Broadband Tech > Security > Scam and Phishbusters > [Scam] Shipping Scam

[Scam] Shipping Scam

reply to bte52
As I mentioned I was very suspicious but did begin a dialogue with these confirmed scammers. I supplied them with my full name, home address and telephone contact numbers. I was asked to sign a contract, scan and return it to them along with a scan of my drivers license confirming my home address. I did not do the latter. That being said do you think that I have reason to be concerned that they have my contact information? Should somebody make the registrant in North Carolina aware of this problem with his domain?
--
Verizon DSL 3000/768 - I can only hope for FIOS

reply to bte52
hht-managers.com = IP 81.2.226.163

81.2.226.163 [reverse DNS - 163.226.forpsi.net]

Hosting:

1. Fsmanagers.biz
2. Hht-managers.com
3. Rcem.biz
4. Vdsmanagers.com

Add Fsmanagers.biz and Vdsmanagers.com to the same criminal's inventory fraud list.

»Fsmanagers.biz
Snapped 2008-12-16 16:58:41

»Fs-jsc.com
Snapped 2008-12-16 16:58:24

»Rc-jsc.com
Snapped 2008-12-16 16:58:07

reply to bte52

reply to bte52

olc-managers.info

I AM SO GLAD I SAW THIS SITE AND THIS POST ABOUT THE SHIPPING SCAM BEING DONE BY HHT Logistics. I was contacted this week by them as well from my resume being on CareerBuilder. The HHT Logistics website looks legit (although very badly written).
I also supplied only my basic info and was then today asked to sign a 5 page contract. I was suspicious from the getgo and after talking it over with my family, decided to Google their name. Thanks so much for this information on these
criminals who were attempting to make me one of their cyber-mules! Truly horrible for me to think I could have gotten hooked into something illegal involving criminals. Thanks
bte52 and to MGD for confirming what I thought. Is there anywhere to report this type of crime being done on the internet?

Thanks for posting Marlene, and you are welcome. I knew after confirming bte52 's statement that nothing about this criminal fraud operation turned up in searches, that they were recruiting exclusively from online resumes. That tactic kept them below the radar until now. In fact they are easily traceable back to the beginning of 2008, and we should assume that they have been operating a lot longer than that.

There have been over 50 search referral hits within the first 24 hours of Google archiving this thread. That indicates that these criminals are actively involved in trolling careerbuilder.com for potential victims.

If bte52 has time, he should post images of the "Employment Contract" and redact any of his personal info if it exists on there. He can contact me via IM for assistance if needed. That will be additional public evidence of the fraud operation, and may assist in having the websites shut down, and the domains revoked. That obviously would only be a temporary solution, since they will reset them up under new names.

Since this form of cybercrime is so rampant there is probably little that can be done from a Law Enforcement perspective. In addition, the evidence is indicating that these criminals are located in Eastern Europe, most likely operating out of Russia.

The ideal solution is that everyone ignores this form of solicitation. There is no legitimate business model where one becomes employed solely via email communication. One should never forward identity documents from an email solicitation.

Again Kudos, to bte52 for his intuition, his vetting process on the solicitation is a page from the establishing legitimacy playbook. he was solicited by a company who claims to be based in the UK. They have a website that is hosted in the Czech Republic, and the domain or website is registered to an individual in North Carolina. A guaranteed scam, and a virtual recipe from the book of fraud recognition.

Another example is the criminal's rc-jsc.com fraud site, titled:

Royal Currency Ltd - Foreign Exchange Specialists

Everything stated here »rc-jsc.com/contact/default.htm is bogus:

quote:

---

Royal Currency Head Office
Royal Currency Ltd
26 Battersea Square
London
SW11 3RA
United Kingdom

Tel: +44 (0) 20 7738 0333
Fax: +44 (0) 20 7801 0620

All Royal Currency accounts are held with HSBC Bank plc.
HM Revenue & Customs Certificate of Registration
for Money Service Businesses Number: 12120036 0000
Copyright © 2002-2006 Royal Currency Ltd.

Registered name: Royal Currency Limited,
Registered in England No.4017212
United Kingdom Consumer Credit Licence Registration Number: 536155
Royal Currency Ltd is the preferred foreign exchange partner of The Offshore Financial Trade Association.

---

orion-logistic.info IP 81.177.9.119
.
IP Address History
.
Event Date   Action       Pre-Action IP   Post-Action IP
2008-02-14   New            -none-        81.177.9.119
2008-08-03   Not Resolvable 81.177.9.119   -none-
.
.
Name Server History
.
Event Date   Action    Pre-Action Server   Post-Action Server

2008-02-14    New           -none-          Highthost.ru
2008-02-27 Transfer    Highthost.ru         Orionlogistic.info
2008-02-28 Transfer    Orionlogistic.info   Highthost.ru
.
.
.
IP Information for 81.177.9.119
IP Location:   Russian Federation Consult It Co. Ltd
IP Address:  81.177.9.119
SSL Cert:  www.snakeoil.dom SSL Certificate has expired.
Reverse IP:  11 other sites hosted on this server.
Blacklist Status:  Clear
.
Whois Record
inetnum:      81.177.8.0 - 81.177.9.255
netname:      CONSULT-IT
descr:        "Consult IT" Co. Ltd.
country:      RU
admin-c:      CIT-RIPE
tech-c:       CIT-RIPE
status:       ASSIGNED PA
mnt-by:       AS8342-MNT
source:       RIPE # Filtered

role:           Consult IT NOC
remarks:        eServer.ru - hosting operator
address:        "Consult IT", Co. Ltd.
address:        Maliy Zlatoustinskiy lane, 10, building 3 AB
address:        101000, Moscow
address:        Russian Federation
.
route:        81.176.0.0/15
descr:        RTCOMM-RU
origin:       AS8342
mnt-by:       AS8342-MNT
source:       RIPE # Filtered

whois query for 66.36.242.66...
.
Results returned from whois.arin.net:
.
.
OrgName:    HopOne Internet Corporation
OrgID:      HOPO
Address:    3311 South 120th Place
City:       Tukwila
StateProv:  WA
PostalCode: 98168-5125
Country:    US
.
ReferralServer: rwhois://rwhois.hopone.net:4321
.
NetRange:   66.36.224.0 - 66.36.255.255
CIDR:       66.36.224.0/19
NetName:    HOPONE-DCA2-1
NetHandle:  NET-66-36-224-0-1
Parent:     NET-66-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.HOPONE.NET
NameServer: NS5.HOPONE.NET
NameServer: NS3.HOPONE.NET
NameServer: NS2.HOPONE.NET
NameServer: NS6.HOPONE.NET
NameServer: NS4.HOPONE.NET
Comment:
Comment:    HopOne Internet Corp.(R)
Comment:    "The Foundation of Internet Success."(R)
Comment:    www.hopone.net
RegDate:    2002-08-27
Updated:    2005-09-26
.
RTechHandle: HJ48-ARIN
RTechName:   Jass, Haralds
RTechPhone:  +1-206-438-5909
RTechEmail:  hjass[]hopone.net
.
OrgAbuseHandle: ABUSE958-ARIN
OrgAbuseName:   Abuse Department
OrgAbusePhone:  206-438-5909
OrgAbuseEmail:  abuse@hopone.net
.
OrgTechHandle: HJ48-ARIN
OrgTechName:   Jass, Haralds
OrgTechPhone:  +1-206-438-5909
OrgTechEmail:  hjass[]hopone.net

Information related to '81.2.225.0 - 81.2.226.255'
.
inetnum:        81.2.225.0 - 81.2.226.255
netname:        CZ-INTERNET
descr:          Servers Bratislava
descr:          Ktis 2
descr:          okres Prachatice
descr:          384 03
country:        CZ
admin-c:        ES4377-RIPE
tech-c:         PK677-RIPE
status:         ASSIGNED PA
mnt-by:         INTERNET-CZ-MNT
changed:        zz[]internet-cz.cz 20030907
source:         RIPE
.
person:         Erich Syrovatka
address:        INTERNET CZ, a.s.
address:        Ktis 2
address:        Ktis
address:        384 03
address:        CZ
phone:          +420 383835353
abuse-mailbox:  abuse@forpsi.com
nic-hdl:        ES4377-RIPE
mnt-by:         INTERNET-CZ-MNT
changed:        erich[]forpsi.net 20071211
source:         RIPE

I was almost taken advantage of by this Logistics company. I am glad I did my research before giving up any information.

-S.M.

reply to bte52
Below is a copy and paste of the original email that I received from HHT Logistic Company. It came directly through the careerbuilder

CareerBuilder: Merchandise manager

"John Richardson"

CareerBuilder: Merchandise manager

Dear :

I have reviewed resume which You recently posted online.
I've thoroughly examined Your qualifications and experience. And I have concluded that you may have the skills needed to fill a merchandise manager position.

Description:
Over the past four years, HHT Logistic Company has emerged as the leading innovator in the merchandise forwarding service with an approach focused on European. The US take-up of Internet trading is much higher than in the Europe. Many Internet auctions and stores in the United States of America do not ship the products overseas. As the result thousands of customers in Europe are not able to access the large market and purchase high-quality merchandise at so low prices. HHT Logistic Company provides European customers with US and Canada street addresses that can be used as the shipping addresses. Then our merchandise managers forward the packages to the country where the customer is located. It is the same if they had relatives or friends in the United States and could ask them about such service.But not so many Europeans have friends and relatives in the United States.
Our service is in the ever growing demand. Today we have few merchandise managers on the territory of the United States and Canada but quantity of our customers increases and we plan to expand.

Candidates for the Regional Business Representative position with HHT Logistic Company must be hard working and employ communication skills,highly motivated individual willing to work a flexible schedule. Responsibilities include managing all aspects of Processing and Operations.

The main requirements for the merchandise manager position are:
- Home computer with Internet access and e-mail;
- Opportunity to check e-mail for new letters regulary(several times each day);
- Two or three hours of spare time per day(mainly in the evening / non-business hours) for communication;
- USA residence;
- Energetic, self assured, self motivated, enthusiastic and achievement oriented;
- A collaborative approach to working with all areas of the company, combined with an appropriate emphasis on achieving the unit objectives;
- Flexibility to readily adapt to change;
- Strong ability to focus on streamlining processes and procedures;
- A bias for action and passion for success;
- Analytic-problem solving;

Pay Ranges:
- $24,000 - $26,000 per year plus Monthly Bonus

Benefits:
- Medical/Dental/Vision Plans
- Basic Life/Supplemental Life Insurance Spouse/Dependent Life Insurance
- Short and Long Term Disability
- 401(k) and Profit Sharing Plan
- Employee Stock Ownership Plan
- Tuition Reimbursement
- Vacation & Personal Holidays
- Care Bridge Employee Assistance
- Opportunities for professional growth

I hope you'll apply for the merchandise manager position at HHT Logistic company.

To request an application, please REPLY.

With best regards,
John Richardson
Personnel Department
HHT Logistic Company

You are receiving this employment opportunity email because you uploaded your resume on CareerBuilder. This email is used for hiring process only to prevent the company from spam messages.
If your employment status has changed or you no longer wish to receive these emails, you can update your privacy and communication preferences from your resume by logging onto CareerBuilder.com:
»www.careerbuilder.com/jobseeker/···ter.aspx

--
Verizon DSL 3000/768 - I can only hope for FIOS

reply to bte52
I'm a bit late to this but this statement ALONE gives it away as fraud - This company supposedly pays you to receive packages at your home and then forward them internationally at their expense.
--
It is better to have it and not need it, than to need it and not have it.

reply to bte52
OTwo points not mentioned earlier:

1) All shipments leaving the US in this manner must be reported to the commerce department. It is a federal crime to not do this.

2) If what you are shipping contains certain technologies, they may not be shipped under any circumstances.

I've personally run afoul of the latter two. Not fun.

reply to 61999674

reply to bte52

reply to bte52
I also received this identical email. As always, I visited the website of the offering company and Googled their address and phone numbers in the UK and found they belonged to the Travel Channel UK. I then found the domain registration to be from North Carolina and hosted with HopOne Internet Corporation in Washington State. So I forwarded the email, registrant and hosting info to both Careerbuilder.com and Travel Channel UK. Both responded back and thanked me. I was told that the site had been shut down after a letter from the IS manager of Travel Channel...but like MGD said - just the tip of the iceberg.

[127.0.0.1] returned a non-authoritative response in 0 ms:
Header rcode: Success id: 0
opcode: Standard query is a response: True
authoritative: False
recursion desired: True recursion avail: True
truncated: False
questions: 1 answers: 7
authority recs: 0 additional recs: 0
.
Questions
name class type
ilc-corp.com IN ANY
.
Answer records

name         class type data        time to live
.
ilc-corp.com IN NS ns1.34124734.com 425s (7m 5s)
ilc-corp.com IN NS ns2.34124734.com 425s (7m 5s)
ilc-corp.com IN A 89.77.241.45 425s (7m 5s)
[chello089077241045.chello.pl]
.
ilc-corp.com IN A 190.224.252.98 425s(7m 5s)
[host98.190-224-252.telecom.net.ar]
.
ilc-corp.com IN A 190.246.177.13 425s (7m 5s)
[13-177-246-190.fibertel.com.ar]
.
ilc-corp.com IN A 212.16.153.35 425s (7m 5s)
[h153-35.pool212-16.dyn.tolna.net]
.
ilc-corp.com IN A 68.190.211.54 425s (7m 5s)
68-190-211-54.dhcp.gldl.ca.charter.com]

Information related to '81.176.226.0 - 81.176.226.255'
.
inetnum:        81.176.226.0 - 81.176.226.255
netname:        INSOLVERTC2
descr:          In-Solve/1Gb.ru hosting services provider
descr:          107078, Russia, Moscow
country:        RU
admin-c:        DM3950-RIPE
tech-c:         DM3950-RIPE
status:         ASSIGNED PA
notify:         noc@in-solve.ru
notify:         lir@rtcomm.ru
mnt-by:         AS8342-MNT
changed:        l.belikova@rtcomm.ru 20070319
source:         RIPE
.
person:         Dmitry Mikhailov
address:        107078, Russia, Moscow,
address:        Sadovaya-Spasskaya 13, 2
e-mail:         noc@in-solve.ru
phone:          +7 495 2211152
notify:         noc@in-solve.ru
nic-hdl:        DM3950-RIPE
changed:        dmih@in-solve.ru 20061014
source:         RIPE

Retrieving DNS records for ilc-corp.com...
.
DNS servers
ns2.34124734.com [83.229.249.111] [reverse DNS - 83.229.249.111.ptr.mchost.ru]
ns1.34124734.com [83.229.249.111] [reverse DNS - 83.229.249.111.ptr.mchost.ru]
.
.
DNS:
ns1.22465623.com [78.47.60.17][clients.17.60.47.78.hostd.ru]
ns2.22465623.com [78.47.60.17][clients.17.60.47.78.hostd.ru]

 Registration Service Provided By: LXHOST.INFO
Contact: +375.296521846
Website: »www.lxhost.info/
.
Domain Name: 22465623.COM
.
Registrant:
    n/a
    Dfgsdf Hdggs        (informationfm9w6@gmail.com)
    Resona St.12434
    New York
    New York,90024
    US
    Tel. +001.34545233454
.
Creation Date: 03-Jun-2008
Expiration Date: 03-Jun-2009
.
Domain servers in listed order:
    ns2.22465623.com
    ns1.22465623.com
.
.
.
Registration Service Provided By: RESELLERCLUB
Contact: +1.4152361970
.
Domain Name: 34124734.COM
.
Registrant:
    n/a
    Fredrik Bon        (jackm51hjscott@gmail.com)
    Servedor Rd. 12
    New York
    New York,90012
    US
    Tel. +001.344253243523
.
Creation Date: 03-Jun-2008
Expiration Date: 03-Jun-2009
.
Domain servers in listed order:
    ns2.34124734.com
    ns1.34124734.com

»ilc-corp.com/index.php?p=p2_4
Snapped 2008-12-20 16:05:23

»74.125.45.132/search?q=cache:htt···&strip=1
Snapped 2008-12-20 16:05:05

»www.employersjobs.com/job_detail···ic-Group
Snapped 2008-12-20 16:04:48

quote:

---

Sandi Hardmeier said:
You may find this interesting: A new registration: Centurion-Logistic.net - created 8 September 2008 - Registrar Estdomains Nameservers: ns2.nitogrant.com, ns1.nitogrant.com - Registrar DIRECTI, WHOIS hidden behind privacyprotect.org >http://www.centurion-logistic.net is only accessible from some countries, one being Germany

---

reply to bte52

What can these people do if they get some of your information but not all? I, like an idiot, have sent them some information because I did not scroll down far enough when I was checking on them a week ago.