dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5
share rss forum feed

MGD
Premium,MVM
join:2002-07-31
kudos:9
reply to garys_2k

Re: Spam flooding to hide something even more sinister

I agree, the delivery name and address is guaranteed to be a package reshipping mule. Based on that modus operandi and the contents, there is a better than 90% chance those items will be reshipped to Russia or former CIS the same day they arrive.

Though you are not responsible for the charges, I would make some effort to see that the cyber criminals do not benefit from this fraud transaction. Inclucding tracking down contact info for the recipient and alerting them, publish delivery specs if necessary. Sometimes the drop can be a commercial reshipping service. In either event, there will be a rush to get the products out of the country ASAP.

MGD


garys_2k
Premium
join:2004-05-07
Farmington, MI

It looks like a residential address.


MGD
Premium,MVM
join:2002-07-31
kudos:9

1 edit

said by garys_2k:

It looks like a residential address.

Thanks, just noticed that:

La Tanya Fuller
7119 Green Valley Ln.,
Riverdale, GA 30274-3207
678-964-1004 = cell Metro PCS Conyers, Georgia

Looks like someone may have already intervened, probably Apple once notified of the billmelater reversal. Of course the recipient could have also notified to hold at terminal, and be instructed re-label for immediate same day export shipping.




Ref:»www.fedex.com/Tracking?cntry_cod···=english

Held at terminal could be an intervention, or part of the plan.

MGD

garys_2k
Premium
join:2004-05-07
Farmington, MI
Reviews:
·Callcentric
·callwithus

Well, if holding and redirecting it at the terminal is part of the plan, than Ms. Fuller may not be a mule. I'd figured her to be one of those people who fell for the "make money at home receiving packages" scams but with the hold that may not be the case. Perhaps her address was a purely random pick and the criminals never meant it to be delivered there.


MGD
Premium,MVM
join:2002-07-31
kudos:9

1 recommendation

reply to garys_2k

said by garys_2k:

It looks like a residential address.

Suspicious that Google only points to the dead end part of the street: »goo.gl/VhyZU I then checked the Clayton county, Ga property records. There is no 7119 Green Valley Ln., The last house on the left view is 7115. Therefore the plan all along was to hold the package at Fedex.

Maybe the criminals will try to get Fedex to export it directly. If my data is correct certainly no one can show with a valid ID for that address. Watch the package transactions, I also reduce my eastern Europe export to 65%. The rest of the mo is identical, however, packages are usualyy sent to the real addresses of mules.

The significance of this deviation is unknown, and could mean a different scenario. The mail bombing of the victim's account and sometimes even their telephone number is a hallmark of the original mo. There are even Russian providers who offer the mail bombing and phone number lock up as a service. They are advertised in the same underground forums as the Zeus and Black Hole Exploit kits.

MGD

garys_2k
Premium
join:2004-05-07
Farmington, MI
Reviews:
·Callcentric
·callwithus

Ah, then no doubt "Ms. Fuller" will call FedEx and have them redirect the package with stolen credit card information.

Props to the OP for digging the important emails out of the spam pile -- I doubt I would've had the patience to do so.

Good catch, too, on the address. I noticed the Google Earth "near miss" to the empty lot but didn't think anything about it. All part of the plan, I suppose, but maybe not a key part. They could even use a real address from out of the phone book, the actual owner would never be the wiser unless an investigator came to the door.


MGD
Premium,MVM
join:2002-07-31
kudos:9

2 edits

1 recommendation

reply to garys_2k

said by garys_2k:

Well, if holding and redirecting it at the terminal is part of the plan, than Ms. Fuller may not be a mule. I'd figured her to be one of those people who fell for the "make money at home receiving packages" scams but with the hold that may not be the case. Perhaps her address was a purely random pick and the criminals never meant it to be delivered there.

.
Yes all possibilities should remain open. Something strange is now happening with the package status, note the recent update:




MGD
EDIT = corrected image

Edit2= last update may indicate that the delivey address has now been changed.


JALevinworth

@embarqhsd.net

said by MGD:

[snip]
Yes all possibilities should remain open. Something strange is now happening with the package status, note the recent update:
[snip]

Edit2= last update may indicate that the delivey address has now been changed.

hmmm....

3:19 - On fedex truck for delivery
5:11 - Delivery Exception - Incorrect Address

»www.fedex.com/Tracking?cntry_cod···=english

garys_2k
Premium
join:2004-05-07
Farmington, MI
Reviews:
·Callcentric
·callwithus
reply to MGD

Click for full size
I'm not sure what this means...

Maybe they "correct" (overseas) address has been called in.

Edit:

JALevinworth beat me to it...


JALevinworth

@embarqhsd.net

said by garys_2k:

I'm not sure what this means...
Maybe the "correct" (overseas) address has been called in.

I was just wondering that too.
said by garys_2k:

Edit: JALevinworth beat me to it...

Pictures are nicer though.
-Jim


BronsCon

join:2003-10-24
Walnut Creek, CA
Reviews:
·SONIC.NET

In my experience it means they tried to deliver it, but the address doesn't exist. It looks like someone requested that it be held, but someone screwed up and put it on the truck anyway.

I've had something similar happen, only it was me not being home and having asked them to hold it so I could pick it up. It got put on the truck, which didn't get back to the facility until after the lobby closed. I was *FURIOUS* because I would be out of town for the next week, at which point it would be returned to sender. A couple irate phone calls to the customer service line later, I got a call from the facility night manager offering to let me in to pick up my package. The stories that guy told me about delivery screwups...

Unfortunately, since you're not the sender, there's literally nil you can do to affect that package, short of physically intervening, and even then, those trucks look like they hurt when they hit you.



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable
reply to JALevinworth

Click for full size
said by JALevinworth :

5:11 - Delivery Exception - Incorrect Address

»www.fedex.com/Tracking?cntry_cod···=english

The help gif shows this info.

8744675

join:2000-10-10
Decatur, GA
reply to garys_2k

The scammers don't usually re-direct packages from Fed-Ex because they would have to pay the extra shipping. Instead they e-mail the mule in the U.S. a used pre-paid USPS Shipping Label (and yes, USPS and FedEx and UPS don't cancel out the shipping numbers and the label can be used again for the same trip.

The unwitting mule receives stolen property purchased online with a stolen credit card, and then ships it overseas with a counterfeit prepaid shipping label sent by the scammer. It almost happened to me until I figured out what what going on, since the last thing an orphanage in Africa needs is a laptop computer and 5 channel surround sound system.

The hardest part was getting the stores to send me prepaid shipping labels so I could return all their stolen stuff instead of shipping it to Nigeria. And nobody cares. The local police said they couldn't do anything because they don't know that a crime was committed. Credit card companies didn't care when I called and gave them the stolen credit card numbers used to purchase the stuff, and the Secret Service never follows up when you report it.