dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
36370
share rss forum feed


Doug55

@comcast.net
reply to jswanson

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Please add LoadOfPhotos.com to the list. I was charged $9.87 today. Contacted BofA to reverse charge and get me a new card. Also had a pending charge from Michael P Andrew that has since been canceled. Load Of Photos is same site with Alex McGuire name and GoDaddy registration. Reported to IC3.



stockimagemixcom

@sbcglobal.net
reply to jswanson

I just recieved my cc statement and noticed the unauthorized charge from stockimagemix.com for $9.87. I called the number listed next to the charge and of course, it is not a working number. I immediately reported the fraud to my cc company. They credited the charge,flagged the account,cancelled the card/account number. I also filed a complaint with the Better Business Bureau (»www.bbbsoutheastflorida.org) and ic3.gov.

Without an address, I had to list the provided phone number(SE FL prefix)and URL. An address is required -- simply "Unknown" those areas of the form. Definitely provide the URL for this forum in your complaint.

I highly recommend that all victims follow up and do the same -- with enough pressure, HOPEFULLY, something will happen and these awful creatures will be stopped.


madneon

join:2003-12-22
Holloman Air Force Base, NM

Yes I too am a victim of Loadofphotos.com for 9.87 I have also replaced my card. I am VERY careful with my card any clues on how these people are getting hold of them and is loadofphotos a real web site because it it still up and running.


jswanson

join:2008-02-24
reply to jswanson

I would suggest to all victims who filed their fraud complaint only via the telephone to follow up with a letter addressed to the fraud department of your credit card company.

A physical letter addressed to you credit card company's fraud department will insure that your complaint is investigated as fraud vs. secretly "disputed" and swept under the rug. I would also suggest that in the letter you state that you have also filed a complaint through ic3.gov. After receiving my letter my credit card company immediately changed my charge reversal from "adjustment" to "fraud adjustment".

I know it is a lot of effort for $10 but if the credit card companies are forced to report this as fraud they will eventually work towards stopping the criminal operation.

Also, on the security forum there is more information on the Hannaford data breach. The credit card information was intercepted at the store during the transaction and then sent overseas...

»www.boston.com/business/articles···_grocer/


MGD
Premium,MVM
join:2002-07-31
kudos:9
reply to Doug55

said by Doug55 :

Please add LoadOfPhotos.com to the list. ...
Thank You, I have added them to the original list on the previous page

said by madneon:

Yes I too am a victim of Loadofphotos.com for 9.87 I have also replaced my card. I am VERY careful with my card any clues on how these people are getting hold of them and is loadofphotos a real web site because it it still up and running.




No they are a 100% fraud, fake site, just a front operation used to launder hijacked card data into cash. They are a subset of the larger: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto same modus-operandi.

It is very difficult to know for sure the source of the card data. It is doubtful that the data is coming from any recent e-commerce transactions since many of the cards are pre pinged before the charge. That tells us that they are testing the validity of the data before submitting the actual fraud charge. If the data was tied to actual recent transactions, that would not be necessary, since they would be known good data.

Somewhere behind this operation is a domestic cyber-mule who would have set up the merchant and banking accounts to process the fraud payments. What makes this this criminal operational group so disturbing is the complete lack of any vetting process whatsoever. The ability to set up and intergrate with the financial card processing system with such obvious fraudulent credentials is outrageous.

The websites are registered using GoDaddy's cloaking "hide a criminal" service called "Domainsby Proxy". That enables them to mask a clearly fraudulent domain registration. The sites contain no contact info, such as the business name that the merchant account was set up as. Just a bogus individuals name and voice mail phone number. Combine that with the fact that they are supposed to be selling an "intangible product", nothing to ship, and it just SCREAMS FRAUD. There isn't even any folders on the sites that contain graphic images that they are supposed to be selling. being blocked form search engines so no one could find them is just icing on the fraud cake.

We can go back and look at one of the earlier failed sites for an example of the deliberate obfuscation of the business registration chain.

The domain itself was cloaked via GoDaddy. they also own the cloaking service Domains by Proxy, Inc:


Registrant:
Domains by Proxy, Inc.
.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: ZENITHGRAPHIC.COM
Created on: 04-Oct-07
Expires on: 05-Oct-08
Last Updated on: 04-Oct-07


On this one only, the contact detail on the website included the name of the related LLC:




listed under the bogus names was:


Support: Alex McGuire
e-mail: support@zenithgraphic.com
tel: (504) 208-4860
.
General: Edris Hoover
info@zenithgraphic.com
tel: (505) 350-8506
.
Jupiter, LLC -------> LOOK
8210 Robin Ave NE
Albuquerque, NM 87110


So the suspected recruited cyber-mule would have registered a cover LLC from that 8210 Robin Ave NE, Albuquerque, NM 87110 address. A check of the New Mexico Division of Corporation's database confirms this:


New Mexico Public Regulation Commission
----------------------------------
JUPITER, LLC
SCC Number: 2937704
Tax & Revenue Number:
Organization Date: SEPTEMBER 18, 2007, in NEW MEXICO
Organization Type: DOMESTIC LIMITED LIABILITY
Organization Status: EXEMPT
Good Standing:
Purpose: N/R
----------------------------------
.
ORGANIZATION DATES
Taxable Year End Date:
Filing Date:
Expiration Date:
.
SUPPLEMENTAL POST MARK DATE
Supplemental:
----------------------------------
MAILING ADDRESS
8210 ROBIN AVE NE ALBUQUERQUE , NEW MEXICO 87110
PRINCIPAL ADDRESS
8210 ROBIN AVE NE ALBUQUERQUE NEW MEXICO 87110
PRINCIPAL ADDRESS (Outside New Mexico)
----------------------------------
.
REGISTERED AGENT
BUSINESS FILINGS INCORPORATED
.
123 EAST MARCY STREET SANTA FE NEW MEXICO 87501

Agent Designated:
Agent Resigned:
----------------------------------
.
COOP LICENSE INFORMATION
Number:
Type:
Expiration Year:
----------------------------------
.
ORGANIZERS
BUSINESS FILINGS INCORPORATED
----------------------------------
.
DIRECTORS
Date of Election of Directors:
----------------------------------

.
Since there are no reports of fraud charges under the zenithgraphic.com name, I assume the cyber-mule who registered Jupiter on behalf of the criminals dropped out before it got off the ground. All of the other sites hide that business information in order to preserve the fraud. No merchant account provider performing even minimal vetting would not authorize an account set up based on this configuration format.

It is bad enough that consumer's card data cannot be kept secure, but to then provide open door access to the merchant financial system so that the hijacked data can be readily laundered into cash, is nothing short of incredible negligence.

MGD


GINAH

@bledsoe.net
reply to MGD

Thank you for this information! Same thing happened to me. I had a charge on my bank account via my debit card from Michael P Hamilton for $9.64. Thanks to your post I understand better how this sort of thing works. I had a charge about six days ago from wiseegoods, llc with phone number 954-603-7710. I emailed the Fla. Attorney General's office and filed a complaint. I then found out that the Miramar Police Dept is investigating Wiseegoods and will likely be a federal case. So I am guessing that Wiseegoods and Michael P Hamilton are scams run by the same or similar crooks. Folks, please watch out for Wiseegoods also. Thanks again!!!



zippertrain

@covad.net
reply to jswanson

another victim...I check my credit card account on line and was surprised to see the charge, especially since I was at a funeral all day out of state...I have called visa and canceled my card and had a new card reissued. They have turned this over to their fraud department. I will also put a fraud alert with all the credit reporting companies and urge others to do so as well.


MGD
Premium,MVM
join:2002-07-31
kudos:9

2 edits
reply to GINAH

said by GINAH :

Thank you for this information! Same thing happened to me. ........... I had a charge about six days ago from wiseegoods, llc with phone number 954-603-7710. I emailed the Fla. Attorney General's office and filed a complaint. I then found out that the Miramar Police Dept is investigating Wiseegoods and will likely be a federal case. ........
You are welcome, and glad that you posted.

You are the first victim whose fraud charges actually tie this Globus / Pic / image scam subset back to the main template Ebook group »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto You have one fraud charge from each division. I assume they were on the same card, though there are victims who get hit on two different cards.

Thanks again, as this is the first time that I have seen a reference to Wiseegoods. Which apparently has been around since January of 2007, and is hosted on GoDaddy. I can confirm that they are in fact part of the main group, as there are several victim reports who also had additional fraud charges from other sites in the main group, Interactive designs, etc.

The domestic based portion of wiseegoods was set up by a duped US cyber-mule who was recruited via an employment offer.

wiseegoods.com AKA WISEEGOODS.COM LLC 954-603-7710
.



The domain is registered to the cyber-mule, which fits the pattern of the template group.


[wiseegoods.com IP 68.178.254.16]
.
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
.
Domain name: wiseegoods.com
.
Registrant Contact:
WiseEGoods.com LLC
Basil Lynch (thewisemanster@gmail.com)
+1.6109563936
Fax: +1.5555555555
16781 S.W. 36 Court
Miramar, FL 33027
US
.
Status: Locked
.
Name Servers:
ns1.secureserver.net
ns2.secureserver.net
.
Creation date: 15 Jan 2007 07:56:35
Expiration date: 15 Jan 2009 07:56:35


In addition, Mr. Lynch would have registered an LLC in order to obtain a business bank account, and merchant processing account which uses Authorize.net / Cybersource.
.


.

Florida Limited Liability Company
WISEEGOODS.COM LLC
.
Filing Information
Document Number L07000001015
FEI Number 113800709
Date Filed 01/03/2007
State FL
Status ACTIVE
.
Principal Address
16781 S.W. 36 COURT
MIRAMAR FL 33027
.
Mailing Address
16781 S.W. 36 COURT
MIRAMAR FL 33027
.
Registered Agent Name & Address
LYNCH, BASIL
16781 S.W. 36 COURT
MIRAMAR FL 33027 US
.
Manager/Member Detail
Name & Address
Title MGRM
LYNCH, BASIL
16781 S.W. 36 COURT
MIRAMAR FL 33027
.
Annual Reports
Report Year Filed Date
2008 03/07/2008


As usual, wiseegoods.com was set up exclusively to launder hijacked card data into cash, so it needed to be hidden from the rest of the internet, by blocking search engine archiving:




The cyber-mule, Mr Lynch, obviously would have been totally unaware of what he was setting himself up for. Once he is alerted, the merchant account should be closed immediately, the bank account frozen, and any recent foreign wire transfers of the fraudulent funds should try and be recovered. All communication with the crime syndicate should be stopped at once.

MGD

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 edit

1 recommendation

reply to jswanson

Hermes Electro AKA hermeselectro.com was first discussed in the original forum thread on the "globus" group here: »pictureglobus.com, imaglobus.com, and templateglobus.com now In that thread it was identified as a Command & Control hub site, because it was from that domain that victims were sent the bogus records of how their cards were used for account enrollments. Hong-Kong Content Trade AKA hkc-trade.com was subsequently identified earlier in this thread as an identical second C&C hub site.

They both list addresses in Hong Kong along with local voice mail telephone numbers. It has not been determined if those numbers are relaying calls elsewhere, or if there is a local management mule fielding calls on behalf of the criminals. There is little doubt that the real criminals operating this division, are also located in Russia and/or the Ukraine.

New evidence for this image / pic group show that people with online resumes are being directly targeted for cyber-mule recruitment. Here is an actual unsolicited pitch sent from online resume trolling.

quote:
From: hzhang@hkc-trade.com

Subject: Job.com Position offered to VICTIM NAME - $70k/year - Independent Representative Position

Dear "Potential Cyber-Mule"

My name is Haitao Zhang. I work as a Local Advisor for Honk-Kong Content Trade Company.

Your resume, found on job.com has been chosen by our HR department, and I would like to offer you the position of an Independent Representative we currently have available at our company.

Bellow I have provided some general information about our company and position description.

----------------------------------------------------------------------
About Versum Electro Company
----------------------------------------------------------------------
Honk-Kong Content Trade is a fast growing company working on the international market since 2002. We are proud to announce that it has been over 5 years of our successful operation. During this relatively short period of time we managed to build strong business relationships with all of our clients as well as created a bright team of motivated professionals.

The main activities of the company in Europe include but are not limited to:

- Electronic wholesales and retailing
- Online e-content sales
- E-business systems development

----------------------------------------------------------------------
Independent Representative Position
----------------------------------------------------------------------
In connection with forthcoming expansion into the United States market we are hiring an honest, punctual candidate for the Independent Representative position.

The primary role of the Independent Representative:

Provide support for contract and agreement registration, required for on-line trade platforms. Manage funds and organize profit distribution.

The position which is being offered implies both part-time and full-time involvement thus allowing you to adjust your schedule and allocate enough time to complete the required tasks. We will be helping and assisting you during the entire work process, providing all the necessary information, technical support and expert guidance.

The salary consists of two parts and will grow depending on your performance.
1. Base salary of $2000.00 (three thousand) US
2. 1% from sales (may grow up to 5%)

On average you will be receiving 4-5 thousand dollars each month during the first few month of your work.

Payments are made twice a month.

If you are interested in this offer and would like to receive more information, please send your resume and motivation letter to resume@hkc-trade.com

You can contact me about this position by:
Email: hzhang@hkc-trade.com
Phone: (+10) 852 8198 0664

You are also welcome to visit our website at: »www.hkc-trade.com

Your prompt response on this offer would be greatly appreciated.

Sincerely,

----------------------------------------------------------------------
Haitao Zhang
Local Advisor
Honk-Kong Content Trade Inc.
hzhang@hkc-trade.com

Phone: (+10) 852 8198 0664
»www.hkc-trade.com

.

The fraudulent funds from accounts set up in this pic/image/ globus group are confirmed as being laundered via these recent wire transfers out of US banks

One routing sends the stolen funds to FBME Bank Ltd (Federal Bank of the Middle East Ltd) headquartered in Nicosia, Cyprus, with foreign branches loacted in Russia and Tanzania. »www.fbme.com/ and »www.fbme.com/index.cfm?id=104

The fraudulent proceeds were routed out of the country via Deutsche Bank Trust Company, New York, »www.db.com/index_e.htm

The specific wire transfer details are:



Beneficiary Account: Name: VIDESS S.A No.: 073725
IBAN: CY2011501002073725USDCACC001
Beneficiary Bank: FBME BANK Limited,
Nicosia, Cyprus
Swift Code: FBMECY2N
Correspondent Bank: Deutsche Bank Trust Company,
New York, USA Swift
Code: BKTRUS33
Account No: 04-053-863



Note the beneficiary name VIDESS S.A from non other than the Ukraine:




A single web page, appears to be a jack of all nefarious trades website.

VIDESS S.A, AKA »videss.org just oozing with legitimacy:

quote:
"VIDESS" was founded during 2003 with professional staff, making custom graphic, web and 3D design, for the Internet Industry and over. We have a great experience and huge creative potential. The central "VIDESS" office is in Ukraine, but our ties and works are successfully used with the companies all over the world.

The videss.org domain has a cloaked registration:


Whois Record
Domain ID:D104264057-LROR
Domain Name:VIDESS.ORG
Created On:23-Apr-2004 20:03:36 UTC
Last Updated On:11-Mar-2008 23:52:19 UTC
Expiration Date:23-Apr-2012 20:03:36 UTC
Sponsoring Registrar:EstDomains, Inc. (R1345-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:PP-SP-001
Registrant Name:Domain Admin
Registrant Organization:PrivacyProtect.org
Registrant Street1:P.O. Box 97
Registrant Street2:All Postal Mails Rejected, visit Privacyprotect.org
Registrant Street3:
Registrant City:Moergestel
Registrant State/Province:
Registrant Postal Code:5066 ZH
Registrant Country:NL
Registrant Phone:+45.36946676
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:


They are hosted in New Jersey on Net Access Corporation (NAC.NET) on IP 64.21.13.112

A second recent transfer of funds from the fraudulent card billing of this group was sent to the account of BETA-METAL LTD located in Kyev, Ukraine, via a bank in Riga, Lativa called JSC Rietumu Banka »www.rietumu.com/eng.nsf/page?Rea···00372683



Beneficiary Name: BETA-METAL LTD
Beneficiary Address: Grushevskogo 28/2, Kyev, Ukraine. 01021
IBAN: LV55 RTMB 0006 0380 6245
(multicurrency)
Bank: JSC Rietumu Banka
Bank address: 54 Brivibas street, Riga, LV-1011,
LATVIA S.W.I.F.T.: RTMBLV2X



So far the only reference to BETA-METAL LTD that I can find is this: »64.233.169.104/search?q=cache:6L···=1&gl=us

Clearly, the names and addresses of the C&Cs in Honk Kong are a distraction, intended to throw the focus away from the real location. Find and follow the money !!

MGD
EDIT= formatting

SSSR

join:2005-04-30
Homer Glen, IL

I just got hit on 3/26 from STOCK IMAGE PLANET COM for $9.87 and I also have a temporary hold from WISEE GOODS LLC for $2.95. I'll be calling my bank to report this fraud.



Molly01

@comcast.net
reply to MGD

Thank you so much for the information. I have never dealt with this before and have now been hit twice in two days within the last week. Once for LoadofPhotos.com for $9.87 and over the weekend from Wiseegoods.com for $4.95. You were very informative and even though I have a new debit card coming, I think I will definitely follow up with a complaint or hand-written letter to help draw attention to this ridiculous new fear invading our everyday life.

Expand your moderator at work


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18
reply to MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot


MGD
Premium,MVM
join:2002-07-31
kudos:9

1 edit

1 recommendation

said by Doctor Olds:

Interesting results.....

.
Nice catch, what they all appear to have in common is a bad robots.txt file. They left out the forward slash ": / " after "Disallow", to specify "all", or the entire site. What that screw up does is disallow nothing, which yields an allow all. »stockimageplanet.com/robots.txt

A correct version, further above: »/r0/download/1···bots.png

Note to Igor in the Ukraine, being close, don't count.

MGD


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18

I'm glad you found the fingerprinting on why they all showed up. I forgot to look at the robots files so thank you very much for finding the "in common" error. Hopefully they will continue to make these and other errors on the way to their eventual demise.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?


jskdn

join:2006-05-12
Santa Cruz, CA
reply to SSSR

I too just had charges on my credit card bill from Stock Image Planet Com and WISEE GOODS for the same amounts as Molly01. It appears that they are trying to steal small amounts from large numbers of people. After reporting it I called back my credit card company to tell them about what I read here. I am afraid that they won't follow up on it through legal channels as they should. But they did try to sell me a service to watch my credit for $12.95 month.



Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18

said by jskdn:

After reporting it I called back my credit card company to tell them about what I read here. I am afraid that they won't follow up on it through legal channels as they should. But they did try to sell me a service to watch my credit for $12.95 month.
Isn't that just so great of them. First they pass on all losses to the customer in higher interest rates plus higher base fees and then they want to charge extra to protect your account instead of changing their way of doing business that allows these blatant thefts of small amounts to go untouched and left alone as if it were OK to be done.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?


EMZ

@verizon.net
reply to jswanson

Thank you for the information in this forum. I have just cancelled my credit card after seeing an item appeared in my Citiibank statement from PHOTOS PARADISE 214-7175031 TN for $8.88. The merchant category shows up as COMPUTERS, COMPUTER PERIPHERAL EQUIPMENT.

I found the following domain registration information which tracks with the culprits already listed in this forum:

Registrant:
HAITAO ZHANG
426 King's Road
Hong Kong, North Point --
Hong Kong

Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: PHOTOSPARADISE.COM
Created on: 12-Jan-08
Expires on: 13-Jan-09
Last Updated on: 12-Jan-08

Administrative Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
+852 8198 0611

Technical Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
+852 8198 0611

Domain servers in listed order:
NS07.DOMAINCONTROL.COM
NS08.DOMAINCONTROL.COM

Registry Status: clientDeleteProhibited
Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited



acadiel
Press fire to begin
Premium
join:2002-06-22
61705
kudos:2

1 recommendation

reply to jswanson

The Consumerist just picked this up.

»consumerist.com/385004/watch-out···comments

I wish they would have pointed here, because MGD has done quite a bit of work trying to find out who these scammers are.
--
acadiel's blog is here



kooooo

@rogers.com
reply to jswanson

Can someone explain to me how this scam makes money? Don't chargebacks cost a merchant $20-$30 per incident? Also, if your chargeback rates are too high, it's my understanding you lose your merchant account.



pcdebb
RIP lil hurricane
Premium
join:2000-12-03
Brandon, FL
kudos:5
Reviews:
·Bright House

said by kooooo :

Can someone explain to me how this scam makes money? Don't chargebacks cost a merchant $20-$30 per incident? Also, if your chargeback rates are too high, it's my understanding you lose your merchant account.
essentially for every chargeback (read: each transaction that is caught by the account holder) there is, there is 100 that will go undetected. and they are probably registered with a merchant (authorize.net for example) that dont care.
--
a time for change... | 1st & 10 | Ham is good


Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18
reply to kooooo

said by kooooo :

Can someone explain to me how this scam makes money? Don't chargebacks cost a merchant $20-$30 per incident? Also, if your chargeback rates are too high, it's my understanding you lose your merchant account.
At $50,000 per month, they don't care that much until the Charge Backs freeze/lock/close the account and that makes them open ten (10) more sites with ten (10) new Merchant Accounts. They have a separate group that does nothing but recruit mules to setup these sites.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

reply to kooooo

said by kooooo :

Can someone explain to me how this scam makes money? ....
To add to what pcdebb See Profile and Doctor Olds See Profile posted.

The essence of the scheme is that a considerable percentage of the victims may not catch the charge. It can easily be overlooked when an account has multiple cards that are in frequent use. In some cases a person may think their spouse made the charge, and vice versa.

The amounts of the fraudulent charges vary between $3 and $15 and are below the threshold where many people will actively pursue it. Several victims have reported that when they finally caught on, they went back over prior statements, and found several months worth of charges that went unnoticed.

For those that catch and pursue it, there is always a phone number listed on the line item charge, and also listed on the contact info on the hidden website. When a victim calls, the criminals will issue an immediate credit for the charge, and thus avoid the high chargeback fee. In fact, the banks unwittingly assist the criminals sustain each fraudulent operation by telling the cardholder to contact the merchant directly, first. That is exactly what the syndicate wants to happen if the victim discovers the charge, and pursues it.

That is why it is crucial that a victim report the charge as "fraudulent", and insist that it is classified as such. Besides triggering the card to be replaced, it will also generate a chargeback. It is the increasing chargeback ratio that usually causes the merchant account to be cancelled... eventually. Some of these individual sites have been in operation for well over a year. I have seen some that went down in a few months, it all depends on the mix of victims. If the criminals could issue credits to all the victims who complained then the account may never trigger an alert.

I am aware of one specific instance where the criminals were notified about the growing ratio of chargebacks. They responded that their site was being abused by "criminals" trying to buy items with stolen card data. The account rep's response was that after reviewing their website, they should institute an account enrollment policy where purchasers are required to enroll before being able to complete a transaction. He said that would be a deterrent to keep fraudsters away. The criminals responded that this was an excellent suggestion, thanked him, and said that they would immediately adopt that new procedure.

Copies of the criminals handbook/operational manual published in the other thread, show that the merchant account application for each fake site lists an anticipated mpnthly billing revenue of between $40,000 to $50,000 per site. One recent interception had records showing ~ $180,000 successfully processed in less than 4 months, and included a $20,000 wire transfer in the process of heading out to Cyprus being recalled. There can be a lag time of 30 to 60 days for all charge backs to filter through. A rough estimate is that 35 to 40, or more, sites are fully active at any given time. It is an assembly line process, new sites are being created all the time.

Once an operation is up and running, it is only excessive chargebacks that can bring it down, that, or the duped cyber-mule catching on. Because of the trivial amount, many victims are told by the issuing bank to contact the vendor directly "it is probably a billing error, or a purchase that you do not recognize".

Remember the criminals have perfected this operation over many years. They know exactly where the weak points are in the system and how to capitalize on them. One example of that, was a sting operation where potential roadblocks were created during the set up process, in order to confirm known theories of the operation. One of the fake websites that was already set up awaiting the cyber-mules merchant account approval, had the domain registered in a different state with a victim's card, and listed in their name. The syndicate was told that the merchant account approval was on hold, because Authorize.net had questioned why the related website was registered to someone other than the LLC that was applying for the account. The criminals responded that this could not be a valid reason for the hold up, because they knew that authorize.net nor the bank, never checks to see who owns the domain for the website that the LLC that was applying for the merchant account for.

Also, the criminals have recently began to address the excessive charge back ratio by submitting fake documents to the banks in response to dispute notices. They provide a false log of a user id and password including an IP address that the victim supposedly used to set up the account with. There is at least one recent victim report of the bank reversing and reinstating the fraud charge, upon receipt of those false documents.

MGD



kooooo

@rogers.com

Amazing post. Thanks for taking the time.



CW

@cbpu.com
reply to jswanson

My dad just got the photosmix.com charge and thanks to this post we're getting everything fixed.


Zenith

join:2008-03-12
Danville, IL

1 edit
reply to MGD

I copied your "how it works post" and pasted it into a word document. Hope you don't mind. Would you have a problem with my pasting it on other forums that may be discussing these type scams?



Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18

As long as you credit it being authored by MGD See Profile and include a link back to the post,,,,,, I would guess he would not mind, but I am guessing and cannot speak for him.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?