson" is a real name. If so, obviously it would be the cyber-mules. I see the phone number used 210-807-4272 was originally assigned to Verizon Wireless in San Antonio, TX. It could have been subsequently ported, however, it clearly indicates that a local cyber-mule would have set this up. It could not have been done online.
I checked fictitious business name registrations in 3 Texas counties that may be relevant to this operation, Bexar County, Galveston County, and Harris County. So far, have not found anything relating to those web names, or for a Eric Robertson.
I suspect it will be a State of Texas LLC filing. I presume that they may use just the name "Globus", doing so would make it a catch all for the multiple domains that end in globus. However, a check with the State of Texas produces only a Globus Corp registered in 04/2006, to an individual with the last name Singh in Irving, TX. That is not a match, plus the name Globus is used by several legit entities. The search is still ongoing, as there is a need to identify the rest of the processing operation that is in place with this group.
The merchant account vetting process never ceases to amaze me.
Here we have a new web only businesses applying for, and receiving, a merchant account to process cards. As Doctor Olds points out, they are completly blocked from anyone finding them. Combine that with the fact that their domain registration is cloaked, and you have two ingredients that should immediately flag, and mostly definitely deny a merchant application. No internet only commercial venture should have a hidden domain registration, that procedure alone is synonymous with fraud.
MGD | |
| | | | | | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Re: pictureglobus.com, imaglobus.com, and templateglobus.com now said by Doctor Olds :.....BTW, Did you see the four names, addresses and numbers listed at the mpix forum on page two posted by stanmead? ........ Yes I did, which is why I included Galveston County in an initial FBN check. However, I believe those numbers were just pulled from a directory listing based on the names used in the emails and the local exchange of the 210-807-4272 number.
I would need to have more data that connects someone to the operation. A State LLC or a county FBN that ties a name and/or address directly to the operation. Lacking that, it is difficult to even speculate. If that number is still a cell phone then the cyber-mule could really be anywhere. Also lacking any filing data we don't know if those names are real. Plus Robertson is a very common name in that area.
Having a real name posted on the site would not be needed nor validated for merchant account vetting. The account applicant would have to show that the company is registered, and that they are an officer or registered agent. They would also need to supply proof that they own the domain.
It does appear that most of the correspondence with victims is coming from the cyber-mule.
There is something unusual with this group too, it appears that banks are now flagging the victim's accounts as compromised as soon as some of the charges appear. There are several reports of that happening. Makes me wonder if they have now flagged the fraudulent vendor in the system, or if they are aware some of those cards may have been compromised already from other data that they have, and were already categorized as such.
I have not checked to see who the merchant account gateway is with, or if that can be determined. Finding some of the business filings that would have been needed to open the merchant account is key.
MGD | |
| | | |
|
