Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot in Spam, Scam and Phishbusters

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 10 Jul 2008 18:36:46 EDT

said by mrchris :

Why do these folks bother making these websites when you can find what you want for free if you looked hard enough on Google?

They are not making these sites to sell anything. If you had read any of MGD 's posts in detail you would see that the majority (if not all) of these fake web sites use a special ROBOTS.TXT file that hides them from search engines and web indexers on purpose as they really don't want people/customers going to their sites. They are fronts for a well organized and large criminal enterprise in the former Soviet Block than funnel up to $50,000 USD per month through each front web site making fraudulent charges to Credit Cards.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 10 Jul 2008 13:01:54 EDT

mrchris : Why do these folks bother making these websites when you can find what you want for free if you looked hard enough on Google?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Mon, 07 Jul 2008 22:05:07 EDT

MGD : Looks like Godaddy has suspended mobileglobus.com for invalid whois data. Maybe the real Bill Hutchinson of 3100 Monticello got tired of fielding calls, about the domain that he did not register.

GoDaddy Whois results:

Domain Status: On-hold

Error Message
Server response:
mobileglobus.com

This domain name has been suspended due to invalid Whois information.

If you are the registrant of this domain name please contact us at: invalidwhois[at]secureserver.net

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 31 May 2008 18:50:22 EDT

MGD :

said by Almost Defrauded :

...... I mentioned this to the guy from the bank and he seemed disinterested, told me the charge had been reversed and got me off the phone before I got to the juicy stuff on this thread or had a chance to insist they cancel the account and issue a new card. ....

That is a common occurence because of the amount.

said by Almost Defrauded :

...... Should I expect them to continue to charge the account? ....

Yes, guaranteed to happen.

said by Almost Defrauded :

...... I'm guessing I should be getting the card canceled and a new card issued...

Yes, that is the only way to stop the process. They have your card data and will continue to use it.

said by Almost Defrauded :

...... I went back and saw no other fraudulent activity for the last year but I did notice an authorization about 9 months ago from FRONTIER EQUITI for $1.00 that never was charged. Has anyone else seen that entity tied to this crime ring? I'm guessing it was a check to make sure the card would work.

Thanks again for posting on this topic.

I do not recall seeing that name, however, you are correct in that the cime syndicate routinely pings a portion of the hijacked card where the current status is unknown. Over the years they accomplish this validation by routinely hijacking legitimate merchant accounts of small businesses to ping them. They will run several thousand pings, usually over the weekend when the business is closed, sticking them with a hefty bill for the process.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 31 May 2008 15:31:00 EDT

anon : I noticed a charge this morning on my account for $2.56 from IMAGESPARADISE.COM that did not look familiar so I called my bank (Bank of America) to dispute it. When I finally got a live person I happened to be doing a google search on the site and came across this thread and others indicating the fruadulent nature of the company. I mentioned this to the guy from the bank and he seemed disinterested, told me the charge had been reversed and got me off the phone before I got to the juicy stuff on this thread or had a chance to insist they cancel the account and issue a new card.

So it looks like they are trying smaller dollar amounts now.

Should I expect them to continue to charge the account? I'm guessing I should be getting the card canceled and a new card issued...I went back and saw no other fraudulent activity for the last year but I did notice an authorization about 9 months ago from FRONTIER EQUITI for $1.00 that never was charged. Has anyone else seen that entity tied to this crime ring? I'm guessing it was a check to make sure the card would work.

Thanks again for posting on this topic.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 24 May 2008 17:23:21 EDT

MGD : OOOPS !!, to see those empty contents when you click on the above links you will be redirected to a "secure login" The account is: user ID = test password = test.

Then click on "access gallery"

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 24 May 2008 17:17:22 EDT

MGD : If you recall in an earlier post, Mr. Allison told me that he knew of several people personally that dowloaded intangibles from the mobileglobus.com site and were "very happy" with the "products".

The problem is that there is nothing to download from the fraudulent site. The vetting standards are so low, or non existant, that there is no need to even complete the fake site.

A login gets you to here:

[att=1]

A generates a script error:

Warning: Smarty error: math: parameter y is empty in /home/content/g/d/f/gdfg34453/html/libs/Smarty.class.php on line 1095

The field set for a credit card number is assigned as a "text" entry, and always generates an error:

Note the "text":
Card Number
input name="card" type="text" id="card"

[att=3]

Sign in and review the available downloads, and you are greeted by, Nothing:

[att=2]

Links for all the empty graphics such as: »https://www.mobileglobus.com/themes/natu···t011.thm

yield:

[att=4]

You can bypass log in and see these for yourself:
»https://www.mobileglobus.com/index.php?a···e&page=2 Try any page number, any category, empty !!

»https://www.mobileglobus.com/index.php?a···=cartoon

»https://www.mobileglobus.com/index.php?a···abstract

»https://www.mobileglobus.com/index.php?a···y=animal

»https://www.mobileglobus.com/index.php?a···ery=land

»https://www.mobileglobus.com/index.php?a···ery=cars

This is all nothing new, In December of 2007, one brave soul used a virtual card to enroll in one of the fraud globus group sites just to see what was there. Of course as expected he found nothing to download:

quote:
JDDD

Re: Heard of Picture globus??

Okay, So i have one of those nifty options for my card to get a "temporary" card number for online purchases. I paid the $2.99 to see if the site was a scam. Sure enough it is. they claim to be a stock photo company. You pay a monthly fee and download as many images as you want. the charge is $9.99 a month so that is what they charged you for, 1 month of service. However (and this is the funny part) They are letting people register and sign up for subscriptions but they do not have a SINGLE image available. nothing, nada, zilch. So I would recommend staying away from this site and if you do decide to PLEASE DON'T GIVE THEM YOUR REAL CARD NUMBER AND INFO.

hope this helps save some of you some headaches.

REF: »community.mpix.com/forums/t/5825···eIndex=1

There is a posting on Fatwallet from early December 2007 where Allison's apparent partner Eric Robertson, IM's a member who complained of the fraud charges and asked him:

quote:
........I would also like to ask you to either remove the thread from the forum or delete our company's name from the topic name. We are just starting out and this thread is harming our business. I hope that you understand it is not our fault that someone used your card to register with us..........

»www.fatwallet.com/forums/finance/782097

It is hard to believe that almpst a half year later, one of these cyber-mules has not figured it out. Just searching under any of the mutiple names would produce pages of fraud data for them to see.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 24 May 2008 16:25:01 EDT

MGD :

said by K Patterson :

Man, is he in for a surprise. .....

I hope it happens sooner than later.

said by K Patterson :

....One alternative would be to let Bill Hutchinson know how he has been implicated in this fraud. My guess is that he may have some ways of getting thru to Mr. Allison. It looks like it was his card that was used.

Kip

After reviewing my notes, apparently I missed listing one of the earlier sites on that list.

PHOTOMERIDIAN.COM »PHOTOMERIDIAN.COM

Was operating in the last quarter of 2007.
»www.google.com/search?hl=en&q=PH···e+Search


Registrant:
   Domains by Proxy, Inc.
   DomainsByProxy.com
   15111 N. Hayden Rd., Ste 160, PMB 353
   Scottsdale, Arizona 85260
   United States
 
   Domain Name: PHOTOMERIDIAN.COM
      Created on: 26-Aug-07
      Expires on: 26-Aug-08
      Last Updated on: 26-Aug-07

on 11/06/2007 a poster reported the link

quote:
Follow the link and get this message:

"This site is currently unavailable.

If you are the owner of this site, please contact us at 1-480-505-8855 at your earliest convenience."

Something's up for sure.

»www.dpchallenge.com/forum.php?ac···D=691308

Godaddy's failure to either promptly address these criminal's using their services for free, or keeping them from re-enrolling with fraudulent payments is totally irresponsible.

Worse yet, Mr. Allison's MOBILEGLOBUS.COM site is back up and running »mobileglobus.com courtesy of GoDaddy free hosting.

[att=1][att=2]

Support: Eric Robertson
e-mail: support@mobileglobus.com
tel: (210) 807-4272

»www.google.com/search?hl=en&q=210-807-4272+

Still not back is Mr. Allison's personal sites for Mike Allison Communications, LLC and
Mike Allison Consulting. Those are presumably the LLCs that the authorize.net merchant accounts are under.

[att=3]

Nor do we know the other two sites that Allison has running. Though I see photogeyser.com »photogeyser.com is still active.

Still no return calls from Allison, so his current activity status is unknown. However with the site going back up, it is presumed that he is still firmly planted in the crime syndicates corner. He may be considered a "dream catch" recruit by any organized crime syndicate.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 22 May 2008 19:38:03 EDT

anon : Thanks, here is the PDF attachment

WhoIs mobile···obus.pdf

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Wed, 21 May 2008 15:37:59 EDT

Doctor Olds :

said by gant :

I have a PDF file that I printed off the GoDaddy WhoIs listing yesterday, to confirm what they were showing yesterday. Unfortunately I cannot see how to attach it to this post.

Type your post, hit Preview, and on the left is a new button that reads "+ upload attachments". Now click that and a new section expands with 4 spots for adding files. Browse to the file you want to attach and then click Upload attachment.

[att=1][att=2]
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Wed, 21 May 2008 14:17:18 EDT

anon :

said by K Patterson :

That just doesn't make sense. Bill Hutchinson is a heavy hitter - Romney's campaign committee, for instance.

did ddigital get the site name wrong? There is only a placeholder at mobileglobus.com.
...

This I did not know. In case of doubt, I have a PDF file that I printed off the GoDaddy WhoIs listing yesterday, to confirm what they were showing yesterday. Unfortunately I cannot see how to attach it to this post.

A good friend in Florida was scammed this month from "mobileglobus.com" therefore I googled this name and followed the links - and then I found this (your) web forum with lots of useful information, Also sustained hard work by MGD - well done.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 20 May 2008 22:34:09 EDT

K Patterson : Man, is he in for a surprise.

One alternative would be to let Bill Hutchinson know how he has been implicated in this fraud. My guess is that he may have some ways of getting thru to Mr. Allison. It looks like it was his card that was used.

Kip

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 20 May 2008 19:22:42 EDT

MGD : GoDaddy has apparently taken down mobileglobus.com. In the 05/17 post above by "ddigital" the domain was privacy cloaked by GoDaddy's Domains by Proxy, Inc service. When GoDaddy pulls a site and/or revokes the domain, they remove the cloaking service. The registration posted above by "gant" is how the criminals registered the domain back on 01/28. Probably paid for with hijacked card data, and registered in the victim's name. They they used the same card to pay for the domain cloaking service to make it harder to track and shut down.

I spoke with Mike Allison several days ago, thanks to info provided by mae_aa419 Mike was running merchant accounts for three websites including mobileglobus.com. He also ran merchant accounts for several of the previous "globus" sites that are now shut down. Mike is completely duped and insisted that he is running a legit operation. When asked about the fraudulent charges on all the previous sites listed for him that are now defunct, he stated that someone hacked into them and stole their products using dozens of stolen credit cards.!! Mike stated that he was expanding his operation by hiring staff, because the business was doing so well and expanding.

Mr. Allison was adamant that he was running a legitimate business operation in partnership with Hermeselectro.com. He refused to name the other two websites that are currently in operation. Also, he refused to state where he wires the proceeds, other than to confirm it is a foreign country. He did acknowledge that they all use authorize.net as a payment gateway. Mike also stated that he was aware of several people that had purchased tangible products from the sites, and were very happy with them. I told him that this was not possible.

I sent Mike several links to show him the robust documentation of the fraud, and the crime syndicate behind it. I also gave him contact information for a Texas police officer that he should call, who would corroborate what I told him. Mike was going to digest this information and then get back with me, he has not. He also has not returned any of my subsequent calls.

At the time I contacted Mike, both mobileglobus.com and Mike's personal site: mikeallisoncommunications.reliabilitymall.com were active. Without followup contact it is impossible to know if he informed the criminals and they convinced him to go into hide mode. if so, they may have him wire funds abroad daily, to keep the account balance low.

Go here: »www.data.bbb.org/houston/search.html and enter "Mike Allison" in the search box.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 20 May 2008 17:28:44 EDT

K Patterson : That just doesn't make sense. Bill Hutchinson is a heavy hitter - Romney's campaign committee, for instance.

did ddigital get the site name wrong? There is only a placeholder at mobileglobus.com.

Edit: Looking at cached pages in Google, it appears that it once was a fraud site.

The whois was updated today. I wonder if somebody put Hutchinson's name in there as a red herring??

Kip

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 20 May 2008 17:06:38 EDT

anon : I turned up the following:

Registrant:
Bill Hutchinson
3100 Monticello
Dallas, Texas 75205
United States
Registered through: GoDaddy.com, Inc.
(»www.godaddy.com)
Domain Name: MOBILEGLOBUS.COM
Created on: 28-Jan-08
Expires on: 28-Jan-09
Last Updated on: 20-May-08
Administrative Contact:
Hutchinson, Bill BillHutchinson@live.com
3100 Monticello
Dallas, Texas 75205
United States
(214) 443-4225
Technical Contact:
Hutchinson, Bill BillHutchinson@live.com
3100 Monticello
Dallas, Texas 75205
United States
(214) 443-4225
Domain servers in listed order:
NS21.DOMAINCONTROL.COM
NS22.DOMAINCONTROL.COM

Bill is one of Dunhill Partners:
»www.dunhillpartners.com/team.html

Houston BBB info links another name to "mobileglobus":

Mike Allison Communications, LLC
563 Bird Song
League City, TX 77573
(281) 332-9334
www.mobileglobus.com
www.mikeallisoncommunications.reliabilitymall.com
Mike Allison Consulting
563 Bird Song
League City, TX 77573
(281) 332-9334
www.mobileglobus.com
www.mikeallisoncommunications.reliabilitymall.com

Hope this helps!!
Discalimer: All the above are of course entirely coincidental

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 17 May 2008 14:16:01 EDT

anon : I've been hit by the same scam, only it appears that there is a new domain *and* a new company to add to the mix.

The domain name is mobileglobus.com. A whois entry doesn't turn up much as they have registered it via proxy:

================
Registrant:
Domains by Proxy, Inc.

Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: MOBILEGLOBUS.COM

Domain servers in listed order:
NS21.DOMAINCONTROL.COM
NS22.DOMAINCONTROL.COM
=================

The web site pattern matches the other scam image sites. The amount I was charged was $9.87.

The second charge was through a "P&P Services Inc". The link below (also mentioned earlier in this thread) makes reference to the same company:

»www.ripoffreport.com/reports/0/3···6667.htm

The charge in this case was less; it was $5.56. Anyone have any ideas how to investigate this "P&P Services Inc" any further? A basic Google search doesn't turn up much.

BTW, great job on tracking all of this!

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 16 May 2008 08:36:41 EDT

JJBrannon : I was hit with a photosmix.com in my last billing cycle which I caught last evening while reviewing my accounts.

The charge stood out like a nudist at a church service because this account -- my oldest credit card -- has only been used for about the last two years for a 4% balance transfer I was paying down.

But the reaction of the card issuer's security department was worse than the charge. They sought to terminate the account and issue a new number without any guarantee that this wouldn't adversely affect my credit history.

As a former credit investigator for a credit card bank myself, I thought it likely that this action would erase my longest credit record and my FICO rating.

JJB

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 04 May 2008 15:23:18 EDT

anon : Don't know if it's relevant, but all of this reminds me of a scam I was reading about on the Paypal/ebay forums a few months ago. feebay removed the thread from their forum, but here's some background:

»voip-hype.com/voip-provider-beta···-a-scam/

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 02 May 2008 08:34:50 EDT

K Patterson : I took the liberty of starting a new topic, hoping that others will add text or links for each of the frauds listed and that it will be stickied.

"The FBI wants you to know:"

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 02 May 2008 07:18:57 EDT

pleekmo :

said by Zenith :

said by Doctor Olds :

As long as you credit it being authored by MGD and include a link back to the post,,,,,, ;) I would guess he would not mind, but I am guessing and cannot speak for him.

I would credit it to MGD for sure. MGD is doing a good thing and deserves all credit for the impact that's been made against the bad guys.

I copied and pasted the analysis into my blog but also noted that I'd cribbed it from here and gave links to this thread and another similar one here, as well. Though perhaps I should give a more explicit credit...
--
HCN: Because you deserve a rest!

Proud member of the Free Omelas Liberation Front.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 01 May 2008 19:50:04 EDT

Zenith :

said by Doctor Olds :

As long as you credit it being authored by MGD and include a link back to the post,,,,,, ;) I would guess he would not mind, but I am guessing and cannot speak for him.

I would credit it to MGD for sure. MGD is doing a good thing and deserves all credit for the impact that's been made against the bad guys.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 01 May 2008 18:57:42 EDT

Doctor Olds : As long as you credit it being authored by MGD and include a link back to the post,,,,,, ;) I would guess he would not mind, but I am guessing and cannot speak for him.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 01 May 2008 18:41:49 EDT

Zenith : I copied your "how it works post" and pasted it into a word document. Hope you don't mind. Would you have a problem with my pasting it on other forums that may be discussing these type scams?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 01 May 2008 17:49:49 EDT

anon : My dad just got the photosmix.com charge and thanks to this post we're getting everything fixed. :D

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 29 Apr 2008 19:27:21 EDT

anon : Amazing post. Thanks for taking the time.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 29 Apr 2008 18:16:47 EDT

MGD :

said by kooooo :

Can someone explain to me how this scam makes money? ....

To add to what pcdebb and Doctor Olds posted.

The essence of the scheme is that a considerable percentage of the victims may not catch the charge. It can easily be overlooked when an account has multiple cards that are in frequent use. In some cases a person may think their spouse made the charge, and vice versa.

The amounts of the fraudulent charges vary between $3 and $15 and are below the threshold where many people will actively pursue it. Several victims have reported that when they finally caught on, they went back over prior statements, and found several months worth of charges that went unnoticed.

For those that catch and pursue it, there is always a phone number listed on the line item charge, and also listed on the contact info on the hidden website. When a victim calls, the criminals will issue an immediate credit for the charge, and thus avoid the high chargeback fee. In fact, the banks unwittingly assist the criminals sustain each fraudulent operation by telling the cardholder to contact the merchant directly, first. That is exactly what the syndicate wants to happen if the victim discovers the charge, and pursues it.

That is why it is crucial that a victim report the charge as "fraudulent", and insist that it is classified as such. Besides triggering the card to be replaced, it will also generate a chargeback. It is the increasing chargeback ratio that usually causes the merchant account to be cancelled... eventually. Some of these individual sites have been in operation for well over a year. I have seen some that went down in a few months, it all depends on the mix of victims. If the criminals could issue credits to all the victims who complained then the account may never trigger an alert.

I am aware of one specific instance where the criminals were notified about the growing ratio of chargebacks. They responded that their site was being abused by "criminals" trying to buy items with stolen card data. The account rep's response was that after reviewing their website, they should institute an account enrollment policy where purchasers are required to enroll before being able to complete a transaction. He said that would be a deterrent to keep fraudsters away. The criminals responded that this was an excellent suggestion, thanked him, and said that they would immediately adopt that new procedure.

Copies of the criminals handbook/operational manual published in the other thread, show that the merchant account application for each fake site lists an anticipated mpnthly billing revenue of between $40,000 to $50,000 per site. One recent interception had records showing ~ $180,000 successfully processed in less than 4 months, and included a $20,000 wire transfer in the process of heading out to Cyprus being recalled. There can be a lag time of 30 to 60 days for all charge backs to filter through. A rough estimate is that 35 to 40, or more, sites are fully active at any given time. It is an assembly line process, new sites are being created all the time.

Once an operation is up and running, it is only excessive chargebacks that can bring it down, that, or the duped cyber-mule catching on. Because of the trivial amount, many victims are told by the issuing bank to contact the vendor directly "it is probably a billing error, or a purchase that you do not recognize".

Remember the criminals have perfected this operation over many years. They know exactly where the weak points are in the system and how to capitalize on them. One example of that, was a sting operation where potential roadblocks were created during the set up process, in order to confirm known theories of the operation. One of the fake websites that was already set up awaiting the cyber-mules merchant account approval, had the domain registered in a different state with a victim's card, and listed in their name. The syndicate was told that the merchant account approval was on hold, because Authorize.net had questioned why the related website was registered to someone other than the LLC that was applying for the account. The criminals responded that this could not be a valid reason for the hold up, because they knew that authorize.net nor the bank, never checks to see who owns the domain for the website that the LLC that was applying for the merchant account for.

Also, the criminals have recently began to address the excessive charge back ratio by submitting fake documents to the banks in response to dispute notices. They provide a false log of a user id and password including an IP address that the victim supposedly used to set up the account with. There is at least one recent victim report of the bank reversing and reinstating the fraud charge, upon receipt of those false documents.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 29 Apr 2008 17:26:36 EDT

Doctor Olds :

said by kooooo :

Can someone explain to me how this scam makes money? Don't chargebacks cost a merchant $20-$30 per incident? Also, if your chargeback rates are too high, it's my understanding you lose your merchant account.

At $50,000 per month, they don't care that much until the Charge Backs freeze/lock/close the account and that makes them open ten (10) more sites with ten (10) new Merchant Accounts. They have a separate group that does nothing but recruit mules to setup these sites.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 29 Apr 2008 16:35:28 EDT

pcdebb :

essentially for every chargeback (read: each transaction that is caught by the account holder) there is, there is 100 that will go undetected. and they are probably registered with a merchant (authorize.net for example) that dont care.
--
a time for change... | 1st & 10 | Ham is good

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 29 Apr 2008 16:01:14 EDT

anon : Can someone explain to me how this scam makes money? Don't chargebacks cost a merchant $20-$30 per incident? Also, if your chargeback rates are too high, it's my understanding you lose your merchant account.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Mon, 28 Apr 2008 21:09:07 EDT

acadiel : The Consumerist just picked this up.

»consumerist.com/385004/watch-out···comments

I wish they would have pointed here, because MGD has done quite a bit of work trying to find out who these scammers are.
--
acadiel's blog is here

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Mon, 21 Apr 2008 12:07:30 EDT

anon : Thank you for the information in this forum. I have just cancelled my credit card after seeing an item appeared in my Citiibank statement from PHOTOS PARADISE 214-7175031 TN for $8.88. The merchant category shows up as COMPUTERS, COMPUTER PERIPHERAL EQUIPMENT.

I found the following domain registration information which tracks with the culprits already listed in this forum:

Registrant:
HAITAO ZHANG
426 King's Road
Hong Kong, North Point --
Hong Kong

Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: PHOTOSPARADISE.COM
Created on: 12-Jan-08
Expires on: 13-Jan-09
Last Updated on: 12-Jan-08

Administrative Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
+852 8198 0611

Technical Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
+852 8198 0611

Domain servers in listed order:
NS07.DOMAINCONTROL.COM
NS08.DOMAINCONTROL.COM

Registry Status: clientDeleteProhibited
Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 15 Apr 2008 19:34:22 EDT

Doctor Olds :

said by jskdn :

After reporting it I called back my credit card company to tell them about what I read here. I am afraid that they won't follow up on it through legal channels as they should. But they did try to sell me a service to watch my credit for $12.95 month.

Isn't that just so great of them. First they pass on all losses to the customer in higher interest rates plus higher base fees and then they want to charge extra to protect your account instead of changing their way of doing business that allows these blatant thefts of small amounts to go untouched and left alone as if it were OK to be done.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 15 Apr 2008 19:23:27 EDT

jskdn : I too just had charges on my credit card bill from Stock Image Planet Com and WISEE GOODS for the same amounts as Molly01. It appears that they are trying to steal small amounts from large numbers of people. After reporting it I called back my credit card company to tell them about what I read here. I am afraid that they won't follow up on it through legal channels as they should. But they did try to sell me a service to watch my credit for $12.95 month.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 10 Apr 2008 04:28:30 EDT

Doctor Olds : I'm glad you found the fingerprinting on why they all showed up. I forgot to look at the robots files so thank you very much for finding the "in common" error. Hopefully they will continue to make these and other errors on the way to their eventual demise. ;)
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 10 Apr 2008 02:58:21 EDT

MGD :

said by Doctor Olds :

Interesting results.....

.
Nice catch, what they all appear to have in common is a bad robots.txt file. They left out the forward slash ": / " after "Disallow", to specify "all", or the entire site. What that screw up does is disallow nothing, which yields an allow all. »stockimageplanet.com/robots.txt

A correct version, further above: »/r0/download/1···bots.png

Note to Igor in the Ukraine, being close, don't count.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 10 Apr 2008 00:18:43 EDT

Doctor Olds : Interesting results.....

»www.google.com/search?q=%22Our+w···filter=0

[att=1]

Regards,

Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 08 Apr 2008 19:19:07 EDT

anon : Thank you so much for the information. I have never dealt with this before and have now been hit twice in two days within the last week. Once for LoadofPhotos.com for $9.87 and over the weekend from Wiseegoods.com for $4.95. You were very informative and even though I have a new debit card coming, I think I will definitely follow up with a complaint or hand-written letter to help draw attention to this ridiculous new fear invading our everyday life.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 03 Apr 2008 21:19:04 EDT

SSSR : I just got hit on 3/26 from STOCK IMAGE PLANET COM for $9.87 and I also have a temporary hold from WISEE GOODS LLC for $2.95. I'll be calling my bank to report this fraud.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 01 Apr 2008 05:06:31 EDT

MGD : Hermes Electro AKA hermeselectro.com was first discussed in the original forum thread on the "globus" group here: »pictureglobus.com, imaglobus.com, and templateglobus.com now In that thread it was identified as a Command & Control hub site, because it was from that domain that victims were sent the bogus records of how their cards were used for account enrollments. Hong-Kong Content Trade AKA hkc-trade.com was subsequently identified earlier in this thread as an identical second C&C hub site.

They both list addresses in Hong Kong along with local voice mail telephone numbers. It has not been determined if those numbers are relaying calls elsewhere, or if there is a local management mule fielding calls on behalf of the criminals. There is little doubt that the real criminals operating this division, are also located in Russia and/or the Ukraine.

New evidence for this image / pic group show that people with online resumes are being directly targeted for cyber-mule recruitment. Here is an actual unsolicited pitch sent from online resume trolling.

quote:
From: hzhang@hkc-trade.com

Subject: Job.com Position offered to VICTIM NAME - $70k/year - Independent Representative Position

Dear "Potential Cyber-Mule"

My name is Haitao Zhang. I work as a Local Advisor for Honk-Kong Content Trade Company.

Your resume, found on job.com has been chosen by our HR department, and I would like to offer you the position of an Independent Representative we currently have available at our company.

Bellow I have provided some general information about our company and position description.

----------------------------------------------------------------------
About Versum Electro Company
----------------------------------------------------------------------
Honk-Kong Content Trade is a fast growing company working on the international market since 2002. We are proud to announce that it has been over 5 years of our successful operation. During this relatively short period of time we managed to build strong business relationships with all of our clients as well as created a bright team of motivated professionals.

The main activities of the company in Europe include but are not limited to:

- Electronic wholesales and retailing
- Online e-content sales
- E-business systems development

----------------------------------------------------------------------
Independent Representative Position
----------------------------------------------------------------------
In connection with forthcoming expansion into the United States market we are hiring an honest, punctual candidate for the Independent Representative position.

The primary role of the Independent Representative:

Provide support for contract and agreement registration, required for on-line trade platforms. Manage funds and organize profit distribution.

The position which is being offered implies both part-time and full-time involvement thus allowing you to adjust your schedule and allocate enough time to complete the required tasks. We will be helping and assisting you during the entire work process, providing all the necessary information, technical support and expert guidance.

The salary consists of two parts and will grow depending on your performance.
1. Base salary of $2000.00 (three thousand) US
2. 1% from sales (may grow up to 5%)

On average you will be receiving 4-5 thousand dollars each month during the first few month of your work.

Payments are made twice a month.

If you are interested in this offer and would like to receive more information, please send your resume and motivation letter to resume@hkc-trade.com

You can contact me about this position by:
Email: hzhang@hkc-trade.com
Phone: (+10) 852 8198 0664

You are also welcome to visit our website at: »www.hkc-trade.com

Your prompt response on this offer would be greatly appreciated.

Sincerely,

----------------------------------------------------------------------
Haitao Zhang
Local Advisor
Honk-Kong Content Trade Inc.
hzhang@hkc-trade.com

Phone: (+10) 852 8198 0664
»www.hkc-trade.com

.

The fraudulent funds from accounts set up in this pic/image/ globus group are confirmed as being laundered via these recent wire transfers out of US banks

One routing sends the stolen funds to FBME Bank Ltd (Federal Bank of the Middle East Ltd) headquartered in Nicosia, Cyprus, with foreign branches loacted in Russia and Tanzania. »www.fbme.com/ and »www.fbme.com/index.cfm?id=104

The fraudulent proceeds were routed out of the country via Deutsche Bank Trust Company, New York, »www.db.com/index_e.htm

The specific wire transfer details are:

Beneficiary Account: Name: VIDESS S.A No.: 073725
IBAN: CY2011501002073725USDCACC001
Beneficiary Bank: FBME BANK Limited,
Nicosia, Cyprus
Swift Code: FBMECY2N
Correspondent Bank: Deutsche Bank Trust Company,
New York, USA Swift
Code: BKTRUS33
Account No: 04-053-863

Note the beneficiary name VIDESS S.A from non other than the Ukraine:

[att=1]

A single web page, appears to be a jack of all nefarious trades website.

VIDESS S.A, AKA »videss.org just oozing with legitimacy:

quote:
"VIDESS" was founded during 2003 with professional staff, making custom graphic, web and 3D design, for the Internet Industry and over. We have a great experience and huge creative potential. The central "VIDESS" office is in Ukraine, but our ties and works are successfully used with the companies all over the world.

The videss.org domain has a cloaked registration:


Whois Record
Domain ID:D104264057-LROR
Domain Name:VIDESS.ORG
Created On:23-Apr-2004 20:03:36 UTC
Last Updated On:11-Mar-2008 23:52:19 UTC
Expiration Date:23-Apr-2012 20:03:36 UTC
Sponsoring Registrar:EstDomains, Inc. (R1345-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:PP-SP-001
Registrant Name:Domain Admin
Registrant Organization:PrivacyProtect.org
Registrant Street1:P.O. Box 97
Registrant Street2:All Postal Mails Rejected, visit Privacyprotect.org
Registrant Street3:
Registrant City:Moergestel
Registrant State/Province:
Registrant Postal Code:5066 ZH
Registrant Country:NL
Registrant Phone:+45.36946676
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:

They are hosted in New Jersey on Net Access Corporation (NAC.NET) on IP 64.21.13.112

A second recent transfer of funds from the fraudulent card billing of this group was sent to the account of BETA-METAL LTD located in Kyev, Ukraine, via a bank in Riga, Lativa called JSC Rietumu Banka »www.rietumu.com/eng.nsf/page?Rea···00372683

Beneficiary Name: BETA-METAL LTD
Beneficiary Address: Grushevskogo 28/2, Kyev, Ukraine. 01021
IBAN: LV55 RTMB 0006 0380 6245
(multicurrency)
Bank: JSC Rietumu Banka
Bank address: 54 Brivibas street, Riga, LV-1011,
LATVIA S.W.I.F.T.: RTMBLV2X

So far the only reference to BETA-METAL LTD that I can find is this: »64.233.169.104/search?q=cache:6L···=1&gl=us

Clearly, the names and addresses of the C&Cs in Honk Kong are a distraction, intended to throw the focus away from the real location. Find and follow the money !!

MGD
EDIT= formatting

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 01 Apr 2008 00:06:13 EDT

MGD :

said by GINAH :

Thank you for this information! Same thing happened to me. ........... I had a charge about six days ago from wiseegoods, llc with phone number 954-603-7710. I emailed the Fla. Attorney General's office and filed a complaint. I then found out that the Miramar Police Dept is investigating Wiseegoods and will likely be a federal case. ........

You are welcome, and glad that you posted.

You are the first victim whose fraud charges actually tie this Globus / Pic / image scam subset back to the main template Ebook group »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto You have one fraud charge from each division. I assume they were on the same card, though there are victims who get hit on two different cards.

Thanks again, as this is the first time that I have seen a reference to Wiseegoods. Which apparently has been around since January of 2007, and is hosted on GoDaddy. I can confirm that they are in fact part of the main group, as there are several victim reports who also had additional fraud charges from other sites in the main group, Interactive designs, etc.

The domestic based portion of wiseegoods was set up by a duped US cyber-mule who was recruited via an employment offer.

wiseegoods.com AKA WISEEGOODS.COM LLC 954-603-7710
.
[att=1]

The domain is registered to the cyber-mule, which fits the pattern of the template group.


[wiseegoods.com IP 68.178.254.16]
.
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
.	
Domain name: wiseegoods.com
.
Registrant Contact:
   WiseEGoods.com LLC
   Basil Lynch (thewisemanster@gmail.com)
   +1.6109563936
   Fax: +1.5555555555
   16781 S.W. 36 Court
   Miramar, FL 33027
   US
.
Status: Locked
.
Name Servers:
   ns1.secureserver.net
   ns2.secureserver.net
.   
Creation date: 15 Jan 2007 07:56:35
Expiration date: 15 Jan 2009 07:56:35

In addition, Mr. Lynch would have registered an LLC in order to obtain a business bank account, and merchant processing account which uses Authorize.net / Cybersource.
.
[att=2]
.


Florida Limited Liability Company  
WISEEGOODS.COM LLC
. 
Filing Information 
Document Number L07000001015 
FEI Number 113800709 
Date Filed 01/03/2007 
State FL 
Status ACTIVE 
.
Principal Address 
16781 S.W. 36 COURT
MIRAMAR FL 33027
.  
Mailing Address 
16781 S.W. 36 COURT
MIRAMAR FL 33027 
. 
Registered Agent Name & Address 
LYNCH, BASIL
16781 S.W. 36 COURT
MIRAMAR FL 33027 US
. 
Manager/Member Detail 
Name & Address 
Title MGRM 
LYNCH, BASIL
16781 S.W. 36 COURT
MIRAMAR FL 33027
.  
Annual Reports 
Report Year Filed Date 
2008 03/07/2008

As usual, wiseegoods.com was set up exclusively to launder hijacked card data into cash, so it needed to be hidden from the rest of the internet, by blocking search engine archiving:

[att=3]

The cyber-mule, Mr Lynch, obviously would have been totally unaware of what he was setting himself up for. Once he is alerted, the merchant account should be closed immediately, the bank account frozen, and any recent foreign wire transfers of the fraudulent funds should try and be recovered. All communication with the crime syndicate should be stopped at once.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Mon, 31 Mar 2008 10:20:16 EDT

anon : another victim...I check my credit card account on line and was surprised to see the charge, especially since I was at a funeral all day out of state...I have called visa and canceled my card and had a new card reissued. They have turned this over to their fraud department. I will also put a fraud alert with all the credit reporting companies and urge others to do so as well.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Mon, 31 Mar 2008 06:08:37 EDT

anon : Thank you for this information! Same thing happened to me. I had a charge on my bank account via my debit card from Michael P Hamilton for $9.64. Thanks to your post I understand better how this sort of thing works. I had a charge about six days ago from wiseegoods, llc with phone number 954-603-7710. I emailed the Fla. Attorney General's office and filed a complaint. I then found out that the Miramar Police Dept is investigating Wiseegoods and will likely be a federal case. So I am guessing that Wiseegoods and Michael P Hamilton are scams run by the same or similar crooks. Folks, please watch out for Wiseegoods also. Thanks again!!!

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 29 Mar 2008 12:59:26 EDT

MGD :

said by Doug55 :

Please add LoadOfPhotos.com to the list. ...

Thank You, I have added them to the original list on the previous page

said by madneon :

Yes I too am a victim of Loadofphotos.com for 9.87 I have also replaced my card. I am VERY careful with my card any clues on how these people are getting hold of them and is loadofphotos a real web site because it it still up and running.

[att=1][att=2]

No they are a 100% fraud, fake site, just a front operation used to launder hijacked card data into cash. They are a subset of the larger: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto same modus-operandi.

It is very difficult to know for sure the source of the card data. It is doubtful that the data is coming from any recent e-commerce transactions since many of the cards are pre pinged before the charge. That tells us that they are testing the validity of the data before submitting the actual fraud charge. If the data was tied to actual recent transactions, that would not be necessary, since they would be known good data.

Somewhere behind this operation is a domestic cyber-mule who would have set up the merchant and banking accounts to process the fraud payments. What makes this this criminal operational group so disturbing is the complete lack of any vetting process whatsoever. The ability to set up and intergrate with the financial card processing system with such obvious fraudulent credentials is outrageous.

The websites are registered using GoDaddy's cloaking "hide a criminal" service called "Domainsby Proxy". That enables them to mask a clearly fraudulent domain registration. The sites contain no contact info, such as the business name that the merchant account was set up as. Just a bogus individuals name and voice mail phone number. Combine that with the fact that they are supposed to be selling an "intangible product", nothing to ship, and it just SCREAMS FRAUD. There isn't even any folders on the sites that contain graphic images that they are supposed to be selling. being blocked form search engines so no one could find them is just icing on the fraud cake.

We can go back and look at one of the earlier failed sites for an example of the deliberate obfuscation of the business registration chain.

The domain itself was cloaked via GoDaddy. they also own the cloaking service Domains by Proxy, Inc:


Registrant:
Domains by Proxy, Inc.
.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: ZENITHGRAPHIC.COM
Created on: 04-Oct-07
Expires on: 05-Oct-08
Last Updated on: 04-Oct-07

On this one only, the contact detail on the website included the name of the related LLC:

[att=3]

listed under the bogus names was:


Support: Alex McGuire
e-mail: support@zenithgraphic.com 
tel: (504) 208-4860
.
General: Edris Hoover
info@zenithgraphic.com
tel: (505) 350-8506
.
Jupiter, LLC    -------> LOOK
8210 Robin Ave NE
Albuquerque, NM 87110

So the suspected recruited cyber-mule would have registered a cover LLC from that 8210 Robin Ave NE, Albuquerque, NM 87110 address. A check of the New Mexico Division of Corporation's database confirms this:


New Mexico Public Regulation Commission
----------------------------------
JUPITER, LLC 
SCC Number:  2937704  
Tax & Revenue Number:   
Organization Date:  SEPTEMBER 18, 2007, in NEW MEXICO  
Organization Type:  DOMESTIC LIMITED LIABILITY  
Organization Status:  EXEMPT  
Good Standing:   
Purpose:  N/R  
----------------------------------
.
ORGANIZATION DATES
Taxable Year End Date:     
Filing Date:     
Expiration Date:     
.
SUPPLEMENTAL POST MARK DATE
Supplemental:     
----------------------------------
MAILING ADDRESS
8210 ROBIN AVE NE ALBUQUERQUE , NEW MEXICO 87110 
PRINCIPAL ADDRESS
8210 ROBIN AVE NE ALBUQUERQUE NEW MEXICO 87110 
PRINCIPAL ADDRESS (Outside New Mexico)
----------------------------------
.
REGISTERED AGENT
BUSINESS FILINGS INCORPORATED 
.
123 EAST MARCY STREET SANTA FE NEW MEXICO 87501 
 
Agent Designated:    
Agent Resigned:  
----------------------------------
.
COOP LICENSE INFORMATION
Number:     
Type:     
Expiration Year:     
----------------------------------
.
ORGANIZERS
BUSINESS FILINGS INCORPORATED    
----------------------------------
.
DIRECTORS
Date of Election of Directors: 
----------------------------------

.
Since there are no reports of fraud charges under the zenithgraphic.com name, I assume the cyber-mule who registered Jupiter on behalf of the criminals dropped out before it got off the ground. All of the other sites hide that business information in order to preserve the fraud. No merchant account provider performing even minimal vetting would not authorize an account set up based on this configuration format.

It is bad enough that consumer's card data cannot be kept secure, but to then provide open door access to the merchant financial system so that the hijacked data can be readily laundered into cash, is nothing short of incredible negligence.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 29 Mar 2008 12:08:17 EDT

jswanson : I would suggest to all victims who filed their fraud complaint only via the telephone to follow up with a letter addressed to the fraud department of your credit card company.

A physical letter addressed to you credit card company's fraud department will insure that your complaint is investigated as fraud vs. secretly "disputed" and swept under the rug. I would also suggest that in the letter you state that you have also filed a complaint through ic3.gov. After receiving my letter my credit card company immediately changed my charge reversal from "adjustment" to "fraud adjustment".

I know it is a lot of effort for $10 but if the credit card companies are forced to report this as fraud they will eventually work towards stopping the criminal operation.

Also, on the security forum there is more information on the Hannaford data breach. The credit card information was intercepted at the store during the transaction and then sent overseas...

»www.boston.com/business/articles···_grocer/

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 29 Mar 2008 08:25:38 EDT

madneon : Yes I too am a victim of Loadofphotos.com for 9.87 I have also replaced my card. I am VERY careful with my card any clues on how these people are getting hold of them and is loadofphotos a real web site because it it still up and running.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 27 Mar 2008 13:51:06 EDT

anon : I just recieved my cc statement and noticed the unauthorized charge from stockimagemix.com for $9.87. I called the number listed next to the charge and of course, it is not a working number. I immediately reported the fraud to my cc company. They credited the charge,flagged the account,cancelled the card/account number. I also filed a complaint with the Better Business Bureau (»www.bbbsoutheastflorida.org) and ic3.gov.

Without an address, I had to list the provided phone number(SE FL prefix)and URL. An address is required -- simply "Unknown" those areas of the form. Definitely provide the URL for this forum in your complaint.

I highly recommend that all victims follow up and do the same -- with enough pressure, HOPEFULLY, something will happen and these awful creatures will be stopped.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 25 Mar 2008 19:48:23 EDT

anon : Please add LoadOfPhotos.com to the list. I was charged $9.87 today. Contacted BofA to reverse charge and get me a new card. Also had a pending charge from Michael P Andrew that has since been canceled. Load Of Photos is same site with Alex McGuire name and GoDaddy registration. Reported to IC3.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 25 Mar 2008 19:02:30 EDT

jswanson : MGD,

I have reported these sites to godaddy, both to president@godaddy.com and abuse@godaddy.com. I am not satisfied with their response:

From godaddy:

"If you were, in fact, fraudulently charged through use of one or more of these sites, we can only recommend that you contact local law enforcement.

We have forwarded this to our Abuse Department for further investigation of potentially illegal activity. Of course, we cannot guarantee that any action will be taken, but we appreciate that you have brought this matter to our attention."

I would add to the steps to take if you are a victim of this fraud to contact both president@godaddy.com and abuse@godaddy.com. Perhaps if they get enough complaints they will do what you advise and shut these guys down. A few policy changes to verify legit entities is all it would take to stop this fraud.

Again, thanks for all of your work. BTW, I did get a chargeback that stated "fraud adjustment". Can I get my credit card company to give me the details of the chargeback?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 25 Mar 2008 05:15:55 EDT

MGD :

said by jswanson :

MGD,

Please add stockimagemix.com to the database. Another one with the exact same home page... unbelievable. Same bogus support name of Alex McGuire, etc.

Support: Alex McGuire
e-mail: support@stockimagemix.com
tel: (561) 283-4229

said by jswanson :

MGD,

And stockimageplanet.com

Support: Alex McGuire
e-mail: support@stockimageplanet.com
tel: (941) 312-2230

Done,

Below is a current list of the group, the current status needs to be updated as it is over a week old:


Fraud Domain         Date of Reg  Registrar      Hosted IP     Provider   Status Contact N   umber
-----------          ---------    --------        --------     -------    -----   --------   ---
.
PHOTOSMIX.COM        17-Dec-07  DomainsByProxy  72.167.110.64* GoDaddy.com  Down  941-312-   2213 
.                          back up 03/12/08 on  208.109.181.27           (03/07/08) 
.                                                 
PICTURESJUNGLE.COM   27-Nov-07  DomainsByProxy  72.167.116.221 GoDaddy.com  UP    706-955-   4677
.
POLISHPICTURESONLINE 30-Dec-07  GoDaddy.com     72.167.58.216  GoDaddy.com Parked 214-556-   6190 
.COM
.
PHOTOGEYSER.COM      14-Nov-07  DomainsByProxy  72.167.107.98  GoDaddy.com  UP    301-979-   9960
.
IMAGESPARADISE.COM   07-Feb-08  GoDaddy.com     216.69.131.90  GoDaddy.com  UP    214-556-   6153 
.
PROPHOTOSLAND.COM[*] 05-Dec-07  DomainsByProxy *216.69.138.250 GoDaddy.com  UP    609-916-   0040
.              *(Was For Sale scammers recovered)*Hosted at 208.109.165.98 Prior to 03/16/   08
.                                                                             
PHOTOSPARADISE.COM   12-Jan-08  GoDaddy.com     216.69.140.242 GoDaddy.com  UP    214-717-   5031 
.                                                                               & 214-556-   6153
.
GLOSSYELDORADO.COM   15-Feb-08  GoDaddy.com     72.167.168.179 GoDaddy.com  UP    No Numbe   r
.
IMGPARADISE.COM      11-Jan-08  DomainsByProxy  72.167.78.41   GoDaddy.com  UP    213-984-   4966
.
IMAGLOBUS.COM        26-Aug-07  DomainsByProxy  72.167.3.161   GoDaddy.com  UP    210-807-   4272
.
TEMPLATEGLOBUS.COM   16-Oct-07  DomainsByProxy* 72.167.23.251  GoDaddy.com  Down**210-807-   4272
.                                           208.109.182.137 ** as of 03/12/08 Spam-and-abu   se
. 
PICTUREGLOBUS.COM    13-Nov-07  DomainsByProxy  72.167.106.230 GoDaddy.com  Down  210-807-   4272
.                                                                         03/09/08 
.
ZENITHGRAPHIC.COM    04-Oct-07  DomainsByProxy  72.167.27.37   GoDaddy.com  UP    504-208-   4860
.                                                                              &  505-350-   8506
.                                                                                   
STOCKIMAGEMIX.COM    18-Dec-07  DomainsByProxy  72.167.56.91   GoDaddy.com  UP    561-283-   4229 
.                                    
STOCKIMAGEPLANET.COM 10-Dec-07  DomainsByProxy  208.109.174.94 GoDaddy.com  UP    941-312-   2230
.                                                          
LOADOFPHOTOS.COM     05-Dec-07  DomainsByProxy  72.167.9.148   GoDaddy.com  UP    870-619- 4035                   
.
.
C&C support sites
-----------------
.
HERMESELECTRO.COM    15-Aug-07  GoDaddy.com     208.109.138.8 GoDaddy.com   UP (10)8528120   4462
.
HKC-TRADE.COM        28-Nov-07  GoDaddy.com     72.167.4.140  GoDaddy.com   UP (10)8528198   0664

.
Let me know if there are any missing from that list.

The last two that you posted, both have the robots.txt file set to block search engine archiving:

»https://www.stockimagemix.com/robots.txt

User-agent: *
Disallow:

STOCKIMAGEPLANET.COM[att=1]
STOCKIMAGEMIX.COM[att=2]

I am positive that the names listed on any of these sites are fictitious. Not long after the first generation "globus" sites were posted by Doctor Olds in this post »pictureglobus.com, imaglobus.com, and templateglobus.com now I ran searches on the names through the Texas division of corporations, and did not find any relevant business registrations under the related names:

CONTACT NAME: MGD

SESSION STATUS: Open

DATE: 020108KBDNCR

2/1/2008 2:04:31 PM

------------------------------------------------------------

Client Reference Document Number Document Type Status Received Date Document Fee
[ NONE ] 201976250002 Corporations - Names Availability (No decision making) {globus} Processed 2/1/2008 2:07:05 PM $1.00
[ NONE ] 201976250003 Corporations - Find by Assumed Name {imaglobus} Processed 2/1/2008 2:13:41 PM $1.00
[ NONE ] 201976250004 Corporations - Find-Global {pictureglobus} Processed 2/1/2008 2:18:50 PM $1.00
[ NONE ] 201976250005 Corporations - Find by Registered Agent {Robertson} Processed 2/1/2008 2:20:37 PM $1.00
[ NONE ] 201976250006 Corporations - Find by Registered Agent {eric Robertson} Processed 2/1/2008 2:22:17 PM $1.00
[ NONE ] 201976250007 Corporations - Find {Atala} Processed 2/1/2008 2:25:22 PM $1.00

This fraud division is probably the most egregious example of failure in the merchant account vetting process seen so far.

We have sites where not only are the domain registrations cloaked, but there is also invalid contact information listed on the sites. Nothing more than a bogus name, and a cell phone number.

The major security flaw in the merchant account vetting process, and one of obvious malfeasance, is that there is no check to make sure that the domain is actually registered by the business entity applying for the merchant account. In theory a business registered as Igor Cyber Scammer LLC. could open a merchant account for homedepot.com or Sears.com. Just the fact alone that an e-commerce site with no B&M location has a hidden domain registration should be enough to set alarm bells ringing. That's before we even get to the fact that an e-commerce site is hiding its existence from every search engine. The fact that there are no folders containing graphic images "the intangible product for sale", is just icing on the cake.

We do know who the merchant account provider is, yes, as usual it is Authorize.net / cybersource. That has been established from data supplied from victim debriefings. Credit issuing notifications sent to victims who complained, came from the authorize.net account control panel:

From MICHAEL ALLISON "REDACTED" 2008
Return-Path:
Authentication-Results: mta116.mail.re3.yahoo.com from=ghg.net; domainkeys=neutral (no sig)
Received: from 64.94.119.18 (EHLO anetrelay2f.authorize.net) (64.94.119.18)
by mta116.mail.re3.yahoo.com with SMTP; Mon, 21 Jan 2008 12:37:10 -0800
Received: from extta5f.authorize.net [64.94.118.194]
by anetrelay2f.authorize.net (StrongMail Enterprise 3.2.2.2(3.00.287)); "REDACTED" -0800
Received: from mail pickup service by extta5f.authorize.net with Microsoft SMTPSVC;
"REDACTED" -0700
From: "MICHAEL ALLISON" MIKEALLISON@ghg.net
To: "REDACTED"
Subject: TEMPLATEGLOBUS.COM Customer Receipt/Purchase Confirmation
Date: "REDACTED" -0700
Importance: Normal
Message-ID:
Content-Length: 572
Sent: "REDACTED", 2008 "REDACTED"
Subject: TEMPLATEGLOBUS.COM Customer Receipt/Purchase Confirmation

=========
GENERAL
INFORMATION
=========

Merchant
:
TEMPLATEGLOBUS.COM
Date/Time
:
"REDACTED"
"REDACTED"
PM
Transaction
ID
"REDACTED"
=========
ORDER
INFORMATION
=========
Type
:
REFUND

Though GoDaddy is on record at the beginning as refusing to shut the hosting operation down without legal action, which is out of character of their normal trigger happy removal behavior. They have now done so to at least one of the sites. By doing so, they have also unmasked the original cloaked domain registration, which is SOP.

TEMPLATEGLOBUS.COM is showing terminated as of 03/12/08 for "Spam and Abuse".

The original TEMPLATEGLOBUS.COM cloaked domain registration:

Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Domain Name: TEMPLATEGLOBUS.COM
Created on: 16-Oct-07
Expires on: 16-Oct-08
Last Updated on: 28-Nov-07

Administrative Contact:
Private, Registration TEMPLATEGLOBUS.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599

Domain servers in listed order:
NS29.DOMAINCONTROL.COM
NS30.DOMAINCONTROL.COM

Once the site violated the TOS and was shut down around 2008-03-12, that cloaking service also ceased. The domain reverted to the actual data entered at the time of the original registration.

Registrant:
ERNEST TAYLOR
29159 PERCH LAKE RD
WATERTOWN, New York 13601
United States

Domain Name: TEMPLATEGLOBUS.COM
Created on: 16-Oct-07
Expires on: 16-Oct-08
Last Updated on: 28-Nov-07

Administrative Contact:
TAYLOR, ERNEST templateglobus@yahoo.com
29159 PERCH LAKE RD
WATERTOWN, New York 13601
United States
(315) 629-5442 Fax --

Domain servers in listed order:
NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM

Good reason to want to hide it, there are no records of an Ernest Taylor at that address. A reverse check of the street address shows a different first and last name. That phone number is not even for that locale, the number shows for a party in Evans Mills, NY 13637.

Clearly, with a little lobbying Godaddy could be motivated to pull the hosting on the entire operational group. Fraud and cyber crime are TOS violations, and there is more than ample evidence to confirm that they are all fraudulent.

In addition, the terms of service page on all the fraud sites are hijacked word for word from the legit gettyimages.com »www.gettyimages.com See: »www.gettyimages.com/Corporate/Terms.aspx

In fact on zenithgraphic.com they did not even remove Getty Images name:
»https://www.zenithgraphic.com/index.php?action=terms

If those terms are unique to Getty Images and not generic, then Getty would have a cause for action for copyright violations.

Some pressure applied to GoDaddy now to pull the rug from this criminal operation, should be effective. To continue to host this obvious fraudulent enterprise would amount to knowingly aiding on ongoing criminal enterprise. Victims of this fraud might well consider that actionable.

EDIT= Added LOADOFPHOTOS.COM to master list 03/29/08

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 22 Mar 2008 13:21:49 EDT

MGD :

said by jswanson :

Looks like photosmix.com and prophotosland.com are back up and running so beware... their site states "Our hosting provider has accidently delegated our domain to a different company... " not sure what this means as they still have the same GoDaddy logo.....

That was no "accident", upon reviewing the domain transaction history, the most likely reason is that the payment for the original registration was charged back to GoDaddy. These criminals use hijacked victim financial data to pay for all the support and hosting services.

The domains were originally registered using go GoDaddy's domainsbyproxy cloaking service that hides the details of the registration for an additional fee. That service is a crime magnet, and should never be available for sites that are set up for e-commerce. The can only be a nefarious purpose in hiding the ownership of a commercial site engaged in payment processing.

On or about March 08th, GoDaddy took possesion of the photosmix.com domain and put it up for sale:


----------------------------------------
Domain:  photosmix.com 
.
Domain History
.  
Cache Date:  2008-03-08
.  
Registrar:  GODADDY.COM, INC.  
. 
----------------------------------------
.
Registrant:
   Godaddy Software
   14455 N Hayden Rd
   Suite 219
   Scottsdale, AZ 85260
   United States
.
   Domain Name: PHOTOSMIX.COM
      Created on: 17-Dec-07
      Expires on: 18-Dec-08
      Last Updated on: 07-Mar-08
.
   Administrative Contact:
      domains for sale, Godaddy Software  
      domains4sale[@]godaddy.com
      Godaddy Software
      14455 N Hayden Rd
      Suite 219
      Scottsdale, AZ 85260
      United States
      480-505-8800      Fax -- 480-505-8844
.
----------------------------------------

That ownership reversion indicates that payment funds were charged back. Ridiculous as it may seem, the criminals would still have an opportunity to "make good" on the funds and recover the domain. Which they apparently did around March 16th, as the domain then reverted back to a domainsbyproxy cloaked status:


----------------------------------------
.
Domain:  photosmix.com
. 
Domain History
.  
Cache Date:  2008-03-16
.  
Registrar:  GODADDY.COM, INC.  
.
Registrant:
   Domains by Proxy, Inc.
   DomainsByProxy.com
   15111 N. Hayden Rd., Ste 160, PMB 353
   Scottsdale, Arizona 85260
   United States
.
   Domain Name: PHOTOSMIX.COM
      Created on: 17-Dec-07
      Expires on: 18-Dec-08
      Last Updated on: 12-Mar-08
.
   Administrative Contact:
      Private, Registration  PHOTOSMIX.COM@domainsbyproxy.com
      Domains by Proxy, Inc.
      DomainsByProxy.com
      15111 N. Hayden Rd., Ste 160, PMB 353
      Scottsdale, Arizona 85260
      United States
      (480) 624-2599      Fax -- (480) 624-2599
.
----------------------------------------

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 22 Mar 2008 10:52:33 EDT

MGD :

said by deanhuff :

Add another for MICHAEL P HAMILTON $9.64 on 03/15/2008. Bank of America gave me a new account number and re-imbursed the money.

I also had another charge for around $3 from "M BAR C RANCH" in Pending state but never posted. ......

I assume the "M BAR C RANCH" appeared first, that would be a "ping" charge to validate the account. I wonder if these people »www.m-bar-c.org/ have a merchant account that was hacked.

[EDIT= They do have a merchant account: »https://payments.auctionpay.com/ver3/?id=w038846 ]

said by deanhuff :

.....I saw on the news that a local grocer called Sweetbay had a security breach and gave out a bunch of card numbers. Sure enough, I had 1 Sweetbay transaction in early December.

I am fairly certain that the Hannaford data would not be sufficient to be proccessed for this CNP type of fraud transactions. "IF", what Hannaford's reps stated is true, that customers names were NOT intercepted, then the data that the hackers got was the TRACK 2 card data. That would only enable them to use the data for fraudulent POS (Point of Sale) transactions. Typically that data is encoded on to white stock" and used where the card is not presented, e.g. gas stations etc. A common cheap method that they can use the stolen data for store POS fraud purchases is to clone the data on to used VISA / MC branded gift cards. That way they can be presented and swiped without causing suspicion.

I have not seen any reports yet of the specific fraud use of the 1,800 victims of the Hannaford data so far. If the type of data leaked is correct, fraud use should be limited to POS transactions.

Up until your card was replaced, you could have been the victim of fraud from that as well. However, for an online CNP transaction, the full name and address would have been needed, along with the CVV2 security code. The security code is only printed on the card, and is not embedded in any of the track magnetic data.

A merchant gateway account for an online only entiity, such as these scams, will usually require the use of (AVS) and (CVV2) to restrict fraud. »en.wikipedia.org/wiki/Address_Ve···n_System

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sat, 22 Mar 2008 10:00:26 EDT

MGD :

said by Victim 1947 :

A charge of $9.64 from a Michael P Hamilton in Maryland (213-984-4966) posted to my Chase on 3-14-08. A foreign voice recording, gave an indiscernible .com name, not Hamilton, not prophotoland, etc. Sounds like "time share" but is indiscernible. I see $9.64 has been used on previous attacks. Chase described Hamilton as an Art Dealer, but said they would do the charge back. They did not want to close/replace the card. So I asked the rep to clearly state for their recording that they were declining to close the account for fraud. They said they will investigate. I'll monitor the account daily.

That was a fraud charge from Imgparadise.com:

[att=1]

They are part of this sub group of Globus / Image / Pictures themed fraud sites laundering hijacked card data. »pictureglobus.com, imaglobus.com, and templateglobus.com now

I suspect "Michael P Hamilton in Maryland" may be a secondary merchant account, set up in a cyber mule's name after the original one was terminated for excessive chargebacks.

The phone number 213-984-4966 and the recording is definitely part of this group;

[att=2]

The reason Chase probably described them as an "Art Dealer", is from their interpretation of the vendor classification code assigned to the merchant account.

Chase will eventually have to cancel and replace your card. Yes, do keep a close eye on it, you will get more charges.

MGD


213-984-4966.wav 453,498 bytes

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 21 Mar 2008 14:25:01 EDT

Doctor Olds :

said by jim123 :

how do they get the card # ????

They need more than just the card number. A card number alone is nearly useless.

Some of the data theft comes from this avenue:

»10 Largest Data Breaches Since 2000 - Millions Affected

Where there is a will, there is a way.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 21 Mar 2008 13:45:47 EDT

garys_2k :

said by jim123 :

how do they get the card # ????

That's the big question. This gang gets numbers for cards that are actively in use, used VERY infrequently and some that have never been used before. They also seem to submit a fairly high number of wrong numbers that get rejected, too, so their data is far from perfect.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 21 Mar 2008 06:11:17 EDT

anon : how do they get the card # ????

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 18 Mar 2008 21:07:39 EDT

pcdebb :

said by deanhuff :

I saw on the news that a local grocer called Sweetbay had a security breach and gave out a bunch of card numbers. Sure enough, I had 1 Sweetbay transaction in early December.

It was their parent company "Hannaford", which Sweetbay Supermarkets is one of their stores, but I do believe many of their other chains are affected as well.
--
a time for change... | 1st & 10 | Ham is good

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 18 Mar 2008 19:40:29 EDT

jswanson : MGD,

And stockimageplanet.com

Support: Alex McGuire
e-mail: support@stockimageplanet.com
tel: (941) 312-2230

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 18 Mar 2008 19:36:02 EDT

jswanson : MGD,

Please add stockimagemix.com to the database. Another one with the exact same home page... unbelievable. Same bogus support name of Alex McGuire, etc.

Support: Alex McGuire
e-mail: support@stockimagemix.com
tel: (561) 283-4229

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 18 Mar 2008 16:28:52 EDT

anon : Add another for MICHAEL P HAMILTON $9.64 on 03/15/2008. Bank of America gave me a new account number and re-imbursed the money.

I also had another charge for around $3 from "M BAR C RANCH" in Pending state but never posted.

I saw on the news that a local grocer called Sweetbay had a security breach and gave out a bunch of card numbers. Sure enough, I had 1 Sweetbay transaction in early December.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Tue, 18 Mar 2008 12:09:00 EDT

anon : A charge of $9.64 from a Michael P Hamilton in Maryland (213-984-4966) posted to my Chase on 3-14-08. A foreign voice recording, gave an indiscernible .com name, not Hamilton, not prophotoland, etc. Sounds like "time share" but is indiscernible. I see $9.64 has been used on previous attacks. Chase described Hamilton as an Art Dealer, but said they would do the charge back. They did not want to close/replace the card. So I asked the rep to clearly state for their recording that they were declining to close the account for fraud. They said they will investigate. I'll monitor the account daily.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 16 Mar 2008 17:57:12 EDT

jswanson : Looks like photosmix.com and prophotosland.com are back up and running so beware... their site states "Our hosting provider has accidently delegated our domain to a different company... " not sure what this means as they still have the same GoDaddy logo. GoDaddy may have received enough abuse complaints that they made them change something... but obviously they are still operational. Perhaps MGD, you will know what this means.

I am guessing there will be another round of charges in the next few weeks...

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 16 Mar 2008 00:47:14 EDT

anon : Chalk me up for Photogeyser.com. Glad I stumbled on this forum. Going to call my bank and have a new card issued.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 14 Mar 2008 11:05:52 EDT

jswanson : Hi MGD,

It was a small credit union as you guessed and believe me, I will be talking to someone pretty high up about their policy. I will most likely also close the account as I have not been happy with their response.

Thanks for all of your work on this!

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 14 Mar 2008 07:24:41 EDT

Doctor Olds :

said by jswanson :

add www.photosmix.com to your database. Phone 941-312-2213 out of Florida. Same visuals/text as photogeyser and prophotosland.com. Alex McGuire is also the contact on this one. Just looks like a different version.

www.photosmix.com

Snapped 2008-03-14 07:08:24

»www.photosmix.com

»www.photosmix.com/robots.txt


User-agent: *
Disallow:

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 14 Mar 2008 04:06:00 EDT

MGD : GLOSSYELDORADO.COM

[att=1]

A new twist on the search engine blocking, specifically line items Google:

[att=2]

No contact phone number, only the made up name Cristian Darrie.

And a familiar bogus GoDaddy domain registation, and GoDaddy hosting:

Registrant:
HAITAO ZHANG
426 King's Road
Hong Kong, North Point --
Hong Kong

Registered through: GoDaddy.com, Inc.
Domain Name: GLOSSYELDORADO.COM
Created on: 15-Feb-08
Expires on: 15-Feb-09
Last Updated on: 15-Feb-08

Administrative Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
85281980611

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 14 Mar 2008 03:21:14 EDT

MGD :

said by jswanson :

Another one to watch out for... www.glossyeldorado.com. Gotta love that name :)

MGD... please add to the db! ..............

Done !!

said by jswanson :

.......The most annoying thing for me is that my credit card company charged me $10.00 for a new card... to make sure the $9.87 doesn't turn into a recurring charge I am made to pay $10.00. I will be cancelling that card.

That is unbelievable !!

You are actually saving them money by telling them to cancel and reissue the card. You are not liable for fraudulent charges, it becomes their problem. The alternative is to allow these criminals to hit the card with new charges every two weeks, and let the Bank deal with them. Until such time as they catch on, and decide to re issue it at their own expense.

If this is a National or large Regional Bank, please name them. The only possibility that I am thinking of, is that they are a small credit union or something. Either way it is ridiculous to charge a customer, who through no fault of their own, becomes the victim of card fraud. I am not even sure that it is legal under Federal Law to do so. I could see it if you had lost the card, or otherwise contributed to the problem. Just on principle alone I would raise all kinds of commotion with that institution. It has to be a small non profit credit union or something, correct?. If not, they via their CSR are entirely clueless. They just don't get it.

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Wed, 12 Mar 2008 19:06:44 EDT

jswanson : Another one to watch out for... www.glossyeldorado.com. Gotta love that name :)

MGD... please add to the db!

There are other sites that talk about this scam:

»www.ripoffreport.com/reports/0/3···6667.htm

The most annoying thing for me is that my credit card company charged me $10.00 for a new card... to make sure the $9.87 doesn't turn into a recurring charge I am made to pay $10.00. I will be cancelling that card.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 07 Mar 2008 20:30:46 EDT

anon : Add one more to the photosmix.com scam. Showed up on our bill today. Hope all who get this report it as a fraud-- these folks need to be stopped.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 07 Mar 2008 17:29:05 EDT

MGD :

said by jswanson :

Hi MGD,

Please also add www.photosmix.com to your database. Phone 941-312-2213 out of Florida. .....

Yes indeed, good find. They are confirmed as a fraud operation. Also had the robots.txt no follow search block. As a matter of fact, the site went down while I was checking it. Not sure why, or if it will stay down. Many of these set ups are paid for with hijacked card data. GoDaddy needs to get with program and put a stop to this fraud hosting and domain registration cloaking.

The names on the sites, such as Alex McGuire are boogus.

[photosmix.com IP 72.167.110.64]

Registrant:PHOTOSMIX.COM
Domains by Proxy, Inc.

DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, Inc.
Domain Name: PHOTOSMIX.COM
Created on: 17-Dec-07
Expires on: 18-Dec-08
Last Updated on: 17-Dec-07

Administrative Contact:
Private, Registration PHOTOSMIX.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599

Domain servers in listed order:
NS19.DOMAINCONTROL.COM
NS20.DOMAINCONTROL.COM

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 07 Mar 2008 16:37:11 EDT

anon : add me to the www.photosmix.com scam. Will proceed as stated in this thread. Thanks for the very complete info on this fraud.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 07 Mar 2008 09:03:07 EDT

anon : www.photosmix.com happened to me as well. I've filed a complaint with the fraud department of my bank, used the government website listed above, and e-mailed the abuse@godaddy.com website, as they are the host for this website (their "secure site" logo is at the bottom left). I may even go file a complaint with the local police department today, and even go so far as contacting the better business bureau.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 06 Mar 2008 19:19:27 EDT

anon :

said by jswanson :

Hi MGD,

Please also add www.photosmix.com to your database. Phone 941-312-2213 out of Florida. Same visuals/text as photogeyser and prophotosland.com. Alex McGuire is also the contact on this one. Just looks like a different version.

Same thing happened to me, a charge was listed on my account for $9.87 from www.photosmix.com. Did you ever get through to the phone number listed on the website? After reading this forum, I called once and didn't bother trying again, and called my bank instead. They reimbursed me but it's kind of a hassle now that I have do the paperwork to file it as a fraudulent charge and everything... and I also have to wait for a new card in the mail...

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Fri, 29 Feb 2008 17:52:50 EDT

jswanson : Hi MGD,

Please also add www.photosmix.com to your database. Phone 941-312-2213 out of Florida. Same visuals/text as photogeyser and prophotosland.com. Alex McGuire is also the contact on this one. Just looks like a different version.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Thu, 28 Feb 2008 05:52:22 EDT

MGD :

said by jswanson :

This is the same small charge $9.87 credit card fraud scheme posted on other threads although I have not yet seen these two sites specifically mentioned.
.......

Oh Excellent, thank you for Heads Up!!

And lets continue with Doctor Olds 's digging. pcdebb is indeed correct, into the data base they go.

I can confirm positively that these are the next round of "Globus" fraud sites from Doctor Olds 's thread: »pictureglobus.com, imaglobus.com, and templateglobus.com now

I need to see if anyone who is a slickdeals member can either IM or post to this thread: »forums.slickdeals.net/showthread···ngle.com

The poster "Minette" may have some valuable info I need. They got charged $9.87 by PROPHOTOSLAND.COM on 1/27 and subsequently got hit by according to them:

"a company called "Alkay Services LLC", this time on ANOTHER credit card I own, for the amount of $9.64. Same business (photo) according to my bank (Chase).

I need the phone number that may have been listed on the line item charge, or at least part of it. if it was not listed on the charge the card issuer should be able to give it to them. If anyone else has a "Alkay Services LLC" charge and has or can get the number. This group is also using the same deflecting tactic as the globus group, by telling victims someone registered on the site with their car. More than likely any victim who bought that lie and got a credit will have been hit with a second charge the next month. Any subsequent second hit names and full info is vital in following the trail.

The C&C website for the Globus was the bogus "Hermes Electro" hermeselectro.com: »hermeselectro.com pretending to be in Hong Kong:

[att=4][att=1]

The C&C for this picture, image, photo, fraud group is a bogus site "Hong-Kong Content Trade", hkc-trade.com: »hkc-trade.com/

A direct clone of the other one:

[att=2][att=3]

There are no records that indicate a business by those names exist at either of those addresses.

Need to add picturesjungle.com »www.picturesjungle.com/index.php···=contact to the list also.

I am off the belief that the names listed on the sites such as Eric Robertson, also of Globus fame, and Cristian Darie etc. are all fictitious. Having spent countless hours checking LLCs' and corp registrations in the state of Texas, including multiple county FBN lists, I do not believe they exist. At least until something substantial comes up to indicate otherwise.

You will notice from the added info to the sites listed above, that not only are the current crop using GoDaddy hosting, so were the Globus group.

I am not sure if it was posted, but one of the early victims of the Globus run, was told by GoDaddy that they would not shut them down without legal action. I will try and find a copy.

This group probably represents one of the most egregious lack of due care by a hosting company. Providing these criminals with a conduit, which enables them access to payment gateways allowing them to fraudulently process thousands of credit cards is unbelievable.

Lets just look at the worst case:

We have hosting provided to supposed e-commerce sites, where one can readily see from the robots.txt file, that no one could even find them. Plus their domain registration is cloaked, hidden. The only information published is a bogus name, and a cell phone contact number.

Now we are seeing supposed e-commerce sites registered to bogus locations in Hong Kong, and they are using contact phone numbers in various US states. The entire set up configuration reeks of fraud, a four year old could spot it, before the first charge ever hit.

http://www.polishpicturesonline.com/index.php?action=contact
Support: Cristian Darie
e-mail: support@polishpicturesonline.com
tel: 214-556-6190 no scam reports

214-556-6190 Type: Land Line
Provider: MCI Worldcom Communications Inc
Location: Plano, TX

Registered through: GoDaddy.com, Inc.
Domain Name: POLISHPICTURESONLINE.COM
Created on: 30-Dec-07
Expires on: 30-Dec-09
Last Updated on: 30-Dec-07

Administrative Contact:
ZHANG, HAITAO support@hkc-trade.com
Honk-Kong Content Trade Company
426 King's Road
North Point, N/A 000000
Hong Kong
85281980664

Domain servers in listed order:
NS19.DOMAINCONTROL.COM
NS20.DOMAINCONTROL.COM

»www.prophotosland.com/index.php?···=contact
Support: Alex McGuire
e-mail: support@prophotosland.com
tel: 609-916-0040

(609) 916-0040 Type: Land Line
Provider: Focal Communications Corp
Location: Pleasantville, NJ

PROPHOTOSLAND.COM

Registrant:
Domains by Proxy, Inc.

DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, Inc.
Domain Name: PROPHOTOSLAND.COM
Created on: 05-Dec-07
Expires on: 05-Dec-08
Last Updated on: 05-Dec-07

Domain servers in listed order:
NS15.DOMAINCONTROL.COM
NS16.DOMAINCONTROL.COM

»www.imagesparadise.com/index.php···=contact
Support: Cristian Darie
e-mail: support@imagesparadise.com
tel: 214-556-6153

(214) 556-6153 Type: Land Line
Provider: MCI Worldcom Communications Inc
Location: Plano, TX

Registered through: GoDaddy.com, Inc.
Domain Name: IMAGESPARADISE.COM
Created on: 07-Feb-08
Expires on: 07-Feb-09
Last Updated on: 07-Feb-08

Administrative Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
85281980623

Domain servers in listed order:
NS23.DOMAINCONTROL.COM
NS24.DOMAINCONTROL.COM

»www.photogeyser.com/index.php?action=contact
Support: Eric Robertson
e-mail: support@photogeyser.com
tel: (301) 979-9960

(301) 979-9960Type: Land Line
Provider: Verizon
Location: Washington, MD

PHOTOGEYSER.COM
Registrant:
Domains by Proxy, Inc.

DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, Inc.
Domain Name: PHOTOGEYSER.COM
Created on: 14-Nov-07
Expires on: 14-Nov-08
Last Updated on: 14-Nov-07

Domain servers in listed order:
NS15.DOMAINCONTROL.COM
NS16.DOMAINCONTROL.COM

»www.picturesjungle.com/index.php···=contact
Support: Alex McGuire
e-mail: support@picturesjungle.com
tel: (706) 955-4677

(706) 955-4677Type: Land Line
Provider: Level 3 Communications
Location: Augusta, GA

PICTURESJUNGLE.COM
Registrant:
Domains by Proxy, Inc.

DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States

Registered through: GoDaddy.com, Inc.
Domain Name: PICTURESJUNGLE.COM
Created on: 27-Nov-07
Expires on: 27-Nov-08
Last Updated on: 27-Nov-07

Domain servers in listed order:
NS27.DOMAINCONTROL.COM
NS28.DOMAINCONTROL.COM

HKC-TRADE.COM
Registrant:
HKC Trade Co.

426 King's Road
Honk Kong, North Point -
Hong Kong

Registered through: GoDaddy.com, Inc.
Domain Name: HKC-TRADE.COM
Created on: 28-Nov-07
Expires on: 29-Nov-08
Last Updated on: 28-Nov-07

Administrative Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
HKC Trade Co.
426 King's Road
Honk Kong, North Point -
Hong Kong
+852 2562 8127

Domain servers in listed order:
NS27.DOMAINCONTROL.COM
NS28.DOMAINCONTROL.COM

MGD

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Wed, 27 Feb 2008 13:00:18 EDT

anon : This just happened to me with prophotosland - I contacted my credit card's fraud dept. and filed a complaint.

The weird thing is that they were telling me that that charge was from a local mall (which I have not shopped at in weeks and at which there is no such store) and that my card was swiped (I had my card with me).

Card closed, charge replaced, but am curious about how it came up as a local charge with my card swiped...

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Wed, 27 Feb 2008 12:33:56 EDT

anon : This has happened to me recently. I will go to that web site asap. also this must be wide spread. It looks like the credit card companys would pick up on this.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Wed, 27 Feb 2008 11:37:43 EDT

fireflier : Interesting that the name "Jupiter, LLC" is shown there. Wasn't the name jupiter involved in some other less recent CC charging scams?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Mon, 25 Feb 2008 02:55:09 EDT

Doctor Olds : And this oddball one.

www.zenithgraphic.com

Snapped 2008-02-25 02:54:57

»www.zenithgraphic.com/

»www.zenithgraphic.com/cookies.txt


Page Not Found

»https://www.zenithgraphic.com/index.php?···=contact
Support: Alex McGuire
e-mail: support@zenithgraphic.com
tel: (504) 208-4860

General: Edris Hoover
info@zenithgraphic.com
tel: (505) 350-8506

Jupiter, LLC
8210 Robin Ave NE
Albuquerque, NM 87110

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Mon, 25 Feb 2008 00:13:05 EDT

Doctor Olds : And another....

www.imgparadise.com

Snapped 2008-02-25 00:11:46

»www.imgparadise.com/

»www.imgparadise.com/robots.txt


Page Not Found

»https://www.imgparadise.com/index.php?action=contact
Support: Cristian Darie
e-mail: support@imgparadise.com
tel: (213) 984-4966

Cute. NOT!

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Mon, 25 Feb 2008 00:03:34 EDT

Doctor Olds : Found another one:

www.photosparadise.com

Snapped 2008-02-25 00:02:59

»www.photosparadise.com/

»www.photosparadise.com/robots.txt


Page Not Found

»https://www.photosparadise.com/index.php···=contact
Support: Cristian Darie
e-mail: support@photosparadise.com
tel: (214) 556-6153

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 24 Feb 2008 22:23:51 EDT

pcdebb : MGD should probably add these to the list :huh:

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 24 Feb 2008 22:13:37 EDT

Doctor Olds : www.imagesparadise.com

Snapped 2008-02-24 21:52:03

»www.imagesparadise.com/

»www.imagesparadise.com/robots.txt


Page Not Found

»https://www.imagesparadise.com/index.php···=contact
Support: Cristian Darie
e-mail: support@imagesparadise.com
tel: (214) 556-6153

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 24 Feb 2008 21:04:47 EDT

jswanson : Another one is popping up with similar text... home page is different but text and some photos are the same:

»imagesparadise.com/

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 24 Feb 2008 17:49:05 EDT

Doctor Olds : Two are hidden by their robots.txt contents and the last one doesn't have a robots.txt file at all.

www.prophotosland.com

Snapped 2008-02-24 17:38:38

»www.prophotosland.com/

»www.prophotosland.com/robots.txt


User-agent: *
Disallow: /

www.photogeyser.com

Snapped 2008-02-24 17:38:20

»www.photogeyser.com/

»www.photogeyser.com/robots.txt


User-agent: *
Disallow: /

www.polishpicturesonline.com

Snapped 2008-02-24 17:37:57

»www.polishpicturesonline.com/

»www.polishpicturesonline.com/robots.txt


Page Not Found

Intereresting also is that the Contacts from each site are different. With a name or two from another group of scam-front sites. :[

»https://www.prophotosland.com/index.php?···=contact
Support: Alex McGuire
e-mail: support@prophotosland.com
tel: (609) 916-0040

»https://www.photogeyser.com/index.php?action=contact
Support: Eric Robertson
e-mail: support@photogeyser.com
tel: (301) 979-9960

»https://www.polishpicturesonline.com/ind···=contact
Support: Cristian Darie
e-mail: support@polishpicturesonline.com
tel: (214) 556-6190

Strange...

Regards,

Doctor Olds

--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 24 Feb 2008 17:01:11 EDT

jswanson : Another site in this network just popped up...

»polishpicturesonline.com/

they use the same exact pictures and text as the other two... watch out for this one... looks like it has been live for a little over a week.

Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot

Sun, 24 Feb 2008 14:46:12 EDT

jswanson : Sorry - other site name was cut off... it was

www.photogeyser.com

[Credit Card Fraud] fraud: www.prophotosland.com & www.photogey

Sun, 24 Feb 2008 14:45:05 EDT

jswanson : This is the same small charge $9.87 credit card fraud scheme posted on other threads although I have not yet seen these two sites specifically mentioned. If you see a small charge from either of these companies please:

1. Report the FRAUD to your credit card company, do not just dispute the charge - state that it is FRAUD and insist on a chargeback. Get a new credit card # and close the old account.

2. Report the fraud to www.ic3.gov with as much detail as possible

3. DO NOT attempt to contact the company as they will reverse the charges but may charge you again next month. They would rather refund your money then be investigated for fraud. HOWEVER, if you want to help stop them work through ic3.gov and your credit card FRAUD division.

4. Check your credit card statements carefully every month.

There are many forums out there regarding this topic... all you need to do is search on small charge credit card fraud or even 9.87 charge credit card fraud.