dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
140
MGD
MVM
join:2002-07-31

3 recommendations

MGD

MVM

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

In a post on the previous page, I documented how the crime syndicate was told in February of 2008 that they had to front the costs of setting up the bank business account, merchant account, and Authorize.net/ Cybersouce processing gateway fees for a potential card fraud laundering set up:




Prior to the above event, the syndicate's fronting of the fraud laundering set up costs from the Ukraine via Western Union, was captured during the EffectiveSoft clones of late 2007:
From: Marek Shulcovicz Shulcovicz2002@gmail.com

Sent: Monday, December 24, 2007

Subject: sales representative

Hello,

First of all, I would like to wish you a merry Christmas!

Let’s get back to work now. I got a confirmation that the amount of money needed for the company registration was sent to you about an hour ago. You can get it via Western Union. Below you can find all the information you will need to receive this transfer :

SENDER : grigoriy gorvat
CITY, COUNTRY : Dnipropetrovsk, Ukraine
MTCN : 41263XXXXX
AMOUNT : $XXX

SENDER : vadim zagray
CITY, COUNTRY : Kyiv, Ukraine
MTCN : 19610XXXXX
AMOUNT : $XXX

After receiving the Western Union transfer please send me an e-mail message to confirm the fact that you are in possession of the amount of money needed and you have started the company registration process. After that please read the following step-by-step instructions to set up your work.

o Recommendations for company legalization via LegalZoom.com
1. It is highly recommended that the company name would include the word Solutions, Technologies and Design.
2. If it is required to indicate the scope of activity of the company, please indicate software sales / website development
3. Get a Tax ID*

* There are two ways of getting a Tax ID

a. You can find a special form in your Express Gold package, that will be delivered to you along with your new company documents. After filling out this form and sending it to IRS, you will get your Tax ID for free in two weeks.

b. LegalZoom.com gives you an opportunity to get a Tax ID while you are registering your company. You are going to need extra $49 to do so.

........
...
..
.

The moment when you sign the contract will be the start of your first working day.

Should you have questions, I am always ready to answer them.

Best Regards,
Marek Shulcovicz
EffectiveSoft Ltd.
Since that time, the crime syndicate has also been tracked using Paypal to front funds for several operations last year. However, a recent cyber-mule intervention had a surprising twist, which demonstrates the long term repetitive patterns of behavior of the criminals. That story began with an attempt to track down and reach a recent cyber-mule. Despite a past posting from a legal professional who opined that it takes less time to reach out and shut down a cyber mule operation, than it does to write about it, is simply not the case.

In this case multiple attempts over a two week period to reach the cyber-mule were ignored. The ignoring is understandable as they appear initially to be unsolicited calls. Even when contact is made, the second and most difficult part of the process begins. One has only a few minutes of conversation with which to lay out irrefutable information and convince the participant that they are involved in a very serious global crime. That is not an easy task considering that they have been duped into totally believing that they are involved in a legitimate eCommerce operation. Furthermore, that initial contact must conclude with the cyber-mule logging in to the authorize.net account and immediately blocking further card processing, a non negotiable function which must be done. In addition the convincing has to be significant so as to prevent the cyber-mule from alerting and advising the crime syndicate of what has just transpired. That initial contact and conversation, if successful, will generate multiple emotional phases as the true facts of what they are involved with are realized.

In this case a frustrating issue was that several wire transfers had been commenced during the prior 48 hours while repeated contact attempts were made. One of the first orders of business was to have the cyber-mule head to the bank and attempt a revocation of the recent wired fraud proceeds. Wire transfers are irrevocable instruments especially foreign ones, and can rarely be accomplished without the participation of the recipient account holder. In these cases that is a non issue, however, if the originating bank security officials are made aware of the fraud, sometimes additional intervention can block the funds from exiting the foreign account. It has been known for sometime that the organized crime coordinates the wire transfers and that they are immediately fully withdrawn in cash upon arrival. Nevertheless, since wires had been commenced within the past 24 to 48 hours, it was appropriate to at least make an attempted revocation.

The process and the surprising conclusion of this scenario can best be seen from these edited communication transcripts. A noteworthy point of how stealthy this massive fraud operation has now become can be seen for the following facts. In this case, the cyber-mules assigned websites had processed $100,000 of fraud charges within several weeks of full blown operation status. Yet, if you search, you will only find around 15 posted victim fraud complaints. $100,000 in fraud charge processing should involve 10,000 victims at a minimum, and less than two dozen complaints surface on the internet. That ratio should give you a good idea of how much fraud is occurring under the surface. It becomes even more disturbing when you consider that if the fraudulent business account was opened at one of the top national banks, then probably 30% of the cards charged may have been issued by the same institution. Essentially you have a bank who is unwittingly enabling the fraudulently applied charges to be taken from its own customer accounts at the institution. The fraudulent funds are then directed into another account at the same institution, where they are then wired out of the country. At the lowest common denominator, an unbelievable facilitation by financial institutions to global organized crime.

That a sophisticated fraud against their own customers could be successfully pulled off, maybe once or twice, with their unwitting cooperation, would not be all that surprising. That it could continue unabated for over half a decade, right under their nose, is stunning. Especially given the elevated banking, know your real customer, and anti money laundering requirements of the Patriot Act. Though the filings are secret, I suspect that one could count the total SAR (Suspicious Activity Reports), or other FinCEN required reporting on the fingers of one hand, that have been filed by banks on this organized crime syndicate's activities, excluding ones resulting after the fact when the bank has been alerted from the outside. If that is a correct assumption, then it is alarming, considering that an account whose entire deposits are generated from card transaction proceeds, then 90% of the intake is wired out of the country to high risk potential money laundering conduits. Almost a classic textbook example of what should generate high suspicions of criminal activity and money laundering.

Edited transcript:

After first phone call:
==========================
Subject: Follow up to telephone conversation

Please forward me copies of the emails that worldcreativestudio.com
sent you which contain instructions to wire the money.
==========================

==========================
Hi MGD,

Needless to say, I am speechless and in a complete state of shock. I went
ahead and placed all 3 accounts on test mode and changed all the passwords.
These people do not have access to the bank accounts. How long would you say
it takes for the sales to stop going through once the accounts are in test
mode?

==========================

==========================
Hi,

As soon as you place it in test mode then no more charges will be processed.
The criminals may be still processing charges into the system, as it will
take them a while to realize that the system, once set to test mode, will
accept the entries, however, it will discard and not process them. For
ethical and other reasons, you can now no longer contest the disputed
charges from the card victims. Depending on the available current funds in
the account it is best to issue credits to as many of the current pending
disputes as possible.

Also, I need the wiring details ASAP, so I can try and have the Latvian bank
account frozen. Based on the limited information that you gave me over the
phone regarding the beneficiary name of "DIMEFIELD MANAGEMENT LTD." in the
British Virgin Islands, I have came up with this as a possible address:

PO Box 3469,
Geneva Place,
Waterfront Drive,
Road Town,
Tortola,
British Virgin Islands.

The BVI is a known haven of offshore shell company registrations for Russian and
other money laundering criminals.
==========================

==========================
Hi MGD,

Here is the bank info you need:

-------------------------------------------
———- Forwarded message ———-

From: adrian_nowak@worldcreativestudio.com

Date: XXXXX 2009

Subject: Adrian Nowak. World Creative Studio, Inc.

Hello,

Please do the transfer to our bank account today.

Here it’s the bank info:

Beneficiary’s Bank Name: Aizkraukles banka
Beneficiary’s Bank SWIFT code: AIZKLV22
Beneficiary’s Bank Address: Elizabetes 23, LV-1010, Riga, Latvia.
Beneficiary Account: LV29AIZK0001140110388
Beneficiary Name: DIMELFIELD MANAGEMENT LTD
Beneficiary address: Geneva place Waterfront Drive Road, Town Tortola,
British Virgin Islands
Detail of the payment: For law consulting invoice 29072009/1 dated
30/07/2009

Please be sure that you write down exact Detail of Payment. It’s very
important for us.

The transfer must be from your company name Remote Access Group, Inc.,
from the bank business account.

When you do the transfer please tell me the sum of it.

Best regards,

Adrian Nowak.
Chief manager of World Creative Studio, Inc.
adrian_nowak@worldcreativestudio.com
Phone/Fax for the USA: (954) 208-7279
-------------------------------------------

-------------------------------------------
———- Forwarded message ———-

From: adrian_nowak@worldcreativestudio.com
Date: XXXXXX 2009

Subject: Adrian Nowak. World Creative Studio, Inc

Hello,

Yes please do the transfers tomorrow.

Detail of payments:
1 account: For law consulting invoice 19082009/1 dated 20/08/2009
2 account: For law consulting invoice 19082009/2 dated 20/08/2009
3 account: For law consulting invoice 19082009/3 dated 20/08/2009

Best regards,

Adrian Nowak.
Chief manager of World Creative Studio, Inc.
>adrian_nowak@worldcreativestudio.com
Phone/Fax for the USA: (954) 208-7279

==========================

==========================
From: MGD

To Cyber-Mule:

Thanks, I do not need exact, just a guess as to the approximate total
transfers.
==========================

==========================

From Cyber-Mule:

13 transfers totaling $87,592. I did the math earlier. Are you already in
touch with that bank?

Thanks for your help…
==========================

==========================
To Cyber-Mule:

Go to Wachovia ASAP and try and initiate a revocation on the last wire
transfers that just left. Foreign transfers take a few days, and they may be
able to recall it if it has not reached the account at the Latvian bank
==========================

==========================
[Notification sent to Latvian bank and the Latvian government bank regulatory agency]

XXXXX@ab.lv XXXX@ab.lv

XXX@fktk.lv

Subject: ALERT: Criminal Money Laundering report (AML) at Aizkraukles Banka

FRAUD ALERT: Criminal Money Laundering report
.....
...
==========================
==========================

From: MGD

To: XXXX at jordans-international.com

Subject: DIMELFIELD MANAGEMENT LTD

The above company appears to be using your address:

DIMELFIELD MANAGEMENT LTD
Geneva place,
Waterfront Drive Road,
Town Tortola,
British Virgin Islands.

I was wondering if you can confirm if they are a legitimate company at your
address. Or maybe they were registered through your service and are allowed
to use your mailing address.

==========================

==========================

From: XXXXX at jordans-bvi.com

Subject: RE: DIMELFIELD MANAGEMENT LTD

Dear MGD,

I confirm that the above company is a legitimately registered BVI Business
Company (company number 1498731). We provide the registered office and agent
to this company.

Best regards
==========================

==========================

Dear XXXX,

Thank you very much for your confirmation and prompt reply.

I have an additional question, are the registered details for DIMELFIELD
MANAGEMENT LTD a public record?. For example, the owner name or registration
contact details.

==========================

==========================

Dear MGD,

A company search of the public record will reveal the Company Name, Company
number, registered office, registered agent, authorised share capital, the
last licence fee paid, whether the company is in good standing, and whether
the company is in liquidation or has any litigation proceedings, or charges
filed.

Directors and shareholders details are not on public record.

A charge for a company search as above is $150.

Please let me know if I can assist you further.

Best regards

==========================
.

The Cyber criminals are now aware of the Wachovia bank request to Aizkraukles Banka
for the return of the funds. Normal procedures require that the recipient sign off and
authorize the return of wires. Obviously even if the funds were still there, that is not going to happen. In order to stall for time, and for other events to take place, a ruse was devised. The cyber mule initially responded to the crime syndicate’s inquiry on the authorize.net merchant processing account lockout as may being related to excessive chargebacks, and said they would find out what was going on.
==========================

From Cyber-mule:

This was the last message I got from them.

-------------------------------------------
———- Forwarded message ———-
From: >adrian_nowak@worldcreativestudio.com

Subject: Adrian Nowak. World Creative Studio, Inc.

Hello,

Will we be able to start to sell on September 1st? Then we would limit
our sales up to $40,000 for each account. And there will be always
enough funds to cover all chargebacks. Or will we not be able to start to sell again?

It’s impossible to return the transfers because they were directed to
pay our other services already.

Best regards,
Adrian Nowak.
Chief manager of World Creative Studio, Inc.
adrian_nowak@worldcreativestudio.com
Phone/Fax for the USA: (954) 208-7279
==========================

==========================
To: cyber-mule

Excellent, got it.

I see they are asking about if they will be able to continue billing. I
suggest you tell them this:

Due to the growing number of charge backs the merchant account underwriter
told me that they require me to give them an additional $2,000 to be held in
reserve to cover any pending charge backs and the associated fees. This
reserve is above and beyond any pending or actual receipts. They require
this reserve to be on deposit before they will allow the accounts to be
released for additional card processing. Since that $2,000 is above and
beyond the funds that are in the bank account, I am not willing to fund this
out of my pocket.

If you wish to continue processing sales then you need to wire this $2,000
back to business bank account, or send it in some form. That is why I tried
to recall the last transfer in order to cover this new requirement”. If you
do not wish to cover this reserve requirement I will be unable to have the
processing account released. The underwriter at Transfirst said that they
are experiencing an increased amount of chargebacks in general from
ecommerce, and are increasing the reserve requirements on certain designated
accounts to protect themselves.”
——

They may be too smart and knowledgeable to believe this, however, it is
close enough to reality that they may go for it. Especially if they think
that they will be able to continue processing fraud charges. The amount is
small enough that they might consider it worth the risk.
==========================

==========================
Hey MGD,

This is what they had to say to that:

-------------------------------------------
———- Forwarded message ———-
From: >adrian_nowak@worldcreativestudio.com

Subject: Adrian Nowak. World Creative Studio, Inc.

Hello,

Why can they no take this reserve from the hold funds on third
website? They hold aprox. $7,000. So they can take all these money for
all 3 websites for reserve.
Or we can sell for each website for $2,000 and they take these funds
for the reserve.

What you sent to us we spent all funds for advertising.

Best regards,
Adrian Nowak.
Chief manager of World Creative Studio, Inc.
>adrian_nowak@worldcreativestudio.com
Phone/Fax for the USA: (954) 208-7279
=========================

=========================

To Cyber-Mule:

LOL !! "We spent it on advertising" the lying scum. That is right up there
with "the dog ate my homework"

How ironic, not only do the criminals not spend even a penny advertising the sites,
they block every one of the hundreds of them from even being found by search
engines.

Take your time in answering, but we will put the ball back in their court by
saying

"They told me that the $2,000 is the balance needed to meet the total
required reserve. As I told you, I do not have that additional money, nor
should I have to use my personal money to support the business. The merchant
account underwriter’s risk department said that those additional funds will
have to be on deposit before they will release the accounts for further
processing. So it will be impossible to generate that balance from
additional sales. Let me know what you wish to do, as I will need to look
for other employment quickly if you are not going to continue the business."

=======================================

=======================================

Check this out MGD!!

-------------------------------------------
———- Forwarded message ———-

From: >adrian_nowak@worldcreativestudio.com

Date:

Subject: Adrian Nowak. World Creative Studio, Inc.

Hello,

We sent you $2,000 trough the Western Union.
Please pick up the money and inform me when you get them.
The money was sent to these datas:

Sender’s first name: LISOVA
Sender’s second name: VIKTORIYA
MTCN: 294-693-XXXX
City: NIKOLAEV
Country: Ukraine
Sum: $1000

Sender’s first name: VALERIY
Sender’s second name: CHUNIHIN
MTCN: 466-675-XXXX
City: NIKOLAEV
Country: Ukraine
Sum: $1000

We sent the money from Ukraine branch because it’s more cheaper than here.
You can pick up the money in any time now.

Please deposit these funds to cover the balances as they require. Also
please tell at your bank to refuse from their inquiry to return the
last wire transfers. The transfers will not come back in any case
because there are not funds on this bank account. Only our bank
manager ask us what to do with your inquiry. Just tell at the bank
that you did the inquiry by mistake.

Best regards,
Adrian Nowak.
Chief manager of World Creative Studio, Inc.
>adrian_nowak@worldcreativestudio.com
Phone/Fax for the USA: (954) 208-7279
===================================================
Déjà Vu, that was a surprise !! out of left field. Originally thought that they might redeposit funds into the Latvian bank account, thereby presenting an additional tracking opportunity. They even use the same excuse as they did in 2007-2008 to explain money originating from the Ukraine. There must be an organized type of "Hawala" money transfer system, catering to Eastern European criminals, which utilizes the services of Western Union.

Once again this demonstrates a pervasive and sophisticated global organized crime. Protected blind shell companies set up in various facilitating countries around the globe. Corresponding bank accounts in other countries, a complex system to launder the proceeds of card data extracted from infiltrations of the financial system, the proceeds which are then laundered through the same global system. Essentially a fraud tax extracted from consumers via a facilitating system that is no where near capable of addressing it in any meaningful way, or even recognizing it.

MGD