how-to block ads
|
|
Share Topic
 |
 |
|
|
|
| reply to MGD
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto I was hit by BestTech solutions (www.bst-design.com) as well on 4/21/08 for $11.89. I contacted them by email and got a reply stating "We have already removed the charge you reported. The refund will bestated in the account within three or four business days." I immediately contacted my bank as well & cancelled my card. However it is now 8 business days later and still no refund has shown up of course. I got a letter from my bank saying they are unable to dispute the charge. What do I do??? | |
MGDPremium,MVM
join:2002-07-31
kudos:9 | said by christyj001 :
......I got a letter from my bank saying they are unable to dispute the charge. What do I do???
I am not sure what the bank means by "unable to dispute". There is a wide range in the competency of bank CSRs in addressing this issue. It varies all the way from proper handling, to total absurd negligence.
First, call the bank back and report the charge as "Fraudulent". Insist that they classify it as such, speak to a supervisor if necessary. You are not liable for fraudulent charges, or the resulting fees, if any. You did not state if it was a credit or debit card, though it does not significantly alter the process. The $50 liability does not even apply in this case. You did not loose your card, you still have it. Your card data was hijacked through not fault of yours. The bank should immediately charge back the amount to the issuing merchant account.
Do not let the bank go through a dispute process with the fake merchant. That is a process reserved for legitimate merchants, which gives them the opportunity to support the charge with back up, or issue a credit. That is the worst way possible to address fraudulent charges.
If your bank is really incompetent, you will have to preserve your rights under Federal Law. Send a certified letter to the address listed on your statement within 60 days of the date it was mailed, stating that the specific charge was fraudulent. They are required by law to hold the charge and fees in abeyance, and address the issue, then respond in writing.
Call them back first and see if you can address the unable to dispute issue first. Again, they should immediately charge the amount back and remove it off your account. That is SOP for known fraudulent charges. They will still send you paperwork in the mail, including an affidavit, to fill out and return.
Part of the problem is that it is a small amount, and the banks do not want to bother with "trivial" amounts. The fallacy of this practice is that it helps perpetuate the fraud. While banks do a great job at catching and flagging $500 fraud charges to 100 cards. They totally miss the $10 fraud charged to 200,000 cards. This criminal enterprise is well aware that everyone is looking the other way. Which is why they have embedded themselves in this multi million dollar niche fraud market for several years.
Even though the amount is small, please follow up with the bank on principle. Do not feed this crime syndicate your money. Also please advise us of the results, if necessary point your bank to this forum thread.
Kudos for cancelling and replacing your card, even if they issued you a credit, they will come right back and charge you again, and again, under the various entities.
There is an operation underway to address BestTech Solutions, Technologies and Design LLC AKA BST-DESIGN.COM, 660-616-4931. I have also posted a victim alert under the phone number, which is how many fraud victims do a search: »800notes.com/Phone.aspx/1-660-616-4931
MGD | |
Zenith
join:2008-03-12
Danville, IL | Go GEt'em! Gotta keep trying to knock'em down! | |
MGDPremium,MVM
join:2002-07-31
kudos:9 | said by Zenith:Go GEt'em! Gotta keep trying to knock'em down! Thanks for your help on that one, have a post coming up shortly on the results.
MGD | |
MGDPremium,MVM
join:2002-07-31
kudos:9
2 edits | reply to Zenith
BestTech Solutions, Technologies and Design LLC AKA BST-DESIGN.COM, 660-616-4931
BST-Design was shut down as of 05/09/2008, no new data was processed after that time. Though it was late in the evening when contacted, the cyber-mule did an outstanding job in immediately shutting down the syndicate's access to the authorize.net gateway.
The recruitment process in this case brings the duping process to a new level of sophistication. I posted a collection of employment documents from the fellowsolutions.com C&C here: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto (That domain account is now suspended »fellowsolutions.com ).
In this case, as in some of the others, the criminals targeted victims who had resumes posted online. They cloned themselves as a company that is a Microsoft Certified Partner, which can be validated. A potential "employee" researching the prospective employer would find a considerable amount of verifiable data online to validate them. The criminals used the name of the real company "EffectiveSoft LTD" in their correspondence, »www.google.com/search?hl=en&q=Ef···e+Search and created a mirror image website under a duplicate .org domain. This is the first time that I have ran across this new level of criminal deceit and obfuscation. In fact, during the initial debriefing, I was for a moment wondering about the legitimacy of this operation. If it weren't for the known modus-operandi, one could be excused for passing on by.
Based on this scenario, it is even more important to get the "word out" to prospective cyber-mule victims. While those of us in the IT field, or well seasoned in the world cyber scams might detect it, it clearly has the potential to reel in many cyber-mule victims.
At this time I presume that the real EffectiveSoft Ltd, are not related in any way. I am not sure why the crime syndicate picked this company to clone, though I am sure there may be several reasons. I doubt that they were selected at random. It is a reasonable conclusion that this was not a dart thrown into cyberspace that happened to land on effectivesoft.com. The real EffectiveSoft Ltd lists the following contact details:
Contact Us:
Phone:
+375 17 2377196
+375 29 6558117
E-mail:
sales[]effectivesoft.com
Address:
EffectiveSoft Ltd.
31A Khoruzhey St.
Office 212
Minsk, 220002
Belarus
.
-----------------------------
.
HR manager contacts:
.
Phone: +375 (17) 334 05 72
E-mail:
hrm[]effective-soft.com
ICQ:273580845
They have a website at effectivesoft.com »www.effectivesoft.com and also appear to own effective-soft.com. The contact details from above are from: »www.effectivesoft.com/callmeback.php
EffectiveSoft Ltd appears to be aware to some extent of their identical cybercrime twin, as they have this disclaimer on their open positions job page:
»www.effectivesoft.com/openpos.html
The effectivesoft.com domain is currently hosted on IP 75.126.74.67 and was registered in 2003. They lists the contact address the same as the above business address: »network-tools.com/default.asp?pr···soft.com
The crime syndicate wraps themselves as EffectiveSoft at every stage of the process, from the initial recruitment contact through day to day operations.
First contact, they reply to a Monster.com resume posting:
EffectiveSoft Job Pitch !
The link listed in the above solicitation is for effectivesoft.org which is now down. effectivesoft.org was a cloned copy of effectivesoft.com. The exact link path in the correspondence >http://effectivesoft.org/app_form.php@pos=18 can still be found in Google's cache of the site's job posting: »64.233.169.104/search?q=cache:P4···=1&gl=us Hover over the "Sales Representative" link
The Google cache of the effectivesoft.org main page sans the formatting and images:
You can pull a 03/14/08 Google cache here: »64.233.169.104/search?hl=en&q=ca···dex.html it was an identical clone of effectivesoft.com, as in the first pic above.
The email contact listed on effectivesoft.org gives up another cloned effectivesoft domain effectivesoft.biz also now dead.
The .org and .biz domain registrations appear suspect:
Domain ID:D150254626-LROR
Domain Name:EFFECTIVESOFT.ORG
Created On:07-Dec-2007 18:11:37 UTC
Last Updated On:06-Feb-2008 03:52:01 UTC
Expiration Date:07-Dec-2008 18:11:37 UTC
Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd.
d/b/a PublicDomainRegistry.com (R27-LROR)
Status:OK
Registrant ID:DI_7323973
Registrant Name:Ritvars Smidrovskis
Registrant Organization:Web Business Ltd.
Registrant Street1:3 Lower Clopton Cottages
Registrant Street2:
Registrant Street3:
Registrant City:Kings Lane
Registrant State/Province:0
Registrant Postal Code:CV370QU
Registrant Country:GB
Registrant Phone:+44.1789294105
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:dsapple1wwn@yahoo.com
.
Name Server:NS1.UNLIMITS.NET
Name Server:NS2.UNLIMITS.NET
.
.
Domain Name: EFFECTIVESOFT.BIZ
Domain ID: D21801675-BIZ
Sponsoring Registrar: NETWORK SOLUTIONS INC.
Sponsoring Registrar IANA ID: 2
Domain Status: clientTransferProhibited
Registrant ID: 42399367
Registrant Name: Marvin Wirth
Registrant Address1: 404 E 900 S
Registrant City: Ladoga
Registrant State/Province: IN
Registrant Postal Code: 47954
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.765866031
Registrant Email: hjabigailugv@yahoo.com
Administrative Contact ID: 42399367
Administrative Contact Name: Marvin Wirth
Administrative Contact Address1: 404 E 900 S
Administrative Contact City: Ladoga
Administrative Contact State/Province: IN
Administrative Contact Postal Code: 47954
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +1.765866031
Administrative Contact Email: hjabigailugv@yahoo.com
.
Name Server: NS1.UNLIMITS.NET
Name Server: NS2.UNLIMITS.NET
There are in fact multiple cloned copies of effectivesoft.com currently in operation, more on that later.
.
After receiving a completed application from the link, they respond that the cyber-mule is "almost hired" pending completion and return of the requested form:
That mail addresses the first two steps of the process, registering an LLC and setting up a merchant account. As in every case examined over the past two years, without exception, the organized crime syndicate once again specifies that the merchant gateway account must be through authorize.net. The supplied link for the FAQ: >http://effectivemail.org/FAQ.doc is now dead. The effectivemail.org domain is suspended, however, a copy of the FAQ is here:
Notice how they refer to authorize.net as "their partner", and the ironic "Our partner Authorize.net works only with legal entities" .... oxymoron !!
After the last form is completed and returned the following reply is received, You're Hired !:
First step is to register a company. Now they direct the newly indoctrinated cyber-mule to use Legal Zoom (another "partner" !!), as they are a one stop no brain-er shop for setting up a company. You will notice that many of the recent LLC's have been set up by them, and includes "National Registered Agents Inc" (NRAI) as the registered agent for the LLC. They are sort of a Domain by proxy equivalent cloaking service for an LLC. Also new, is the fact that the crime syndicate is now forwarding the cost of the set up to the mules, to avoid any "out of pocket expenses". In the past, cyber-mules were instructed to set up the company on their own, pay for it, and get reimbursed from the first months "take" of the card fraud proceeds.
As you review these actual documents from the criminals, it is worth pointing out once more, the level of detailed knowledge that the criminals have. While a vast reservoir of "how to" information exists on the net, it is hard to believe that the syndicate's intricate knowledge of the US business and financial systems was gleaned entirely from distance learning. In addition, these criminals have perfected a sophisticated system that weaves a thread through several gaping flaws in the banking and card processing system. They don't just do it once or twice, there have been hundreds of individual set ups done in the past few years. This is especially bothersome, since many of the entities were shutdown for excessive charge backs, and subsequently collapsed under the weight of the mounting fees. Or in some rare cases, by sheer accident, became blacklisted in the card processing system for fraud reports. Just how many hundreds of times do you have to keep going back and knocking on the door for a new account, carrying the same modus-operandi, along with one of a few known site templates for intangibles, before someone says, "Woah !, wait a minute, this looks familiar".
I am of the opinion that some members and co-conspirators of this crime syndicate have spent some considerable time in the US, or are here, have relatives here, or travel here frequently. The level of knowledge is way too detailed. Over the years, I have never uncovered any evidence to indicate that there were any participants, other than the recruited duped cyber-mules. However, if my hypothesis is correct, there would be a huge distance kept from the actual operation. That knowledge is way too detailed not to have been partially acquired by some "hands on" experience. I will admit that my opinion is biased somewhat, based on evidence uncovered, but never published, in the 2005 ScriptsStore Scam: »Scripts Store Credit Card Scam. In that apparently unrelared case, which ultimately turned out to be the same type of modus-operandi, orchrastrated out of Russia. The evidence, though several layers away, revealed more than anecdotal connections to Russian expatriates who may have once been enrolled in the University of Memphis Computer Science Department, and live in that area. However, I digress.
When the company application process via Legal Zoom / NRAI is processed, the cost is then sent to the syndicate. They reply, "let's get to work" !:
They now prep the cyber-mule for the set up of the business bank account, and merchant account application. They limit the bank options to: Bank of America, Citizens Bank, Wachovia, Wells Fargo, and Washington Mutual, because they are the banks affiliated with authorize.net.
This is the second time that inbound funds have came from the Ukraine:
quote:
SENDER : grigoriy gorvat
CITY, COUNTRY : Dnipropetrovsk, Ukraine
MTCN : 4126387682
AMOUNT : $357
SENDER : vadim zagray
CITY, COUNTRY : Kyiv, Ukraine
MTCN : 1961050271
AMOUNT : $300
As mentioned previously, a few months back, an under cover cyber-mule managed to extract set up funds from the syndicate, even though they had told him to pay out of pocket and get reimbursed. In that case the funds were listed as coming from:
quote:
SENDER : Natalya Mitrofanova
CITY, COUNTRY : Nikolaev, Ukraine
MTCN : REDACTED
AMOUNT : REDACTED
Now that the process is well under way, it is time to review the cyber-mules duties and responsibilities. Also, an oportunity to prepare and numb them for the inevitable charge backs.
quote:
What else would require your attention?
Chargeback is inevitable for any online business, and every seller of goods on the Internet has to face it. The company Visa and MasterCard set the maximum amount of chargeback to 3% of total sales.
We have developed an effective program to fight with chargeback, and the chargeback percentage does not exceed the allowable level of global proportions.
Your task is to catch when a chargeback occurs, and inform us in a timely manner. We prepare a set of documents for you that is necessary to dispute the chargeback in the bank, then we send the package to you so that you can submit it to the bank for a dispute.
If all the steps are done correctly, we can surely provide a successful ground for our partnership and our business
Remember the cyber-mule has no access to the website or the controls, only the accounts that they set up.
The crime syndicate even provides their take on the Tax implications:
Though this operation was only up and running for a short period before the cyber-mule was located and contacted, the criminals nevertheless managed to extract around $50,000 of the fraudulent card proceeds, and get it out of the country.
All the money was sent via a half dozen or so wires to The BANK OF CYPRUS, in Nicosia: »www.bankofcyprus.com/Main/Default.aspx The same beneficiary was used in all transfers:
MARMION PACIFIC CORPORATION, also listed with an address in Nicosia. The wire details for all transfers were:
quote:
NAME OF COMPANY : MARMION PACIFIC CORPORATION
COMPANY ADDRESS : 95 Athalassas Avenue, 3rd Floor
CY-2024, Nicosia, Cyprus
BANK NAME : BANK OF CYPRUS
BANK ADDRESS : 28 Michalakopoulou Street,
CY-1075 Ayji Omologitae, Nicosia
Account number : 0155-40-642688-06
SWIFT : BCYPCY2N
Even though the last transfer was made within thirty six hours prior to contacting the cyber-mule, despite immediate notification, Wachovia was unable to recover that transfer, or any of prior ones from the BANK OF CYPRUS.
The status and role of MARMION PACIFIC CORPORATION is unknown at this time. I have not yet established if they are an existing entity. A check of business entities registered in Cyprus does not yield anyone by that name. The only hit for that "95 Athalassas Avenue, 3rd Floor" specific address is for this unrelated company: »www.netway.com.cy/index.php?cat=21
More to follow,
MGD
EDIT= fix typo added text | |
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | Wow, Simply Amazing! I am in awe of the detailed detective work you are doing and have already done.
I can say one thing, about the cyber mules in that I do feel a bit of compassion for them and how much (speaking for myself only) that an income like being offered by these SOB criminals would make such a difference for my son and myself and that it hurts to think how many innocent people are being hurt by the actions of the criminal groups on both sides (credit card holders and cyber mules).
Why are there not more news reports like the Detroit woman, Krystal Owens, being reported?
This is an interesting read also.
»complaintwire.org/Complaint.aspx···jKEHLtfw
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? | |
 LizzPremium
join:2002-10-22
Fullerton, CA | reply to MGD
MGD,
You're awesome!
LegalZoom was co-founded by Robert Shapiro (of OJ trial fame) and he has TV ads that run fairly regularly here in the LA area. I'm wondering if there's any point in contacting him about his "unwitting" participation in these criminal activities.
Liz | |
MGDPremium,MVM
join:2002-07-31
kudos:9
1 edit | reply to Doctor Olds
said by Doctor Olds:... Why are there not more news reports like the Detroit woman, Krystal Owens, being reported? So far as I can find, there have not been any other cases at the local or state level. Several local investigations have referred the cases to federal authorities once the full extent of the operation was discovered.
I believe we are getting close to the tipping point where the story will get repeated national coverage.
Indeed it is, that tj poster appears to have a good handle of the issue.
I just ran across this post on the complaintsboard.com from someone who claims to be the "Atala Designs" cyber-mule:
quote:
31 days ago by Alan
I can tell you who Atala Designs is...it is me.
I was duped into being a "money mule" for a group of very sophisticated Russian mafia operations that are using Craig's List & other sites to find idiots like me to help them export stolen credit card charges. It is serious enough that the FBI is involved but these folks are too smart to be caught. I was the fall guy & now am facing possible crminal charges as well as personal liability from the bank merchant account subsidiary. By the time I got wise & shut down my merchant account there had been about $160,000 worth of activity! Remarkably, only about 5% of the charges were even disputed.
The shameful secret to all of this that has not been seen is that the BANKS are making out on every transaction as well as every chargeback that is disputed. In a 4 month period of my involvement (through Jan.), of the $160,000 in charges (@ an average of $11.00 per transaction you can do the math to figure out how many credit cards this involved), the bank card processors earned themselves (legally) $40,000 in fees! There is no doubt in my mind that this scheme could be stopped dead if the banks were not finding it to be a lucrative gold mine of extra income.
I regret ever being foolish enough to think that I was working for honest people & for all of the inconvenience it has caused to card holders. The sad truth is that we just seen the beginning of a massive meltdown in capitalism. Our own consumer-driven, charge now, pay later mentality has opened the doors to incredible abuses.
Ref: »www.complaintsboard.com/complain···031.html
[EDIT= Ataladesigns.com AKA Atala Designs, Inc 214-594-4188 was listed back in December 2007 »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto they were originally a Hub C&C recruitment site. An example of the Craigslist respone is posted there. Atala was subsequently converted for use as a card fraud processing domain. /EDIT]
MGD | |
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to Lizz
said by Lizz:MGD,.........I'm wondering if there's any point in contacting him about his "unwitting" participation in these criminal activities. Liz Thanks,
At that level there is really no criteria that could be used to filter them out. LegalZoom is just one of many companies offering a "one stop shop" for setting up a registered business entity. There is no vetting process required to set one up. At that stage there is nothing nefarious about the application. Neither the cyber-mule nor the company would be aware of the ultimate illicit purpose for the formation.
The first signs of pending criminal fraud would occur during the merchant account application process, and be visible repeatedly thereafter at various levels of the financial processing system.
MGD | |
Zenith
join:2008-03-12
Danville, IL | The only possible way that I see that these bogus companies could be screened somewhat is to flag and filter thru all company names with the word "solutions", "Technologies", or "Design" in them, but still there is no guarantee as mule can use any business name they like and/or already have. | |
MGDPremium,MVM
join:2002-07-31
kudos:9 | said by Zenith:The only possible way that I see that these bogus companies could be screened somewhat is to flag and filter thru all company names with the word "solutions", "Technologies", or "Design" in them, ...... Yes, that would snag about 80% of them right there. This is at the stage now where many of us could be blinfolded, and have someone read out a list of domian names, while we yell "scam", and be 95% accurate or better.
MGD | |
|
