Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Links: home · search · speed test · login · more ·
Links: Reply New Topic
Forums » Security » Spam, Scam and Phishbusters » Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
page: 1 · 2 · 3 · 4 ...45 · 46 · 47
MGD @ 14th Dec 12:56AM:
Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
This thread was born from this security forum thread: »Unauthorized charges - digismarket & mfbpsite and specifically this post: »Re: Unauthorized charges - digismarket & mfbpsite
There is far more here than first meets the eye!. digismarket.com and mfbpsite.com card fraud, are only the tip of the iceberg. They are just a fraction of a criminal operation run by a well organized, sophisticated, multi divisional, vertical crime syndicate. That conclusion is the result of tracking and analyzing this syndicate's operations for over two years. They have been running this large criminal enterprise for at least 4 to 5 years, if not longer. Most importantly, it is driven from routine unfettered access to consumer's card account data by this Eastern European crime syndicate.
How long has this been going on?.... How and from where are they getting the card account data?....How exactly does it work?.... Where does the millions of fraudulent cash go?..... Who are they?.
digismarket.com DIGISMARKET.COM 607-821-2630
[att=1]
And:
mfbpsite.com MFBPSITE.COM 310-237-6452
[att=2]
are just two out of the current crop of dozens of fraud sites that are all inter related, and operated by the same crime syndicate in a mutil hub and spoke type organization. The websites are just a front, fake sites, they do not sell anything, They are strictly a laundering vehicle used in an elaborate scheme to convert hijacked card data into cash, and shuttle it out of the country. A criminal conspiracy that has been operating successfully for several years.
Every single charge processed through any of these sites is fraudulent, There are no valid orders that originate from there. They are a front, set up exclusively to launderd hijacked card data into cash, and facilitate the removal of these funds out of the US.
The current group of ebook sites involved in this card laundering process are controlled by the same crime ring that also operated the infamous fake webtemplate sites known as DEVBILL. The Devbill fraud site group also included ebook sites: "Reqwest" advicebyrequest.com and its sister company "Digital Reading" digital-reading.com are two from circa 08/2006. Also in the mix were mobile phone game download sites such as "moball" hosted as moballtech.com "Generex" generextech.com and "McColgan Cellular Games" mobilegamejuice.com. The crime syndicate's operation was directly tied to the Digitalage scam as many of the fraud charges showed up alongside the "Digital Age" charge in the same billing period, or on subsequent periods, if the card was not cancelled. The Digital Age fraud was directly tied to the infamous "Pluto" card charge scam by a common domain contact address.
The current crop of ebook sites can also be directly connected to this same criminal enterprise. There were several different website iterations of this laundering format over the years, these latest group of ebook scam sites can be assigned to a Version 5.0. Though crucial pieces of how the crime ring operated were accumulated from sifting through reams of data along the way, the case was not cracked until version 4.5 of the template scam was underway in the second half of 2006. Persistent cyber forensic analysis began to pay off in November of 2006, when a website manufacturing location was uncovered. Subsequent monitoring and shadowing of their activities produced an entire group or division of fraud sites in various stages of operation. This was followed in the first few months of 2007 by the penetration of the outer ring of the crime syndicate's operation. For the first time this enabled the core operational procedures to be uncovered. No postings updates were made during this period, because in the past the syndicate monitored the noise levels and adjusted their tactics accordingly.
Credit for contributions for some of this discovery should be shared with two other individuals. However, they requested anonymity, once the full scope and extent of this criminal enterprise was realized, and who may be behind it. It was then clear that this entire multi year operation had to be driven by unfettered access to a continuous stream of card account data. At least one division of the crime syndicate presented itself as being based in Lithuania, however, the laundered cash from the fraudulent credit card billings was tracked going to a bank account in Bulgaria. I will go into greater detail later, first lets address the current crop of card laundering fraud sites:
A sample of some of the other current sites ran by this enterprise include:
byersebooks.com Byers Ebooks 201-258-5600
[Att=3]
ebsebooks.com AKA Electronic Business Resources 412-927-0410
[Att=4]
usefulmart.com usefulmart.com 678-534-2858
[att=9]
bestdigimart.com Bestdigimart 330-871-7932
[att=6]
embintelligence.com embintelligence 404-287-0562
[att=7]
mylibreria.com mylibreria 503-616-3843
[att=8]
smartemarket.com Smartemarket 337-935-0141
[att=5]
There are also recent reports about fraud card charges listed as Crystal Clear Designs, fabri-tex and Vin Designs. Other names surfacing are The Book Cellar Boston, Aslene Reads e-books, and Homebase out of CA . Other names now expired that were associated withthese fraud charges were treedonlainsite.com, Brookshire Enterprises brookshire-ent.com, and bestdigimart.com. It took some serious digging to discover who they really are, as these criminals go to considerable lengths to obfuscate themselves. Many of the names they pick will intentionally resemble legitimate entities. In fact the domain for one of the above, embintelligence.com is registered to an unrelated lady in her 60's residing at Saint Clare's Hospital, Franciscan Oaks Assisted Living Unit, in Denville, NJ, not your typical ebook vendor.
There are many more in various stages of operation, each processing thousands of fraudulent charges a month.
These sites are not set up to generate any internet business, in fact, the items for sale can be routinely obtained for free. They are just one ingredient in an elaborate credit card fraud laundering process. The sites are an essential component in order to deceive multiple banks, and pass a routine vetting process for a card merchant account. Authorize.net appears to be the predominant card processor used by this criminal enterprise.
One obvious sign that they are not intended as sites that random buyers could come across to make purchases from, is that many them are hidden from the internet. They, as intended, cannot be found using any search criteria. Several of the current sites are configured to block any search engine access using a robots.txt file configured as:
User-agent: *
Disallow: /
Examples:
[att=10][att=11]
This crime syndicate clearly has unfettered and continuous access to volumes of consumer's card account data at the highest levels. They had access to this data 2 years ago, last year, this year, and they have access to fresh data today. This criminal enterprise has built a sophisticated process that has enabled them to retrieve at least 1,500,000 card data accounts annually, and remove an estimated $15,000,000 a year in laundered card fraud proceeds out of the country. However, the actual amount could be any multiple of that. If they have not laundered a charge through your card already, it is only because they did not retrieve that account data yet. Your card's prior history appears to have no relevance with respect to the odds of getting hit with these specific fraud charges. Also not relevant is the card issuing bank, the charges occur across a broad spectrum of card issuers. Neither is the fact that it is a debit (check card) or credit card, both are billed as CNP transactions, however, they do not have access to the debit pin numbers. Though primarily a Visa / Mastercharge phenomena, it also hits Amex and other card holders.
The current focus on Equifax as a potential source of a leak by the latest crop of victims posting on
Chris Jopin's blog and also discussed in Brian Sullivan's Red Tape chronicles article, is a recurring anomaly with this criminal enterprise's fraud operation. Victims of this fraud tend to look for a prior common transaction which they believe may point to the source of how their account data was compromised. That focus is understandable, however, the long term history of this crime syndicate indicates that the data is not coming from any recent online transaction that the consumer made with their card. After sifting through years of reports the totality of the data points to a significant leak higher up the database chain.
If you were to examine the entire range of victims over a longer time period, you would find that there are many more who do not have any prior charging history in common. During the past few years consumer posting of fraudulent charges that can be tracked to this crime syndicate have reached critical mass at various times. The consensus during these peaks have pointed at one time to Amazon as being the common link, at another time it was PayPal, then various other vendors. The normal instinct is to look at where you last used the card online as a potential source of the leak. That kind of analysis and conclusion actually works in the crime syndicates favor, because it focuses attention to a common vendor, and away from data base storage higher up the chain.
Over the long term, the following anomalies emerge:
• Card holders who have only used their cards at brick and mortar establishments, and have never used their card online, end up with a fraud charge from the syndicate. That is significant, in that the only data captured in card present B&M transactions are the card swipe data. That data only includes the cardholders first & last name, the card number, and the expiration date. I have verified that when this crime syndicate charges your card, they not only submit your card number, name, and exp date, but also your full correct address and the 3 digit CVV2 number. Where is that complete data stored if you never made an online purchase with the card?.
• Consumers have been hit with the crime syndicate's charge on two cards, either in the same month or in consecutive periods. The two cards were issued by different institutions and both were never used at the same vendor, nor online
• A consumer reported that shortly after receiving his new card he locked it up in a drawer, and never used it anywhere. Several months later the first ever charge to the card was from the syndicate.
This type of report has occurred repeatedly over the years for this operation:
(Emphasis added)
quote:
Mon, Aug 20, 2007 10:16 pm
I got one of my credit card bills in the mail and noticed a strange charge.
BROOKSHIRE-ENT.COM 2054190624 AL $5.00
Mind you, I haven’t made a charge on this card for maybe two years. I stopped using this card regularly after I accrued a pretty big balance and for the past few years, I’ve only been making payments to it. Heck, I don’t even keep this card in my wallet. It stays locked up in an undisclosed location that is too inconvenient for me to access. So getting a new charge on this card is pretty strange.
I immediately called my credit card company to dispute the charges. I explained a little more to them and they closed my account and will process for me a new account, number and card.
And:
September 3rd, 2007 at 3:15 pm |
Same problem here. This is quite a scam. $15 here. Same company. Inactive but valid Visa. ....................
Source= »slantyeyed.com/wp/?p=905
The current group of sites (Version 5.0) differ from the previous template group in that they are all differently designed webpages. That may be the result of a combination of publicity and also possibly blacklisting by the merchant account provider Authorize.net. Examples of the Ver 4.0 template sites can be found here. The later group of the template sites from late 2006 thru mid year 2007 (Ver 4.5) were never published before as that was during the "shadowing" period when much of the operational tactics were being infiltrated.
Below is a list of the names and domains that were retrieved from the production assembly line during that time. I have uploaded screen shots of the actual web urls and websites that were taken at the time to a Photobucket album This group was labeled as Version 4.5 since the format was a different design than the 4.0 group, note each name in the blue upper right box and the matching url. In fact, the connection between them can be seen as the morphing was caught in the act. A version 4.0 site "Alta Vista Web Designs" reported multiple times for fraudulent charges was caught on the same IP as the new ones, in the process of being re labeled as "ultrahorizonwebdesign.com"
It was from this group or "division" that the laundered proceeds were tracked moving out of US Banks to the Bank in Bulgaria.
DOMAIN CONTACT NUMBER BUSINESS NAME
universal-webdesigns.com +1-(303)-495-3608 Universal WebDesigns, LLC
tws-templates.com +1-(210)-587-7370 Total Webdesign Solutions, LLC.
ptds-templates.com +1-(201)-535-8843 Pov technology design solutions, LLC
pps-templates.com +1-(775)-548-9423 PPS,Inc
lts-templates.com +1-(612)-216-4166 Littlefork Technology Solutions, Inc
kato-technologies.com +1-(313)-281-8090 K.A.T.O. Technology, LLC
icon-concepts.com +1-(386)-951-4388 Icon Design Concepts Inc
gvc-technologies.com +1-(516)-596-8594 GVC Tech Designs, Inc.
fdwc-technologies.com +1-(859)-401-0648 Design Web-Solution,LLC
web-designs-4-u.com +1-(706)-243-4850 Webdesigns4U, LLC
allstar-webtemplates.com +1-(303)-484-6926 All Star Web Designs, LLC
AEP-TEMPLATES.COM +1-(281)-962-4281 AEP WebDesign Solutions, LLC
ere-webdesignsolution.com +1-(207)-669-8257 ERE WebDesign Solution L.L.C
wilson-templates.com +1-(636)-234-0932 Wilson Technologies, LLC
pwd-templates.com +1-(609)-858-5284 Phoenix Web Design LLC
bfm-websolutions.com +1-(608)-531-1939 BFM Web Solutions, LLC
cmc-templates.com +1-(636)-234-0975 CMC Webdesign, LLC
ficas-templates.com +1-(262)-997-9372 FICAS, Inc
kaizer-templates.com +1-(321)-283-4399 Kaizer Services, LLC
ultratech-webdesigns.com +1-(303)-325-3807 ULTRATECH WEB DESIGNS
kamk-templates.com +1-(313)-281-1325 K.A.M.K. Technology, LLC
mgn-templates.com +1-(214)-594-5853 MGN Enterprises, LLC
hoskins-technologies.com +1-(859)-400-0794 Hoskins, corp
webfirstclass.com +1-(202)-640-2764 WEB FIRST CLASS LLC
floridadesign-solutions.com +1-(941)-876-6863 Southwest Florida Web Solutions, LLC.
westernlogos.com +1-(229)-351-4237 Western Logos, LLC
ur-solutions.com +1-(207)-457-5279 RSP Web Design Solution LLC
.
Though the ebooks sites operated as a division and in parallel to the template sites as far back as late 2006, they multiplied during the first half of 2007. By the middle of 2007 they became the predominant sites, just as the template operation appeared to be phasing out. The current crop of ebook (et all) sites operate identically to the prior version, down to a common beneficiary.
There are 3 core components to this crime syndicate's operation.
The first ingredient is direct access to a constant supply of card account data. I cannot identify where the long term data is coming from, though access is on going because fresh cards are routinely hit. I can confirm that this criminal enterprise does have the following data on the victims that charges are processed against. In addition to the card number they have the victim's full name and complete address, the card expiration date and the CVV2 security code.
The second component is the ability to set up a web hosting site combined with a merchant billing account to process the card charges and launder them into cash. Though the criminals are adept at successfully passing a vetting process to obtain a merchant account, there is an obvious weakness in the entire process.
The third and crucial component is the ability to set up US bank accounts to receive the funds from the fraudulent charges. This crime syndicate actually has two bank accounts set up for each domain. One to receive the initial funds from the processor, and a second account that the money is then transferred into, to protect it from being reversed. The later account is from where the laundered funds are then wired out of the US in increments below the threshold for any oversight. That set up has been repeatedly documented in the template sites (Ver 4.5), and the identical modus operandi has now been confirmed in use with these ebook site set ups.
To defeat current banking regulations and remain anonymous the syndicate recruits US victims as mules who are hired as unwitting partners in the fraudulent scheme. The process of recruiting and maintaining these cyber mules is a division unto itself of this criminal enterprise. That complex process was also documented in the previous version and is expected to be no different in this version. Be advised that this is not your typical bogus check cashing or carded goods re-routing job, that should send alarm bells ringing in even the most naive individual. There is an indoctrination process that begins at the moment of contact and persists throughout the process. The syndicate actively recruits from multiple venues, including contacting individuals that have resumes listed on Monster and other job seeking sites. It may take an initial interest and response from over 200 people in order to end up with one fully indoctrinated and participating cyber mule. I have spoken with several and the process is effective, none had any idea what they were involved in, especially during the early stages.
I assume by design, all of these cyber mules had little prior knowledge of how an internet business or merchant billing account operates. They are recruited as US partners for a foreign company, and are instructed to set up a Limited Liability Corporations (LLC) naming themselves as the registered agent. They are also instructed to obtain a federal tax id number in the business name. Using that LLC documentation they are then instructed to set up the two US corporate bank accounts. The bank accounts must have online access so the syndicate can remotely access and monitor the incoming fund transfers. However, the wiring of funds back to the syndicate is done by the cyber mules. The syndicate is thoroughly versed in the procedures of how to set up US corporations, and they also appear to have intimate knowledge of the US banking system. They provide detailed instructions for the cyber mules to follow. The brainwashing is so thorough that they even have the mules make a purchase from the site with their own credit card as a test, and then later issue them a credit for the charge. The cyber mules receive compensation in the amount of 10% of the monthly proceeds after expenses. They are reimbursed for the LLC set up cost from the first fraud card run.
While trying to identify who the cyber mules were for the current Ebook sites it became apparent that the obfuscation process had reached new levels with this version 5.0. Remember that this syndicate makes hiding information at every stage an integral part of the process. Some of the websites are difficult to find due to search engine blocking, at least until there are several internet reports of fraudulent charges. In many cases the business name is a craftily altered derivative of the domain name used, making it difficult for one to easily lead to the other. Charges may show up billed under the business name which may not be the exact lettering of the domain name. They intentionally balance the obfuscation, close enough that it does not raise suspicion at the merchant account vetting process during set up, but as difficult as possible to match after the fact when the fraud is under way. See the layout of names on the 4.5 list above. Also some of the latest reports of fraud charges under such names as "Crystal Clear Designs", "The Book Cellar" and "Vin Designs" which are too generic to dig into without additional data.
That is why it is important for anyone reporting these small fraudulent charges to list the complete line data that appears on their card statement including any listed phone number, even a partial one
Also, it is vital that you report these immediately as fraudulent charges to your bank. DO NOT call and "dispute" the charge. Disputing a charge is a process reserved for billing received from a legitimate entity, that you did not make. The dispute process helps the criminals sustain the operation for that domain, because the bank sends them a notice of dispute which (A) takes time, and (B) allows the criminals to issue you a credit and save the cost of a charge back fee, usually around $25.
It is also vital that you cancel and replace the card. These criminals have your com;plete card data. They will continue to make charges to the card. Cancelling and replacing it is your only option.
By now they have many years of experience and have perfected the process. The syndicates goal is to run high volume small charges spread across many bank card issuers, using multiple merchant accounts. They hope to maximize the amount of victims who either do not notice it, or do not bother because of the amount. Once a victim is prepared to contest it, then the syndicate wants to issue you a credit and save the charge back fee. They have a prepared script to deflect the attention away from them by saying that someone must have used your card on our site so we will issue you a credit. They will even go so far as to make up an email address that was used for the purchase. They may even tell you that you should report your card as stolen. Of course when was the last time a thief stole a credit card number and decided to maximize its potential by downloading a $10 ebook. In the past the syndicate had the mules respond to the telephone messages, but in the current version they route the calls and voice mails to Eastern Europe and respond directly. Bypassing the mules extends the longevity of each LLC because they are shielded from the volume of charge backs that grows larger each month. The criminals are also using some of the same service providers for the listed phone numbers as was used in previous versions.
So who are the conned US based cyber mules for the current ebook sites. I began the process of trying to track them down two weeks ago. I know how to find them based on the crime syndicate's know modus operandi, however actually making contact with them has been tedious and difficult at best.
Here is the data so far:
.
digismarket.com »www.google.com/search?hl=en&q=DI···G=Search
Though the domain is registered to a Johanna Ray in with an address in Selden, NY:
Domain name: digismarket.com
Registrant Contact:
digismarket.com
JOHANNA RAY (johanna.market@gmail.com)
+1.6813466445
Fax: +1.5555555555
16 Hudson ST
Selden, NY 11723
US
The crime syndicate's cyber mule will be the individual who registered the LLC,
in the case of Digismarket it is conviently to "no name" at:
[att=12]
That address data cross references to a Steven Bailey:
Steven Bailey
6 Franklin Pl, Apt 2
Farmingdale, NY 11735-2636
Listing Details
Job title: Owner
Company: Digismarket Com LLC
So far I have not been able to locate a listed phone number for Mr Bailey or found a way to contact him.
.
.
mfbpsite.com »www.google.com/search?hl=en&q=mf···e+Search
That domain is registered as follows:
Domain name: mfbpsite.com
IP Address: 208.109.225.236
Registrant Contact:
mfbp
Eleanor Scott (SuppEleanor@gmail.com)
+1.3104103189
Fax: +1.5555555555
20411 Campaign Dr
Carson, CA 90746
US
A California corporation that matches that name appears to be registered to a Christopher Thom
[att=14]
2440 N FREMONT appears to be a multiple tenant business location. A public records search yields this:
Christopher Ins Thom
2440 Fremont St
Monterey, CA 93940
.
.
byersebooks.com »209.85.207.104/search?q=cache:-a···=3&gl=us
The domain data is:
Registered through: GoDaddy.com, Inc.
Domain Name: BYERSEBOOKS.COM
Created on: 11-Dec-06
Expires on: 12-Dec-07
Last Updated on:
Administrative Contact:
Kimeklis, Russell russellkimeklis@yahoo.com
162 Airmount Road
Mahwah, New Jersey 07430
United States
(309) 419-3042
However the corporation is registered as follows:
quote:
BYERSEBOOKS INCORPORATED 0400153571 DP
STATE OF NEW JERSEY
BUSINESS REGISTRATION CERTIFICATE
Taxpayer Name: BYERSEBOOKS INCORPORATED
Trade Name:
Address: 1303 FAULKNER COURT
MAHWAH, NJ 07430
Certificate Number: 1285919
Effective Date: November 14, 2006
Date of Issuance: November 28, 2007
The website lists the same address:
[att=13]
There is no public record of the Russell Kimeklis at the domain address in Mahwah, NJ, nor anywhere in New Jersey or surrounding states. The corp address does have the following name listed:
Jane Byers
Listing Details
Job title: Owner
Company: Byersebooks Inc
Calls to the published number listed for that address have not been returned.
.
.
ebsebooks.com AKA Electronic Business Resources »www.google.com/search?hl=en&q=eb···esources
The domain registration data lists:
Domain name: ebsebooks.com
Administrative Contact:
-
Richard Stewart (ebsebooks@yahoo.com)
+1.3094077237
Fax: -
910 Freeport Road
Pittsburgh, PA 15238
US
Creation date: 30 May 2006
The Pennsylvania corporation stats for ebsebooks are:
[Att=15]
There is no registered agent listed, however, a check of the actual documents on file at DOC in Harrisburg, PA., show that the agent for tax process service, is an individual named TERRA MILBOURNE. There are no public listings for that named individual at the 34 Grant Ave address. Though the city is listed as Pitsburgh PA 15202. That zip code is commonly used as Bellevue, PA 15202. Several searches turn up other possible addresses and numbers for that named individual, including a listing at a commercial business located nearby.
.
.
Bestdigimart.com »www.google.com/search?hl=en&q=BE···G=Search
The domain reg has:
BESTDIGIMART.COM
Registrant Contact:
HARRIS HINES (HARRIS.HINES@gmail.com)
+1.3308717932
Fax: +1.5555555555
7644 Market St ,
Youngstown, Oh 44615 US
Creation date: 12 Feb 200
The Ohio corporate filing for the LLC is about as sparse as it can get. No place of business, and the registered agent is a commercial rental agent, Mark Schiff, a figure head. A public records check for the domain registrant turns up no entries for a Harris Hines in the State of Ohio.
quote:
Business Name Charter
BESTDIGIMART.COM LLC
Registration Number
1671920
Original Filing Date
Jan 10 2007
Type
Domestic Limited Liability Company
Active
Jan 10 2007 Active
Agent Name:
Business Filings Incorporated
Mark Schiff
»www2.sos.state.oh.us/pls/portal/···=1671920
and:
»www2.sos.state.oh.us/reports/rws···01600178
This one needs additional gigging in order to come up with whoever is really behind the LLC. Though Mr. Schiff would be recognized as the legal agent for the company, though he plays no active role in it.
.
.
mylibreria.com
Domain info:
Domain name: mylibreria.com »www.google.com/search?hl=en&q=my···e+Search
Registrant Contact:
MYLIBRERIA.COM
JEFFEREY PENN (PJEFFEREY@GMAIL.COM)
+1.5036163843
Fax: +1.5555555555
10940 N.W. Supreme Court
Portland, OR 97229
US
Creation date: 11 Apr 2007
[att=16]
There is no number listing for a Krishna at that address. However there is one for a Varalakshmi & Sudha R Yaramala.
Have not been successful at making contact
.
.
smartemarket.com »www.google.com/search?hl=en&q=sm···G=Search
Domain registration appears to be cloaked:
Domain name: smartemarket.com
Registrant Contact:
WhoisGuard
WhoisGuard Protected (ec41e85caca04d158220ea920720f5f2.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
8939 S. Sepulveda Blvd
8939 S. Sepulveda Blvd
Westchester, CA 90045
US
Creation date: 15 Jan 2007
Though the phone number on the website has a Louisiana area code, a search of the LA. corporations does not yield a match for that business name. There is a Smartemarket Inc: »www400.sos.louisiana.gov/cgibin?···4456640D though it has been around for a long time. This is still a work in progress.
.
.
embintelligence.com »www.google.com/search?hl=en&q=em···e+Search
The domain is registered to:
Domain name: embintelligence.com
Registrant Contact:
EMBINTELLIGENCE.COM
Barbara Frye (frye74@gmail.com)
+1.9735866072
Fax: +1.5555555555
19 Pocono Rd
Denville, NJ 07834
US
Creation date: 02 Aug 2007
That is the address of
The Georgia Division of corporations shows:
[att=17]
I contacted Mr. Benkowitz last week, and spent some time explaining the situation to him. I asked him up front not to mention our conversation to the people that he was dealing with outside the US. Rather he take and a day or two and go over the details that I provided him with, independently confirm them, and he should come to the same conclusion. His circumstances were identical to the known modus operandi. The set up matched exactly to previous cybermules from the 4.5 template version. There were two bank accounts, one to receive the merchant payments and a secondary account that the money was then transferred to, in preparation for wiring out the fraudulent funds from the US. The purpose of the second account by the way, is to allow the funds to be immediately removed from the incoming merchant account, and prevent any subsequent reversal by the processor. he confirmed that the syndicate had remote access to the bank account. Mr. Benkowitz had no access to the web site controls, he never received nor seen any detail level transaction report, only the summary reports of the billing.
I provided predictable detail of the function he performed and reviewed it with him. He never met nor spoke to the people he "partnered" for, all communication was via email. He said he did have a number for them, but that was essentially a virtual fax number where he sent charge credit back forms, whenever victims managed to track him down about their charges. I told him that if he looks over his situation, he will see that he has no clue what goes on behind the scene. His essential and primary function is to wire 90% of the funds on a regular basis from a bank account here to a foreign country for which he is paid the remaining 10%. Again to people he never met and does not really know who they are. I told him that not only did the website not have any measurable incoming traffic, neither was there any recorded outbound email traffic from the embintelligence.com domain. On a legit site one would expect the ratio of visits to purchases at maybe 20 to 1, and each purchase would be due a confirmation out bound email.
I mentioned the name of the previous beneficiary used on the ver 4.5 Bulgarian transfers "inowest" and asked him if it sounded familiar. He said it sounded like who he was sending the money to. I asked if it was going to Bulgaria, he said no, Kurdistan. I said Kurdistan and not Kazakhstan he said he believed it was Kurdistan.
I asked him how he was recruited. He said he was only involved with it for a few months, and that it was his brother in law who enrolled him as he had a corp for some time also. He did not give me his brother in laws name, nor the domain that he was using. Mr. Benkowitz said that he would go visit his partner in the next day or two and call me from his house so I could go over the same details with him. I said fine give me a call. The next day I did receive an email reply confirming that the merchant processor they were using was Authorize.net. I never heard from Mr. Benkowitz again, he did not answer, nor return a follow up phone call or reply to a subsequent email.
Yesterday I decided to track down who the brother in law may be, it was not difficult:
.
.
usefulmart.com »www.google.com/search?hl=en&q=us···G=Search
Domain name: usefulmart.com
Registrant Contact:
UsefulMart.com LLC
Kevin Kirk (burningmike@gmail.com)
+1.5094639854
Fax: +1.5555555555
1024 Coral Club Drive
Coral Springs, Florida 33071
US
Creation date: 29 Nov 2006
Nobody by that name at that address.
A check of the Georgia public corporation records produced this:
[att=20]
Over a year old and still kicking, impressive !!
I went ahead and called Mr. Hoffman yesterday, I said that I had spoken to his brother in law last week and I was wondering if he had discuused the conversation with him. He said yes he had, and he said "I am angry at him for giving you my name and number". I said that he did not give it to me, I found it on my own. Mr. Hoffman had a nasty attitude, and said that he did not want to have any conversation with me about this issue, he did not want to discuss anything, goodbye !! and he hung up.
I am really disapointed, while it is easy to see from watching this criminal enterprise in operation, how people could get indoctrinated into the scheme. It is disturbing that once the situation is clearly laid out for them, and they examine what role they are actually performing, and the circumstances, that it is at least highly suspicious. There are no legitimate business models where this scenario exists. I have a lot of sympathy for the ensared cyber mules, they are also victims of this ruthless criminal enterprise. However the millions of dollars a year that they unwittingly launder out of the US and into this crime syndicates hands are not going to feed hungry children in orphanages. Freezing all funds at the moment of awareness, is a pre requisite to remaining an innocent participant.
Before moving on to some of the previous methods used for recruiting cybermules, lets address where the fraudulent funds were actually going outside the US to, during that phase.
The specific routing data was:
Beneficiary's Bank Name: EUROBANK PLC
Beneficiary's Bank SWIFT code: EUBKBGSF
Beneficiary's Bank Address: 43 Cherni Vrah Blvd.,
1407 Sofia, Bulgaria Beneficiary Account:
BG96PIRB91701745144579 Beneficiary Name: Inowest Enterprises Inc
EUROBANK PLC is an original Bulgarian Bank that was bought out by the Greek bank Piraeus Bank in January 2005.
Not much data is available about the beneficiary "Inowest Enterprises Inc". It appears from one posting on a PrOn webmasters site someone described them as a company that sends out wires on behalf of others. Not surprised, Bulgaria has a long tradition as a money laundering center This was only one of many stops in the process before it reached it final location. I believe that the core of this crime syndicate is located somewhere in Russia, and ultimately that may be where the money ends up.
The cyber mule recruiting division of this enterprise involved several processes. As mentioned prior it included the syndicate directly contacting people who posted their resumes on job sites. They also placed adds in multiple locations. During the shadowing of the last template phase sites an actual recruiting website was uncovered. this website was specific tot he template group and was assumed to be one of many that were in operation. The site operated as P.O.V Webdesign Solutions, Inc., with a domain of pov-webdesignsolutions.com. The name closely resembled one of the actual template sites ptds-templates.com which was labeled Pov technology design solutions LLC. However there was never any direct reference between the recruiting site and the actual template domains.
A set of inventory screen shots of the site and its recruitment pages was taken in April 2007, not long before they disappeared.
[att=18]
Listed on the main page is their "location" given as:
P.O.V. Webdesign Solutions, Inc.,
Laisves pr. 12
LT-04215
Vilnius, Lithuania
[Att=19]
The designated contact was listed as Tomas Lasinkas, who in fact was the name the version 4.5 template cyber mules communicated with, regardless of where or how they were recruited. In addition the "president" of POV is listed as Povilas Baranauskas.
The balance [att=21][att=22][att=23]
Interesting, apparently some potential cybermules and newbie converts found each other HERE
Again, the goal is to run high volumes of cards against small amounts multiplied, times numerous simultaneous sites. If the victim catches it give them a fake email address that used it. Quickly give them a credit to prevent a $25 charge back fee, and to prevent triggering a high charge back alert with the merchant account. Tell the victim someone must have used the card on the site. Suggest it even may have been stolen to divert attention away from the operation. keep the cyber mule out of the loop, maximize the return and longevity for each operating domain.
Viewed at the lowest common denominator it is a handful of victims complaining about a trivial charge on their card from one little website. That is not going to trigger any bank investigation, is it spread among many. It also is way below the threshold to trigger any Federal snooping around. Even if a site goes down the rest of the hub are preserved, they do not appear related. If a division goes down, the other divisions still function. Everything hums unless someone grasps the big picture and identifies it as a multi million dollar operation. Add the costs of replacing the cards and we have an annual loss barking at $70 million. But who knows how big it really is.
Most certainly this structure was built around the fact that the syndicate has direct access to this card account data, and volumes of it. The operation is vertical, they are not buying data from carding forums.
While the location and method of the card access is a priority to discover, notable mention of the clear weakness in the merchant account vetting process must not be ignored. There are numerous symptoms indicating that these sites are not legit even before the charge back ratio grows to trigger levels. No traffic, no outbound mail, robots disallow. Card data detail entry reports that would show that the data is batched, and is not coming randomly from assorted IPs as a typical site would have. It is not that it cannot happen every now and then, but for a multi year criminal syndicate to operate well over 100+ domains with impunity, over and over, and not trigger any alert. Would it be so rewarding to criminals if Authorize.net and others did not front the money right away and instead held two months in reserve for new sites, that would enable the charges to cycle. Clearly some changes need to be made, much of this fraud has become acceptable and is tolerated as past of the given percentage that is wrote off annually.
MGD
reply
MGD @ 14th Dec 03:17AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I just ran some new searches after completing the above, and found a news article that I had previously missed. This July 07 notice from the Michigan Attorney General may be a partial reason for the ver 4.5 template sites phasing out and the full blast of ebook sightings. A cyber mule was arrested and charged:
quote:
Office of the Attorney General:
Cox Charges Woman with ID Theft
Agency: Attorney General
July 19, 2007
LANSING -- Attorney General Mike Cox today announced that he has charged Krystal Owens of Detroit with three-counts of identity theft and one-count of conspiring to commit identity theft.
"Identity theft is a devastating crime to its victims," said Cox. "My office will continue to be vigilant in defending Michigan's citizens from having their identities stolen."
Since January 2007, the Michigan Attorney General's Office has received more than 130 complaints from consumers across the country indicating that K.A.T.O. Technology, LLC, also known as K.A.M.K. Technology, LLC, had charged $12.95 against their credit card without their permission. The Attorney General's investigation found that in the summer of 2006, the defendant Krystal Owens conspired with Tomas Lasinkas of POV Web Design Solutions to set up bogus corporations, banking accounts, and other arrangements thereby enabling Lasinkas to make unauthorized charges against consumers credit card accounts using the bogus company names K.A.T.O. Technology, LCC and K.A.M.K. Technology, LLC. From September 2006 to March 2006, Lasinkas made 75 to 100 unauthorized charges, at $12.95 each, on a daily basis, and Owens wired the illegal proceeds to Lasinkas' bank accounts in Bulgaria on a regular basis. Lasinkas and Owens accumulated approximately $200,000 by way of this fraudulent activity during a six month period.
A criminal charge is merely an accusation, and the defendant is presumed innocent until and unless proven guilty. The penalty for identity theft is up to 5 years in prison and/or a fine up to $10,000.
Source: »www.michigan.gov/ag/0,1607,7-164···,00.html
That seems really severe, I do not believe based on my experience of the syndicate, that it was possible for Krystal Owens to "conspire", that would require knowledge and intent.
It appears that a subsequent article in the Detroit Free Press investigated and picked up on that angle:
quote:
................. Krystal Owens, 40, of Detroit was arraigned Thursday on three counts of identity theft and one count of conspiring to commit identity theft for allegedly bilking people out of at least $200,000, Cox said. If convicted, she faces up to five years in prison for each count of identity theft and/or a fine of up to $10,000.
But a Free Press review conducted late Thursday and early today of the particulars of the case raises questions about whether Owens was a willing or unwitting participant in a potential online version of a get-rich-quick scheme. The attorney general's office was not available for comment on this issue early this morning.
Owens was charged after more than 130 people nationwide filed complaints since January with the Michigan Attorney General's Office that their credit cards were billed $12.95 without their permission by K.A.T.O. Technology, LLC, or K.A.M.K. Technology, LLC. ........
Source: »www.redorbit.com/news/technology···dex.html
From my November 2006 archive of the website "factory"
kato-technologies.com +1-(313)-281-8090 K.A.T.O. Technology, LLC
kamk-templates.com +1-(313)-281-1325 K.A.M.K. Technology, LLC
[att=2]
I wonder if they are aware of the full scope of the operation, and that other than a momentary blip it is still running.
Strange in that I cannot find any subsequent activity of this July case.
This may explain why the funds, though still assigned to the same named beneficiary: Inowest Enterprises Inc., may now be going to another country instead of Bulgaria. I would like to get confirmation from another cybermule that they are in fact going to Kurdistan. Of course either place is probabaly one of many stops and conversions that take place on the way to a final destination.
I don't for a moment believe that there is or ever was a "Tomas Lasinkas" and "Povilas Baranauskas" it don't get any more "Lithuanian" sounding than that. Plus hang up a large shingle saying "here is our address, this is where we are at" and you can bet that it is the last place on earth that the real criminals are going to be at. Nor do I think that there was an executive from the crime syndicate waiting at the Bulgarian bank for the weekly wire transfers to come in.
By the way several subtle attempts to get "Lasinkas" out in the open failed. Even when his accounts were blocked and his money was at stake, he still wouldn't crawl out of his shell.
Here is his voice circa Feb. 2007. Bad quality because he was using Skype, ID was +1(000)012-3456
[att=1]
MGD
reply
Rocky67 @ 14th Dec 11:05AM:
Re: Ebook websites, fraud charges, Dev bill/DigitalAge/Pluto
MGD, your work is astonishing. The cyber community owes you a vote of thanks.
--
"Just because I don't care doesn't mean I don't understand." - Homer
reply
garys_2k @ 14th Dec 09:37PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Amazing! That is some of the most incredible work I've seen.
Regarding this enterprise, they must have some extensive resources. None of the obvious English language gaffs, that endless supply of fresh card data, a deep understanding of the U.S. banking and finance system. No lads sitting in sweaty Nigerian Internet cafes, these.
I can only imagine that the card data is an inside source at one of the central clearinghouses. Finding THAT source should be a top Federal priority.
reply
MGD @ 19th Dec 02:00AM:
Re: Ebook websites, fraud charges, Dev bill/DigitalAge/Pluto
Thank You Rocky67, appreciated.
reply
MGD @ 19th Dec 09:58AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by garys_2k :
Amazing! That is some of the most incredible work I've seen.
Regarding this enterprise, they must have some extensive resources. None of the obvious English language gaffs, that endless supply of fresh card data, a deep understanding of the U.S. banking and finance system. No lads sitting in sweaty Nigerian Internet cafes, these..........
Thanks,
Yes indeed, this is not your typical scam operation at all. The sophistication, expertise, and sheer enormity of this crime syndicate's operation has yet to be realized, or receive the deserved publicity. They have have intricate knowledge of the not only the banking system, but also down to the level of knowing the precise chargeback exception triggering ratios of the online merchant processing system.
Again, it is vital that the victims report the charges as fraudulent, then cancel and replace their cards. You play in to the crime syndicates hands by allowing them to issue a credit for the charge. That is what they want to do once they know you have caught it, and will dispute the charge. Victims should also file a complaint online with the Internet Crime Complaint Center (IC3).
By issuing credits or reversals to the percentage of victims that discover and pursue the fraudulent charge, that will help maintain a chargeback ratio below the merchant processor's flag threshold. They have managed to sustain some individual accounts for well over a year by doing this.
In addition, they get to deflect attention away from their operation, by making it appear, however unbelievable, that a team of criminals are trying to scam the websites using hijacked card data to buy useless ebooks, webtemplates, or cellphone games. When in fact the syndicate is just harvesting cash by ploughing card data in batch entries through their scores of fake sites.
said by garys_2k :
I can only imagine that the card data is an inside source at one of the central clearinghouses. Finding THAT source should be a top Federal priority.
.
Yes, this most definitely needs Federal priority, and immediate urgency from both the Secret Service and the FBI. The sheer volume of data that the syndicate has access to, indicates that there is a compromised hole large enough to drive a truck through it.
I have given considerable thought as to where and how they are getting the data from. Infiltration by a human mole remains a distinct possibility. I do believe though that the core of the criminal enterprise operates from Russia, or maybe the Ukraine, and there is some anecdotal evidence to support that.
Two years ago at the peak of the Digital Age card fraud, there was much speculation that the CardSystems Solutions Inc. leak may have been a prime source of data at the time. However, many of the reports, if correct, stated that though consumer's name, card number and CVV2 were taken, the victims address was not in the files. Since we know that this syndicate is entering address data, then that would tend to preclude that possibility.
There was one component of the Card Systems data theft that could very well be the same vehicle in use now, and should also be considered a primary suspect. According to an About.com article in October of 2005, that addressed the potential Card Systems & Digital Age connection. There was a quote from Congressional testimony provided by John Perry, President and CEO of Card Systems Solutions with respect to how the data was compromised:
quote:
......"the theft was carried out through the use of a malicious script planted on their system through an Internet-facing application. The malware was programmed to run every 4 days, at which time it sought out a specific file type and extracted credit card holder's names, account numbers, expiration dates and CVV codes. The extracted information was zipped and forwarded to an FTP site where it was presumably retrieved by the attackers".
There is no reason not to believe that a similar malware could exist in another penetrated card account database. Similar malware could have infiltrated databases further up the chain, and still be functioning today.
There are still groups of victims on diverse internet forums comparing unique online vendors that they all have a recent purchase with. They point to that common link as the source and location of where their card data was compromised at. Some say Equifax, others are pointing to Digital River, and some to PayPal.
However, there is some degree of certainty that this data is not coming from any recent internet transactional event, for several reasons.
Sampling of the entire operation routinely turns up victim's cards that were never ever used in online card not present (CNP) transactions. If you never entered your CVV2 number, who or what database would have it stored ??. Combine that with reported charges to cards that were dormant for extended periods that are then hit with these charges. That indicates that the data is not coming from intercepted recent transactions, but rather a storage database that contains card accounts with both active and dormant card data combined, and no distinguishing flags between them.
Also, routine reports of victims hit on multiple unrelated cards, indicates that the database may group card account data by the card holder account name, regardless of the card issuer. It does appear that the syndicate is unable to differentiate between fresh frequently used cards, and cards with little or no recent activity. If the criminals had access to the card activity, they would surely sort by that data. For an operation that remains low key, and is dependant on maximizing non disputed billing, why would they knowingly even shoot a charge against a card that has been dormant for a year or more. That is as close as one can get to a guaranteed rejection of the charge by the victim. Bill $15 get get $15 chargedback plus a $25, equals -$25.
So they do not know, otherwise they would screen the dormant ones out. In fact, if they could see the transactional history of the accounts, they would sort and select out all the ones that had 3 page bills every month, and probably at least two users. Those are the accounts that have the highest odds of not catching and rejecting the charge. They could maximize their laundering success ratio by selectively billing accounts where the fraud charge would be buried in a 30 item bill.
There are also routine reports of victim's who noticed that their cards were "pinged" 24 hours before the charge hit. If the criminals were intercepting data at the transactional level, between Equifax and the upstream processor for example, there would be no need to ping cards.
The data would already be from fresh recently used cards.
Random card pinging has been a common theme going all the way back to the Pluto card scam.
MGD
Edit = fixed bad link
reply
pcdebb @ 19th Dec 06:09PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
i swear, in my lifetime if i ever win the lottery i'm writing you a check, just for the effort you put into this.
reply
MGD @ 20th Dec 04:18AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by pcdebb :
.
That is so nice , Thank You
MGD
reply
MGD @ 20th Dec 05:56AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I will now address several additional sites that are currently involved in the card fraud operation. We will also take a look back at some that have already burned out.
First let's again look at the structure of this criminal enterprise, so that we can understand how it operates. I will go into some detail on the multiple "hub and spoke" format of the operation.
One step up from the fake sites that are converting and laundering the card data, are the hub sites. A hub site is the command and control for a group of the fake billing sites. The hub site will be visible because it is also the recruiting location for the US based cyber mules. That is where the mules are first recruited to, and from where they get instructions in setting up the (unknown to them) fake business operation. From there they will receive detailed instructions for setting up an LLC, a corporate bank account, and applying for a merchant billing account, all for the fake business site which they have been assigned to. The hub site operates numerous fake business sites and contol the mules.
Here is a diagram of the way I see the operational structure:
[att=1][att=2]
There is now further confirmation connecting the Devbill Template sites from 2006 thru early 2007, and the current crop of E-book sites. As stated earlier the laundered funds from the template group were tracked being wired from US bank accounts to A Eurobank account in Bulgaria. Several of the bank accounts associated with the new E-book (et all) sites are now wiring the laundered proceeds to a bank in Bishkek the Capital city of the Republic of Kyrgyzstan, another former Soviet Republic. No coincidence either is the fact that the funds are sent to the attention of Inowest Enterprises the same beneficiary as the devbill template group wirings. Presumably the move from Bulgaria to Kyrgyzstan may have been partially motivated by the busting of the cyber mule by the Michigan Attorney General. There will be several wire transfer points conviently located in countries that are difficult to trace money from.
Just as pov-webdesignsolutions.com was the hub / command & control for the 2006-07 web template sites, the equivelant hub / command & control for some of the E-book fraud sites is e-bca.com »www.e-bca.com , »www.e-bca.com/affiliate.php
[att=3]
That is who instructs and communicates with the mules. They also batch process the hijacked card data in to the site billing account. That is also where the contact phone numbers listed on the site will relay to, and where the calls to victims are returned from.
While pov-webdesignsolutions.com pretended to be operating from Vilnus, Lithuania, e-bca.com is pretending to be out of Boden, Sweden
Atala Designs, Inc 214-594-4188 was also a hub C&C site at one time »ataladesigns.com
[att=4]
However, there are recent reports of fraud charges coming in under the Atala Designs ataladesigns.com name. They may now have switched to dual purpose mode. In may 2007 they hit the radar as clearly being in the mule recruiting business. They were running employment adds on Craigslists and were tested. Here is the May 2007 response to the add inquiry:
quote:
From: gundarskristop@aol.com [mailto:gundarskristop@aol.com]
Sent: Thursday, May XX, 2007 XX:XX XX (REDACTED)
To: (REDACTED)
Subject: Atala Designs, Inc. from Craigslist
Hello (REDACTED),
Thank you for responding to Atala Designs, Inc's job offer on
craigslist.org. In this letter I will kindly let you into
the details of Atala Designs, Inc position of Manager.
Our Marketing Department has developed a perfect idea to boost sales.
The idea is to have more subsidiaries that would resell our Webstite
Templates. Manager is the person who owns a subsidiary company. Your
owing a subsidiary company is very profitable, it is a
21-century-level business. Anyone can do this, because setting up a
small company of your own is very simple, and provided with
easy-to-follow step-by-step instructions of your personal
Atala Designs, Inc manager it is really a fun ride.
After your company is set up, Atala Designs, Inc will create a
website for you which will resell our templates.
With company and online store you will easily open necessary business
and merchant accounts in a bank.
Final step is launching your store live on the web and taking your
commission from sales.
Let me emphasize extremely advantageous features that are sure to help
you make the right decision and become our partner. They are:
1. No skills and experience in programming and web design are required
from you. Atala Designs, Inc professionals will handle all technical
questions;
2. You will not have to sell or advertise anything. It is our special
marketing department that will be responsible for it;
3. You will not have to process our customers' payments and deal with
customer care issues. Our customer service department will solve
them;
4. As the project is in full swing your only responsibility will be
managing business account (withdraw your commission and transfer
the balance to Atala Designs, Inc).
So, I very much hope that you find our business concept interesting
and if you would like to pursue it further, feel free to email me and
I will get back to you with every little detail of how our cooperation
will develop. Also, I will forward you our Agreement, Instructions and FAQ.
Atala Designs, Inc Agreement - if you would like to work
with us, this agreement contains important information about how you
are going to be paid, security, etc;
Instructions - describes our partnership in detail and instructs
you what to do next;
FAQ - the questions you maybe want to know.
I will be looking forward to your next email.
Please reply to this email: gundars_kristopans@ataladesigns.com
Thank you very much.
Respectfully,
Gundars Kristopans,
Manager of Atala Designs, Inc.
Atala Designs, Inc.
Astras Gunara 8b, 14, Riga,
LV-1082,
Latvia,
Phone/Fax for US: (801) 788-5851
Our web site: ataladesigns.com
.
Take note that Atala is pretending to be located in another Baltic state, Latvia. Since Lithuania has been covered by P.O.V. Solutions, I would expect Estonia to show up listed somewhere shortly.
Atala Designs is clearly a web template C&C hub and along with them come reported fraud charges from a rash of new template sites.
Templates, Version 5.0:
sensatetech.com - 805-275-2235 AKA Sensate Technology, LLC., Innovative Solutions »www.google.com/search?hl=en&q=80···G=Search
[att=5]
ccdtemplates.com - 206-319-8144 AKA Crystal Clear Designs, LLC., Innovative Solutions »www.google.com/search?hl=en&q=20···G=Search
[att=6]
mvwebtemplates.com - 404-474-3440 AKA Most Valuable Web Templates Innovative Solutions »www.google.com/search?hl=en&q=40···G=Search
[att=7]
mcatemplates.com - 623-444-2173 M.C.A.
»www.google.com/search?hl=en&q=62···G=Search
[ATT=8]
ilicsolutions.com - 312-235-6926 Alen Ilic, Inc
[att=9]
freedomtemplates.com - 954-???-????
[freedomtemplates is AWOL, if someone has a screenshot or details from the site, please contact me]
All are carbon copies of each other. Cards will be hit with charges from multiples of this group. Some charges showing up in tandem with the ebook fraud site mylibreria.com
I will follow up with details on the above group
MGD
reply
anon @ 20th Dec 11:44AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thank you for this information! Earlier this week, I found a suspicious charge from embintelligence.com on my credit card I hardly use. I looked up the DNS info, searched on the contact info, and came upon this page.
The registrar address is valid, but it also happens to be an assisted living center in NJ. I called the number at the website (in Georgia) which sounded like a really bad answering machine. This all seemed a bit suspicious at the time, so I didn't leave any info and put out a fraud alert on my credit.
I've printed out the info and will be trying to resolve this later with my bank. Thank you very much!
reply
anon @ 20th Dec 03:54PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
MGD, please contact me regarding your Ebook fraud investigation [removed by moderator- Dennis]
reply
anon @ 21st Dec 09:53AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
My account was recently charged by usefulmart.com and, after one day of internet research, I subsequently canceled the card and disputed the charge.
I wish I had seen this site prior to that, though, otherwise I wouldn't have merely disputed the charge, but would have characterized it as a fraudulent charge.
I have, though (due to the advice on this site) filed a formal complaint with IC3.
It seems as though it shouldn't be too hard for the credit-card transaction authorizers to "globally" reject any charges originating from these families of sites....
Also, I understand the sensitivity to putting up too much information about these criminals thus allowing them to cover their tracks---if an e-mail such as mine hinders the effort to more closely monitor the activities of these rings, then please, Mr./Ms. Moderator, delete it.
reply
Doctor Olds @ 21st Dec 11:11AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I'd sure like to see indictments and arrests on the 2 Marietta based Mules (Mr. Benkowitz and Mr. Hoffman) that know they are not running a legitimate web enterprise. Would you report those two to the AJC.com so they can do a story on them from your evidence and get the local authorities involved?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 21st Dec 12:16PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Doctor Olds :
I'd sure like to see indictments and arrests on the 2 Marietta based Mules (Mr. Benkowitz and Mr. Hoffman) that know they are not running a legitimate web enterprise. Would you report those two to the AJC.com so they can do a story on them from your evidence and get the local authorities involved?
.
I need to update that segment, I did not want to post anything prior to certain events taking place. I did make subsequent contact with the parties and provided them with irrefutable evidence of the fraud, and the fact that they were conned into believing it was a legitimate operation.
I also emphazied at the time that while up to now they were a victim and an unwitting participant, however, once alerted and given specific details of the fraud, then to continue to go forward, could in the future jeopardize the claim of being an unwitting participant.
I can now tell you that the bank accounts have been frozen, and remote access to the accounts blocked. No additional funds will be wired to the drop in Kyrgyzstan. I also requested that all documents, including emails and other evidence be preserved.
It is worth reiterating that all the mules that I have been in contact with have no idea what they have been involved with. The con job is very professional, it even invloves completing and submitting a multiple page application. They also must provide copies of their identification, under the guise that they need a security background check. The data that mules end up seeing is very restricted, and intended that way.
The mules that I have located or identified range in age from their early twenties to seventies, and have various backgrounds. Recently many of them have been elderly, but they clearly were not net savvy enough to recognize the subtle signs of the fraud.
MGD
EDIT= There are dozens and dozens of active mules out there, located around the country. Probably way more than 100 all total over the past two years. There will be a cyber mule behind evey one of these websites generating the fraud charges.
reply
MGD @ 21st Dec 12:21PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by EW :
MGD, please contact me regarding your Ebook fraud investigation [removed by moderator- Dennis]
To the LE agent that posted this, I sent you an email from MGD with my contact information. Please check to make sure that you received it.
(I requested that the moderator redact your contact information when I read it.)
MGD
reply
MGD @ 21st Dec 01:06PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
An update regarding the victim card data.
I recently discussed the results of a random sample of the data that this crime syndicate is processing. My original thoughts as to the source may not be accurate.
The sample was small, about 2,000 consecutive entries. The interesting part is that the rejection rate ran about 35% at initial entry time. If this is a representative sample it may be significant in terms of the likely source of the data.
There was no dominant reason for the rejection, it varied. Invalid cvv2 number, card previously reported as lost or stolen, address match failed, etc, etc.
It has been suggested that these criminals may be compiling partial data from multiple sources in order to build a data set sufficient to complete a CNP (card not present) transaction. That scenario has been seen out there in the wild before.
These results certainly suggest that they do not have "pure" data. It also further reinforces that they are not intercepting recent real time vendor transactions. The failure rate for card processing from legitimate entities is in the single digits.
They still must have volumes of data though, even more so if the typical failure rate is 35%. They are also not entering data in batches as was first seen two years ago. The data is entered at random times to mimic a typical online vendor, thereby defeating any batch type triggering event flags.
MGD
reply
MGD @ 21st Dec 07:26PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Need to add one more to the above group of fraud template sites:
valencetemplates.com - 312-265-8407 Valence Internet Technology, LLC
[att=7]
[valencetemplates.com IP 66.152.173.182]
Domain name: valencetemplates.com
Registrant Contact:
VITLLC
Brian Guest (brian_guest01@yahoo.com)
+1.6614518231
Fax: +1.6614518231
1048 N. Marshfield #3R
Chicago, IL 60622
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 10 Oct 2007 17:51:17
Expiration date: 10 Oct 2008 17:51:17
Entity Name VALENCE INTERNET TECHNOLOGY SOLUTIONS, INC.
File Number 65757419
Status GOODSTANDING
Entity Type CORPORATION Type of Corp DOMESTIC BCA
Incorporation Date (Domestic) 09/18/2007 State ILLINOIS
Agent Name R & S LEGAL SERVICES INC
Agent Change Date 09/18/2007
Agent Street Address 200 WEST MADISON ST STE 2100
Agent City CHICAGO
Agent Zip 60606 Duration Date PERPETUAL
Annual Report Filing Date 00/00/0000
[att=1]
Assuming that name is correct there is no listing for that address. The agent service R & S LEGAL SERVICES INC can be contacted also. I am betting that Mr Guest and Mr. Ilic of ilicsolutions know each other. The dates are close and one may have recruited the other.
.
ilicsolutions.com - 312-235-6926 Alen Ilic, Inc
[ilicsolutions.com IP 66.152.162.117]
Domain name: ilicsolutions.com
Registrant Contact:
AI LLC
alen ilic (alen_ilic04@yahoo.com)
+1.6108081615
Fax: +1.6108081615
4950 N Marine Dr #807
chicago, IL 60640
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 26 Oct 2007 20:11:22
Expiration date: 26 Oct 2008 20:11:22
Entity Name ALEN ILIC INC.
File Number 65821265
Status GOODSTANDING
Entity Type CORPORATION Type of Corp DOMESTIC BCA
Incorporation Date (Domestic) 10/19/2007 State ILLINOIS
Agent Name ALEN ILIC Agent Change Date 10/19/2007
Agent Street Address 4950 N MARINE DR #807
Agent City CHICAGO
Agent Zip 60640
Duration Date PERPETUAL
Annual Report Filing Date 00/00/0000 For Year
No number listed at that adress. I have located a phone number
for that name at a nearby address.
[Att=2]
.
sensatetech.com - 805-275-2235 AKA Sensate Technology, LLC.,
[sensatetech.com] 202.60.92.179
Domain name: sensatetech.com
Registrant Contact:
ST LLC
George Berreman (georgeberreman@yahoo.com)
+1.5016370368
Fax: +1.5016370368
3700 Dean Dr #507
3700 Dean Dr #507, Ca 93003
US
Name Servers:
ns1.aussiednsserver.com
ns2.aussiednsserver.com
Creation date: 12 Sep 2007 21:44:07
Expiration date: 12 Sep 2008 21:44:07
LP/LLC
SENSATE TECHNOLOGY LLC
Number: 200723010107
Date Filed: 8/1/2007
Status: active
Jurisdiction: CALIFORNIA
Address
3700 DEAN DRIVE #507
VENTURA, CA 93003
Agent for Service of Process
GEORGE BERREMAN
3700 DEAN DRIVE #507
VENTURA, CA 93003
[att=3]
There is a listed number
.
ccdtemplates.com - 206-319-8144 AKA Crystal Clear Designs, LLC.,
[ccdtemplates.com IP 202.60.92.179]
Domain name: ccdtemplates.com
Registrant Contact:
CCD LLC
Arthur Chandler (arthur_chandler00@yahoo.com)
+1.7203851302
Fax: +1.7203851302
13626 8th Ave S
Burien, WA 98168
US
Name Servers:
ns1.aussiednsserver.com
ns2.aussiednsserver.com
Creation date: 26 Sep 2007 18:38:56
Expiration date: 26 Sep 2008 18:38:56
INTERACTIVE DESIGNS LLC
UBI Number 602762619
Category Limited Liability Regular
Profit/Nonprofit Profit
Active/Inactive Active
State of Incorporation WA
Date of Incorporation 09/18/2007
License Expiration Date 09/30/2008
Registered Agent Information
Agent Name ARTHUR CHANDLER
Address 13626 8TH AVE S
City BURIEN
State WA
ZIP 98168
[Att=4]
13626 8TH AVE S appears to be a Multiple business location
No listed number at that address. however there are several people with that name in the Tacoma / Seattle area
.
mvwebtemplates.com - 404-474-3440 AKA Most Valuable Web Templates Innovative
[mvwebtemplates.com IP 202.60.92.179]
Domain name: mvwebtemplates.com
Registrant Contact:
TTS
Edward Murphy (eddiemv777@yahoo.com)
+1.2707787541
Fax: +1.5555555555
1060 Park Row North
Atlanta, GA 30312
US
Name Servers:
ns1.aussiednsserver.com
ns2.aussiednsserver.com
Creation date: 26 Jun 2007 20:23:33
Expiration date: 26 Jun 2008 20:23:33
Name Name Type
MURPHY VENTURES, INC. Current Name
SWINTON LEGACY, INC. PRIOR NAME
---------------------------------
Profit Corporation - Domestic - Information
Control No.: 0209361
Status: Active/Compliance
Entity Creation Date: 2/19/2002
Jurisdiction: GA
Principal Office Address: 1060 Park Row North
Atlanta GA 30312
Last Annual Registration Filed Date: 7/16/2007
Last Annual Registration Filed: 2007
-----------------------------
Registered Agent
Agent Name: EDDIE J. MURPHY
Office Address: 1060 PARK ROW NORTH
Atlanta GA 30312
Agent County:
----------------------------
Officers
Title: CEO
Name: EDDIE MURPHY
Address: 1060 PARK ROW NORTH
Atlanta GA 30312
----------------------------
Title: CFO
Name: ANN MURPHY
Address: 1060 PARK ROW NORTH
Atlanta GA 30312
----------------------------
Title: Secretary
Name: EDDIE MURPHY
Address: 1060 PARK ROW NORTH
Atlanta GA 30312
-----------------------------
[ATT=5]
Now that LLC was a tough find, it originally was formed in 2002 and is why I skipped over it several times. It was formerly another name, and then changed to MURPHY VENTURES which
equals the "MV" in: "mvtemplates.com". No number however there is one for another business at that address.
.
mcatemplates.com - 623-444-2173 M.C.A.
[mcatemplates.com IP 66.152.161.13]
Domain name: mcatemplates.com
Technical Contact:
MCT LLC
Steve Rogan (steve_rogan12@yahoo.com)
+1.5095625853
Fax: +1.5095625853
8912 E. Pinnacle Pear Ro #174
Scottsdale, AZ 85255
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 25 Sep 2007 10:25:41
Expiration date: 25 Sep 2008 10:25:41
That address is a typo, it is "Peak" not "Pear" and that appears to be a multi business location. Still searching Arizona corp. records. M.C.A. is an abbreviation for something not related to "templates". Cannot locate a Steve Rogan in Scottsdale.
.
freedomtemplates.com site currently 404
Domain name: freedomtemplates.com
Registrant Contact:
Cd LLC
Edgard Lopez (edgardfromflorida@yahoo.com)
+1.6156766977
Fax: +1.6156766977
4019 N. University Dr. APT. E-107
Fort Lauderdale, FL 33351
US
Name Servers:
ns1.aussiednsserver.com
ns2.aussiednsserver.com
Florida Limited Liability Company
FREEDOM WEB DESIGNS, LLC
Filing Information
Document Number L07000077425
FEI Number NONE
Date Filed 07/27/2007
State FL
Status ACTIVE
Principal Address
4019 NORTH UNIVERSITY DRIVE, APT. 3-107
SUNRISE FL 33351
Mailing Address
4019 NORTH UNIVERSITY DRIVE, APT. 3-107
SUNRISE FL 33351
Registered Agent Name & Address
SPIEGEL & UTRERA, P.A.
1840 SW 22ND ST.
4TH FLOOR
MIAMI FL 33145 US
Manager/Member Detail
Name & Address
Title MGR
LOPEZ, EDGARD A
4019 NORTH UNIVERSITY DRIVE, APT. 3-107
SUNRISE FL 33351
[att=6]
I hope MR. Lopez did not sign up for the syndicate's CEO special package deal. As it appears that less than two months after the above corp was set up, he registered 4 more LLCs that have ominous internet appearing names.:
Florida Limited Liability Company
COMPUTERS DATA CENTER & TECHNOLOGIES, LLC
Date Filed 09/18/2007
Florida Limited Liability Company
WEB INVESTMENTS USA, LLC
Date Filed 09/18/2007
Florida Limited Liability Company
WEB DATA INTERNATIONAL, LLC
Date Filed 09/18/2007
Florida Limited Liability Company
REAL INVESTMENTS MANAGEMENT INTERNATIONAL HOLDINGS, LLC
Date Filed 09/18/2007
Still trying to track a number down for Edgard at this new location.
Though not all sites are coded to block search engines, this group was:
[att=8][att=9][att=10][att=11][att=12][att=13]
MGD
reply
garys_2k @ 21st Dec 09:51PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
We may get a few more views on this thread, I posted a reply here: »800notes.com/Phone.aspx/1-805-275-2235/ where people are speculating about how their cards were compromised.
As far as how they're getting the CC and CV2 numbers, since many of these cards have not been used recently (if ever) that would tend to discount the "assembled from multiple sources" theory but add weight to the compromised database idea. Of course, that contradicts the high rejection rate...
Too bad we can't ask Time magazine's newest Person of the Year to help us -- something tells me he'd be able to find out with one phone call. »www.time.com/time/specials/2007/···theyear/
reply
anon @ 23rd Dec 11:50AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thank you for linking to this forum from »www.sygyzy.com/2007/02/07/e-book···new-419/
We reported the charge as fraudulent, shut down the debit card immediately but the company was still able somehow to refund the $4.95 even though the debit card number they used was now defunct so how were they able to get the refund issued through the bank while the bank was aware it was a fraudulent charge to begin with? I'm not happy with the bank for doing this because that pretty much cuts me off from being able to do anything else about it, though I admit from the way you make things sound, it might not be completely beneficial if all I am going to be able to do is take down some unknowing mule. I truly was hoping to keep them from being able to make a refund even so far as refusing to give any contact/billing information regarding the charge when I finally got a heavy accent speaking lady that answered the phone at the number listed with the charge. Note I had called numerous times with the landline home phone with never an answer then later that evening I called with a cell phone and she answered right away. Odd.
reply
MGD @ 23rd Dec 01:22PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Amy B80 :
..... so how were they able to get the refund issued through the bank while the bank was aware it was a fraudulent charge to begin with? ...
For cancelled cards there is a rollover process that extends at least for 30 days where a credit will be cross referenced. It is not the banks fault, as once the original biller issues a refund for the charge the process is automated.
As mentioned before, that is why they always list a relay phone number on each site, and aggressively try to issue credits when a victim intends to charge it back. A chargeback negates the original charge and then adds a $25 fee from the merchant processor. That eats away at the syndicates funds, and is eventually what burns the account up. Depending on the variables the account can last for a year or more. However, the growing amount of chargebacks and fees eventually cause the account to implode, and it ends up in a huge negative.
So a priority for the criminals is to issue a credit in lieu of facing a charge back. In addition, corresponding with a victim allows them to deflect attention away from them by insisting that "someone" compromised their card and used it to purchase something at the site. That modus operandi has been in use for years. In fact some of you may recall in 2003 - 2004, during earlier versions of this syndicate's enterprise they had websites which had a message on the main page that said "If you received a charge from xyz company on you card. Please enter the last four digits of your card number to receive a refund credit." That format was subsequently discontinued as it became ridiculed. Placing a message and entry box prominently on the main page became an obvious scam flag when thousands of users reported charges from assorted sites that all had the same format.
MGD
reply
MGD @ 23rd Dec 03:11PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by garys_2k :We may get a few more views on this thread, I posted a reply here: »
800notes.com/Phone.aspx/1-805-275-2235/ where people are speculating about how their cards were compromised.
..........
Thanks, I had seen some of those individual pages before from search hits, but not the entire thread.
In reviewing, it leads to another "template page". A poster listed a charge from naturalordretemplate. Re arranging the name leads to:
naturalordertemplate.com - 626-310-0668 Natural Order, Inc
[att=1]
[naturalordertemplate.com IP= 66.152.173.178]
Domain name: naturalordertemplate.com
Registrant Contact:
I E C I
Andrew Fairbanks (andy_fairbanks@yahoo.com)
+1.6106431850
Fax: +1.6106431850
403 Perkins ST
Oakland, CA 94610
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 17 Sep 2007 20:07:28
Expiration date: 17 Sep 2008 20:07:28
Andrew Fairbanks
403 Perkins St
Oakland, CA 94610-4722
phone number unavailable
There are two other individuals who have the same phone number using that address.
Though the listed contact phone is also a CA area code, there is no listing for a "Natural Order " in the California corp. database. Two postesrs report that the charge appears to list Minnesota as the origination, and also that the phone number above is also listed as "Atala Designs". That is the Hub / recruiting site I listed in a previous post.
quote:
..."Pending charge from "Atala Designs St Paul Park MN" for $11.85 on 22Dec07"...
..."I received a charge on my credit card from ATALA Designs for $10.65 12/12/2007. I reported it to my bank and the charge was removed and now I have to get a new card. On my account description of the charge it gave a 626 number which is Alhambra, CA but the info on my account said MN"....
Strange, ataladesigns.com: »ataladesigns.com/ is now off the air. I also checked Minnesota corp data base and did not get a hit under that name either.
EDIT= This could be an attempt to salvage a business entity set up, where the mule may have got suspicious and dropped out in the early stages. /edit
I have some other hub sites coming up shortly including what appears to be a new theme, version 6.0. Also have the latest version of the "mobile phone games" site, a la Generex and Moball.
MGD
reply
MGD @ 23rd Dec 05:05PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Still digging around the "Inowest" connection, so far unable to tell if they are a part of the operataion, or complicit. I cannot yet rule them out.
We have already established the firm connection, and continuation to the Devbill / digitalAge et all by way of the foreign laundering.
As stated, the version 4.5 templates funds from the hijacked cards were wired out of US banks to:
Beneficiary's Bank Name: EUROBANK PLC
Beneficiary's Bank SWIFT code: EUBKBGSF
Beneficiary's Bank Address: 43 Cherni Vrah Blvd.,
1407 Sofia, Bulgaria
Beneficiary Account: BG96PIRB91701745144579
Beneficiary Name: Inowest Enterprises Inc
We know that the fraudulent carded funds from several of the e-book sites are now wired out of US banks and routed to:
Beneficiary's bank name: ASIAUNIVERSALBANK
Beneficiary's Bank SWIFT code: ASUJK22
Bank address: 59, togolok moldo str., 720033,
BISKHEK, KYRGYZSTAN REPUBLIC
Beneficiary account: 1231128530000131
Beneficiary name: Inowest Enterprises
Beneficiary address: same as bank address
Asia Universal Bank is: »www.aub.kg/en .No coincidence that Asia Bank has several outlets in Russia, and branch offices in the Ukraine, Latvia, and Kazakhstan.
AUB does have a stated policy to counteract the laundering of illicitly-acquired funds:
»www.aub.kg/en/about/general/proiz Maybe a "heads up" is in order.
Inowest is now referenced in two webmaster forums that deal in PrOn affiliate referrals and sponsored site linking. In addition to the previous:
quote:
I'm getting wires but don't know which sponsors - please help!
------------------------------------------------------------
Hey
I've received a few unknown wires. Does anyone here know which sponsors they are? These are wires btw, no cheques.
Inowest Enterprises
Gioram
Kenny Media
Design Ironic
And if the owners of these sponsors see this post, can you please tell me in which country your company is based?
Thanks anyway
Maikel
Source= NOT WORK SAFE »www.gofuckyourself.com/showthrea···t=615371
A second recent reference is on a similar Russian forum, and in fact specifically mentions "Inowest v ASIAUNIVERSALBANK". A rough Google translation is here may not be WS either: »translate.google.com/translate?h···6hl%3Den
At this stage it is possible that inowest is a Russian "currency facilitator", :) operating on the virtual fringe. Maybe similar to this Russian company: »www.fethard.biz/ and »www.fethard.biz/about.php
It is reasonable to assume that whatever laundering vehicle and location the criminal enterprise is using, it is one that they are familiar with, and have established history with.
I need to reach and convert more "cyber mules" in order see if there are other accounts and C&Cs that are in use.
MGD
reply
MGD @ 23rd Dec 07:45PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
At the start, I reiterated that this syndicate has been in operation for years, and has constant access to card account data. You can journey back to seven years ago and see the "Beta", or maybe even Version 1.0 of this long running criminal operation. These reports are from 7 years ago, almost exactly to the day:
'Tis the season for credit-card heists
and:
'Egghead.com Gets Hacked
Besides, at that time, the obvious operational base was Russia, pay close attention to some of the common ingredients:
circa 2000:
quote:
"....MSNBC.com research has revealed that for at least the past six months, hundreds and perhaps thousands of consumers have found charges between $5 and $25 billed to their credit cards. The laundering efforts appear to involve a group Russian telecommunications and Internet companies. Since July, Net users have widely complained about charges from companies named Skiftelecom, Incomtel, Global Telecom, and Inetplat. It was not immediately clear if the Russian firms were participants or victims of the scheme.
After initial e-mail contact, Inetplat didn't respond to a request for an interview. None of the others immediately replied to e-mail.
There has been a fresh flurry of charges-at least 100-billed this week by Global Telecom and Inetplat, which appear from their Web site to be the same company......."
Ringing any bells ???
if not try this:
quote:
"....She said one of her fellow victims had received a reply from Inetplat earlier this year after complaining. In the e-mail, the company was said to reply: "Possible your credit card data was stolen by hackers and used to enter one of the sites of our clients. We refund you all the money charged from your card within one week. Please do not make chargeback within this week." .....
Oh.. sound familiar.!!
What was not apparent back in 2000 was these sites were "fronts" and connected.GTELECOM.NET Global Telecom gtelecom.net and Inetplat Inetplat.com were clones of each other.
From a rough translation of Inetplat.com's Home Page
quote:
"....The pay system InetPlat allows services on the method to the payment through Internet of the credit maps VISA and Eurocard/Mastercard for vebmasterov of paid sites and developers of software. Relying on contemporary technologies we let us ensure reliability and safety of your electronic commerce. Hundreds of clients from the different countries of peace already are used InetPlat in their business".....
A comment in another Russian PrOn webmaster affiliate forum not long afterwards makes reference to "inetplat" and translates as:
circa 2001:
quote:
".....4 more greatly I will say, they do not work from similar lazhey EVEN nelegal'shchiki! -))) An example, there was this office as inetplat.com (recently its name it was mentioned in connection with the scandal "Russians they robbed 3 million Americans"), so they they attempted to interest in its service of russkoyazychnykh nelegal'shchikov. And those sent them. This office awaits analogous. However, however, there lie in the first proposal on the site, in the first word: THE "RELIABLE method to obtain payment into the Internet"; -))"....
Of course now after several progressions and iterations they have adapted and fine tuned the operation. Incoming charges from Russia against thousands of US cards has long been addressed by monitoring algorithms that will reject them onsight. As recently as 2006 they had several sites that tried to run charges from merchant accounts in the UK and Sweden. They failed, the majority of the charges were rejected, and were subsequently blacklisted. Many potential victims received a notice from the card issuer that the charge was rejected.
The hosting and processing via internal US merchant accounts was a procedure adopted by the syndicate to counteract these measures. The most lenient security threshold for charges processed to US cards are ones that originate from within the US. It was then that the recruiting of cyber mules began, and the operation moved "onshore".
The fundamental issue back then was one of a card data security problem, that is what drives this entire operation. Unfortunately, 7 years later it is still the core problem.
MGD
reply
garys_2k @ 23rd Dec 09:47PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Getting to the core issue, where/how they get the card data, ought to be front and center to the entire Mastercard/Visa/Amex industry. Seven years? Clearly the source data has been the most consistently reliable part of the scheme -- more certain than the systems for processing the charges.
It could likely be a small group of moles placed in key positions in the business. They could skim the data onto floppies/CDRs/USB drives, whatever and export it at their leisure. They could plant the malware onto the providers' servers that uploads files.
Or, maybe they can do the latter remotely -- given the number of vulnerabilities in web facing servers out there. As for the high rejection rate, that could be a key clue.
Clearly we need a much more robust method of verifying credit card transactions where the card isn't physically present. I suspect this syndicate targets the U.S. because our procedures are easier to defraud.
reply
anon @ 24th Dec 08:40PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
MGD, the job you are doing is amazing!
I could become one of those cyber mules! But now they have no chance. They've hired me and I've almost set up the merchant account already. That's a big luck I've found everything out on this stage, they haven't had a chance to charge anybody through me yet!
Well, anyway.. I think I've got some interesting things that were not mentioned above and could help to trace those bastards, but I'm not sure if I should post them right here. Please e-mail me at chstpublic[at]gmail.com
reply
MGD @ 25th Dec 05:05PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by chst :
MGD, the job you are doing is amazing!.......
Thank you,
as requested, made contact from 007MGD
MGD
reply
MGD @ 27th Dec 05:03AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Updating, rooted some more out.
Another template clone:
infinitysonstemplates.com 404-474-2550 Infinity & Sons, LLC
.
That is the current phone number listed here: »infinitysonstemplates.com/help.php Charges have also shown up on statements under that name listing another number: 404-645-1736 see: »800notes.com/Phone.aspx/1-404-645-1736
[att=1]
[infinitysonstemplates.com IP 66.152.162.116 ]
Domain name: infinitysonstemplates.com
Registrant Contact:
IS LLC
bryan gracy (gracy_bryan@yahoo.com)
+1.4046451736
Fax: +1.4046451736
205 Sue Ln
Auburn, GA 30011
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 02 Nov 2007 19:41:28
Expiration date: 02 Nov 2008 20:41:28
The cybermule matches the domain reg.:
[att=2]
Business Name History
-----------------------------------------
Name Name Type
INFINITY & SONS LLC Current Name
-----------------------------------------
Limited Liability Company - Domestic
Control No.: 07089304
Status: Active/Compliance
Entity Creation Date: 10/29/2007
Jurisdiction: GA
Principal Office Address: 205 sue lane
Auburn GA 30011
Last Annual Registration Filed Date:
Last Annual Registration Filed:
----------------------------------------
Registered Agent
Agent Name: Gracy, Bryan
Office Address: 205 sue lane
Auburn GA 30011
Agent County: Barrow
----------------------------------------
There is no number listed for him at that specific address. A reverse lookup of the address lists a different name. It is possible that this was a recent move, as there are other listings for his name in Georgia.
.
.
Here is another E-book site:
mynetconnex.com 732-993-5297 mynetconnex
[att=3]
Been around since March 2007 without much noise: »www.google.com/search?hl=en&q=my···e+Search
For this genre, the domains usually do not match anyone, and can be carded. There is no reverse listing for this address, nor is there one for anyone with that name in NJ.
[mynetconnex.com IP 68.178.233.191]
Domain name: mynetconnex.com
Registrant Contact:
MYNETCONNEX.COM
MEGAN BROCK (supportmynetconnex@gmail.com)
+1.7329935297
Fax: +1.5555555555
306 Stevens Way
Freehold, NJ 07738
US
Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com
Creation date: 20 Mar 2007 20:42:34
Expiration date: 20 Mar 2008 20:42:34
There does not appear to be any corp listing for a mynetconnex, however, there is the following New Jersey corporation:
quote:
New Jersey State
Corporate and Business
Information Reporting
Business Entity Name
NET CONNEX, INC.
Filing Number
0100708464
Code DP
There is a legit business called : Net Connex Technologies, Inc., so I am unable to tell yet. The Governor of New Jersey wants at least $5 to cough up more info. I have added it to my list. I may try and negoitate a bulk rate !
MGD
reply
pleekmo @ 27th Dec 06:43AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Maybe we should start an MGD anti-scammer fund. I think that this would be an excellent idea, given MGD's value so far in shining the light on the dark corners of the Internet financial world.
--
HCN: Because you deserve a rest!
Proud member of the Free Omelas Liberation Front.
reply
MGD @ 27th Dec 09:31AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thanks, I was just making fun, .... and to be fair to NJ, they are not alone, several states now charge to look up data.
However, I am still set on you winning that lotto. :)
MGD
reply
pleekmo @ 27th Dec 10:20AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD :
However, I am still set on you winning that lotto. :)
MGD
Yes, I do every now and then say my prayers to the Jackpot God. :)
--
HCN: Because you deserve a rest!
Proud member of the Free Omelas Liberation Front.
reply
anon @ 1st Jan 11:01AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Got a charge of $10.25 on my credit card statement from December from this Acala/Atala outfit. Its interesting because I had to close out my account at end of November due to other fraud charges (2 out of Utah and 3 that, from reading weblogs of others victimized. seem to be out of St. Kitts). This Atala charge showed up on my new account but on calling credit card company was a carryover from the previous account with the other fraud charges on it. The phone number that showed up for Atala (but apparently, per credit card person, was Acala) is (626) 310-0668. I do with these credit card companies would do something more substantive regards fraudulent charges, instead of just closing down the affected account and then issuing a new account (and, in this instance, carrying yet another fraudulent charge over to new account). I can understand that it might be cost-prohibitive for them to pursue one-time small charges, but its pretty evident that all 3 fraud entities I have referenced have victimized thousands of people, collectively, to the tune of 'who knows' how much in the way of collective fraud dollars.
reply
ftthz @ 1st Jan 05:29PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
great info ... will look out for these types of charges
reply
anon @ 4th Jan 02:31PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I just found this and thought it might be linked up to this scam
article could be found on: »www.scamclub.com/blog/2006_11_01···ive.html
Company: Finbridge Private Equity Ltd.
Moscow, Russian Federation
URL: »finbridge-pe.com/en/career
The following is an email scam I received from three different email addresses:
I am writing to inquire if you might be interested in part-time employment with our company.
FinBridge Private Equity Ltd. (FinBridge) based in Moscow, Russia is looking for energetic and committed individuals to fill the part-time receivables clerk positions in the United States. As a receivables clerk, you will be in charge of processing and facilitating investment funds transfers initiated by our US clients under the supervision of the regional receivables manager. A perfect candidate should be a strong communicator who is also comfortable with numbers and ideally has some previous book-keeping experience. College education or any administrative professional background is a plus.
No relocation is required from a successful candidate. This opening is a great opportunity for those looking for a reasonable trade-off between working hours and compensation, such as senior citizens or self-employed individuals.
FinBridge is an emerging markets fund of funds manager headquartered in Moscow, Russia. FinBridge is the general partner of the Russia Growth Fund. The Russia Growth Fund is the first region-specific closed-end fund of private equity funds to target Russia and the Commonwealth of Independent States (former Soviet Union). FinBridge is dedicated to providing investors reduced emerging market risk through broad portfolio, manager, and market segment diversification. To learn more about our company, please visit us online at finbridge-pe.com
The receivables clerk position is commission-based, and it will typically take up to 6 hours per week to fulfill your duties. You should be able to perform your duties during regular business hours.
Your core responsibility will be to receive the investment funds from our US clients into your designated bank account, reconcile the payments with your supervisor if required and transfer specified funds into our managed investment accounts. You will be in charge of contacting your bank in order to obtain transfer status information, confirmations and account activity reports, as well as handling daily communications with your bank. You will be receiving a 2% commission from the gross amount of each transfer that is remitted into your designated account (for instance, if $10,000 is credited into your account, you will be retaining a commission of $200). Your commission is available immediately, so there is no need to wait for the payroll check in the end of the month.
From the tax aspect, you will be paying your income tax, either as an individual or as a business entity, calculated as a percentage of the
commissions received for fulfilling your duties. It should be
understood that it is your sole responsibility to report your incomes to the IRS. Being a foreign legal entity, Finbridge is not subject to the US tax regulation.
You will be receiving the investment funds exclusively from our US clients via secure electronic Wire transfer used by major US banks for funds and securities settlement. This means that no funds will be deposited into your account unless the transaction is reviewed and confirmed both by the remitting and recipient banks. Thus, there is no operational risk on your end. You will never be required to cash a check, make a remittance before the funds are cleared into your account or engage in any other financially risky activity.
In order to qualify for the position, you must be a permanent US resident aged 21 and above. It is recommended that you set up a separate bank account for the receivables service (a list of preferred banks is available); however, you may also use an existing account.
Since most communication with your supervisor will be via
email/fax/phone, you should have access to these facilities and be available for communication in regular business hours. It should also be underlined that business owners utilizing business bank accounts will be subject to higher receivables turnover, and thus, higher commissions.
You can apply for the position or online at:
»finbridge-pe.com/en/career Please note that only candidates
under serious consideration will be contacted. Please use the
following vacancy code: FBUSA88.
You can also contact the HR Department by visiting us online at:
reply
MGD @ 4th Jan 05:38PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Acala or Atala :
Got a charge of $10.25 on my credit card statement from December from this Acala/Atala outfit. Its interesting because I had to close out my account at end of November due to other fraud charges (2 out of Utah and 3 that, from reading weblogs of others victimized. seem to be out of St. Kitts). .....
.
If you can recall, or have access to the line item listing of the other fraud charges, please post them. Yes there is a "rollover" period, usually around 30 days, where charges to you old card will be transferred to the new one. It does not mean that the criminals have your new number.
Your post also helps emphasize another important point. Victims of these charges need to cancel and replace their card as soon as the first fraudulent charge appears. There is absolutely no doubt that you will be subject to additional fraud charges from this crime syndicate. They will continue to hit you until you cancel and replace the card. So you may as well address it as soon as possible. Be aware that a criminal enterprise has your card number, the expiration date, the cvv2 security code, your first and last name, and your address. You need to remove that valid card number from the equation immediately. There is no evidence to indicate that they have your pin number, or any other account information, other than the card account data itself.
Victims may have some difficulty persuading their bank CSRs, some are a lot more clued in than others. Many customer reps may assume this to be trivial because of the amount. That is why it is vital that you report this as a fraudulent charge. Do not allow them to go down the "dispute the charge" path. You must reiterate that the charge is "fraudulent", and that your card data has been compromised. You are not liable for any portion of the fraud, you did not loose your card, you still have it. You card was not stolen, your account data was.
There are a few horror stories from some victims of this fraud with respect to how it was handled by their banks. If for any reason your bank does not resolve this issue promptly, then you need to report it to them in writing. Preserve your rights under Federal Law by notifying the bank in writing. Send it via certified mail RRR, to the address listed for billing inquiries on your statement. That notification must arrive within 60 days of when the statement that listed the fraud charges was mailed to you.
Any additional charges to your account that resulted from the fraudulent charge/s must also be credited back to you.
Generally, most banks with well trained CSR's are addressing this properly by reversing the charge and cancelling and re-issuing the card.
Though the banks as a matter of courtesy may tell you that they will investigate the fraud, they will not, the amounts are too small. That is one reason this crime syndicate has been in operation for many years. I do urge victims to take a few minutes and report the fraud at »www.ic3.gov/
Coming up, the next chapter.
•Additional websites of existing cyber mules processing fraud charges.
•A new confirmed division of the crime syndicate, Version 6.0. An entire group operating as a website promoting gimmick, along with a new Command and Control recruiting Hub.
•Information on the recent slew of charges from VALLJRSX / Paradise Web / Home Base, and more.
MGD
reply
MGD @ 4th Jan 05:50PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by stae2 :
I just found this and thought it might be linked up to this scam ....
It is hard to tell, however, most cyber criminal operations are usually involved in multiple forms of fraud.
That one may involve transferring funds out of hijacked brokerage accounts to mules, who then convert and send the funds out of the country.
One of the trademarks of this crime syndicate's recruitment operation, is the requirement for the cyber mule to set up a corporation and corresponding bank account, and obtain an EIN number. That is needed to attach to the fake website in order to set up a merchant account and facilitate the transfer of fraudulent funds.
MGD
reply
anon @ 4th Jan 11:24PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I was hit for 4.95 by the MYNETCONNEX awhile back. I didn't notice it because of the Holiday rush. This is the only location I could find that mentioned MYNETCONNEX in a Google search, thank you for the information.
I am also now seeing a pending charge to my card for "SITE SERVICES" which is wonderfully non-descript. I know this pending charge is fraudulent as I have been living off Christmas cash for awhile now. I guess I am going to the bank tomorrow to get a new card.
reply
MGD @ 5th Jan 12:19AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Taken :
....This is the only location I could find that mentioned MYNETCONNEX in a Google search, thank you for the information.
I am also now seeing a pending charge to my card for "SITE SERVICES" which is wonderfully non-descript. .....
You are welcome,
Please post back any additional information on the line item for "SITE SERVICES". A phone number, even a partial one, or the state abbreviation, will all be very helpful. I use several techniques for identifying and tracking this crime syndicate's operation. One of the main detecting triggers are victim reports such as yours that match their modus operandi. I also can map the linkage where victims do not recognize the original charge as fraudulent and then are hit with subsequent charges.
I monitor several forums that victims are posting on, and there are several names currently unidentified. I will add SITE SERVICES to that list.
This criminal enterprise is adapting and becoming more difficult to identify. They are adding additional obfuscation to their records to deter tracking.
They have done this on several occasions in the past few years, when publicity increases. They manipulate the wording on the business and merchant account names. They use abbreviated names or acronyms to prevent a direct connection between each one.
They are dynamic and flexible, but they never stop the fraudulent processing.
MGD
reply
anon @ 5th Jan 12:08PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
The pending charge came through and now I have a phone number. The complete detail for the transaction is "SITE SERVICES 8885909662". The transaction amount was for 9.15 in my case.
I googled the ph# and found this »800notes.com/Phone.aspx/1-888-590-9662 The person posting here reported a transaction of 9.10 and reported it as fraud. The post was from yesterday as was my charge so maybe this is a new front.
Thanks again for the information.
reply
anon @ 5th Jan 12:09PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
After the Site Services transaction posted it showed a phone number. The complete description from my bank is "SITE SERVICES 8885909662". The charge was for 9.15.
I googled the ph# and found »800notes.com/Phone.aspx/1-888-590-9662 It seems at least one other person has seen this. They were charged 9.10.
Thanks again for the great information.
reply
MGD @ 6th Jan 01:10AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
These additional fraud sites were found while auditing various servers that are hosting the crime syndicate's websites. Now it is apparent that several of the cybermules are recruited to front multiple sites and corresponding corporations.
The Chicago, Illinois individual named Allen Ilic who fronts a website and LLC listed in a previous post, named ilicsolutions.com AKA Alen Ilic, Inc 312-235-6926 is also fronting:
ilicmaster.com AKA Website Master, Inc. 312-698-7897
[Att=1]
This set up is very recent, and so far I have only seen a few reports of fraud charges. Give it some time until they season the account, and get up to full speed.
The domain was registered in December:
Registration Service Provided By: NameCheap.com
Domain name: ilicmaster.com »ilicmaster.com
[ilicmaster.com IP 66.152.162.119]
Registrant Contact:
WSM Inc
alen ilic (alen_ilic05@yahoo.com)
+1.7572991858
Fax: +1.7572991858
4950 N Marine Dr #807
Chicago, IL 60640
US
ns1.hostdone.com
ns2.hostdone.com
Creation date: 04 Dec 2007 22:45:47
Expiration date: 04 Dec 2008 22:45:47
The LLC was formed on the same date:
Entity Name WEBSITE MASTER INC.
File Number 66361985
Status GOODSTANDING
Entity Type CORPORATION
Type of Corp DOMESTIC BCA
Incorporation Date (Domestic) 12/04/2007
State ILLINOIS
Agent Name ALEN ILIC Agent Change Date 12/04/2007
Agent Street Address 4950 N MARINE DR APT 807
Agent City CHICAGO
Agent Zip 60640 Duration Date PERPETUAL
Annual Report Filing Date 00/00/0000
[att=2]
A second fraud site was located fronted by the same cybermule as mvwebtemplates.com AKA Most Valuable Web Templates 404-474-3440, also listed previously. Mr. Murphy from Atlanta, Georgia is also fronting:
123gettemplates.com AKA 123GETITDONE, INC 404-474-0491
[att=3]
There are several reports of fraud charges from the 123gettemplates.com domain, which was registered back in July 07:
Registration Service Provided By: NameCheap.com
Domain name: 123gettemplates.com »123gettemplates.com
[123gettemplates.com IP 66.152.162.116]
Registrant Contact:
TTS
Edward Murphy ()
+1.2707787541
Fax: +1.5555555555
1060 Park Row North
Atlanta, GA 30312
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 13 Jul 2007 19:25:07
Expiration date: 13 Jul 2008 19:25:07
As was the case with the Georgia LLC for mvwebtemplates.com, which was reformed from a previous LLC to Murphy Ventures (MV), likewise for 123gettemplates.com. The new domain is attached to 123GETITDONE, INC., which was formerly THE CHATZ FOUNDATION, INC.
[att=4]
Business Name History
---------------------------------------
Name Name Type
123GETITDONE, INC Current Name
THE CHATZ FOUNDATION, INC. PRIOR NAME
---------------------------------------
Profit Corporation - Domestic - Information
Control No.: K824503
Status: Active/Owes Current Year AR
Entity Creation Date: 6/26/1998
Jurisdiction: GA
Principal Office Address: PO BOX 311291
ATLANTA GA 31131-1291
Last Annual Registration Filed Date: 9/12/2007 11:25:40 AM
Last Annual Registration Filed: 2007
---------------------------------------
Registered Agent
Agent Name: Murphy, Edward
Office Address: 1270 CAROLINE ST STE D120-381
Atlanta GA 30307
Agent County: Fulton
---------------------------------------
Officers
Title: CEO
Name: EDWARD MURPHY
Address: 1270 CAROLINE ST STE D120-381
Atlanta GA 30307
---------------------------------------
Several victims of Mr. Murphy's entities reported that they were also hit by the now defunct:
hottemplatesites.com AKA Hot Sites LLC. They had a considerable number of fraud charge reports under the listed number of 202-558-7562
Apparently hottemplatesites.com has now burned out, with only a Google cache of the site remaining.
That domain was registered as follows:
Domain Name: HOTTEMPLATESITES.COM
Registrar: ENOM, INC.
Registrant Contact:
ADs LLC
William Vanover (kevinbarnes@vpm.net)
+1.5023717468
Fax: +1.5555555555
620 Q St. N.W
Washington, DC 20001
US
Name Servers:
ns3.jaguarpc.net
ns4.jaguarpc.net
Creation date: 28 Apr 2007 13:57:15
Expiration date: 28 Apr 2008 13:57:15
The actual LLC was registered to a different name than the domain:
Organization LLC
Organization Name: HOT SITES LLC
State: DC
Status: ACTIVE
Initial Date of Registration: 6/22/2007
File No.: L34129
Organization Type:
DOMESTIC LIMITED LIABILITY COMPANY
Registered Agent
KEVIN PURNELL BARNES
4905 NASH STREET, APT. 303, NE
Washington, DC 20019
[Att=5]
.
A note of interest regarding AtalaDesigns.com, the former C&C hub site listed earlier. They subsequently converted to a card billing operation listing St Paul Park MN., on the line item charge. However, they frequently list a California contact number 626-310-0668 which is also listed as a contact phone number on a fraud template site naturalordertemplate.com
[att=6]
Also worth noting, do not confuse the name Atala Design, or the domain ataladesign.com without the "S", with this criminal enterprise. I have read reports of victims contacting the folks at Atala Design and accusing them of fraud. While it is understandable to want to reach out and vent at someone for these crimes, do not assume that they are listed on the first page of search results that you run. Being close does not count here. This is a sophisticated criminal enterprise, they will not be found in the first several layers of this operation. In fact, wherever your search leads to, you can be guaranteed that it is not them, and they are not there. Neither should you assume that the last CNP transaction that you made is the location where your card data was compromised, regardless of how many others have that vendor in common. Remember that this syndicate is fraudulently processing well over 100,000 cards a month. A congregation of 50, 100 or 200 people with the same recent vendor in common is materially insignificant for that volume.
Can they be found?, yes they can, however, it will take considerable resources to disassemble this multi year operation. By now, they have this down to a science. They do make mistakes, as every criminal enterprise does. Far fewer now than they made several years ago. The mistakes that they have made have led to this expose, but it has taken several hundreds of hours of research and two years to get to here.
MGD
Next... moving on to version 6.0
reply
pcdebb @ 6th Jan 11:18AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD :
However, I am still set on you winning that lotto. :)
MGD
hey, i'm still ready to write that check for you :)
reply
pcdebb @ 6th Jan 11:24AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD :
I monitor several forums that victims are posting on, and there are several names currently unidentified. I will add SITE SERVICES to that list.
Also might want to add "At Site Services"
My bank told me the company is called "At Site Services" which we both agreed was such a catch-all name for about anything now-a-days.
--
a time for change... | 1st & 10 | Ham is good
reply
MGD @ 7th Jan 03:55AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I am still amazed that after four plus years and several hundred consecutive fake template or e-book sites, that they have not raised some suspicion during merchant account enrollment at authorize.net / Cybersource. Or why the banking system has not taken preventative measures as a result of the long running high charge back correlation.
Earlier this year the crime syndicate's R&D division coughed up a new theme. Currently well underway is a new "virtual" business model theme, website promotion and advertising. Again, in the convenient variable denomination between $2.95 and $6.95 a shot. A business model that does not exist in the real world, but who will know. There is definitive confirmation that the fraudulent funds from some of the entities in this division are/were wired to the exact same accounts in Bulgaria and Kyrgyzstan.
First up is the already defunct fabri-tex.net 832-519-1980 a Texas registered LLC:
[att=1]
Fabri-tex had a considerable amount of fraudulent charge reports including at least one news media story in a local Ohio newspaper, the Chillicothe Gazette
Fabri-tex had a bogus domain registration via the crime syndicate's perennial favorite registration provider and hosting company Jaguar Technologies LLC.
Domain name: fabri-tex.net
Alan Moll (mollalan@yahoo.com)
+1.4136834739
Fax: -
2726 Bissonnet St
Houston, TX 77005
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 12 Jul 2007 20:36:47
Expiration date: 12 Jul 2008 20:36:47
Also common to Jaguar is another identical site to fabri-tex:
keleyempire.com AKA Kelly Empire Inc., 305-396-3076 »kelleyempire.com
[att=2]
Registration Service Provided By: Jaguar Technologies LLC
[kelleyempire.com IP 208.109.181.129]
Domain name: kelleyempire.com
Administrative Contact:
-
Ryan Faulkner (ryanfaulker@yahoo.com)
+1.6099392568
Fax: -
1510 Drexel Ave
Miami Beach, FL 33139
US
Name Servers:
ns43.domaincontrol.com
ns44.domaincontrol.com
Creation date: 23 Oct 2007 21:02:18
Expiration date: 23 Oct 2008 21:02:18
Both fabri-tex and kellyempire were also hidden from search engines:
[att=4][att=3]
Which makes rounding up other sites in the pack difficult until there are numerous fraud reports that can be tracked.
The price list should match fraud charge amounts:
[att=5][att=6]
This group appears to be a higher volume lower charge run, which may have contributed to the early burn out of fabri-tex.
The C&C hub and recruitment site for that group is emerald-bridge.com.
[att=7][att=8]
The domain just expired a few days ago, and so far has not been renewed. Emerald Bridge Inc., claimed to be headquartered in Helsinki, Finland, though they had a bogus domain registration in the name of a real individual:
Registration Service Provided By: Domain Cheap
IP address 208.109.78.138
Administrative Contact:
Emerald Bridge Inc
David Shannon (david.shanon@yahoo.com)
+1.2089770527
Fax: -
1328 East Lind Road
Tucson, AZ 85719
US
Name Servers:
ns1.secureserver.net
ns2.secureserver.net
Creation date: 02 Jan 2007 20:44:55
Expiration date: 02 Jan 2008 20:44:55
Emerald Bridge Inc, repeatedly advertised in multiple locations for US or Canadian cybermules:
[att=9][att=10]
In fact even though the domain has now expired they are still actively recruiting:
[att=11]
Despite the novel theme, the website promotion group has not fared so well. One particular problem has been that several of the recruited mules have blown their cover.
The criminals are even threatening to sue a cybermule !! breach of contract maybe !!!
quote:
..."I'm certain that my identity has been stolen and I have been used to run a very large credit card scam. Now Emerald-Bridge is threatening me with legal action (via my e-mail, of course) and I'm out the $250 I spent to set up the business as well as another $250 to Authorize.net. "....
See: »www.ripoffreport.com/reports/0/2···9666.htm
and the follow up:
»www.ripoffreport.com/reports/0/2···m#272894
At least one individual is still confused:
»www.ripoffreport.com/reports/0/2···2217.htm
Note the mention of myemeraldconnection.com, probably another site in the group.
This potential cybermule who posted on 800notes.com fabri-tex thread, nailed it.:
[att=12]
This is all just a minor bump in the road, the web advertising division is made up of multiple formats. A version 6.1 was already running in parallel:
wameltraffic.com AKA Vanwamel enterpries 785-200-3339 »wameltraffic.com
[att=13]
Revised increased pricing schedule:
[att=14]
Mistake, someone forget to remove the templated reference to eBooks on the "web traffic" theme:
quote:
"For all issues related to the use and operation of an eBook purchased on our website and for all billing and technical questions please call 1-(785)-200-3339, or send email to support@wameltraffic.com"
»wameltraffic.com/contacts.php
wameltraffic.com AKA Vanwamel enterprises list their contact address asfollows:
Vanwamel Enterprises
Address
10750 Blackbird Rd,
Emmett,
Kansas, 66422
The domain is again registered via Jaguar:
Registration Service Provided By: Jaguar Technologies LLC
Domain name: wameltraffic.com
[wameltraffic.com IP 66.152.162.116]
Administrative Contact:
-
Michael Weinstein (michaelsweinstein@yahoo.com)
+1.5016297617
Fax: -
26404 Saxon Rd
Emmett, KS 66422
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 27 Apr 2007 18:57:18
Expiration date: 27 Apr 2008 18:57:18
A hunt for the potential cyber mule leads to a LLC registration via a broker:
Kansas Secretary of State
Business Information
Current Entity Name Business Entity ID Number
VANWAMEL ENTERPRISE LLC 6171060
Current Mailing Address: 2101 SW 21st St., TOPEKA, KS 66604
Business Entity Type: DOM: LTD LIABILITY COMPANY
Current Status: ACTIVE AND IN GOOD STANDING
Date of Formation in Kansas: 04/19/2007
State of Organization: KS
Resident Agent and Registered Office
Resident Agent: NATIONAL REGISTERED AGENTS, INC. OF KS
Registered Office: 2101 SW 21st St., TOPEKA, KS 66604
»www.registered-agent-listings.co···state=KS
The "Agent" NRAI is a multi state service, and that Topeka address comes back as a Law Firm.
.
Digging further yields another identical 6.1 fraud site:
.
genesusinfoproducts.com AKA Genesus Information Products. 604-755-4265 »genesusinfoproducts.com
[att=19]
Though the domain is registered to a New york address:
Registration Service Provided By: Jaguar Technologies LLC
Domain name: genesusinfoproducts.com
[genesusinfoproducts.com IP 66.152.162.116]
Administrative Contact:
-
Robert Planata (robertplanat@yahoo.com)
+1.4322254991
Fax: -
7 Eldorado Ct
Rochelle Park, NJ 07662
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 18 May 2007 22:32:07
Expiration date: 18 May 2008 22:32:07
The contact address listed on the site is in Canada:
Genesus Information Products.
Address
1017 McLean Dr.,
Vancouver,
British Columbia, V5L3N2
Phone:
1-(604)-755-4265
E-mail:
support@genesusinfoproducts.com
Though that is the first recent sighting of a Canadian address, there were several Canadian cybermules recruited during the Devbill / Digital Age 2005 -2006 run. In fact several of the recruiting adds list Canadian or US positions open. Still snooping around Vancouver looking to id the Genesus cybermule.
Also located what appears to be the C&C hub predecessor for Emerald Bridge. A company called Regional Association of Business Development with a website of »r-a-b-d.com/index.php totally all bogus information. r-a-b-d.com lists an address of Lonnrotinkatu 14, 00120 Helsinki, FINLAND.
[att=15]
Again, r-a-b-d.com was heavily involved in recruiting cybermules:
[att=16][att=17]
The job order and description: »r-a-b-d.com/reseller_program.php
Back in November of 2006 they were also seeking a HR person to assist in recruiting mules:
[att=18]
Then showed up with an Alabama phone number: »www.nostops.org/dir/index.php?RE···subcat=0
The r-a-b-d.com domain was registered in March of 2005 for 3 years, to an existing individual in New Jersey:
Registration Service Provided By: Jaguar Technologies LLC
Domain name: r-a-b-d.com
[r-a-b-d.com IP 69.73.181.159]
Administrative Contact:
-
Christopher Lessard (lessardpher@yahoo.com)
+1.5094634411
Fax:
14 Clinton Street
Newton, NJ 07860
US
Name Servers:
ns.nocdirect.com
ns2.nocdirect.com
Creation date: 25 Mar 2005 16:05:24
Expiration date: 25 Mar 2008 16:05:24
There are several unique characteristics which link emerald-bridge.com and r-a-b-d.com together,
including this one:
[Att=20]
MGD
reply
MGD @ 7th Jan 03:58AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by pcdebb :
...Also might want to add "At Site Services" .....
Thanks,
Yes,...that AT may be an abbreviation for something else.
MGD
reply
anon @ 7th Jan 12:14PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Here's another one to add to the growing list of fraudulent sites. www.mcawebtechnology.com. This company made an unauthorized debit to my checking account in the amount of $10.54. Fortunately, I caught it the day after it posted.
reply
MGD @ 7th Jan 03:23PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by CER :
Here's another one to add to the growing list of fraudulent sites. www.mcawebtechnology.com. This company made an unauthorized debit to my checking account in the amount of $10.54. Fortunately, I caught it the day after it posted.
Thanks for the heads up.
mcawebtechnology.com AKA M.C.A. 623-742-3769
[att=1]
»www.google.com/search?hl=en&q=mc···e+Search
»www.google.com/search?hl=en&q=62···G=Search
mcawebtechnology.com is most likely fronted by the same cybermule as mcatemplates.com - 623-444-2173 M.C.A. listed in an earlier post. It also follows the recent trend of cybermules fronting multiple sites.
I have not yet been able to identify the specific Arizona Corporation attached to these. There are many filings that are close, however, the M.C. could also be an abbreviation. It is in that AZ database somewhere.
The domain registration for mcawebtechnology.com is a clone of the 25 Sep 2007 mcatemplates.com registration:
Registration Service Provided By: NameCheap.com
Domain name: mcawebtechnology.com
[mcawebtechnology.com IP 66.152.162.116]
Registrant Contact:
MCA
steve rogan (steve_rogan004@yahoo.com)
+1.8016971813
Fax: +1.8016971813
8912 E. Pinnacle Pear Ro #174
Scottsdale, AZ 85255
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 20 Nov 2007 00:31:46
Expiration date: 20 Nov 2008 00:31:46
MGD
reply
MGD @ 7th Jan 04:04PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
.
VALLJRSX, VALL-JRSX, VIN DESIGN, VIN-DESIGN, PARADISE WEB, PARADISEWEB, E NAT,
I have been working on this group since the first reports of Vin Design started coming in early December. There are now a flood of recent reports on Chris Jupin's blog, where victim's report being hit with consecutive charges each month from the above names.
This division appears to have been set up to specifically target compromised American Express card accounts. I am interested in finding anyone who has any charges from this group on a non AE card.
Here are excerpts from the blog so you can see the one two three hit in consecutive billings, when the card was not cancelled and replaced. Based on this input rate, there must be thousands of ongoing charges:
quote:
-------------------------------------------------------
12/09...."I was hit with a $9.59 charge from VIN Designs so I just called my credit card company disputed the charge,".....
-------------------------------------------------------
12/15...."I just noticed a charge of 9.45 on my AMEX from VIN Design."....
-------------------------------------------------------
12/10..."I found an $11.87 charge from VIN Designs on my AMEX bill. The disturbing part is that when I called AMEX to dispute the charge, they told me that they have a standing agreement with VIN Designs."....
-------------------------------------------------------
12/31..."I reported earlier that I cancelled my amex card and filed a fraud report for a charge of $9.59 from VIN Designs. That charge was successfully removed, but on my final amex bill on that card I found another charge for $9.59 from VALLJRSX VALL-JRSX of West Sacramento, Ca - also listed, like VIN Designs, as direct mktg internet"......
-------------------------------------------------------
01/01...."I noticed unauthorized charges as recently as December 29 from the same operation out of Plumas Lake CA. The first was under VIN Design in November and then the latest was the same address but now under the name Paradise Web. Another suspicious transaction appeared under VALLJRSX out of Sacramento"......
-------------------------------------------------------
01/03...."I was a victim of both ViN Design and VALLJRSX in the past two months. Amex refunded the Transactions.".......
-------------------------------------------------------
01/03...."I received my American Express bill today with a $11.95 charge on it from this company. When I googled VALLJRSX,"......
-------------------------------------------------------
01/03....."I just did a search for Paradise Web and found this site - I too have had 3 unauthorized charges lately on my AmEx - VIN DESIGN, VALL-JRSX, and now Paradise Web. I am surprised that AmEx is still authorizing these charges and not rejecting them automatically."....
-------------------------------------------------------
01/04...."I have been a victim, too ..
10/22/07 $11.87 - E NAT NATALIYA MAKOVCARMICHAEL CA ELECTRONICS STORE
12/05/07 $11.95 - PARADISE WEB PARADISPLUMAS LAKE CA DIRECT MKTG INTERNET
12/26/07 $ 9.45 - VALLJRSX VALL-JRSX WEST SACRAMENTO CA DIRECT MKTG INTERNET
All 3 times, I called American Express and they refunded the charges without delay. After the 3rd one, I asked for a new credit card w/ a new number"....
-------------------------------------------------------
01/04...."I first noticed a 12/11/07 charge on my AmEx card from Paradise Web out of Plumas Lake, CA for $9.59 a few days ago. It was for an internet download. I had not made any internet download purchases, and neither had any one else in the family. I then checked my AmEx account and noticed a 1/1/08 charge by VALLJRSX out of West Sacrmento, CA for $12.24, also for "internet Downloads"......
-------------------------------------------------------
01/04....."Same thing happened on my Amex card in November and December. November was $11.87 from VIN DESIGN VIN-DESIGPLUMAS LAKE CA and December was $9.59 from VALLJRSX VALL-JRSX WEST SACRAMENTO CA."
-------------------------------------------------------
01/04...."I too was hit with the same 3 charges and AMEX could not give me a phone number for these companies, yet they reversed the charges."
-------------------------------------------------------
01/04..."I too had several bogus charges on my account from the following companies between Nov 07-Jan 08:
$12.38 VALLJRSX VALL-JRSX WEST SACRAMENTO CA
$11.95 PARADISE WEB PARADISPLUMAS LAKE CA
$12.38 E NAT NATALIYA MAKOVCARMICHAEL CA"
-------------------------------------------------------
01/04..."I just find fraudulant activity on my account.
$12.38 VALLJRSX VALL-JRSX WEST SACRAMENTO CA - Jan 4.2008
$13.95 E NAT NATALIYA MAKOVCARMICHAEL CA - Nov 18. 2007"
-------------------------------------------------------
01/06...."Last July I ordered a free credit report from Equifax, and paid a few bucks (with my Amex card!) to see my FICO score. Then I got these charges on my Amex account:
01/02/08, $12.38
PARADISE WEB PARADISPLUMAS LAKE CA
12/14/07, $12.38
VALLJRSX VALL-JRSX WEST SACRAMENTO CA
11/11/07, $9.59
VIN DESIGN VIN-DESIGPLUMAS LAKE CA"....
-------------------------------------------------------
01/06...."I've also been charged by these two companies thru my American Express Card. AMEX is now investigating.
VALLJRSX VALL-JRSX WEST SACRAMENTO CA
PARADISE WEB PARADISPLUMAS LAKE CA"......
-------------------------------------------------------
01/07...."I've also found a $11.95 charge on my credit card from VIN Design, Plumas Lake, CA. Called American Express and opened a fraud investigation."....
-------------------------------------------------------
01/08 ......"I just found a charge on my recent 12/2007 amex statement of $12.38 from VIN DESIGN VIN-DESIGPLUMAS LAKE CA, DIERECT MKTG INTERNET.
Googled it, found this site. Went back and checked past statements, found another bogus charge in OCT 2007 for $12.24 from VALLJRSX VALL-JRSX WEST SACRAMENTO, COMPUTER NETWORK/INFO"......
-------------------------------------------------------
Based on the modus operandi, there is a good chance that this is the "AE" division of the syndicate.
I am following up this post with some of the details of what has been uncovered so far. As you might expect they are all linked together.
MGD
reply
anon @ 7th Jan 05:36PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
BESTDIGIMARTDOTCOM 330-8717932 OH -hit me for a $4.95 charge. I reported it as fraud and my bank cancelled my card and sent me a new one and refunded my money. They also said since the charge was so low they probably wont investigate it further. With attitudes like that these parasites will never be caught.
reply
pcdebb @ 7th Jan 05:40PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
that's an unfortunate crock. seeing as it is so low, it would probably cost more in time and labor to investigate something that small. however I dont think it should be brushed under the rug. alot of times the small one is the precurser to the big one..
--
a time for change... | 1st & 10 | Ham is good
reply
garys_2k @ 7th Jan 08:31PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
The problem, of course, and the reason this scam can survive so easily for so long and take the millions it does, is that every one of these withdrawals is too small to be "worth the trouble." In totality it's huge but nobody but MGD has ever seen that totality.
No feds, a few state AGs (including mine in Michigan) have put their toes in the edge of the scam pond but haven't figured out how large it is. Only MGD has seen the entire thing -- I hope he can get the right FBI team onto it as breaking this thing open could be a career enhancer for whoever breaks it open.
reply
anon @ 8th Jan 12:33PM:
Almost a Cyber Mule!!!
We were considering doing this program with Atala Desgins today...and then I saw all these postings. We had been in contact with them prior to the holidays and it seemed like a good source of revenue....however, not now.
The contact we have been in touch with at the company is gundars_kristopans@ataladesigns.com also, it lists the following person as the president of the company on the employee agreement:Aleksandrs Feigmanis, President
reply
MGD @ 8th Jan 02:17PM:
Re: Almost a Cyber Mule!!!
said by Not A Mule :
We were considering doing this program with Atala Desgins today...and then I saw all these postings. ........
Outstanding !!.
One of several goals in going public about this criminal enterprise is to try and cut off the constant supply of cybermules. Congratulations on your due diligence in researching who they really are. No doubt they are recruiting under multiple domain names, many of which have yet to be uncovered. However, the theme and procedures will be the same. Getting the word out that no such legitimate business model exists in the real world is vital.
Also, prompting Cybersource / authorize.net (the syndicate's preferred merchant account provider) to institute additional vetting procedures. There are multiple unique criteria which can easily be applied to screen out these fraudulent set ups.
In addition, generating much needed attention to focus on the endless source or sources of the card account data is vital.
Following the extended money laundering trail to the end, in order to pinpoint the executive members of the criminal enterprise is imperative.
Consumers and victims should be adamant that it is not acceptable for the financial industry to tolerate organized crime feeding from the trough of the billions of dollars a year that are willingly writing off to fraud.
MGD
reply
K Patterson @ 8th Jan 03:35PM:
Re: Almost a Cyber Mule!!!
Aleksandrs Feigmanis is a well-known and respected genealogist from Riga, Latvia.
Almost certainly identity theft.
reply
MGD @ 8th Jan 03:59PM:
Re: Almost a Cyber Mule!!!
said by K Patterson :
Aleksandrs Feigmanis is a well-known and respected genealogist from Riga, Latvia.......
Interesting that you bring that famous names up. One of the traits of this crime syndicate throughout the years, has been the use of well known names. Particularly in domain registrations, where they repeatedly used readily searchable names of famous Russians and other former Soviet Bloc residents.
In fact, the holding domain C&C for many of the 2003 thru 2005 template farm sites that accompanied the Digital Age charges "Devbill.com" AKA "Developer Billing Company", was registered to an "Ivan Maximov":
Circa 2004
quote:
Domain name: devbill.com
IP 66.98.206.27
Registrant Contact:
Developer Billing Company
Ivan Maximov (ivanmaxximov@yahoo.com)
(509) 352-7566
Fax: none
666 FIFTH AVE
NEW YORK, 10103
US
Name Servers:
NS1.DEVBILL.COM 66.98.206.27
NS2.DEVBILL.COM 66.98.206.27
Creation date: 26 Nov 2003 12:00:27
Expiration date: 26 Nov 2005 12:00:27
And there are many other examples of that same pattern. There are other common traits as well when you look at the big picture over the years. However, since many are used to to ID them I will refrain from listing. They are now setting up alternate bank wire drops in Western Europe, particulary Germany.
MGD
reply
anon @ 8th Jan 07:34PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thank you a million times over for what you are doing. I had two cards hit. Both from Sensate Technology. The banks idea of investigating is to merely issue a new card and have you fill out a few forms. Very disappointing. I wanted to ask a question because now you have me worried. I had to renew my Spysweeper from Webroot recently and they use Cybersource to process the cards. Does this mean the syndicate is going to get my card again probably? I was trying to avoid Digital River and FreeMerchant so I called in my order instead of using Spysweeper's website (they show that they use Digital). The guy told me not to worry because they process renewals through Cybersource (he also admitted that Webroot/Spysweeper has been trying to get out of their contract with Digital for a while now so that's why they have the other processor in place). I went ahead and gave him my card to process my renewal and now see Cybersource's name in here. Oh God please tell me that I m not going to go through this again. Are merchants that use Cybersource unsafe? This is becoming a nightmare. :(
Also how is it that the FBI hasn't been on this? I don't get that at all. Obviously they can see what's going on and must have received many reports. Do you know if anything is even being done? Are we all there is here? I don't understand why the police have not broken down the doors to some of these mules let alone all of them?
Does it do any good to even go to our Attorney General?
reply
MGD @ 9th Jan 12:45AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Scammed Princess :
Thank you a million times over for what you are doing....
You are most welcome.
...I had two cards hit. Both from Sensate Technology. ..
Two cards !! I can certainly understand your frustration. That is not uncommon with this criminal enterprise. Complaints of victims reporting multiple card accounts hit are somewhat routine.
If you don't mind, can you tell me if the cards were issued by the same bank?. Were they both credit cards?. If you could post the relative dates of the charges to each card and the name of the issuing bank I would appreciate it. No personal info, just card issuer and date hit.
.......I had to renew my Spysweeper from Webroot recently and they use Cybersource to process the cards. Does this mean the syndicate is going to get my card again probably? I was trying to avoid Digital River and FreeMerchant ..
No it does not necessarily mean that you will be hit again on the new cards. It has happened, though reports are rare. My reference above to Cybersource is that the criminals have merchant billing accounts set up with them to process the fraud charges. In fact their preference is to use authorize.net, now a division of Cybersource. Ironically, they also have bank accounts set up at the same banks that some victims have their cards from. In some cases a fraudulent charge is processed from a victim's account, and transferred to another account at the same institution.
Despite the frequent reports that point to Equifax, Digital River, as a common prior transaction of victims, it is my opinion that the source of data is not at that level. Also, the fact that two of your cards were hit somewhat simultaneously would tend to support that your account data was retrieved from some type of master database. In the past two plus years there have been groups of victims on numerous forums, that have pointed to PayPal, Amazon, and other vendors, that were common to them.
One can argue that the syndicate has penetrated multiple sources at the vendor level. However, the totality of the data does not point in that direction.
... and now see Cybersource's name in here. Oh God please tell me that I m not going to go through this again. Are merchants that use Cybersource unsafe? ....
No, they are not unsafe, no more unsafe than the system at large is, in my opinion. I personally would not have any issue with using my credit card there as it stands now.
I rarely expose my debit card to the system anywhere, I like to keep that account data out of circulation as much as possible. I prefer the ability to have a second opportunity to review transactions before actually paying for them. Versus having to chase after a potential fraud issue where the money has already been removed from my account. The banks monitor credit card transactions with a much higher level of scrutiny, because it is their assets that are exposed. The primary burden shifts to the account holder for debit transactions. When a debit transaction is presented, as long as there is money in the account, it will be paid. That policy is just my personal preference, based on the way I see the entire industry operate.
...This is becoming a nightmare. :( ....
Indeed it is, and it is routinely happening to thousands of people a month, and has been for a considerable time. Forget the amount issue for a moment. Look at what each victim has to go through, the time they have to spend addressing it, calls to their banks etc., paperwork. The hassle of waiting for a new card or cards to be issued. Then all the additional work if the have any auto billing accounts set up on the cards.
...Also how is it that the FBI hasn't been on this? I don't get that at all. ......... Do you know if anything is even being done? ..........
At this time, I do not want to comment much on that aspect. This criminal enterprise has always monitored the "chatter", and adjusted accordingly. However, I can tell you that Law Enforcement are reviewing the issue.
...Does it do any good to even go to our Attorney General?.....
Yes, ... focus at the Federal level, wouldn't hurt either to email your Congressperson. Make noise, at the very least file a complaint with IC3 »www.ic3.gov/ They may not address each complaint individually, however, it is a central point where the volume will be evident, and is an appropriate venue. Unfortunately, it becomes a Law Enforcement issue, and the burden shifts to them as a result of data security failures within the financial system.
One more issue worth addressing, I see multiple reports of victims complaining that they subscribed to various identity protection packages, and were still hit with fraudulent charges.
It is important to point out that there are no protection services that one can subscribe to, that prevents fraudulent charges to debit or credit cards from happening. If the transaction does not trigger a hold, reversal, or flag, at the bank, then the next person to see it will be you.
If there is literature that proclaims that they can, then it is misleading. Then only service that these packages can address, is alerting you if someone attempts to obtain credit in your name. For that, in addition to your name and address, a criminal will need to have your date of birth and social security number. That type of fraud is just one specific segment of the entire market. You can also monitor that yourself by reviewing your credit reports regularly. It would bother me to see victims pay additional funds, assuming that it will protect them from this specific crime.
MGD
reply
Lizz @ 9th Jan 02:40AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
It would bother me to see victims pay additional funds, assuming that it will protect them from this specific crime.
PC World had a article about one of these services, a free one (mint.com). Somehow allowing a "service," free or paid, to monitor all my financial accounts does not give me the warm fuzzies but exactly the opposite. Just lots of information all in one place for a bad guy to hack into.
And if the service is free, where are they getting the $$ to operate?
reply
anon @ 9th Jan 03:09AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thank you so much for all of that. I really appreciate it. Here is how I got hit twice. I've done lots of shopping online over the years with the same companies and have never had a problem. One day I placed an order with a small candy company in Washington state that is hosted by Freemerchant.Com. About a week later I suddenly received a charge from Sensate Technology for $10.65 to my Washington Mutual Visa. I knew instantly that something wasn't right. The amount was very strange and I knew I had not ordered anything from a company by that name. I am also a savvy shopper and know better than to click on banners etc. I don't even use online coupons much for fear of them having some hidden agenda attached so it was surprising to see this charge.
They listed a phone number next to the transaction and I called. I knew instantly that this was a scam. I just had a really strong vibe about this after listening to that recording. This feeling intensified when I put their telephone number into the various free reverse phone directories online only to find that it came up as an unlisted land line in Ventura California (why would a legitimate company have an unlisted phone number that is never answered live). I googled and there was not one thing on this company...nothing. Not a word at the time. I felt all alone at first. I thought wow ...why aren't there other people talking about this somewhere (now that's changed thanks to us talking about it in another place so their name started to show up and more people have come forward with their stories).
I contacted my bank and they wrote it off as fraud (not a disputed charge). They said they were refunding the amount and sending me fraud affidavits. They said they were going to investigate (I've learned since that they do almost nothing). It was really bothering me not knowing where the breach occurred. I couldn't make the connection of what I had done different at first. Here is where the plot thickened for me personally. While awaiting my new card from Washington Mutual, I placed another order from that same candy company in Washington state with my BOFA Visa which had not been used in almost two years. There had been no activity on it for a really long time. It was basically out of commission but there as a back up for emergencies. We had a bunch of birthdays and stuff coming up so I ordered from them again not thinking about them as being the conduit at all. They seemed so harmless. Little mom and pop candy company in business for years.
Exactly a week after placing that order (and it being the ONLY ORDER PLACED ON THIS OTHER CARD IN TWO YEARS), I suddenly got hit with the same $10.65 charge from Sensate Technology on a completely different card now! I was able to make a direct connection at this point....the candy company (otherwise it would certainly be a heck of a coincidence).
I looked and saw that the candy company was hosted by a company called FreeMerchant.Com now owned by Digital River. I had to call BOFA and deal with the whole nightmare again. They also had me fill out fraud forms and wrote it off as fraud. In the meantime to back track a little. I was so angry and frustrated that I left several phone messages for Sensate Technology telling them I was contacting the attorney general, the police and anyone that would listen. Still no response. I left several e-mails for them and finally I get that bizarre form letter where they said that I must be a victim of fraud and someone must have gotten my credit card number and that they have refunded me the $10.65. To my horror my bank (Washington Mutual) considered the case closed at that point! They said that because they gave back the money there was nothing more that could be done! So I guess I can walk into a bank, steal money and than get worried because I might get caught, return it and all is forgiven? Very disappointed in the banks.
When they hit my BOFA I did not call them (learned my lesson). I called Digital River and spoke to a woman there who was very friendly at first and actually called me back a few times (that is until someone must have said don't call me back again or talk to me again because of liability probably). She admitted that after doing a little investigating, some of their customers were in fact complaining and calling saying that their customers (us) were calling to say they were all getting strange small charges on their credit cards after placing orders through various sites that FreeMerchant hosts.
I got hit on 10/17/07 at first (here is what it looked like on my online statement) Sensate Technology 805-275-2235 Ca Transaction Date: 10/17/07 Posting Date: 10/18/07 Amount: $10.65. Than I was hit again on my BOFA 11/02/07. From what I understand many are still being hit as late as last week and quite a few sharing the common denominator that we all bought off a site that used FreeMerchant as their host (not all but most).
I was elated to see what you've done here. I honestly believe that every person who has been hit needs to make a copy of this thread and send it along with their fraud affidavits. You've done the work for them here! You have basically handed law enforcement their case. I think that's what bothers me is that this should not be going on when they can come here and clearly see what's going on.
In any event that's what happened to me. I posted my findings in another place and suddenly people were swarming that thread and google picked it up which was wonderful. At least people don't feel alone and have some understanding of what's happened to them and why. You should seriously get a medal here. You have brilliantly outlined in great detail exactly what is going on here! God bless you! Wish I could give you a hug for everything you've done! :)
reply
Doctor Olds @ 9th Jan 07:35AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Scammed Princess :
Thank you so much for all of that. I really appreciate it.
[snip]
One day I placed an order with a small candy company in Washington state that is hosted by Freemerchant.Com. About a week later I suddenly received a charge from Sensate Technology for $10.65 to my Washington Mutual Visa. I knew instantly that something wasn't right.
[snip]
I don't even use online coupons much for fear of them having some hidden agenda attached so it was surprising to see this charge.
They listed a phone number next to the transaction and I called.
[snip]
It was really bothering me not knowing where the breach occurred. I couldn't make the connection of what I had done different at first. Here is where the plot thickened for me personally. While awaiting my new card from Washington Mutual, I placed another order from that same candy company in Washington state with my BOFA Visa which had not been used in almost two years. There had been no activity on it for a really long time. It was basically out of commission but there as a back up for emergencies. We had a bunch of birthdays and stuff coming up so I ordered from them again not thinking about them as being the conduit at all. They seemed so harmless. Little mom and pop candy company in business for years.
Exactly a week after placing that order (and it being the ONLY ORDER PLACED ON THIS OTHER CARD IN TWO YEARS), I suddenly got hit with the same $10.65 charge from Sensate Technology on a completely different card now! I was able to make a direct connection at this point....the candy company (otherwise it would certainly be a heck of a coincidence).
I get the feeling from reading your post that you do not understand what MGD has posted in this topic multiple times. Your use of the cards at the Online Candy Store had nothing to do with the later Fraudulent Charges. Your info (and that of hundreds of thousands of other peoples) is being taken in bulk from a data leak/data breach/security leak *much* further up the chain at a different level and now it is going to really bother you that your assumption is incorrect. I know you think you have it all figured out and you think that you have determined the Candy Store purchases are connected to the later charged Fraudulent charges, but that isn't the case at all. If you re-read this entire topic you will see that what you think has happened is the opposite of what MGD's investigation has found out to be actually true.
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 9th Jan 02:47PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
VALLJRSX, VALL-JRSX, VIN DESIGN, VIN-DESIGN, PARADISE WEB, PARADISEWEB, E NAT,
There are two focus points for this group. One is a hosting server at IP 64.202.102.8, and the other is a collection of individuals who may know each other, and who reside in either Sacramento and/or Yuba counties in California.
That server has been under observation for over two weeks. There are at least 18 domains that are hosted on that IP. All 18 have not yet been identified, though several have. From that group the following domains of interest were selected for additional scrutiny:
1) vr-s.com
.
2) ez-booksonline.com
.
3) ibook-space.com
.
4) ibookstfs.com
.
5) ebooks-tfw.com
.
6) best-ebooks4you.com
.
7) az-bookspace.com
Some of these sites are works in progress. Several changes were observed being made during the past 10 days.
I am having difficulty reaching the individuals that appear to be fronting some of the operations. Phone numbers have changed, and where I was able to make contact the people answering the phone did not appear to speak English that well, only Russian. I am urgently trying to find out the domain name of their contacts, and where the money is going. Two crucial pieces of information needed to establish a connection to this syndicate.
The first related website is a mobile games download site: »vr-s.com
and contains the following info:
vr-s.com VirtualMobile-Store, 900 simon terrace way, WEST SACRAMENTO,95605, USA 916-617-8005 (a division of VALL-JRSX )
[att=1]
That domain is registered as follows:
vr-s.com
Registrant:
vlad mironyuk
4840 buffwood way
sacramento, California 96841
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: VR-S.COM
Created on: 13-Jul-07
Expires on: 13-Jul-09
Last Updated on: 13-Jul-07
.
Administrative Contact:
mironyuk, vlad vladsdesign@hotmail.com
4840 buffwood way
sacramento, California 96841
United States
(916) 308-3108
.
Domain servers in listed order:
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
Digging deeper produced a Sacramento County Fictitious Business name registration for a Vlad's Design under the name Vladimir Mironyuk:
[att=2]
Sacramento County
Fictitious Business Name
File Number: 0703444 Abandoned Date:
Filing Date: 03/23/2007
Expiration Date: 03/23/2012
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
Business Name(s): VLAD'S DESIGN
Owner Name(s): MIRONYUK, VLADIMIR
There is also commercial phone listing:
Vlad's Design
(916) 628-8389 | 4840 Buffwood Way Sacramento, CA
Business Categories: Catalog & Mail-Order Houses
The zip code 96841 in the domain reg is incorrect, it should be 95841. The following public data is also available:
Nikolay & Vladimir Mironyuk
home
4840 Buffwood Way
Sacramento, CA 95841-2217
.
.
Vladimir Mironyuk
work
Job title: Owner
Company: Vlad's Design
4840 Buffwood Way
Sacramento, CA 95841-2217
.
The Website VR-S.com states that it is a division of VALL-JRSX, and lists an address of 900 simon terrace way, WEST SACRAMENTO,95605, USA
A check of both California State, and county business records finds a FBN record for VALL-JRSX:
[ATT=4]
Sacramento Couny
Fictitious Business Name
File Number: 0703682
Filing Date: 03/28/2007
Expiration Date: 03/28/2012
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
Business Name(s): VALL-JRSX-DESIGNER
Owner Name(s): SHIKHANTSOV, VALENTIN
Note that both FBNs' were filed within a few days of each other. There are public record listings for a Valentin Shikhantsov including:
Valentin Shikhantsov
900 Simon Ter, Apt 88
West Sacramento, CA 95605-1917
.
Job title: Owner
Company: Vall Jrsx Designer
Portions of the site are a direct copy of the UK site, "Chillingo" with minor name alterations
quote:
Copyright c 2005 Powered by VR-S.COM
VirtualMobile-STORE (a division of VALL-JRSX )
If you want to know exactly what personal information we hold about you, you can obtain it.
If it transpires that the information held is inaccurate, we will make the necessary amendments and confirm to you that these have been made. Please write to [VirtualMobile-Store 900 simon terrace way, WEST SACRAMENTO,95605, USA +1 916-617-8005] enclosing a cheque for the administration fee of 15 made payable to VALL-JRSX under the terms of the Data Protection Act.
[att=3]
The Data Protection Act of 1998 is a UK law.
They forgot to remove the name:
quote:
Currencies
Chillingo sets the price of each of the products in US Dollars (and converted to the local exchange rate equivalent based on the exchange rate of the day), and the amount you pay in GBP is calculated by your credit card handling company at the time of purchase.
.
.
Next up is: ibookstfs.com 800-517-4127 »ibookstfs.com
[att=5]
Though one of the pages has contact information of:
ibookstfw online Store
15340 ne 14 av North Miami Beach, FL, 33162
Email: orders@ibookstfs.com
Phone number: (786) 506-6708
[att=8]
The domain however is registered to:
IBOOKSTFS.COM
Registrant:
vladimir okhotskiy
1076 lost trail dr.
plumas lake, California 95961
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: IBOOKSTFS.COM
Created on: 27-Jul-07
Expires on: 27-Jul-08
Last Updated on: 27-Jul-07
.
Administrative Contact:
okhotskiy, vladimir vin-design@hotmail.com
1076 lost trail dr.
plumas lake, California 95961
United States
(916) 459-5222
Domain servers in listed order:
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM
Besides the email contact being vin-design@hotmail.com one of the pages also contains this:
quote:
Right of access to your information:
If you want to know exactly what personal information we hold about you, you can obtain it.
If it transpires that the information held is inaccurate, we will make the necessary amendments and confirm to you that these have been made. Please write to IBOOKSTFS [(800)517-4127] enclosing a cheque for the administration fee of 15 made payable to VIN-DESIGN under the terms of the Data Protection Act.
Policy Changes
Copyright © 2007 VIN - DESIGN Powered by vin-design
[att=6]
A search of California records finds a state corporate LLC filing:
[att=7]
LP/LLC
VIN DESIGN LLC
Number: 200735210176
Date Filed: 12/18/2007
Status: active
Jurisdiction: CALIFORNIA
Address
2934 LERWICH RD
SACRAMENTO, CA 95821
Agent for Service of Process
VLADIMIR N OKHOTSKIY
2934 LERWICH RD
SACRAMENTO, CA 95821
An initial search of California public records does not produce any hits on the name VLADIMIR OKHOTSKIY. However a reverse search of that address produces a listing for:
Anna I Okhotskaya
2934 Lerwick Rd
Sacramento, CA 95821-1825
and a second listing for that name at:
Anna I Okhotskaya
2318 Church Ave
Sacramento, CA 95821
Going back to the address used for the domain registration for Vladimir Okhotskiy of: 1076 lost trail dr. Plumas lake, which is in Yuba County, Ca. A check of that address yields some very interesting clues:
Dennis Timofeyev
work
1076 Lost Trail Dr
Plumas Lake, CA 95961-9123
phone number unavailable
.
Listing Details
Job title: Owner
Company: Paradise Web -----------> NOTE
.
Dennis & Vyacheslav Timofeyev
1076 Lost Trail Dr
Plumas Lake, CA 95961-9123
.
Running that last name through Sacramento Fictitious Business Name registrations yields:
[att=9]
Business Name Owner Name File Number Filing Date
PARADISE LAWN CARE TIMOFEYEV , TATYANA 0500931 01/24/2005
PARADISE LAWN CARE TIMOFEYEV , VLADIMIR 0500931 01/24/2005
PARADISE LANDSCAPING TIMOFEYEV , VYACHESLAV 0402866 3/09/2004
That may be where the name Paradise in "Paradise Web" came from.
More to follow,
MGD
reply
anon @ 9th Jan 02:58PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I understood exactly what he said and was very grateful to him for all his incredible work. I don't know if you work for Digital because I know they've been out there doing damage control in some of these threads online, but too many of us have had the exact same scenario happen coincidentally enough directly after making a purchase to a site hosted by Freemerchant.Com! instantly each and every time! So if it walks like a duck, quacks like a duck and acts like a duck it's not? Please do not insult my intelligence. I do understand what he is saying and realize that the syndicate is a much bigger problem on a larger scale using all kinds of hosts. FreeMerchant was merely one of them and if you tell me that they are not than you need to check yourself not the other way around. That took a lot of time to type up sharing my particular story and it was very honest. It's exactly what happened to me. Your immediate defensiveness is a little suspicious to me. My sharing my story should not have elicited that type of reaction and hasn't anywhere else where I have participated in this discussion. If anything people have thanked me for sharing and shedding a little light on what was a total mystery to some at the time.
Finally, I know what I saw happen to me and how it happened. I made no purchases through Paypal or Amazon and I know what happened to me particularly. I realize that the syndicate has many ways to get you but they got a huge lot of us after we purchased products from sites hosted by FreeMerchant and that's a fact. Many of us got together and realized exactly what the common denominator was for US. It may not be the case for everyone because their breaches may have occurred elsewhere. Nobody is saying that others didn't get their credit cards stolen in other places at one time or another. We're just saying (and there are other threads online where there are many of us saying the EXACT SAME THING), that it happened to us after using THIS particular host. End of story.
Your attack on me was unnecessary and rather disappointing considering that most of us (emphasis on most) are here not to do damage control for some company known for their breaches and admitting to their breaches (in fact to me personally on the damn phone not two months ago) but because we are victims of these nasty creatures that call themselves human beings. I won't be answering you again. I'm not going to waste my time. I am however extremely grateful to this person who has gathered all of this for us because it had to be incredibly time consuming. He should get hugs and medals. :)
reply
anon @ 9th Jan 03:11PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Oh and one more thing if I may. There's a guy who posted his story (not here) and he has never had a credit card before period. He's new to credit in general. He placed his first order on his first card for collector baseball cards through a small mom and pop site that uses Freemerchant.Com and was hit with a charge from Sensate Technology a week later. Nobody is blaming the mom and pop candy store nor the mom and pop baseball card store, but it was because of FreeMerchant.Com which is obviously one of many that the syndicate has targeted and breached so I understood perfectly what was being said here. I can't speak for everyone's exact situation. I was merely relaying my own story and that is where MY particular breach occurred.
reply
Doctor Olds @ 9th Jan 05:03PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Please don't spread FUD here. My post wasn't an attack (paranoid much?), but it does make us question who you work for yourself.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 9th Jan 05:23PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Scammed Princess :
... Here is how I got hit twice.......
Thank you for sharing, I am interested in all circumstances surrounding the charges, and spend a lot of time reading reports of them. Based on what you wrote, I now recall seeing some of your other postings. The fact that you had two cards hit in that manner does indeed raise some compelling issues.
I welcome and I am interested in all opinions regarding the potential source or sources of the compromised data. I do not have hard evidence of what has, or has not been compromised. Mine are conclusions based over a longer period, however, they are no more valid than anyone elses opinion. Lacking hard evidence I would indeed be foolish to discard other scenarios as potential sources.
One reason I voice my conclusion is to be a sort of balancing effect on the focal points that are reached from different groups of victims that do have common denominators. Part of the problem is the lack of a large enough statistical sample. If Sensate is typical, then they are processing fraudulent charges at around 10,000 cards a month, over 30,000 cards to date maybe. Of course you then have to multiply that times the dozens of active sites that are known to be ran by this syndicate. The issue then becomes what conclusion you can come to if there are several hundred people that have a recent card processor in common. Is that sample just a random event from within the larger pool anyway.
A brief look at Digital River, which is a public company, shows that they claim over 40,000 accounts worldwide. They generated third quarter 2007 revenues of $82.5 million. I don't know if they publish transaction quantities or not. Nor if they break the figures down by card present versus card not present transactions(CNP). However, they likely process close to a million or more transactions a month.
Could their data base be leaking?, yes of course it could. However, in my opinion, I would then expect an overwhelming amount of reports of that common link. The syndicate could be mixing data up from multiple locations. Also, the people that actually end reporting these frauds on the net are only a fraction of those being charged. A significant amount don't even catch it, or pursue it if they do. One site that came online two months ago and has processed several thousand charges has yet to appear in complaints anywhere on the internet. The operation is now shut down, however I was surprised not to see any mention of them.
I do not want to dissuade your conclusions in any way. Based on those circumstances they are indeed logical. You even bring up the possible coincidence factor. Did they already have both card account data when they made the first hit, and the second card was already in the pipeline. Would that second card have had the charge anyway, whether you used it then or not?. Who knows for sure. Hopefully one day we will have the answer.
I do admire you for taking the time to become active in this issue. The ones that do not owe you gratitude, for it is people like yourself who will ultimately be the reason that this all comes to an end.
MGD
reply
anon @ 9th Jan 05:58PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thank you so much MGD. You have done all of us a huge service here. You are a class act as well. I am grateful to you more than you can possibly know (and thank you for making me feel welcome here) :)
I was really scared when this first happened because I honestly did not know how my card got compromised. If it had not been for Gary posting the link to all of your wonderful work in our thread discussing this, we would not have the whole picture like we do now and that's truly thanks to you. A huge thank you to Gary as well for running over to where we were to post this link! What an eye opener this was! I spoke to the Ventura County Sheriff's office and faxed over my affidavit and a long letter explaining my findings and what little information I had on Sensate at the time to a female detective there. I'm not sure how much it helped but I told myself I was not going to let these people get away with this and do whatever I could do, even if it's but a drop in the collective bucket.
I canceled my cards and went through a huge hassle of making many phone calls and filling out forms but the real legacy is that I will never feel comfortable again using my credit cards online.
The behavior of the credit card companies freaked me out the most. They act as if everything is fine once the money has been returned. I had to reiterate a few times to a clerk I spoke to that the money was stolen to begin with. That I had not clicked on a banner or made a mistake. That these people are not real. They are a dummy company running a dummy web site stealing our money so nothing they do is OK. Now I see how this has gone on for so long. There are so many holes in the system! They are endless! You report it to the server and of course they get defensive and want to dismiss you and turn you away (and hope it will quietly go away though Digital did admit they were getting lots of calls so I was not the only one there). You tell your banks and they say no problem, fill out this form and we will issue you a new card and that is the extent of their investigation most of the time. You tell the police and they are so swamped and than see a small amount so it gets buried under a pile of papers. I pray that the FBI is truly on this. You have basically handed them their case here! You have saved some FBI agent somewhere so much time! I am still in awe of all of this. You should be a journalist and you would do quite well I might add.
The last thing are the mules. I don't understand why someone hasn't broken down their doors with a badge and a shovel (OK well the shovel part is my idea...lol). Don't these people know they are doing something wrong? You would think they have googled or something and seen what they got themselves into (if any are innocent at all to begin with that is). What a mess!
I really think we should all take a few minutes out of our busy lives and make copies of this thread and some of the others and just turn them in with our reports and affidavits. If nothing else it will save that bank officer, police officer and anyone else time. They won't have any doubts as to what the nature of the charge was on our cards anymore. They will finally have some answers.
At the risk of sounding like a broken record, THANK YOU SO MUCH! Seriously this is not only incredibly impressive but you may be the reason these people go down finally. You took the time to outline the whole bloody mess and it may be their undoing. If there is any justice in this world it will be! :)
reply
pcdebb @ 9th Jan 07:00PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Scammed Princess :
I understood exactly what he said and was very grateful to him for all his incredible work. I don't know if you work for Digital because I know they've been out there doing damage control in some of these threads online....
trust me, he doesnt work for them. And MGD knows his worth here already :)
--
a time for change... | 1st & 10 | Ham is good
reply
garys_2k @ 9th Jan 10:58PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
SP, I'm glad I could help in even that small way. PLEASE pass the link to this thread onto other forums where these types of frauds are discussed. The more that victims and mules can learn about this, and let MGD know what they've learned, the better.
reply
MGD @ 10th Jan 04:06AM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
Continued, Part 2,
The search for information on one of the three group charges listed as:
"$13.95 E NAT NATALIYA MAKOVCARMICHAEL CA"
ended up locating another website, site # 8 of interest on IP 64.202.102.8
E nat turns out to be another Sacramento Fictitious Business name registered on 06/14/2007 by a Natalie Makoviy:
[att=1]
County of Sacramento, California
Fictitious Business Name
File Number: 0706914
Filing Date: 06/14/2007
Expiration Date: 06/14/2012
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
.
Business Name(s): E-NAT
Owner Name(s): MAKOVIY, NATALIE
A lookup of Natalie's name produced records under Nataliya for 8063 Joe Rodgers CT., Granite Bay, CA 95746, and a listing under Natalie at ABC Realty & Mortgages, Inc. in Carmichael, CA. They said she no longer works there. This came up also:
Natalie Makoviy
work
Job title: Owner
Company: E Nat
4037 Mcclain Way, Apt 52
Carmichael, CA 95608-2488
(916) 534-2848
That response from that phone number behaved a lot like the typical phone set ups on the fake sites. Running a check on it showed that it was also listed on a website: newmobile-shark.com 916-534-2848 »newmobile-shark.com which is also hosted at IP 64.202.102.8 and became number eight on the list.
[att=6]
A check of that domain registration shows that it is registered to none other than Vladimir Mironyuk, of VR-S.com fame. AKA Vlad's Designs, small world!.
Registered through: GoDaddy.com, Inc.
Domain Name: NEWMOBILE-SHARK.COM
Created on: 05-Jul-07
Expires on: 05-Jul-09
Last Updated on: 05-Jul-07
.
Administrative Contact:
mironyuk, vlladimir albert_mur@yahoo.com
4840 buffwood wa
Sact, California 95841
United States
(916) 308-3108
.
Domain servers in listed order:
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
Running a check of the last name MAKOVIY through the Sacramento County FBN records shows:
[att=2]
Business Name Owner Name File Number Filing Date
E-NAT MAKOVIY , NATALIE 0706914 06/14/2007
SMS USA MAKOVIY , SERHIY 0706911 06/14/2007
There is something new, a Serihy Makovivy registered "SMS USA" on 06/14 the same day that Natalie Makovivy registered E-NAT. Have not seen anything yet on SMS USA. A check on Serhiy yields one of the same addresses as Natalie or Nataliya:
Serhiy Makoviy
8063 Joe Rodgers Ct
Granite Bay, CA 95746-9391
phone number unavailable
The only reference to other names or an address on the newmobile-shark.com site is:
NEWMOBILE-SHARK (a division of mobileHomeGAME LLC )
newMobileShark, New Way, SF, 90075, USA
[att=3][att=4]
Not sure what they had in mind with these price reductions, hope it is not an omen of future charge amounts.
[att=5]
The ssl cert on the server, which may be the default is:
E = root@mobiulehome.com
CN = 64.202.102.8
O = mobilehome
L = New York
S = NY
C = US
More to follow,
Part 3.
MGD
reply
omgdave @ 10th Jan 10:49AM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
MGD,
Any useful purpose served from a visual look at the N. Cal./Sacramento sites listed above?
reply
MGD @ 10th Jan 04:53PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
At this stage I don't believe so, I have now found two other phone numbers, and I am in the process of working that angle. At this point we can presume that this division is the same modus operandi as the others. In that the names that are on the recorded documents are recruited cybermules. No doubt that the individuals listed on the corporate filings, and the fictitious business name registrations, will also be the ones who set up the bank and merchant accounts to process the fraud charges.
This group is somewhat unique in that so far all the reports of fraud charges that specify a card, list American Express as the one hit. This genre of "Game Download" sites, however, is not unique. A group of similarly cloned sites was used by this criminal enterprise back in 2006. Charges from the "Game Download" group appeared either alongside the Devbill web templates fraud charges or immediately following them.
This victim report from May 2006 on DSLR is one example listing a fraud charge from Moball along with the template charges. The entire thread is HERE
I also mentioned this genre at the beginning of this thread, and here are some screen shots circa May 2006.
Moball, moballtech.com
[att=1]
McColgan Games out of Canada, mobilegamejuice.com
[att=2]
Generex, generextech.com
[att=3]
Also, JamesPC.com:
[att=4]
Generex was a cybermule driven LLC set up in Ohio, and Moball was fronted by a retired physician in Virginia.
[att=5]
I also provided links to early 2006 audio recordings from the contact numbers:
»/r0/download/1···mple.wav
»/r0/download/1···mple.wav
This has all the appearances of repeat performance.
MGD
reply
anon @ 11th Jan 02:27AM:
Re: Almost a Cyber Mule!!!
The people that own these corporations have to wire money every week to the people who are ripping the public off. THis is a bad deal. I don't know how people could think that it is legitimate.
reply
MGD @ 11th Jan 05:58PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
mcawebtechnology.com AKA M.C.A. 623-742-3769
.
mcatemplates.com AKA M.C.A. 623-444-2173
Both of these were listed previously, and were assumed to be fronted by a single mule, as the domains were registered to the same individual, Steve Rogan in Arizona. Since a corporate LLC filing was not found, it was not know if the domain was carded, or actually registered to the mule.
Well it now appears that they are registered to the mule, and add a third one, just found this:
.
ulcsolutions.com AKA U.L.C. 623-444-2964 also 602-476-1845
»ulcsolutions.com »800notes.com/Phone.aspx/1-623-444-2964
[att=1]
This ulcsolutions.com domain is registered as follows:
Registration Service Provided By: NameCheap.com
Domain name: ulcsolutions.com
Registrant Contact:
NL LLC
Steve Rogan (steve_rogan1298@yahoo.com)
+1.7088429740
Fax: +1.7088429740
8912 E. Pinnacle Pear Ro #174
Scottsdale, AZ 85255
US
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 20 Jul 2007 19:44:19
Expiration date: 20 Jul 2008 19:44:19
This time a check of the Arizona Corporate filings shows a filing just completed yesterday for ULC:
[att=2][att=3]
and as you can see it is registered to Steve Rogan, so that is the cyber mule. It is reasonable to assume that he has all three.
Running a check on ULC shows that it was originally just a registered trade name used by Steve Rogan, and assigned as a Mortgage Consulting entity. Probably needed to be an LLC in order to have the correct bank account type.
[att=4]
So mcawebtechnology and mcatemplates.com are probably Steve Rogan's too. At least one cyber mule has reported that the crime syndicate has been actively soliciting existing mules to set up additional business names to increase their revenue. Not sure if that is the result of a growing card inventory or a reduction on the supply of mules.
EDIT= The address 8912 E. Pinnacle Pear Road #174, aomes back as a Mail Boxes Etc location.
MGD
reply
pcdebb @ 11th Jan 06:02PM:
Re: Almost a Cyber Mule!!!
said by shrew :
I don't know how people could think that it is legitimate.
i'll tell you why, it's because you have daily radio advertisements on being an "internet salesman" in the comfort of your own home. I hear the same ad everyday (but forget to catch the email and url advertised)
--
a time for change... | 1st & 10 | Ham is good
reply
anon @ 12th Jan 08:23PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Our Dec USAA Visa statement has the (now infamous) $4.95 charge from MFBPSITE.COM phone # 310-237-6452 CA.
However, I am a ruthless financial manager for our home finances. I knew we had not made a purchase from their website. I googled their name and found your website and all the wealth of information.
I immediately called my Credit Card Services at 11pm, reported the fraud and had the cards canceled.
They were kind enough to take the Fraud report over the phone and not request a letter. However, after reading your entire postings, I drafted a certified letter to their Fraud Division. I referred them to your website and stressed the need for investigating this TYPE of Fraud and not to focus on the miniscule dollar amount.
Thank you! Thank you! Thank you!
reply
MGD @ 12th Jan 08:48PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
Part 3,
There are additional fraudulent charge reports from this group continuing to roll in on Chris Jupin's blog. There now seems to be little doubt that the earlier characterization of this as the "American Express" fraud division of the syndicate is true. The reported fraud charges from this group appear to be specifically targeting American Express compromised card accounts.
While Cybersource / Authorize.net is to be heavily criticized for their utter failure to implement appropriate procedures in the vetting process to remove these fraudulent laundering accounts, apparently American Express fares no better. Authorize.net has been the criminal enterprise's provider of choice for several years. Part of the issue is that merchant account providers make maximum profits from charge back fees. They may initially be reluctant to address the distorted frequency of charge backs and credits associated with these fraud accounts.
In the case of the VALL-JRSX, VIN-DESIGN, E NAT, PARADISE WEB group, it appears that American Express has provided these criminals with the perfect opportunity to use their own system to launder their customer's compromised cards. There was an initial report on the blog from a victim who quoted an AE csr as saying that they had a "reversal arrangement" with the fraud group. originally I brushed that off as a statement from an overzealous AE csr. However, now there is an additional report of the exact same arrangement.
quote:
Marti on 01.10.08 at 6:27 pm
I checked my Amex account online this morning and saw a charge I didn’t recognize from Paradise Web for $9.59 on 01/06/08:
Transaction Date: 01/06/2008
Transaction Description: PARADISE WEB PARADISPLUMAS LAKE
...........................Amex was very willing to reverse the charge, as they said they had an agreement with the company to automatically reverse disputed charges (!). Another poster mentioned this also. I find it incredible that the credit card companies seem to be facilitating these scams (in the sense that they do not seem to investigate or want to do anything to stop it). ...........
Incredible !! that plays straight into the criminals hands. I am sure that this type of pre-arranged reversal agreement does not contain the usual high "charge back" fees. In effect, American Express is now performing one of the criminal's intensive tasks of mitigating charge back fees to maximize the take.
In addition the process of setting up this type of merchant billing account directly with American Express appears to be only one step above the "honor system". The entire process can be done online, and subsequently administered and managed from there.
Have a look at the application: »https://www209.americanexpress.com/merch···=regular
Apparently neither American Express nor Cybersource realize that there is no accreditation process for setting up an LLC, or establishing an EIN number. Criminals, even those offshore can easily arrange for that kind of setup. Possession of those credentials does not establish any form of legitimacy to an operation, that process is not intended to. In addition the merchant account application is done "online". American Express states that approval comes "within the hour".
Combine this with various card data storage and processing systems that are about as secure as a sieve, and you could not write nor invent a more efficient crime magnet. One wonders why Cybercrime is such an epidemic.
Future callers to American Express from card holders who are victims of this group's fraud charges, should alert them that they need to reverse any and all charges from this group. In addition, they can use the submit reports for an up to date list of AE compromised accounts. They should automatically issue new cards to any account holder's card that is submitted from this criminal enterprise.
As of yesterday, the status of the additional domains of interest on the VALL-JRSX, VIN-DESIGN, E NAT, PARADISE WEB, server at IP 64.202.102.8 hosting the sites are:
ez-booksonline.com was still a work in progress, no contact data listed yet, nor is the refund page completed. Same for ibook-space.com and best-ebooks4you.com
ebooks-tfw.com, ebooks-tfw.com, and az-bookspace.com, did not have any webpages configured..yet.
[att=1][att=2][att=3]
They all currently have "cloaked" domain registration:
Registered Through
GoDaddy.com, Inc.
Domain Name: best-ebooks4you.com
Created on: 2007-09-03 04:10:49
Expires on: 2009-09-03 09:10:49
Last Updated on: 2007-09-03 04:10:50
Domain Servers
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
.
Administrative Contact
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
best-ebooks4you.com@domainsbyproxy.com
.
.
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Domain servers in listed order:
NS51.DOMAINCONTROL.COM
NS52.DOMAINCONTROL.COM
ibook-space.com@domainsbyproxy.com
Registered Through
GoDaddy.com, Inc.
Domain Name: ibook-space.com
Created on: 2007-08-27 14:46:34
Expires on: 2009-08-27 19:46:34
Last Updated on: 2007-08-27 14:46:35
Domain Servers
NS57.DOMAINCONTROL.COM
NS58.DOMAINCONTROL.COM
.
.
EZ-BOOKSONLINE.COM
Administrative Contact
Registration Private
Domains by Proxy, Inc.
(480) 624-2599 Phone
(480) 624-2599 Fax
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Registered through:
GoDaddy.com, Inc. om)
Domain Name: EZ-BOOKSONLINE.COM
Created on: 01-Aug-07
Expires on: 01-Aug-09
Last Updated on: 01-Aug-07
MGD
reply
anon @ 12th Jan 09:40PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Attention Diggers, »digg.com/business_finance/Credit···_Company - Help get the word out!
reply
MGD @ 12th Jan 11:09PM:
Re: Almost a Cyber Mule!!!
said by pcdebb :
i'll tell you why, it's because you have daily radio advertisements on being an "internet salesman" in the comfort of your own home......
That is an excellent point, it sets the idea, and conditions those that lack a robust understanding of the net, that there is lots of money to be made, for very little effort.It certainly makes this syndicates business proposal more palatable.
MGD
reply
MGD @ 12th Jan 11:20PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by feline :
...However, I am a ruthless financial manager for our home finances. I knew we had not made a purchase from their website. ......
Congratulations!... you see that kind of diligence is worth far more than any monitoring or subscription service that money can buy. It is not the trivial amount of the charge as much as it is the alert and immediate recognition that your account was compromised. Your best practices not only detected it, but also acted upon it. Time well spent looking it up, you have saved yourself numerous headaches down the road.
If all consumers were as fastidious as you are, this long running criminal enterprise would have ended long ago.
MGD
reply
anon @ 13th Jan 12:19AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
»yolo.courts.ca.gov/Calendars/Dai···bmit.y=9
VALENTIN SHIKHANTSOV AKA VALL-JRSX ARRESTED/ARRAIGNED!
reply
anon @ 14th Jan 05:57AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Hello
HostDone is working very close to all forum posted to stop any bad hosting accounts runs in our servers to keep internet clean as possible from all this kind of fraud going around.
We do say it clear that we do not allow this kind of fraud going around in our servers and we will do all possible to stop all fraud website and suspended immediately.
Best Regards
»www.HostDone.com
HostDone Inc.
Working on clean internet hosting service
reply
anon @ 14th Jan 10:33PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I want to take a moment to back up what Scammed Princess had to say a little earlier in the thread. And yes I've read this whole thing through, and it IS breathtaking. But...
One of the spokes of the criminal machine, whether willing or not, is Freemarket.com/Digital River. We purchased some cake decorating supplies from a mom and pop outfit in VA whose site is hosted on Freemarket, and BAM! ULC Solutions and Valence Internet Technology hit immediately for $10.65 and $8.65.
I have no doubt that Freemarket.com is just one tentacle, but there are just too many of us with the same story for coincidence. Like everyone else, I cancelled the card immediately and had them credit the charges as fraud.
Why are the banks and CC companies sleepwalking through this one? That's what I want to know. My congressman is getting a letter post haste.
reply
anon @ 15th Jan 05:40AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I am also a victim. Wrote an email to Equifax about it.
Mike
reply
anon @ 15th Jan 05:22PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I was hit twice from this company "Atala Designs" for 11.85, there was a previous charge for 3.44 for some doctor in florida. What i'm suspecting is that they're running the little charge first to see if the account is still open and when they see that it is, that's when they post the higher dollar amount. I check my balance online everyday so i'm suspicious when something i know i didn't purchase shows up. I had to cancel my card and get a new one. I just don't know where this came from as the only place i use my debit card online is paypal. Just very nerve racking!!!
reply
MGD @ 15th Jan 06:41PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by SpammedinOK :
I was hit twice from this company "Atala Designs" for 11.85, there was a previous charge for 3.44 for some doctor in florida. ...
That interests me, I assume you mean that the 3.44 charge for the Florida doctor was bogus also?. If so can you provide more information on that charge. The line item detail of the charge including the date, if possible. Also the dates of the two Atala Design charges.
The reason that 3.44 pre charge is of interest, is that a few years back the syndicate was known to "ping cards" ahead of the actual laundering charge. In fact, in one instance multiple alert consumers who monitor their account activity online, reported a test charge, or card ping, that rolled off after 24 hours. Shortly thereafter they were all hit with a fraud charge.
The victims all reported that the ping charge occurred over a weekend and all were from the same small flower shop in Pennsylvania. When contact with that business was made they revealed that their merchant account was hacked, and their account log showed several thousands of these ping charges were made from the account during the weekend.
In recent times there has not been any reports of that kind of precursor activity, however, I am always on the lookout for it.
said by SpammedinOK :
..... I just don't know where this came from as the only place i use my debit card online is paypal. Just very nerve racking!!!
As far back as 2005 during the peak of the crime syndicates Digital Age run, victims have been racking their brains out trying to pin a common denominator. The reality is that for every common link, within the batch there are victims who rarely used that card, some never online(CNP), and some who had not used the targeted card for well over a year, anywhere. With this operation, a predominant "cause and effect" has never been evident.
Just look at the FatWallet.com Admin bulletin on the syndicate's 2005 Digital Age card fraud. They reference one of dslreports.com threads. on the subject, however there was also a second thread, combined total of 24 pages on the subject. Not to mention Fatwallet's own 22 page thread on the subject.
This has really been an epidemic in our midst for some considerable time, and defies a logical explanation as to why it is allowed to fester on such a large scale, without major intervention.
MGD
reply
anon @ 15th Jan 08:27PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
MGD-Thank you for all the info you have provided. Just rec'd AE statement w/charges from Paradise & VALLJRSX..contacted AE to dispute & replace card.
reply
omgdave @ 15th Jan 09:58PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
MGD,
I just received this:
Hello
A multinational corporation is searching for staff in the USA to act as our representative in the North America .
Income is $100000 per year.
No hidden fees, no marketing stuff
Interested? Please go to our web site, to learn more
»ctrainingwid.phpnet.us
Take care
*******************************************
And also this:
*******************************************************
Who are we:
EZ - Transfer was found in 1998 in Madrid, Spain. Since then main service was transferring money worldwide and exchange
the currency at the same time. Within 9 years of hard work the company acquired international standing and managed to
develop into a global financial holding having the staff of 3000 people and representative offices in more than 30
countries. Through these years we are keeping optimizing our services to the client's needs and update our technologies. We transfer money and exchange currencies in over 20 money units.
Who are we looking for:
" Financial agent
Location: Worldwide
Employee Type: Part-Time
The major duty of the incumbent is to promptly receive and process payments/transfers and to forward them applying
specified method. Please enquire for detailed work scheme.
Requirements:
o Expert skill in managing payments and transfers between our company and clients.
o Knowledge of basic payment systems.
o Ability to schedule working hours effectively.
o Availability of spare time (3-4 hours per day).
o Advanced user ability to operate computer and to use Internet and e-mail.
o Legal age.
Payment basis: commissions in of 7% from each transaction instantly (to be raised after the 3 weeks trial period) plus
fixed monthly salary of $970 from start.
Benefits:
o Flexible work schedule.
o Possibility to combine the job with primary employment.
o Free training course.
Please, include at least 1 recommendation letter with the resume.
" Regional Manager
Location: USA, Israel, Russia, Wales, Holland
Employee Type: Full-Time
We are looking for responsible individuals to open new regional offices. Please, contact us personally to discuss the
details.
There is NO start up or training fees. If you are interested in this vacancy please submit your resume and it will be
reviewed soon
cameron.ez.transfer@gmail.com
*******************************************
If you like, I can get you the headers.
*** EDIT ***
AND ANOTHER!
Greets
A multinational corporation is seeking people across the USA to be our representative in the region Income is $100000 /year.
No investments asked from you.
Interested? Please go to our site, to know more
»eboosteraxn.sprinterweb.net
reply
pcdebb @ 15th Jan 10:06PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
dblackrd,
that's your run-of-the-mill job scam. basically you are cashing stolen and/or phoney checks (or even paypal), keeping your "cut", and send them the rest. of course a little later it all gets deducted from your bank account when it's determined it's all fraud. there's a few separate threads in the forum about this type of thing already, got a few in my inbox for fun.
--
a time for change... | 1st & 10 | Ham is good
reply
Doctor Olds @ 16th Jan 01:46AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD : In fact, in one instance multiple alert consumers who monitor their account activity online, reported a test charge, or card ping, that rolled off after 24 hours. Shortly thereafter they were all hit with a fraud charge.
The victims all reported that the ping charge occurred over a weekend
Just look at the
FatWallet.com Admin bulletin on the syndicate's 2005 Digital Age card fraud. They reference one of
dslreports.com threads. on the subject, however there was
also a second thread, combined total of 24 pages on the subject. Not to mention Fatwallet's own
22 page thread on the subject. And the thread I was involved in. :[
»[scam] Digital Age, KCSOFTLLC and Coastal Wave Int
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
Doctor Olds @ 16th Jan 01:50AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by omgdave :
I just received this:
Hello
A multinational corporation is searching for staff in the USA to act as our representative in the North America .
Income is $100000 per year.
No hidden fees, no marketing stuff
AND ANOTHER!
Greets
A multinational corporation is seeking people across the USA to be our representative in the region Income is $100000 /year.
No investments asked from you.
That is just standard Mule Mail. :[
»[Scam] Mule Mail 2008 - Scammer offers jobs.
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 16th Jan 02:01AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Indeed, I remember it well. I bet at that time you never thought that over two years later, the same criminal entreprise would still be conducting business as usual, non the worse for wear. Amazing !!.
MGD
reply
MGD @ 16th Jan 02:40AM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
said by Davo1 :
MGD-Thank you for all the info you have provided. Just rec'd AE statement w/charges from Paradise & VALLJRSX..contacted AE to dispute & replace card.
You are welcome.
It is important to point out that this modus operandi, set up to exclusively target compromised American Express card holder accounts, is not new. In fact, my archives contain a duplicate operation that ran from September to December of 2006.
There are some remarkable patterns of coincidence that whet my cyber forensic appetite. When these traits are pointed out, you will see that VALL-JRSX, VIN-DESIGN, E NAT, and PARADISE WEB are clearly a continuation of a long established pattern. So while American Express may eventually kill off these current fraudulent billing accounts, when the rate of complaints finally inundate their radar screen. They are unlikely to notice, nor react, to this established pattern, unfortunately.
They identical set up from 15 months ago that targeted hijacked American Express data, was a company called LEXBAY. First reports of fraud charges on AE accounts surfaced in September of 2006. Coincidentally, LEXBAY also originated in the expatriate Russian / Ukrainian community in California. The reported line item charge of varying amounts in the $12 range, were listed on American Express statements as:
quote:
Transaction Description:
LEXBAY LIMITED ROSEVILLE CA
MOBILE CONTENT-GAMES ----------> LOOK !
Charge: $12.38
Merchant Address: LEXBAY LIMITED/ALEXANDER
8592 LAS BRISAS CIR
ROSEVILLE CA 95747
USA
Merchant Type: BUSINESS SERVICE
That 8592 LAS BRISAS CIR address in Placer County, currently shows up on a Countrywide Financial REO Foreclosure List Inventory
Reports of the 09/2006 fraud charges showed up on a multi page FatWallet thread, and subsequently on a Bargainshare.com thread.
According to Placer County Fictitious Business records, LEXBAY was registered in October of 2005 to an ALEX BERNIK
[att=1]
quote:
Placer County, California.
Doc Nbr: 2005-0002669-
Date: 03-OCT-2005
Business Name: LEXBAY LIMITED
Owner BERNIK, ALEX
A standard peripheral check of running the Bernik last name produced two other FBN's with suspicious net sounding names registered by other individuals with the same last names:
UNIBSOFT
[att=2]
and
ABCNET
[att=3]
I never did find any nefarious reports under those names, other than noting the repeating name connections to UK entities. What the common link is to the Russian expatriate community in California is, remains to be seen
Clearly, this further confirms the continuity of a long running operation that either American Express does not know about, or does not talk about. VALL-JRSX, VIN-DESIGN, E NAT, and PARADISE WEB were not the first using this MO to target AE cardholders, and they will not likely be the last either. Remember, what ends up being reported on the web, is only a fraction of what is actually taking place.
EDIT=
From the victim reports in that FW thread is this recurring anomaly:
quote:
...." I have never heard of these people and have not used my AMEX Blue card in months (and I don't have it stored in any online payment services that I know about)".....
...."I was also hit by this fraud. FYI, my AMEX card with this charge has not been used in over 2 years. "...
..."Same thing happened to me today. It was really odd because I haven't used this one AMEX card and I had a 14.95 charge."....
/EDIT
MGD
reply
Doctor Olds @ 16th Jan 02:47AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD :Indeed, I remember it well. I bet at that time you never thought that over two years later, the same criminal entreprise would still be conducting business as usual, non the worse for wear. Amazing !!.
MGD
I am very surprised indeed and it is extremely frustrating after seeing how hard you have worked gathering evidence and facts that the people in charge that could make changes ignore your findings (so far?) and the work of other hard working investigators like yourself just being ignored pisses me off. :[ I wish I had the magic contact that I could give you that started the ball rolling to stop this criminal enterprise and lock them up for good. Simple changes as you have posted many times that would cost nearly nothing compared to the annual losses would prevent this type of theft easily, but apparently since it is not the CC Companies/Banks/Hosting Companies losing money as they have decided to just pass the costs/losses on to the customer in higher fees, interest rates and red tape so they have no incentive yet until enough customers say enough of this, it is time to stop! I still can't believe it is so easy to setup a Merchant Account, Mules, and Web Hosting with no vetting processes while things I want or need to do require jumping through hoops left and right.
Arg, frustration. I don't handle it well at times, sorry.
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
anon @ 16th Jan 05:19PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I filed two reports with IC3. Has anyone else?
reply
MGD @ 18th Jan 12:01AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Reported to IC3 :
I filed two reports with IC3. Has anyone else?
I know that there have been multiple reports filed. I have repeatedly urged all victims that I come across, to file a report with the Internet Crime Complaint Center (IC3).
There are wide variances in the reports of the way that Bank CSRs' handle these as well. From the very alert, to the ones that tell victims to contact the fraud site and try and resolve it with them.
For victims that are told by their Bank reps that they are aware of multiple reports, they should then lobby their institution to also file a (SAR) Suspicious Activity Report.
Banks, such as Bank of America, have both customers as card victims, and customers (cybermules) who are using the same institution to launder the fraudulent proceeds and wire them out of the country to the crime syndicate. Several of the merchant incoming deposit accounts are were set up with BOA.
There are recent reports that this criminal enterprise is now diversifying, by having some funds wired to EU countries in Western Europe, for example Germany. It has not yet been established if these new transactions are also using Inowest Enterprises as the beneficiary, to launder the wires into virtual currencies.
MGD
reply
anon @ 21st Jan 03:46AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Could someone give a summary? I read the first two pages and see ZERO, PROOF of anything.
reply
Doctor Olds @ 21st Jan 05:13AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Ummmm :
Could someone give a summary? I read the first two pages and see ZERO, PROOF of anything.
Seriously, why should anyone take their time to explain the obvious to you when you can't be bothered to make the time to read the thread in its entirety. It's your loss.
What proof do you need? Are you a mule who doesn't think they are breaking the law with their e-book or web template scam site? Well if you are a mule and you wire 90% of the money out of the Country on a regular basis expect to have your freedom taken away. When the Feds along with the Local Sheriff's Department pull up in your driveway will that be enough proof?
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
anon @ 21st Jan 06:11AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I've read the entire thing now and it's the weakest writeup I've ever seen. The generalities and buzz words... Two years and you know NOTHING. Petty of you to name the "mules". The people who take these jobs are people either to stupid to do anything else or ones that are desperate because their about to loses their homes. Most are dupes as you found out. It's your fault you never got further in your "cyberforensic investigation" of the "criminal syndicate" or did you prefer "enterprise"?. "Infiltration by a human mole" haha... Two years and all you have is screenshots of template websites and whois data.
"I can tell you that Law Enforcement are reviewing the issue."
That's all you can say as anyone whose reported something like this knows, you aren't in the loop after you hand over the information. Don't act like you anything more then what you read on blogs. Seeing the number of people thanking you here, I can see why so many fall for the work at home scam. Why don't you tell us what your motive is for spending two years on this? Why could it be that YOU fell for this? Your newb write up full of cliche lines which indicate that.
Read some PCI docs before you get on your soap box about the CNP setup. Merchants aren't allowed to retain the cvv2.
"I am urgently trying to find out the domain name of their contacts, and where the money is going."
You have no idea!. Your bottom of the totem pole. What some mule tells you is where your "investigation" DIES.
Same thing over and over again. Some dumb American's info yet you have your Russia theory.
"While Cybersource / Authorize.net is to be heavily criticized for their utter failure to implement appropriate procedures in the vetting process to remove these fraudulent laundering accounts, apparently American Express fares no better. "
You have no idea what their procedures are. All you have is your wild speculation. These crooks are getting people to form LLC's that they then use to open BANK ACCOUNTS with. Yet you say nothing of that. So BOA is the same as Authorize.net or even less stringent according to you? Amex is no better? Your so full of it.
"Part of the issue is that merchant account providers make maximum profits from charge back fees."
Are you NUTS??? They CANCEL accounts for CB's.
"quoted an AE csr"
Wow a CSR's second hand comments via a blog. Your bottom of the barrel everywhere.
Your spreading FUD.
"Apparently neither American Express nor Cybersource realize that there is no accreditation process for setting up an LLC, or establishing an EIN number. Criminals, even those offshore can easily arrange for that kind of setup. Possession of those credentials does not establish any form of legitimacy to an operation, that process is not intended to. In addition the merchant account application is done "online". American Express states that approval comes "within the hour"."
You're painfully wrong.
"One wonders why Cybercrime is such an epidemic."
Because people are dumb as dirt and this thread proves that.
"I am very surprised indeed and it is extremely frustrating after seeing how hard you have worked gathering evidence and facts that the people in charge that could make changes ignore your findings (so far?) and the work of other hard working investigators like yourself just being ignored pisses me off."
WHAT FACTS? It's all speculation. There's no meat here. I don't know what's more pathetic, his posts or guys like you who think he's done something. TWO YEARS? This is at best two weeks of poking around.
I'm sure the moderates won't even allow this to be posted at least intacted. Can't disrupt the sheep from their group think and self congratulatory back slapping. You might, just might, want to note that not only has no one been arrested, they have as many sites as they ever did and the victims continue to pile up but you DIGG! the story. That'll show those evil Russian's making millions five dollars at a time hahah..
Don't go getting a headache now in frustration Oldie.
reply
Doctor Olds @ 21st Jan 09:14AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
You are a real piece of work. You don't even know who wrote what as you have mixed up 4 different poster's content and then in the end try to make it look like I wrote it all from the piss poor quoting that you wrote out of context (I never posted three-quarters of what you quote as you can't read posters names apparently and keep it straight in your head) and do you really think that the extra damning evidence (you call it proof) is going to be put up here in Public for all to see while the criminal enterprise and its crew are out there working still and would learn what really is known about their operations then utilize that to make changes in order to hide again/change operations but when they don't have the full picture, it allows them to keep making the same unreported mistakes over and over again that will help eventually get them taken down as they only see what the tip of the iceburg is, which is just enough to show the in/outs without letting the cat out of the bag. How many sites are you running and processing cards through, Mr Mule? I hope the guilty counts and following sentencing will be added up as consecutive instead of concurrent when the hammer falls.
So Ummmm, now ReadIt, sadly you are unable to begin to comprehend it and posts like you have the full picture after asking for a summary moments before. It is too big to get your mind around it all. :o
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
anon @ 21st Jan 10:36AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Are you a moron or do you just play one on TV? Can you be that blind? Not only has this guy provided a wealth of information to a great many of us out here but it's pretty crystal clear to us what's going and yet you are still scratching your head? Are you serious? Think much? So a light bulb didn't go on for you. Wow it must be dark in your world.
It is sooooooooooooooo obvious why you are here. In fact so much so that it borders on being amusing. Do you think we are so dense that we won't see you for who you probably are? It must kill you that this guy has split this thing wide open. Who cares what his bloody motivation was. God bless him! We are the victims here and what he has taken the time to show us makes perfect sense because guess what, we were all scammed by people like you! You are obviously a mule who is angry at being named. Gee I wonder if this is that guy named George who ran SensateTech.Com which has mysteriously vanished quite recently. Darn those meddling internet people! Darn't they have ruined my livelihood! Howe dare them do this! Why I oughtta go there and tell that guy off!
Puhleeeze get a life (A real one that doesn't involve crime you freaking space cadet). If people have to do this to save their homes (you know you kinda gave yourself away there Eintein) than maybe a little prison time with Big Moe and Tall Larry will help you see the light (blowing you a kiss)....
reply
anon @ 21st Jan 10:49AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Oh and Mule, make sure you stock up on plenty of lube. You're going to need it.
MGD is obviously making a difference when we have the actual mules here taking pathetic stabs at someone who has managed to lay this whole thing out rather brilliantly in fact. Oh and you can bet law enforcement is reviewing this and soon you will be united with your new bunk mates.
You know you gave yourself away when you first began to speak. Like why would anyone be angry with MGD? He's not the criminal here but you would think so after listening to your diatribe. That meanie! How dare him expose us! You are utterly hysterical! OMG thank you for starting off my day with a good laugh.
Pssst...You really sealed the deal when you said that the poor sad mules may need to pay off their homes. Pay off your homes with your own money honey. You are utterly transparent. Tell me does the word mashugunuh have any meaning in your life? If it doesn't I'm sure schmuck does.
reply
MGD @ 21st Jan 05:13PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Ummmm :
Could someone give a summary? I read the first two pages and see ZERO, PROOF of anything.
The ability to read does not necessarily imply comprehension.
This is not mandatory nor required reading, if it does not interest you, move along.!
I generally do not reply to trolls. In your case I will make a minor exception, and use it in order to reiterate several points.
said by ReadIt :
I've read the entire thing now and it's the weakest writeup I've ever seen. .......Two years and all you have is screenshots of template websites and whois data....
Where specifically does it state that this is "all" that has been uncovered.
Apparently you missed reading this at the beginning:
.."I will provide specific details on how this crime syndicate operates, and their history."...
said by ReadIt :
...Read some PCI docs before you get on your soap box about the CNP setup. Merchants aren't allowed to retain the cvv2.....
Surely you jest... right? you cannot be that naive.
Cvv2 is only supposed to be used to obtain authorization, and is never to be retained. Yet when data breaches are uncovered, guess what is routinely found ?.
Did you also miss reading the earlier quote from the CardSystems Solutions data hack?. That quote acknowledged that they had not only violated the PCI standards of retaining the ccard holder account data, but they also retained the cvv2 data as well. Have a look at another report documenting CardSystems admitted failure to adhere to PCI Standards.
Even with the newer PCI-DSS, it is not clear that consumer's card data will be any more secure. The issue has never been what data is "allowed" to be retained, it is one of compliance. When "only 36 percent of Visa’s largest merchants were following the rules" does not exude a high level of confidence in self regulation.
said by Ummmm :
"While Cybersource / Authorize.net is to be heavily criticized for their utter failure to implement appropriate procedures in the vetting process to remove these fraudulent laundering accounts, apparently American Express fares no better. "
You have no idea what their procedures are. All you have is your wild speculation.
Wrong, know exactly what they are. The confirmed existence of this long running fraud supports the fact that the vetting system is a failure.
said by Ummmm :
...
"Part of the issue is that merchant account providers make maximum profits from charge back fees."
Are you NUTS??? They CANCEL accounts for CB's.
Wrong again, accounts are only cancelled if they repeatedly stay above a liberal chargeback threshold.
said by Ummmm :
...
"quoted an AE csr"
Wow a CSR's second hand comments via a blog. Your bottom of the barrel everywhere.
Your spreading FUD....
You are not doing so well, That CSR was referring to a specific AE chargeback agreement applied mostly to online merchants that do not have a B&M presence. The process is called an American Express Full Recourse Program where:
"Accordingly, if any customer disputes a Charge at your establishment, AE will immediately chargeback your merchant account for the full amount of such Disputed Charge without contacting you or sending you an inquiry."
Look it up !
said by Ummmm :
..."Apparently neither American Express nor Cybersource realize that there is no accreditation process for setting up an LLC, or establishing an EIN number. Criminals, even those offshore can easily arrange for that kind of setup. Possession of those credentials does not establish any form of legitimacy to an operation, that process is not intended to. In addition the merchant account application is done "online". American Express states that approval comes "within the hour"."
You're painfully wrong...
No, maybe a slight exageration, the merchant approval can be "instant" and take nowhere near as long as an hour:
[att=1][att=2]
said by ReadIt :
........"One wonders why Cybercrime is such an epidemic."
Because people are dumb as dirt and this thread proves that...
I do not beleieve that it does prove it. However, after reading your post I am willing to entertain the probability that at least one individual could be so afflicted.
said by Ummmm :
...I'm sure the moderates won't even allow this to be posted at least intacted........
LOL, maybe the "moderates" may leave it "intacted", as it establishes a new base level of coherence, see previous quote.
said by Ummmm :
...You might, just might, want to note that not only has no one been arrested, ..........
You might want to note the second post:
July 19, 2007
LANSING -- Attorney General Mike Cox today announced that he has charged Krystal Owens of Detroit with three-counts of identity theft and one-count of conspiring to commit identity theft.
MGD
reply
frank85 @ 23rd Jan 11:14AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I found a charge also posted on 12/31/2007
VALLJRSX VALL-JRSX WEST SACRAMENTO CA
S1E13F470 DIRECT MKTG INTERNET
DIRECT MKTG INTERNET
reply
darbacour @ 24th Jan 02:58AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
MGD, I've read thru this topic and am working my way thru the 30+ page original Pluto topic.
Gotta tell ya this has WAY more interesting than most of the Movies I voted on for the SAG awards and reminds me of a time when I used to read really intricate spy novels.
You have done some insanely amazing work and I am hoping against hope that agencies like 'Homeland Security' are working on all you've uncovered at LEAST as hard as they are working on invading honest Americans privacy.
I was a victim of the original Russian mob Global-something mega-scam about 6 or 7 years ago... The one that was probably the grandfather of what they've now morphed into.
I haven't been hit by any Russian mob Scams since the 1st big one... maybe since they can now check out my personal info on my domain and find... Ooops she's Italian and that could be a prob.
BTW: Just masked all my personal info on my top-rated music website after reading thru this and the precursor threads. The others are dormant and again I suspect the fact that almost ALL the info provided in a whois is totally out of date.. except my NAME (I don't update anything on my domains), I suspect my last name and my personal affliations will keep the most organized and dangerous criminals at bay.
Unfortunately, -- and I say unfortunately only after I reading about all this garbage -- my family is NOT connected. But I DO have some very dear friends who are almost like 'Family'. VERY successful, insanely wealthy and NOW fully legitimate Sicilian businessmen in Los Angeles and Las Vegas.
Next time I visit one of their world-famous establishments on the 'Sunset Strip' or the 'Vegas Strip', I'll have to get their take on these lowlife scumbags that have the NERVE to call themselves 'Mafia'.
And of course get some advice from these VERY successful and NOW legimate Italian businessmen on what should be done about these low-life posers.
reply
darbacour @ 24th Jan 03:11AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by ReadIt :
I've read the entire thing now and it's the weakest writeup I've ever seen. .......Two years and all you have is screenshots of template websites and whois data.... '
MGD, please don't waste your valuable time or forum space responding to those who could NOT pass a 3rd grade literacy test.
Keep US informed. We WANT to do something
ReadIt - choses to be ignorant. So be it. He'll never do anything even if you convert him. He will be converted when his MC or Visa card (hopefully his LIFE savings in a debit card) is cleaned out ;-)
reply
Dennis @ 24th Jan 12:37PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by darbacour :
ReadIt - choses to be ignorant. So be it. He'll never do anything even if you convert him. He will be converted when his MC or Visa card (hopefully his LIFE savings in a debit card) is cleaned out ;-)
It's more likely that he'd be the one cleaning out somebody's stuff. Trust me when I say he's to be trusted about as far as you could throw him.
--
My Blog. Because I desperately need the acknowledgement of others.
Mainegirl and my Beer Review's
reply
Doctor Olds @ 24th Jan 12:41PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by darbacour :
ReadIt - choses to be ignorant. So be it. He'll never do anything even if you convert him. He will be converted when his MC or Visa card (hopefully his LIFE savings in a debit card) is cleaned out ;-)
ReadIt appears to be a Mule who is using the stolen credit card funds to pay for his/her house as they are not willing to get a real job like the rest of hard working people will do to have their own home.
" or ones that are desperate because their about to loses their homes."
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
anon @ 25th Jan 10:59AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Count me as another victim of the Atala Designs credit card scam. An unauthorized charge appeared on my bill on 11/25/2007 for $11.85. The card was canceled and the charge is now in dispute. Nevertheless, this seemingly insignificant charge has certainly led to an eye-popping “adventure” into the credit card world.
I want to add a couple of comments from my experience.
1. While filing a request to opt-out of pre-approved credit offers with the 3 credit reporting agencies, Equifax, Experian and Transunion, I discovered a fourth credit reporting agency, Innovis, for which precious little information can be found. Mmmm, who is this Innovis and what do they do?
2. After receiving my new card, I made an on-line charge to an educational institution for a course. No security number needed – just my name, address, card number, and expiration date – processed with no problem. Is the security code needed by the credit card company or is it just a method for merchants to weed out fraudulent card holders? Mmmm, could Atala Designs have processed my so-called order without the security code?
3. In researching credit card fraud, I learned a new term – skimming. Unscrupulous workers, usually in restaurants, have a device that is used to swipe the card and gain the credit card number. They also have access to the security code, because, typically, in a restaurant setting, the card out of sight while the transaction is being processed. Mmmm, no more credit card transactions in restaurants for me.
4. While paying some bills for a client, I wrote out a check for their credit card payment and responsibly put the credit card number on the check. Oops - there it is flying around in check processing land, a legitimate name, address and credit card number; and, with relatively few combinations needed to get a hit on a valid expiration date. Mmmm, what does happen to checks when they get processed?
5. When I received my new card I was stunned to see that the 16 digit card number was not a unique number just for me. The unique numbers in the string where a lot less than 16. Mmmm, does the software floating around on the internet claiming to produce legitimate credit card numbers really work?
Many thanks to all who shared their experiences. Your postings helped me deal with this fraud in a more effective way.
Still learning.
reply
K Patterson @ 25th Jan 12:48PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Of the sixteen digits, in effect one is lost to crete a check sum (no, not one digit used as a check digit) at least four on the front end indicate the banking unit issuing the card.
reply
anon @ 25th Jan 02:28PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Bankrate has info about Innovis at »www.bankrate.com/brm/news/mortga···type=mtg
reply
anon @ 25th Jan 03:24PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
got a chare on my ax card $9.59 from VALLJRSX VALL-JRSX 1-27-07
ALSO A SUSPECT CHARGE FROM TIM WEBB SALES $9.45, address 332 morrison ave, sacramento, ca. Its listed a a tele equipment co, but no telephone number published!
reply
jsullvn @ 26th Jan 09:02AM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
Thank you all!
I just opend my AMEX bill, saw a $11.87 charge from "VALLJRSX", and while researching who this was, stumbled upon this thread.....I also looked at last month's statement and found a $9.59 charge from "Paradise Web".....
My wife usually handles the bills, and she never thought to ask me about these charges.......
Needless to say, I called AMEX and my card is now cancelled, and they are reversing the charges.......
reply
K Patterson @ 26th Jan 09:52AM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
When reporting charges to this thread, please post the card issuer - Vis, MC, AMEX, etc.
Not the specific bank, although that should not create any risk.
reply
anon @ 27th Jan 09:34AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
dec 29th $10.65 charge on my few months old Cap One Visa from www.ilicmaster.com312-698-9963. No website available, phone number comes back to Amy Diamond in Chicago IL, haven't called it. Called Cap One and had it put in dispute, I was not able to go straight to "fraudulent charge" as other posts suggest, was told they credit my account and then contact the merchant for their reply, merchant has 30 days to respond. Cap One wanted to issue me a new card number when I mentioned I wanted to cancel the card, the CSR did say that any charges to the old number would be linked to the new number, CSR also mentioned that it takes 30 days for cancellation to take effect - anyone else see a problem with these procedures??!! I'm going to file a complaint at the FBI internet crime site and also see about filing one with the attorney general in IL (?)(I file with the state where the charge came from, correct?)
reply
anon @ 27th Jan 10:56PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Looks like imaglobus, templateglobus, and pictureglobus are the latest websites.
I got a 9.87 charge on my VISA card and unfortunately contacted the merchant and had it refunded before I read that it was better to report it as fraudulent. I did call back my bank and they seemed pretty disinterested. Of course I canceled my credit card.
MGD, have you tried contacting any media outlets like Dateline? If the foreign people can't be caught, maybe if potential or current "mules" were alerted we could cut them off at one important avenue.
reply
Doctor Olds @ 27th Jan 11:59PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by staten island :
dec 29th $10.65 charge on my few months old Cap One Visa from www.ilicmaster.com312-698-9963. No website available, phone number comes back to Amy Diamond in Chicago IL, haven't called it. Called Cap One and had it put in dispute, I was not able to go straight to "fraudulent charge" as other posts suggest, was told they credit my account and then contact the merchant for their reply, merchant has 30 days to respond.
Call back and explain that it is not a dispute, that you did not order anything from the merchant and that they do not have a web page. Explain that it is outright fraud and you need the paperwork to report it as fraud. Be firm.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 28th Jan 04:14AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by staten island :
.... - anyone else see a problem with these procedures??!! ....
Yes... there is a wide range in the quality of the CSR help that victims are receiving from their financial intuitions on this issue.
To follow up on the good advice that Doctor Olds gave.
said by staten island :
.... ....was told they credit my account and then contact the merchant for their reply, merchant has 30 days to respond...
To reiterate, the CSR has failed to understand that the charge is fraudulent. That "dispute" process just plays right into the criminal's hands. The CSR needs to realize that they are not a merchant, they are a criminal enterprise. They are taking the easy way out, and by default, contributing to the longevity of this operation.
By insisting that the bogus charge be properly classified as fraudulent, other mechanisms should also be triggered. The criminals have access to the money 48 hours after they submit a charge. They are having the funds wired out of the country every few days. Sending the criminals a leisurely 30 day dispute notice is exactly what they want. Of course they will issue a credit to save the charge back fee. Then your friendly knowledgeable CSR will say "problem solved". Guess what will happen next month?, you will be hit again, along with the thousands of other fresh accounts.
A fraudulent charge classification should trigger an immediate no recourse charge back, and a cancellation and reissue of the card.
said by staten island :
.... the CSR did say that any charges to the old number would be linked to the new number, CSR also mentioned that it takes 30 days for cancellation to take effect - ....
She needs to characterize that correctly. It is standard procedure to have a "rollover" for that 30 day period. However, that is to prevent legitimate charges that are in process, or recurring charges, from being immediately rejected and causing you additional problems. The "linkage" that she described, is not a case where during the rollover period a vendor is notified that a charge to John Doe's card number 123456, has been reassigned to his new card 789654. The process is seamless and vendors are not aware of it. Though it is up to you to notify any recurring vendors of your new number.
After the rollover period there will be no connection between the new and old card number. The old card status will change to invalid. You can review rollover charges on your first new card statement. The Bank knows which, if any, are rollover, they are coded. Should any fraudulent charges be carried over, just have them removed.
It also does not take 30 days for cancellation to take effect. Cancellation can be immediate, right at the time of the call. A new card can be sent overnight to you within 48 hours if necessary.
If you had called and said someone just fraudulently charged a $3,500 LCD TV to your card, watch how quickly the card will be cancelled. See if it takes 30 days then. That is the inherent problem with this fraud, the amount. Very few are clued in to the fact that high volume low charges are cleaning millions of $$ out of the system.
The only thing that the CSR is doing in your situation is postponing the inevitable. If your card is not cancelled and replaced now, then it will have to be next month, when more charges come in. You may have to speak to a different CSR, but do not accept anything less.
Yes, IC3 is the best place to file the complaint, as this is really a Federal jurisdiction issue. If you also want to file local, then the AG in the state where the front company is registered is correct.
Thanks for posting your experience in dealing with the bank. Hopefully that will help others as well. Do not take no for an answer, ask to speak to a supervisor if necessary. They need to focus on the core issue, and ignore the amount. Also, make sure they know that you have your original card in your possession, it was not lost, it was not stolen, your account data was compromised.
MGD
reply
MGD @ 28th Jan 05:16AM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
said by darpa :
got a chare on my ax card $9.59 from VALLJRSX VALL-JRSX 1-27-07
ALSO A SUSPECT CHARGE FROM TIM WEBB SALES $9.45, address 332 morrison ave, sacramento, ca. Its listed a a tele equipment co, but no telephone number published!
.
You can change that status from suspect to positive fraud. I can confirm that the TIM WEBB charge is from the same AMEX fraud division. This is a dynamic operation with new names coming on board each week. Thank you for posting the line item details on TIM WEBB, as this is the first report that I have seen on them. Connecting the dots from a known fraud company combined with a new fraud charge is essential in keeping track of the operation.
The $9.45 charge is from another fictitious business name registered in Sacramento County on 08/24/2007 as TIM-WEB and was registered by a TIMOTEY PROTOPOPOV
It appears that the FBN registration has the first and last names reversed:
[att=1]
County of Sacramento, California.
Fictitious Business Name
File Number: 0709634
Filing Date: 08/24/2007
Expiration Date: 08/24/2012
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
.
Business Name(s):
TIM-WEB
.
Owner Name(s):
TIMOTEY, PROTOPOPOV
That 322 Morrison Ave. address that you listed is also a match for:
Timotey Protopopov
Job title: Owner
Company: Tim Web
322 Morrison Ave
Sacramento, CA 95838-3260
Not sure of that spelling of the last name, as there is another individual listed for that address:
Tatiana Protopotova
322 Morrison Ave,
Sacramento, CA 95838
In fact TIM-WEB is not the only new one for this group to surface this week. One of the unfortunate benefits from victims that only dispute the charges and do not cancel their card, is that they are then able to document the continuity of this criminal enterprise. It helps connect the dots as the subsequent charges roll in.
On 01/07/08 a poster reported:
quote:
..."I’ve also found a $11.95 charge on my credit card from VIN Design, Plumas Lake, CA. Called American Express and opened a fraud investigation. The charges were removed from my bill. Waiting to hear what they send back to me. I feel sorry for anyone who doesn’t check their statements."...
REF= »www.cjupin.com/2007/09/13/credit···ment-777
He is now back on 01/22/08 with two fresh charges to that card. The first report of two new names:
quote:
.."New month, new fraud charges on my AMEX Card..
Solomka Desig Pavel
Sacramento, CA
Computer network/info ($9.45)
and
Mobil Txt., Mobil Txt
Fairoaks, CA
Misc Personal Service ($12.24)
I contacted AMEX .
I told reviewed these charges and told them about this web site and all the fraudulent blogs and suggested that they take a look at it and do something beside give credit. I suggested they try investigating our fraud complaints. Of course they said they would as they had calls on these charges already today. I also had them issue me a new card.
REF= »www.cjupin.com/2007/09/13/credit···ment-808
The first of those charges is from an FBN SOLOMKA DESIGN registered by a PAVEL KASHCHENKO
[att=2]
County of Sacramento, California.
Fictitious Business Name
File Number: 0709688
Filing Date: 08/27/2007
Expiration Date: 08/27/2012
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
.
Business Name(s):
SOLOMKA DESIGN
.
Owner Name(s):
KASHCHENKO, PAVEL A.
Further checking produces an address:
Pavel Kashchenko
work
Job title: Owner
Company: Solomka Design
4282 Pinell St, Ste 101
Sacramento, CA 95838-2904
A cross check of the address shows that there is also a commercial listing for:
Pk Cabinets
4282 Pinell St,
Sacramento, CA 95838
(916) 641-0108
Checking back on the FBN list confirms the same name
[att=3]
A subsequent check of commercial phone listings yields this from the Russian Yellow Pages:
PK & Cabinets
Pavel Kashchenko
(916) 372-9525
(916) 641-0108 (fax)
(916) 952-1207 (mobile)
1017 Rogers St
W.Sacramento, CA, 95605
REF: »rypweb.com/Home.aspx?cat=3343&page=13
There is a listing for the above address:
Pavel & Tatyana Kashchenko
1017 Rogers St
West Sacramento, CA 95605-2001
As well as one for another address:
Pavel Kashchenko
work
Job title: Owner
Company: Pk Cabinets
3020 Duluth St, Ste 4
West Sacramento, CA 95691-2240
(916) 952-1207
Clearly Pavel's primary occupation is in the woodworking business, and he apparently may be a cyber-mule as a second job.
Making contact with Pavel, once again yields another individual that does not speak English, only Russian. The only response to mentioning SOLOMKA DESIGN is "wrong number".
The second charge labeled as "Mobil Txt" appears to track to a California LLC filing on 8/2/2007 to an entity named MOBIL DESIGN LLC registered by a ALEKSEY VYKHVESTOV.
[att=4]
MOBIL DESIGN LLC
Number: 200721410266
Date Filed: 8/2/2007
Status: active
Jurisdiction: CALIFORNIA
Address:
5118 SHELL STREET
NORTH HIGHLANDS, CA 95660
Agent for Service of Process
ALEKSEY VYKHVESTOV
5118 SHELL STREET
NORTH HIGHLANDS, CA 95660
There is also a matching Sacramento County FBN that reverses back to the LLC:
[att=5]
County of Sacramento, California.
Fictitious Business Name
File Number: 0708788
Filing Date: 08/02/2007
Expiration Date: 08/02/2012
Ownership Type: Limited Liability Company
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
.
Business Name(s):
MOBIL DESIGN
.
Owner Name(s):
MOBIL DESIGN
A check of the 5118 SHELL STREET address yields:
Svitlana Shramenko
5118 Shell St
North Highlands, CA 95660-5331
August of 2007 appears to have been a busy month. The North Highlands address does not match to the Fair Oaks address listed on the Mobil Text charge. A check of both the State of California and Sacramento databases show that this is the only match for this item. The word "Mobil" is somewhat unique, in that the common name used is "MOBILE". There is also no public data for a ALEKSEY VYKHVESTOV.
In fact, I suspect that the spelling of the name VYKHVESTOV is incorrect. That name does not generate public records anywhere in the country. Since this is such a concentrated epidemic, I am know at the stage where I can just browse the Fictitious Business Names database, and select out suspicious records. I am betting that ALEKSEY VYKHVESTOV of MOBIL DESIGN fame, is really ALEKSEY VYKHRESTOV (Change the second "V" to an "R")from this December 2006 FBN registration of ALEK DESIGN.
[att=6]
County of Sacramento, California.
Fictitious Business Name
File Number: 0613573
Filing Date: 12/12/2006
Expiration Date: 12/12/2011
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
.
Business Name(s):
ALEK DESIGN
.
Owner Name(s): Withdrawn Date
VYKHRESTOV, ALEKSEY
If true, that would be somewhat troubling. Two cyber-mule set ups a year apart, indicates that more than enough time has passed for any reasonable level of intuition to conclude that one is participating in a criminal operation. After the initial task of setting up the business names, tax id number, and corresponding bank account, the only routine task that a cyber-mule performs is the wiring of funds out of the country.
What would make matters even worse is if ALEKSEY VYKHRESTOV is related to TIM VYKHRESTOV, who also in December of 2006 registered E.WEOB DESIGN
[att=7]
County of Sacramento, California.
Fictitious Business
Name File Number: 0614050
Filing Date: 12/28/2006
Expiration Date: 12/28/2011
Ownership Type: Individual
Status: Active
Number of Business Names on this filing: 1
Number of Owners on this filing: 1
.
Business Name(s):
E.WEOB DESIGN
.
Owner Name(s):
VYKHRESTOV, TIM
A quick check of that name yields this:
Tim Vykhrestov
work
Job title: Owner
Company: E Weob Design
3900 Annadale Ln, Apt 21
Sacramento, CA 95821-2029
I can only speculate as tho whether these two entities ever materialized into full blown fraud operations. There are no reports of fraud that I can find, however, that can not be the sole measure, since many active scam operations never make it to Google. They are indeed highly suspicious, and certainly fit the pattern.
This entire operation is bordering on the absurd, and it is by no means unique to American Express. However, this ironic utilization of American Express's merchant account system to fraudulently launder their own customer's compromised cards into cash, further emphasises clear defects in the financial system. This simplified charge reversal system, enables the crime syndicate to come back next month and take another shot at the same cards, to see if they will stick. If AE would assemble a database of the processed cards from all of these fraudulent merchant accounts, it may be possible to detect patterns from this large database, that could lead to the source or sources of the data. By now there is considerable card history, especially if you go back at least a year, or more. Since there are several unique characteristics of these fraudulent merchant accounts, one could easily write a simple script to filter and flag them at application time. There is no doubt that this criminal enterprise would adapt to any roadblocks, nevertheless, the vetting process has to become more stringent.
All the while, this factory of recruits in the California Russian community, is registering new fake businesses faster then the old ones are been taken down. This process apparently can go on forever in its current form. We can see from the earlier example of LUX BAY from 2005, that this process has continued unabated for a considerable time. We cannot tell if the 2005 LUX BAY was specifically targeting AE. However recruiting cyber-mules in the California Russian community appears to be a well established operation.
I have finally made contact with someone in the community who does speak English fluently, and is connected to one of the recent cyber-mules. That mule is a Russian only speaking female, who is a college student. That would appear to fit the profile of someone that may have been seeking part time work. The relative with whom I spoke with, has agreed to call me back and translate a conversation with the cyber-mule, though I am not sure that they will. He claims, and seems believable, that she has no idea as to what is really going. He also said that he was told that the website was not ready yet. He also states that he translates English emails for her and has not done that for anything related to this operation. I will follow up if he fails to get back with me.
I have assumed from the start, and this reiterates it, that the criminals are obviously communicating with the California Russian division of cyber-mules in their native language. That makes this division unique in that respect.
The focus of subsequent digging should include finding out what the common link is within the community that enables such a large unique group to be recruited, and for a sustained period. Are they all being recruited remotely?. In addition, how, and to where, are the fraudulent funds being sent. Also, the domain names from the email addresses that they are receiving communication from. I have previously ran across up to three cyber-mules who knew each other, in the Template - Ebook division. It was a "word of mouth" type of indirect recruiting. One person tells another, "Hey I got this well paying part time job, almost a "money for nothing" side business, "you should check it out".
The level of mule concentration within this community is unmatched anywhere else. In this case, could there be a local liaison for the syndicate that is doing the recruiting?. There is something different occurring here that enables this to be such a focal point.
MGD
reply
anon @ 28th Jan 11:20AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I think you can add imaglobus.com to the list. Several of us at »www.fatwallet.com/forums/message···&start=0 have started to report a similar sounding scheme.
reply
garys_2k @ 28th Jan 02:59PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
Finding out the details of recruitment within the Russian community could provide HUGE leads, at least potentially. They may let their guard down a bit around "their own" and provide more information if asked. It's possible they advertise in Russian language email lists and that participating on this end may seem more like a bit of participating in "old home" business.
reply
anon @ 28th Jan 03:24PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Dec 01 was the transaction, Dec 03 my debit card got charged $9.87 from Templateglobus.com 210-807-4272
I reported the fact to ic3.gov, thank you MGD for all you research.
reply
Doctor Olds @ 28th Jan 03:27PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by amc :
I think you can add imaglobus.com to the list.
»Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
»pictureglobus.com, imaglobus.com, and templateglobus.com now
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
anon @ 28th Jan 03:58PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
MGD,
I know you discounted the Experian connection,however, it's got to be connected somehow. I use my cc for everything, but not until I paid for a credit score from Experian did I get the fraudulent charge. (2 days later) I know not everyone has used Experian, but I wonder if that's one source.
reply
anon @ 28th Jan 04:06PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
I'm correcting myself...it was Equifax that was questioned previously. But it was Experian that I used.
reply
anon @ 29th Jan 01:53PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
JUST HAD THE SAME DAMN PROBLEM MY COMPUTER HAD INFECTED FILES AND I JUST WENT THROUGH MY AMERICAN EXPRESS STATEMENT AND NOTICED A CHARGE FROM PARASIDE WEB FOR 11.87 THE SAME AMOUNT FROM THE CUSTOMER ABOVE AND THEN A FEW DAYS LATER THE SAME AMOUNT FROM A COMPANY CALLING ITSELF MOBILE TXT I CALLED THE NUMBER FROM THE ONE AND ITS A FRONT FOR SOME MEDICALT EQUIPMENT AND THE RUSSIAN LADY WAS ASKING ALL THESE QUESTIONS TO ME AND I JUST TOLD HER AUTORITY IS GOING TO COME TALK TO YOU. THE PARADISE WEB ONE I CALLED THE VOICEMAIL BELONGS TO SOME RUSSIAN GUY AND LEFT A NASTY MESSAGE SO I ENDED UP HAVING TO CANCEL THIS AMERICAN EXPRESS CARD AND THEY ISSUED ME A NEW ONE
reply
garys_2k @ 29th Jan 03:49PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
The Amex charges were almost certainly unrelated to any infection your PC had -- the source for those CC numbers has yet to be ascertained but many, many people with very secure and uninfected computers have seen those charges.
reply
anon @ 29th Jan 06:18PM:
Re: VALL-JRSX,, VIN-DESIGN, E NAT, PARADISE WEB
so it american express or a merchant selling out these numbers to these people and then charging there cards. American express needs to get on top of this.
reply
anon @ 29th Jan 09:01PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I got hit by them with the following fraud charges on my amex:
1/9/08 VALLJRSX VALL-JRSX WEST SACRAM $11.95
1/28/08 SOLOMKA DESIGN PAVELSACRAMENTO $9.45
I called up amex and reported the charges.
reply
anon @ 30th Jan 10:25AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
MGD
Is MOBIL TXT Fair Oaks CA a confirmed bogus company?
Should I report the charges even though the charge was posted to my old AMEX the day before I cancelled the card.
I am afraid AMEX will reverse the charges and they will have my new card number!
reply
anon @ 30th Jan 11:51AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I have received a bogus charge on my credit card on the 26th from picture globus. I found it on the 29th and immediately called the bank. They stopped the use of my credit card. I have never been to that web site or even heard of them till then. I began looking it up on google and found (too numerous to count) others who had the same thing happen to them. HOW did they get my credit card #. That remains a mystery. Hacking is the only conclusion I can discern. If any of you have any more information it would be greatly appreciated.
Thanks Dekate
reply
anon @ 30th Jan 12:21PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Read all the posts by MGD starting at the beginning of this thread. Seems like he/she knows all there is to know about these scams and is still hard at work trying to stop them.
By the way, thank you so much, MGD for your work. I'm putting my trust in you to figure out a way stop this. :)
reply
anon @ 30th Jan 12:40PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
First off, I'm so glad I discovered this thread, and like so many others, I am deeply indebted to MGD for his indefatigable pursuit of exposing these crooks. I only wish that I had found this thread earlier. I found a fraudulent charge to pictureglobus.com for 9.85 on Jan 25 this month. Regretably, I reported it to my bank as a dispute rather than a fraudulent charge. They have since refunded me, canceled my old card and issued me a new card.
Seeing this obvious scamming gets me so angry, as I'm sure it does to many others. I contemplate vigilante justice. The egregious act of defrauding millions of people needs to be stopped, some way, somehow.
reply
Doctor Olds @ 30th Jan 01:31PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by dekate :
I have received a bogus charge on my credit card on the 26th from picture globus.
HOW did they get my credit card #. That remains a mystery. Hacking is the only conclusion I can discern. If any of you have any more information it would be greatly appreciated.
MGD has been investigating, advising people how to report it, and reporting his findings on this for a long while and it appears there is a breach of security in the higher levels of the credit card and/or credit reporting industry possibly with insiders working at these companies (you were not hacked individually and it is not from you using the card anywhere online or at a store near you) as people with dormant cards are also getting hit with these fraudulent charges.
The charges are Fraudulent and always need to be reported as Fraudulent. Don't let the card issuers try call it a Dispute as it isn't. Nothing was ordered by anyone. Disputes are only for legitimate transactions that have problems.
Always cancel the card and get a new one.
Report it to the Internet Crime Complaint Center at »www.ic3.gov/
Fill out fraud forms if requested by card issuer.
For more info just read more of MGD's posts in this forum. There are quite a few sadly.
Hope this helps.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 30th Jan 01:57PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Min 3 x Hit now :
MGD
Is MOBIL TXT Fair Oaks CA a confirmed bogus company?
Yes !! absolutely a fraudulent charge.
said by Min 3 x Hit now :
Should I report the charges even though the charge was posted to my old AMEX the day before I cancelled the card.
Yes, if it was posted to your old card and you did not tell the AE CSR, it may still be on your statement. You need to call AE and speak to a CSR, if the charge is still open then have them charge it back.
said by Min 3 x Hit now :
I am afraid AMEX will reverse the charges and they will have my new card number!
No, the fraudulent charge will be charged back against the number that it was originally applied to, without any reference to the new account number. Merchants are never notified of your new number by the card issuer. Rolling over charges to your new statement is an internal process that is not apparent to the outside. When you call about the MOBIL TXT the the CSR will confirm that. Ask specifically about the process so that you are reassured.
There is no valid reason to allow these criminals to get away with a successful fraudulent charge. As soon as the first fraudulent charge appears on a victim's card, the only solution is to cancel and replace the card. As you can see from the numerous reports, reversing a charge will not stop the process of repeatedly submitting fraudulent charges against that card.
MGD
reply
Sucumbio @ 30th Jan 02:51PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
"Sensate Technology" got me for 11.85 the day after xmas. Who you bank w/doesn't matter?, heh... I guess not! I bank with Keesler Federal Credit Union.. their fraud folks took care of my financial woes but of course now almost february and the extent of my revenge is senate tech's page being "under construction" .. I mean c'mon, with ALL the evidence displayed even here in this very topic and with all the subsequent topics and complaints lodged across the vast spectrum of cyberspace..
ya do a google search for sensate technology now just complaints come up? wait... cause ... wait!
on the 27th (yeah didn't notice for a day) I typed "Sensate Technology" into google and the 1st hit was sensatetech.com which I went to and got their 800# off the home page (oh GOOD) and of course a voicemail. They missed their chance to deflect me mind you, as I did call them first by mistake, not the bank. God knows what could have happened, but why now when I search for them, they're not in google anymore? Hmm... Was my IP hijacked at that time? Or for a string of days as set by some crafty algorithm? Or was this "mule" just not stopped yet...
After the voicemail fiasco I did call the bank, and the bank calls them. VM. Fraud Security to me:
Ok mr you we that protect your money will credit you provisionally [o rly]. After our investigation if the charge is valid, you'll be billed back + 5. If They credit you, you'll be charged the 5.00 ?'s
o.o;; Um.. no. Thanks for your help?
No problem Mr You, have a nice day. .
And so my conclusion: Gold is on the back up, and why? Cause I can hold that mofo in my basement and no greasy eurotrash or lazy get-rich-quick white trash can get ahold of it!
"Good night, and good luck."
PS has anyone broken a story on this yet? I'm tempted to point this topic to MSNBC as your analysis could be made a worthy spectacle.
reply
Sucumbio @ 30th Jan 03:00PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
and for whatever reason this part of my reply was cut off but I stand by my words nonetheless:
Obviously they'll be no real judgement day for anyone who's involved at the top.. but at this point, and this is why this post is 2 days in the making... I don't fault the slavs for being enterprising. It might even be terrorist funds, who knows, it's the ****** ****** that allowed my card info regardless of where it was being stored or on whatever computer data bank or napkin to be used improperly. And if this ... schema is correct ... then it is really 1 or 2 dudes at esperion or transunion gettin' paid to lift pads of numbers. That's the guy I want. Until then I won't have a card. Or closure.
And if after Dateline gets another ball rolling on another crackdown They have a patsy to setup for the fall, so be it! I want my proverbial kick in the nads to this fall guy, cause if that's his lot in life, than who am I to deny him his calling? Yeah? I mean it's maddening going through something like this. You do everything right. Clear the browser cache. Install anti-everything-ware. Soon your computer isn't even really worth the price you paid for it with your credit card and. doh! >
reply
anon @ 30th Jan 03:38PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I went to the bank to file the papers for the fraudolent charge. Looking at the statment (on the bank computers) we noticed two more semi-charges. Practically they get authorization to get the money but they did not procede.
one before and one after the fraudolent charge of Templateglobus.com of Dec 1 for $9.87
Here the details:
Nov 30 2007 P Saccos Ocenaire Cafe Madison LA, $3.73
Dec 7 Zanadu X LLC Vineland, $3.73
The latest two transaction were not on my paper statment, they were on the bank computers.
I thought to share.
reply
Laurie @ 31st Jan 12:31AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I got hit with an $11.89 charge from "Crystal Clear Designs" 206-319-8144. Never heard of them. I had to cancel my debit card... now to find out where this came from.
reply
RJJR @ 31st Jan 04:14AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
We had a charge for $4.95 by company per the bank as Coastal Web Solutions, however the phone number 760-994-4853 is for Coast Web Tech (again a play on a close business name nearby as MGD wrote about at the beginning of this thread) is listed on their website page »www.coastwebtech.com/contacts.php
Apparently from searching on coastwebtech.com name and phone number, this business seems to be the current active charging in the latter part of January, 2008.
Note worthy is that »www.coastwebtech.com is hosted by »www.hostdone.com, and interesting that a message at the bottom of page 4 of this thread says, "HostDone Inc. Working on clean internet hosting service".
If you look up coastwebtech.com
»www.robtex.com/dns/coastwebtech.com.html
coastwebtech.com website not using a dedicated IP address (66.152.162.116) but rather a shared IP with »www.hostdone.com
hostdone.com is hosted by »www.multacom.com etc.
See »www.robtex.com/route/66.152.160.0-21.html
MGD your effort & writing this thread POINTS OUT how important it is not to dispute the charge, but rather cancel the credit card ASAP.
Again THANK YOU!
reply
MGD @ 31st Jan 06:14AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by RJJR :We had a charge for $4.95 by company per the bank as Coastal Web Solutions, however the phone number 760-994-4853 is for Coast Web Tech (again a play on a close business name nearby as MGD wrote about at the beginning of this thread) is listed on their website page »
www.coastwebtech.com/contacts.php ..
... Again THANK YOU!
You are welcome, .. and I tip my hat to you also RJJR, excellent cyber sleuthing there. Coastal has been on my radar, but I could not nail them down. Indeed, the deliberate obfuscation with the play on words. Plus I was hunting down an LLC, barking up the wrong tree.
Let's get a documented trail of the fraudulent set up:
coastwebtech.com 760-994-4853 Coastal Web Solutions
[att=1]
A lot of fraud charge reports: »www.google.com/search?hl=en&q=76···e+Search
A familiar set up routine via Jaguar Tech and Hostdone:
Domain Name: COASTWEBTECH.COM
Registrar: ENOM, INC.
Registration Service Provided By:
Jaguar Technologies LLC
.
[coastwebtech.com IP 66.152.162.116]
.
Administrative Contact:
.
Richard Ayers (richayersjr@yahoo.com)
+1.2083613929
Fax: -
619 Silverwood St
Oceanside, CA 92054
US
.
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
Creation date: 31 Jul 2007 21:44:42
Expiration date: 31 Jul 2008 21:44:42
Another closeby bogus registration to hide the identity of the cyber-mule. There is a Richard Ayers listed in Oceanside but not at that address. That may be a carded domain.
Looking for who the actual cyber-mule is led me to this:
[Att=2]
Set up several days prior to the domain reg.:
CALIFORNIA
County of San Diego
-----------------------------
Fictitious Business Name
-----------------------------
Filing Number: 2007-026490
Number of Businesses 1
-----------------------------
Business Name(s) COASTAL WEB SOLUTIONS
-----------------------------
Number Of Owners 1
-----------------------------
Owner(s) SHELTON ERIKA
-----------------------------
Filing Date 7/25/2007
-----------------------------
Expiration Date 7/25/2012
-----------------------------
Business Conducted By Individual
-----------------------------
A check for Erika Shelton yields:
Erika Shelton
.
work
Job title: Owner
.
Company: Coastal Web Solutions
.
243 Douglas Dr, Apt 279
.
Oceanside, CA 92058-7836
.
phone number unavailable
It appears Erika registered another San Diego County FBN in April of 2006, called SHELTON COASTAL FINANCIAL.
[att=3]
No publicly listed phone number for Erika, nor are there any search hits for SHELTON COASTAL FINANCIAL
MGD
reply
anon @ 1st Feb 06:47AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
We found the following charge on our cc tonight:
01/22/08 Byersebooks 201-258-5600 Nj $4.95
Found this thread when researching the charge.
Contacted the bank, reported it as fradulant (the CSR tried to make it a "dispute" even though I said "fraudulant charge"). She would have let me off the phone without cancelling my card if I hadn't told her I wanted to cancel the card and get a new one issued. :(
Thanks MGD.
reply
anon @ 1st Feb 02:10PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thanks MGD... what you said makes sense. I will report this last one as fraudulent as well.
I must say though, AMEX is not very "helpful" in pursuing fraudulent charges... I did report the other two charges and insisted they were fraudulent, but all they did was charge it back to my account. I doubt they have done anything else beyond sending me a generic form letter apologizing for any inconvenience I may have experienced!
reply
anon @ 2nd Feb 12:22PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
They are a fraud. Was charged $11.45 from Solomka Design on Jan 23rd. Called my Amex. They said they would refund the charge but no further action is needed at this point?!!!?
reply
garys_2k @ 2nd Feb 03:17PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Wes :
They are a fraud. Was charged $11.45 from Solomka Design on Jan 23rd. Called my Amex. They said they would refund the charge but no further action is needed at this point?!!!?
They won't cancel the card? Keep your eye on the account and their phone number handy -- you'll be calling them again in a few days about the next bogus charge. Maybe eventually they'll get it.
reply
likitysplit @ 2nd Feb 06:25PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
For all you people that have questioned Amex's response to your fraud charges. They are not and should not give you any details on how they handled the fraud charges. They will always credit your account and most of the time issue a new card depending on their investigation or prior complaints. It would not be wise for any company to divulge their internal procedures.
reply
mendina @ 4th Feb 05:56PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I just got an unauthorized charge, and Google brought me here . . . MV WEB TEMPLATES 404-474-3440 GA, $11.89, 1/31/2008; reported to IC3. The card is, of course, now canceled.
I believe that there was a "ping" on the card on 1/30/2008; my bank's automated anti-fraud system called me to ask about a $1.00 charge from some place in Wyoming that never made it on to my online statement. If it would be helpful to find out who made the ping, I'll see if my bank can tell me.
It's good, at least, to know that I'm not alone.
reply
anon @ 4th Feb 06:25PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I also recently got a $4.95 charge on one of my credit cards from one of the named companies. Thank You MGD - a quick google got me here. I called the bank and they promptly cancelled my card -- it seemed they have heard about a lot of these type of charges lately . . .go figure.
I see people referencing that their cards were "pinged" forgive my ingnorance but what does that mean, how do you know if your card is pinged?
reply
garys_2k @ 4th Feb 09:23PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
A ping is a very small, often less than $1.00, charge used to see if the account is legit and the owner isn't paying attention.
reply
anon @ 5th Feb 10:30AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
First of all thanks very much for your efforts in this. I appreciate it greatly that there are people like you out in the world who take their own time to work for the good of others. It is a shame that the FBI, LE, Mastercard, Visa, Amex or whoever else are not doing what you are doing. I would like to donate some money to you as a token of my appreciation. Do you have a paypal account I can send a little something to?
Now a few questions I have that may have been answered before but I cannot recall.
1. I just saw in one of your posts that says the funds are released to the merchant account within 48hours after a charge has gone through. I was always under the assumption it took 30 or 60days before a merchant received their money from the credit card companies due to the possibility of chargebacks. Is that not correct?
2. On how this scam works. Unless I missed something, what is stopping a cyber mule from not wiring the money and keeping it themselves. I read that these criminals have remote access to the bank account where they transfer the money as soon as possible so that it could not be reversed. But what does remote access actually give them?
Those were two questions I was wondering after going through this entire thread. I am sorry if they were answered before and I missed them. Thank you very very much for your hard work and please let me know where and how I can send you a token of my appreciation.
reply
rotus8 @ 5th Feb 01:50PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I am new to this site and I searched for my "frauder" and didn't find it on this thread. I did find them mentioned on a number of sites as similar to what you have been talking about. I was charged $9.87 by IMAGLOBUS.COM 2108074272 TX. I have reported the charge as fraudulent, made a report to the FTC and FBI, and requested a new CC account number. Is there anything else I can do to help shut this stuff down?
reply
Doctor Olds @ 5th Feb 02:02PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by rotus8 :
I am new to this site and I searched for my "frauder" and didn't find it on this thread. I did find them mentioned on a number of sites as similar to what you have been talking about. I was charged $9.87 by IMAGLOBUS.COM 2108074272 TX. I have reported the charge as fraudulent,
»pictureglobus.com, imaglobus.com, and templateglobus.com now
said by rotus8 :
made a report to the FTC and FBI, and requested a new CC account number.
Is there anything else I can do to help shut this stuff down?
If you reported it to IC3 then that is good.
Internet Crime Complaint Center (IC3)
»www.ic3.gov/
Write a letter to your Congressperson asking for tougher laws on credit card data.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
anon @ 5th Feb 02:19PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Just got the same charge - $11.89 - from MV Web Templates. I called my CC company, as well as the Fulton County (Atlanta) DA's office.
reply
anon @ 5th Feb 02:45PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
It didn't even take few days - the very next day I was hit with the same charge from another bogus company - MOBIL TXT MOBILTXT FAIR OAKS CA. This time they are changing the card. This is rediculous.
reply
anon @ 6th Feb 11:48AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I just had a 12.79 charge to Paypal from MV Web Templates Atlanta GA hit. I did not authorize it. Now I have to jump thru hoops with Paypal to get it reversed. They are a scam!! Beware. Any other info is appreciated.
reply
anon @ 6th Feb 07:46PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I just received my Feb. Credit card statement. BYERSEBOOKS submitted a charge on my card for $4.95 on Jan 15, 2008. I never authorized any such charge. I immediately called my credit card company Household and reported the charge as fraudulent. I had them close the account. I do not know how they got my info. The card is put up and I have not used it in months. This really concerns me. Should I expect that they have more of my personal information, or other accounts?
I called the number listed 201-585-5600, it is disconnected. How nice???
reply
MGD @ 6th Feb 11:44PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
[I am in thread catch up mode, and working my way back up the list.]
said by jl8 :
.....I had them close the account. I do not know how they got my info. The card is put up and I have not used it in months.....
That scenario of hitting all different levels of dormant cards is a common occurrence with this organized criminal operation, and is not unusual at all.
said by jl8 :
..... This really concerns me. Should I expect that they have more of my personal information, or other accounts?
I called the number listed 201-585-5600, it is disconnected. How nice???
While there are numerous reports of victims who had a second unrelated card hit, either simultaneously or consecutively, I do not recommend reissuing unhit cards as the frequency is still comparatively small.
There is no evidence over the several years that this enterprise has been in operation, that they have access to anything other than the card account data itself. Even with respect to Debit cards, there is no reported behaviour that indicates that they have the underlying checking account data. There is no correlation between a Debit card number and its corresponding bank account number. There is also no evidence to date that this syndicate has obtained matching pin numbers for the Debit cards either.
Immediately cancelling and reissuing the compromised card is S.O.P. once you become a victim. Monitor your card/s activity frequently with due diligence. In fact, based on how extensive and systemic this fraud is, that is prudent advice for all card account holders.
The listed phone numbers going out service, are usually the result of a chargeback from a victim's card that was used to set them up with and pay for the service. That happens also with some of the web hosting accounts.
This vast criminal enterprise has no "out of pocket" expenses. The supporting services are obtained fraudulently. The exceptions are, the cost of the LLC / FBN registration fees, and the merchant account application and setup fees. Those are paid for by the recruited domestic cyber-mule, who is then reimbursed from the first months fraudulent card processing take.
MGD
reply
MGD @ 6th Feb 11:51PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Midwesterner :
...I did not authorize it. Now I have to jump thru hoops with Paypal to get it reversed. They are a scam!! Beware. Any other info is appreciated.
Make sure you are reporting it as a "fraudulent" charge, insist that it be charged back, and a new card issued immediately. Do not take no for an answer, ask for the call to be elevated to a supervisor if necessary. Send them here if need be.
MGD
reply
MGD @ 7th Feb 02:22AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by ThanksMGD :
First of all thanks very much for your efforts in this...
Thank you very much, I appreciate your recognition of the resources and long term effort that has gone into this project. The work that I do on this site combating cyber-crime, is done as a pro bono service. I volunteer my skills as a way of giving back to the community at large, as many others do also. Therefore, I must respectfully decline your gracious offer. Your recognition, and the accolades from many others, is very rewarding in itself.
said by ThanksMGD :
........
Now a few questions I have that may have been answered before but I cannot recall.
1. I just saw in one of your posts that says the funds are released to the merchant account within 48 hours after a charge has gone through. I was always under the assumption it took 30 or 60days before a merchant received their money from the credit card companies due to the possibility of chargebacks. Is that not correct? ....
No, while there is a varying requirement to maintain a minimal float in the merchant account to cover chargebacks, a processed charge is credited to the account usually within 48 hours of being submitted and approved.
Authorize.net / Cybersource is the syndicates confirmed gateway processor of choice, for reasons as of yet unknown. They have a primer on their site called a "How it Works" Diagram that documents the process in some detail:
quote:
Step 1: The merchant submits a credit card transaction to the Authorize.Net Payment Gateway on behalf of a customer via secure connection from a Web site, at retail, from a MOTO center or a wireless device.
Step 2: Authorize.Net receives the secure transaction information and passes it via a secure connection to the Merchant Bank’s Processor.
Step 3: The Merchant Bank’s Processor submits the transaction to the Credit Card Interchange (a network of financial entities that communicate to manage the processing, clearing, and settlement of credit card transactions).
Step 4: The Credit Card Interchange routes the transaction to the customer’s Credit Card Issuer.
Step 5: The Credit Card Issuer approves or declines the transaction based on the customer’s available funds and passes the transaction results, and if approved, the appropriate funds, back through the Credit Card Interchange.
Step 6: The Credit Card Interchange relays the transaction results to the Merchant Bank’s Processor.
Step 7: The Merchant Bank’s Processor relays the transaction results to Authorize.Net.
Step 8: Authorize.Net stores the transaction results and sends them to the customer and/or the merchant. This communication process averages three seconds or less!
Step 9: The Credit Card Interchange passes the appropriate funds for the transaction to the Merchant’s Bank, which then deposits funds into the merchant’s bank account. The funds are typically deposited into your primary bank account within two to four business days.
So thieves can have your money in hand over three weeks prior to a victim first seeing the fraudulent charge on a statement. That is one inherent problem in the system.
said by ThanksMGD :
........
2. On how this scam works. Unless I missed something, what is stopping a cyber mule from not wiring the money and keeping it themselves. I read that these criminals have remote access to the bank account where they transfer the money as soon as possible so that it could not be reversed. But what does remote access actually give them? ...
Well essentially there is nothing to stop him, however, since the funds are constantly being moved out. The balance at any given time is not that large, compared to the total in process for the entire operation. The largest sum that I am aware of in an existing account at the time that contact was made with the cyber-mule, was around $15,000. A rep from the syndicate was in regular contact with the mule, and it was a big event making sure that funds were wired out every Tuesday to Bulgaria.
By accessing the accounts remotely, the syndicate can monitor both the inflow of funds from their fraudulent billing, and keep tabs on the outflow. If the account status failed to indicated a designated foreign wiring had not occurred as instructed, then they can immediately stop inputting new card data, until the issue is resolved. The operating account balance is kept to a minimum.
Of course one must remember that the cyber-mule has been duped into believing that he is gainfully employed by a legitimate entity. So the same ethics that would keep anyone from stealing are also in play here, maybe more so. From the cyber-mules perspective they are a "Corporate Officer". Their name and signature are on the LLC filings as such, they signed off on, and applied to the IRS for a EIN number. They also opened and are the authorized signature for the Corporate bank account/s. At the beginning they completed an extensive employment application, and supplied copies of their identity documents. They also signed an employment contract. Depending on the cyber-mules attitude and perceived suspicions, if any, the deception will even include having the cyber-mules wire the first few rounds of outbound funds to another LLC's domestic bank account. Then later telling them that it really delays the process so instead "we will have you wire the funds directly to Corporate Headquarters". That is a known tactic.
It is difficult to tell as to what extent a mule may become suspicious, even convinced at some point that there is fraud, but decide to keep it going for the income. I am sure that issue will be looked at some point in the future.
said by ThanksMGD :
..Those were two questions I was wondering after going through this entire thread. I am sorry if they were answered before and I missed them. Thank you very very much for your hard work and please let me know where and how I can send you a token of my appreciation.
They were good questions, in hindsight, I should have went directly and just published the full length novel. This turned out to be a lot longer than Ii first imagined. However, I believe it is imperative to document this in detail, including listing the foreign bank account numbers in order to generate credible interest, and ultimately action.
My description of this operation at the beginning is by no means an exaggeration, it is accurate. This huge fraud is so well organized that it hides in plain sight.
Do not bet against the odds that the ringleaders of this criminal enterprise will not be celebrating their 10 year anniversary on a dinner cruise on the Volga a few years from now.
MGD
reply
anon @ 7th Feb 12:44PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
You posted my name and info regarding atala designs scam. they have stolen my company info (not atala design) and have used my name and some of my address info. if you are looking to find atala design here is the info I have on them - i do not have any connection with banking etc.
Gundars Kristopans
gundars_kristopans@ataladesigns.com
(801) 788-5851.
I am in the process of removing my name from the hosting company.
I was scammed as well.
reply
Laurie @ 7th Feb 12:52PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Where my fraud stands: Reported bogus $11.89 charge from "Crystal Clear Designs" to my bank a week ago. Canceled my debit card, filled out a form in person, was issued a new card/account number.
Today I received a "provisional credit" for the $11.89, but obviously that is not set in stone yet.
reply
Transmaster @ 7th Feb 01:06PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Absolutely fascinating!!! MGD you are a cyber detective of the likes of the fictional characters in William Shatner's, Tek series Scifi books. :)
--
Send a prayer to Allah, eat Beans.
reply
MGD @ 7th Feb 06:07PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by stolen info :
.. if you are looking to find atala design here is the info I have on them - i do not have any connection with banking etc.
Gundars Kristopans
gundars_kristopans@ataladesigns.com
(801) 788-5851.
I am in the process of removing my name from the hosting company.
I was scammed as well.
That should qualify for having the domian revoked, and the hosting shut down. Did you have a fraudulent card charge for the domian registration and/or hosting?
The name Gundars Kristopans, and a Latvian address shows up in a recruiting letter. Which was a result of an inquiry to a job offer that Atala Designs posted on Craigslist in May 2007, it is listed here: »Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto I believe that most of the names and listed addresses used at the second tier level are all made up.
MGD
reply
anon @ 9th Feb 09:29AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I just got off the phone with my cc bank (Chase). They had called to ask about a possible fraudulent charge. It was legitimate, but every so often our card gets locked out and we have to call them. They list a charge or three (this time it was just one) to have us verify, then they unlock the card. This was only an online purchase at a reputable site (Newegg) for 41.99. Does anyone know what triggers the suspected fraud in the banks' eyes?
While they had me on the phone they tried to sell me fraud protection. Since I had the fraudulent charge last month, I began thinking maybe fraud protection wasn't a bad idea. I'm wondering if anyone can recommend a good fraud protection program at a reasonable price.
reply
garys_2k @ 9th Feb 09:51AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Did they say what you get with their fraud "protection?" It sounds nice, but what do they do? How are you more protected than without it? That's what I'd ask.
reply
anon @ 9th Feb 03:34PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
For 11.99 ea./month you get 2 credit reports/yr (I get one free in my state anyway), and they alert you if anyone tries to open an account in your name, whether it be you or an identity thief. That's about it.
reply
anon @ 9th Feb 06:23PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
In mid January I was suddenly hit with two charges on my AmEx and was alerted via your posts that they were fraudulent - so thanks! I disputed both of them and just phoned AmEx and am having a new card mailed overnight.
I live in the San Jose area but my parents live in Roseville and I visited them over the Christmas holiday. This began in early January.
First charge was from VALLJRSX, second from Mobil Txt.
VALLJRSX VALL-JRSX WEST SACRAMENTO CA
DIRECT MKTG INTERNET
Merchant Address: VALLJRSX
900 SIMON TERRACE
UNIT # 88
WEST SACRAMENTO CA 95605
Merchant Type: INTERNET DOWNLOADS
Doing Business As: VALLJRSX
MOBIL TXT MOBILTXT FAIR OAKS CA
MISC PERSONAL SERVICE
Merchant Address: MOBIL TXT
4201 GREENVALE RD.
FAIR OAKS CA 95628
Merchant Type: MISC PERSONAL SERV
Doing Business As: No Additional Information
reply
sch9171 @ 10th Feb 05:42PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD :
That should qualify for having the domian revoked, and the hosting shut down.
Yes. I've caused other scammers' and spammers' domains get revoked by reporting that they used fake information in the registration. The ICANN Registrar Accreditation Agreement requires that registrars require registered name holders to provide accurate contact information, and to treat failure to do so as material breach of the registrar-name holder agreement. Not all registrars actually do this, but the good ones usually do. Typically, after receiving a report of false information, they'll try to contact the registrant, and if they fail they'll revoke the domain.
For reference, from the ICANN Registrar Accreditation Agreement:
3.7.7.1 The Registered Name Holder shall provide to Registrar accurate and reliable contact details and promptly correct and update them during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections 3.3.1.2, 3.3.1.7 and 3.3.1.8.
3.7.7.2 A Registered Name Holder's willful provision of inaccurate or unreliable information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder's registration shall constitute a material breach of the Registered Name Holder-registrar contract and be a basis for cancellation of the Registered Name registration.
I don't know how many of these domains are registered with false information, but if it's a substantial portion, pointing that out to their registrars might be a way to cause the scammers a bit of temporary pain. Of course, they'll just register new names (and probably start using a more fraudster-friendly registrar), but temporary pain is better than no pain...
reply
MGD @ 12th Feb 08:46PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Two weeks ago I began a project to try and identify and name these set ups at the birthing stage, or during the early seasoning process. Using tactics that initially helped to uncover this vast criminal enterprise, I have identified between thirty five and forty new fraudulent entities in various stages of operation. That is significant, and indicates the continued ability of this syndicate to harvest card data, and the unfettered access they have in setting up merchant bank accounts to process the hijacked data.
I am currently compiling this research data, and will publish the findings shortly. I also have some interesting research on the Amex fraud charges from the Russian cyber-mule cartel concentrated in Sacramento and the surrounding counties in California.
In the interim, here are two more of the syndicate's template sites currently in operation.
webperfecttemplates.com 760-690-3138 Web Perfect Designs, LLC
[att=1]
This website »webperfecttemplates.com was down for some time, but is now back online. Fraud complaints began surfacing around the first of the year: »www.google.com/search?hl=en&q=76···e+Search
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
.
Domain name: webperfecttemplates.com
.
[webperfecttemplates.com IP 202.60.92.179]
.
Registrant Contact:
WPD LLC
david perry (perry_david01@yahoo.com)
+1.7733464548
Fax: +1.7733464548
1025 Morning view dr
Escondido, CA 92026
US
.
Name Servers:
ns1.aussiednsserver.com
ns2.aussiednsserver.com
.
Creation date: 05 Nov 2007 18:25:05
Expiration date: 05 Nov 2008 18:25:05
Web Perfect Designs, LLC was registered as a Fictitious business name by a DAVID F. PERRY on 10/15/2007.
[att=2]
------------------------------------
CALIFORNIA
County of San Diego
Filing Number: 2007-035766
Number of Businesses 1
------------------------------------
Business Name(s) WEB PERFECT DESIGNS
------------------------------------
Number Of Owners 1
------------------------------------
Owner(s) PERRY DAVID F
------------------------------------
Filing Date 10/15/2007
------------------------------------
Expiration Date 10/15/2012
------------------------------------
Business Conducted By Individual
As usual the website is blocked from search engine indexing:
[att=3]
There is a public listing for Mr. Perry that matches the domain information:
David Perry
1025 Morning View Dr
Escondido, CA 92026-3469
Now attempting to make contact with Mr. Perry.
After two months in operation, the failure of the system to identify the fraud, helps preserve it":
quote:
dpcraw - 8 Feb 2008
"....Just found one of these 11.49 charges on my Schwab account. Called to dispute, they said to call the number and attempt to talk to them first. Just the voice message. Also had another odd charge from arealhome.com for 9.99 that was not mine. last thing i used card on was amazon..."
»800notes.com/Phone.aspx/1-760-690-3138/2
.
.
Next up:
.
monroviadesigns.com 703-348-7199 Monrovia Incorporated AKA Monrovia Designs
[att=4]
First report of charges from »Monroviadesigns.com less than two weeks ago at the end of January 08: »www.google.com/search?hl=en&q=70···G=Search
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
.
Domain name: monroviadesigns.com
.
[monroviadesigns.com IP 202.60.92.179]
.
Registrant Contact:
MI
Brian Meyer (meyer_brian01@yahoo.com)
+1.7178287353
Fax: +1.7178287353
5420 N Morgan St. #201
Alexandria, VA 22312
US
.
Name Servers:
ns1.aussiednsserver.com
ns2.aussiednsserver.com
.
Creation date: 08 Nov 2007 20:23:00
Expiration date: 08 Nov 2008 20:23:00
Once again hidden from the web using a robots file:
[att=5]
Monrovia Incorporated is a corporation set up in the state of Virginia by a BRIAN MICHAEL MEYER on July 20, 2007, via a proxy agent service. That name is the same name as the domain registrant. I wonder why there was such a delay between the corporate filing and the set up of the domain.
[att=6][att=7]
WEB#727 CIS 02/12/08
TCP00001 CISM1001 OFFICERS/DIRECTORS AND PRINCIPAL OFFICE 02:05:50
.
CORPORATE ID: F171586 - 3 CURRENT AR# DATE
CORP NAME: MONROVIA INCORPORATED
.
STREET: 526 KING STREET
SUITE 423
CITY: ALEXANDRIA STATE: VA ZIP: 22314
S C DIR REQUIRED: Y
E A OFFICERS/DIRECTORS DISPLAY FOR AR#
L T NAME TITLE SIGN
.
B BRIAN MICHAEL MEYER PRESIDENT
.
WEB#727 CIS 02/12/08
TCP00001 CISM0180 CORPORATE DATA INQUIRY 02:11:05
.
CORP ID: F171586 - 3 STATUS: 00 ACTIVE STATUS DATE: 07/20/07
CORP NAME: MONROVIA INCORPORATED
.
DATE OF CERTIFICATE: 07/20/2007 PERIOD OF DURATION: INDUSTRY CODE: 00
STATE OF INCORPORATION: WY WYOMING STOCK INDICATOR: S STOCK
MERGER IND: CONVERSION/DOMESTICATION IND:
GOOD STANDING IND: Y MONITOR INDICATOR:
CHARTER FEE: 50.00 CASE NO: CASE STATUS: HEARING DTE:
R/A NAME: NATIONAL REGISTERED AGENTS INC
.
STREET: 526 KING ST STE 423 AR RTN MAIL:
.
CITY: ALEXANDRIA STATE : VA ZIP: 22314
R/A STATUS: 5 B.E. AUTH IN VI EFF. DATE: 07/20/07 LOC.: 200
ACCEPTED AR#: 000 00 0000 DATE: ALEXANDRIA CITY
CURRENT AR#: 000 00 0000 DATE: STATUS: ASSESSMENT INDICATOR: 0
YEAR FEES PENALTY INTEREST TAXES BALANCE TOTAL SHARES
. 00 100
Public records indicate Mr. Meyer has a unpublished number:
Brian Meyer
home
5420 N Morgan St, Apt 201
Alexandria, VA 22312-3307
phone number unavailable
Here is a victim report of a double hit from monroviadesigns on two different cards issued by the same institution:
quote:
"...I have recently had two unauthorized charges to two separate accounts. One was from my debit card and one was from my credit. Both cards were issued by the same bank. I called the phone number (1-703-348-7199) and got a voice mail. I then emailed their 'support' division as instructed on the voice mail and got no reply. I have contacted my bank and disputed the charges, and have also emailed Monrovia Designs again, which I am sure will yield very little results......"
»www.complaintsboard.com/complain···658.html
You can see across most of these fraud site records that there is a two to three month process in getting the scam up to full speed. Some of that time period is spent seasoning the merchant account. This experienced criminal enterprise knows exactly what events may trigger an issue. The merchant account is set to mimic a newborn ecommerce operation, by slowly increasing the rate of charges during the first month or two.
Also note that there is a maximum throughput for each set up. As posted previously, several cyber-mules were encouraged to set up multiple business entities. This diversification spreads the load over multiple entities, lowers the complaint ratio, and keeps the foreign wiring activity of the laundered funds distributed across many names. Lessons learned from the errors of the Pluto and Digital Age frauds from two years ago, which made the national media, have been put to good use.
MGD
EDIT= fixed bad monrovia link
reply
MGD @ 13th Feb 03:45AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by sch9171 :
..... I don't know how many of these domains are registered with false information, but if it's a substantial portion, pointing that out to their registrars might be a way to cause the scammers a bit of temporary pain....
I agree,...the domain registrations fall into 3 categories. One grouping has them registered to the cyber-mules. They usually match the LLC filings, or the Fictitious Business Name registrations. Most of the "Template" fraud sites are in that category.
The second group, which include most of the ebook sites have fraudulent domain registrations. Many of them are "carded domains" registered to cards from the hijacked data. One interesting note, within that group are a subcategory in which the criminals actually match a card and victim address to the same area as the cyber-mule. In other cases they are in different states.
The third group are the domains with cloaked hidden registrations. I have yet to come to terms with the fact that merchant banking and card processing accounts are freely given to newborn e-commerce sites who have no brick and mortar presence, and have hidden domain registrations. In the case of the Globus group, you combine the cloaking and a site search engine block, and it just screams fraud. There is some serious culpability on the part of the banks and the processor that allow that to pass a vetting process.
MGD
reply
anon @ 13th Feb 11:16AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Webperfect Templates
Still going, their site is up now. I reported them to the federal government and my bank. Here is what they said when I emailed them; they are obvioulsy lying.
I represent Web Perfect Designs, LLC.
We got an email from you reporting a charge on your credit card.
Thank you for reporting about this situation promptly.
First I guess I should explain everything to you.
Our company produces webdesign and templates - primary web pages with no content. Your card was charged for the price of a template bought on our website.
I have a very important question for you:
Are you sure that nobody but you has access to your credit card information(name and number)? You see that if your card was charged and you didn't know about that somebody does have your card information and can use it. Please check it.
We have already removed the charge you reported. The refund will be stated in the account within three or four business days.
Nevertheless I strongly recommend you to call your bank and ask them to issue another card for you. Because if your card was once charged without your notification there's no guarantee of that the person having access to the CC information wouldn't use it again.
It is also possible that some banking error occured and your card was charged by mistake but still please call them and talk it over.
Sincerely,
reply
Doctor Olds @ 13th Feb 12:14PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by supercali :
Webperfect Templates
Still going, their site is up now. I reported them to the federal government and my bank. Here is what they said when I emailed them; they are obvioulsy lying.
I represent Web Perfect Designs, LLC.
We got an email from you reporting a charge on your credit card.
Thank you for reporting about this situation promptly.
First I guess I should explain everything to you.
Our company produces webdesign and templates - primary web pages with no content. Your card was charged for the price of a template bought on our website.
I have a very important question for you:
Are you sure that nobody but you has access to your credit card information(name and number)?
If you want to, write them back and tell them that you are fully aware that they are a cyber-mule employed by a Russian or Romanian based Crime Syndicate and that you are aware that they are electronically wiring 90% of the funds that appear in the Merchant Account overseas when there are no legitimate business models with that kind of instant income at the levels they are transferring. Indicate that they are the one person US authorities are going to track down to hold fully responsible for every dime because they are the easiest target and the business is in their name, not the Syndicates after all. :o
See if they reply. ;)
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 14th Feb 02:03AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by supercali :
Webperfect Templates
Still going, their site is up now. .........
That operation will cease within the next 48 hours, cross one off the list. I cannot say much more as of right now, however, the termination process is underway. I will update once the process has been completed.
Yes that is the standard templated letter used across many of the domains. They will issue a credit once a victim complains about the fraudulent charge. Once discovered their goal is to mitigate the effect and preserve the operation. They issue a credit in order to avoid a chargeback fee, which keeps the fraud laundering intake at a maximum. The second purpose is deception, make the victim think that the website is a victim as well. Deflect suspicion and attention away from the real criminals.
MGD
reply
anon @ 14th Feb 10:37AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I was hit on my Amex card on 01-20-08.
It was $11.87.
Charged from:
MOBIL TXT MOBILTXT FAIR OAKS CA
MISC PERSONAL SERVICE
Called Amex and had charge removed and card voided. They are sending me a replacement card.
reply
anon @ 19th Feb 06:51PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I just received a Credit Card statement tonight for a card that I have not used in several months. There is a charge of $11.89 referencing HTTP://WWW.MCATEMPLATES.C 623-444-2173 AZ. After some quick research, it appears that this is a fraudulent charge. Agree?
reply
MGD @ 19th Feb 07:18PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by TunaTacoGrande :
..... After some quick research, it appears that this is a fraudulent charge. Agree?
Absolutely fraudulent, 100% guaranteed, no question about it. Your card data is in the hands of this criminal enterprise. You need to contact your financial institution, make sure you classify this as a "fraud charge". They need to process an immediate chargeback, and cancel and re issue your card. Do not accept anything less.
The fact that your card has not been used in several months is not unusual. Some victims have not used their compromised card in two years, anywhere. This is a common trait in this syndicate's operation.
As listed above, mcatemplates.com - 623-444-2173 M.C.A. and mcawebtechnology.com AKA M.C.A. 623-742-3769 and ulcsolutions.com AKA U.L.C. 623-444-2964 also 602-476-1845 are three sites whose merchant accounts were set up at authorize.net by a cyber-mule named Steve Rogan from Scottsdale, Arizona.
MGD
reply
anon @ 19th Feb 08:13PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thanks for your help, MGD. I will take your advice.
I've been reading through your posts. This is some strange stuff. Seems hard to believe that the same buffoon keeps getting away with this.
Steve Rogan is a Cyber-Donkey in my book. Or, a Cyber-Jackass...
I'd like to get in the ring with him and treat him like a rented Mule.
reply
anon @ 20th Feb 06:03PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Just a follow-up:
I called my card to report the fraudulent charge. They informed me that on the same day another charge was submitted, but for some reason it had not yet posted so it wasn't on my statement. The charge was for $9.99 from arealhome.com. Interesting that they attempted to hit me twice on the same day.
The have closed the account and they are mailing me an Afidavit of Fraud.
reply
MGD @ 20th Feb 09:41PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by TunaTacoGrande :
Just a follow-up:
I called my card to report the fraudulent charge. They informed me that on the same day another charge was submitted, but for some reason it had not yet posted so it wasn't on my statement. The charge was for $9.99 from arealhome.com. Interesting that they attempted to hit me twice on the same day.
The have closed the account and they are mailing me an Afidavit of Fraud.
Good to know,.... several others have reported charges from arealhome.com also, showing up in tandem with various template fraud charges.
quote:
Feb 7 2008, 12:11 PM Post #11
We also had a charge for 10.29 on Master Card from webperfectemplates.com and arealhome.com for 2.99 Killed the account after filing dispute. Also concerned about how the numbers are obtained. We used card in Seattle ( Restaruant), Copenhagen( airport ) Lithuania ( hotel ) and Mexico ( serveral Restaurants). Anyone have common points? Also used it for online purchase from England and one in US.
Thanks
»209.85.165.104/search?q=cache:vF···11&gl=us
And:
quote:
261 Rizza on 02.05.08 at 5:39 pm
Has anyone seen any charges from AREALHOME.COM? I just got a 6.57 charge from them and also an $11.87 charge from Crystal Clear Design on the same day. I have never heard of either of them.
»www.cjupin.com/2007/09/13/credit···ment-819
On Feb 8th this post in reference to webperfecttemplates.com:
quote:
dpcraw - 8 Feb 2008
"....Just found one of these 11.49 charges on my Schwab account. Called to dispute, they said to call the number and attempt to talk to them first. Just the voice message. Also had another odd charge from arealhome.com for 9.99 that was not mine. last thing i used card on was amazon..."
»800notes.com/Phone.aspx/1-760-690-3138/2
The strange part is that arealhome.com appears to be a legit site. In fact, it does not appear to be engaged in consumer e-commerce at all. The arealhome.com domain has been registered since 2005 »network-tools.com/default.asp?pr···home.com. The registrant also owns the .net and .biz versions also.
About the only remotely nefarious item is that a Russian programmer worked on some of the site code: »translate.google.com/translate?h···26sa%3DN
We know that this crime syndicate has repeatedly engaged in the pinging of victim's cards prior to submitting a fraud charge. In fact, that tactic has been another hallmark of this criminal enterprise's operation going all the way back to the Digital Age fraud run two years ago.
How arealhome.com fits into this scenario is not yet established. A crucial piece of information is if the arealhome.com charge hit the card first. That would indicate an attempt to pre-validate card data, which is also the purpose of pinging the cards.
I believe that pinging is far more prevalent with this operation than is being reported. Most victims will not be aware that it may have occurred prior to the charge, unless they are monitoring their account online. I assume the card issuer could see that history if asked. The pinging involves submitting a small pre-authorization charge that rolls off the account usually in 24 hours, if not followed by a confirmation charge. There is usually an assessed fee of around $.35 per entry for this service.
This behavior indicates two things. One, that these criminal's have card account data that they do not know if it is currently valid. We already know from one website they operated, that they were running a 35% average rejection rate on card data submits. That is very high, and should attract attention, as it is way above what a normally legit e-commerce entity would generate. However, we do not know if this is typical for all, since that was a sampling of only one of their operations.
One way that the crime syndicate could mitigate this problem is by pinging some of the card data first. Cards that were successfully pinged, and received an authorization, could them be pooled for submitting of the fraud charge, with advance knowledge that it is a current valid account.
The problem with the pinging process besides the ~ $.35 fee per card, which is significant, if you need to hit thousands of cards, is where to do it from. Doing it in volume on your existing accounts will also raise several flags. There in is the second observation, this crime syndicate's penetration of the financial card processing system is pervasive. It is clear from the names of the reported pinging, that they have somehow managed to hijack the merchant accounts of legitimate businesses. From the multiple reports, it is clear that these are small entities, a physician's office, a small restaurant, etc. Most probably these entities are not even awarethat their merchant account has been hacked, until they see the bill for all the pre-authorizations. By what means these accounts are being hijacked is not known, but needs to be discovered. So in addition to reporting a fraud charge here, or in any forum, also post any information that you have on a pre-authorization roll off charges.
How arealhome.com fits into this picture needs to be determined. Is it a play on words, and there is a dash somewhere in that name, and it is really a full fledged fraud operation. Or, is it somehow using the real site as part of a card validation process?.
Here are some examples of suspected pre-authorizations from potentially hacked legit accounts. If more specific data can be gathered, then another vector can be added to this investigation,:
quote:
01/15/2008
SpammedinOK:
I was hit twice from this company "Atala Designs" for 11.85, there was a previous charge for 3.44 for some doctor in florida...
»Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
-------------------------------------------------------
Scornsoul - 15 Jan 2008:
January 14th the transaction completed on our paypal account, but was listed as a paypal credit/debit card purchase. Now, of course, I have to file paperwork. However, my amount was $10.29, was from ATALA DESIGNS 6263100668 MN, and I hadn't used the card in months. Actually the last thing in months that was done on that card was a deposit for an item that we sold on ebay. Come to think of it, (TEN FOUR COMMUNICATION GROSSE POINTE LA for $3.45) evidently 'timed out' before it was charged. That one disappeared and ATALA appeared the same day. Same thing with the phone, just some guy on a machine or voice mail... Any help would be appriciated.
-------------------------------------------------------
Jennifer - 15 Jan 2008:
was hit twice. One for 3.44 from some PHD in Florida on 01-11-07, which dropped off my account and didn't post. Then i also had one on 01/13/07 for the amount of 11.89 which was from Atala Designs. I've been fighting with my bank all morning and it's going to cost me more to dispute and get a new debit card. I haven't purchased anything on line in MONTHS so i don't know how they got my number.
»800notes.com/Phone.aspx/1-805-275-2235/13
-------------------------------------------------------
Anibal - 8 Feb 2008:
on Monday February 4th i saw the pendind charges one from Atala designs for 12.79 and another from a Home.com for 2.99, since I check my account on-line I was able to catch it early so i call my Bank and cancelled my card and by wednesday only on charge clear with was the Atala designs, so I file a report with the bank and I'm getting my money back,
»800notes.com/Phone.aspx/1-805-275-2235
MGD
reply
dragger @ 21st Feb 01:30PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
One of my cards was hit on 2/11 by HTTP://WWW.MCAWEBTECHNOLO 623-742-3769 AZ
I don't have much to add regarding where the breach could have come since this card has been used extensively online (secure sites, of course) and at businesses all over the United States for a number of years.
However, this is not the first time this has happenned to me. At least three years ago, the same thing happened, but from another company located in Texas. The scam was exactly the same, low monetary value, web template, someone else must have ordered, etc.
I called my card a couple of times but always reached a semi-English speaking CSR and was told that I had to provide proof that the company had directly refused me a refund. This time span was one where I was very busy at work so I did not follow up. Back then, I didn't find much info on the company or this scam.
I did keep a close eye on the card but no other bogus charges were ever made on it in the years between then and now.
Perhaps it's two different scams, or I was just extremely lucky. Regardless, it's interesting that it took so long.
reply
sch9171 @ 21st Feb 07:15PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
arealhome.com is hosted in Russia, FWIW.
inetnum: 81.177.22.0 - 81.177.23.255
netname: NETPLACE
descr: NETPLACE professional internet services
country: RU
admin-c: MP12571-RIPE
tech-c: MP12571-RIPE
status: ASSIGNED PA
mnt-by: AS8342-MNT
source: RIPE # Filtered
person: Malinkovich Pavel
address: NETPLACE professional internet services
address: 40a-89, Tevosyana str.
address: 144002, Electrostal, Russia
e-mail: pavel@malinkovich.com
phone: +7 495 9685374
fax-no: +7 495 9685374
nic-hdl: MP12571-RIPE
source: RIPE # Filtered
% Information related to '81.176.0.0/15AS8342'
route: 81.176.0.0/15
descr: RTCOMM-RU
origin: AS8342
mnt-by: AS8342-MNT
source: RIPE # Filtered
Also hosted on that IP is legaltystore.com, which appears to be hawking website templates...
reply
MGD @ 22nd Feb 08:12PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by sch9171 :
arealhome.com is hosted in Russia, FWIW.
.......Also hosted on that IP is legaltystore.com, which appears to be hawking website templates...
Excellent catch, I missed that.
IP 81.177.22.77 [reverse DNS - server.arealhome.biz] hosts:
1. Arealhome.biz
2. Arealhome.com
3. Legaltystore.com
4. Triprents.com
5. Ileadsmart.com
Except for ileadsmart.com, which has no active website, and is registered to an individual in Moscow, all the others tie back Victor Sulla, with a Washington, DC, address. Or to his company
TRIPRENTS.COM
Registrant:
Travelegia
10246 Arizona cir
Bethesda, Maryland 20817
United States
Registered through: GoDaddy.com, Inc.
Domain Name: TRIPRENTS.COM
Created on: 30-Nov-06
Expires on: 30-Nov-09
Last Updated on: 29-Oct-07
Administrative Contact:
Sulla, Victor sulla4[AT]Yahoo.com
Travelegia
10246 Arizona cir
Bethesda, Maryland 20817
United States
(301) 365-3614
Domain servers in listed order:
NS1.AREALHOME.BIZ
NS2.AREALHOME.BIZ
Arealhome.biz
Registrant:
Travelegia
1813 35th st NW
APt 8
Washington, DC 20007
US
Domain name: AREALHOME.COM
Administrative Contact:
Sulla, Victor
1813 35th st NW
APt 8
Washington, DC 20007
US
+1.2404411488
NS2.AREALHOME.BIZ
NS1.AREALHOME.BIZ
This is a little strange:
»www.legaltystore.com/products/aboutus.asp
However all the other data points to:
»www.triprents.com/ContactUs.asp
»www.travelegia.com/ContactUs.asp
even:
»www.soapusa.com/contact.htm
How arealhome.com fits in, other than obviously pre pinging the cards from several of the domains right before the charge, is not clear. Do they have a merchant account that has been penetrated, or a has a pseudo account been set up unknown to them, or are they complicit.
I will try and reach them, and ask.
MGD
reply
K Patterson @ 22nd Feb 08:19PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Victor Sulla is likely a false name. He is a reputable, published, economist. We've seen this here before, although my 70-year old brain has forgotten the details.
reply
MGD @ 22nd Feb 08:47PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by K Patterson :
Victor Sulla is likely a false name. He is a reputable, published, economist. We've seen this here before, although my 70-year old brain has forgotten the details.
LOL !! Yes, I thought that also when I ran the name. Of course very easy to use it, or his card, to register domains.
Then after some more digging it got a little complicated. While the domains are easy forgeries, this would be more difficult to pull off as a forgery:
[att=1]
A Delaware Corp, properly re registered in DC for doing business there.
Also has a lot of advertising etc. over a long period. Even a press release: »www.prnewsnow.com/Public_Release···411.html
Of course the later could all be easily faked. All that promotion doesn't fit in here. Also that was a legit phone number for him at one time, since disconnected, which is also unusual. Though there are several flags, it doesn't quiet fit into the complicit mold, ... yet. There are some newer numbers available for him, too late to call tonight. Possibly more than one person with that name?. Or...?
MGD
reply
MGD @ 22nd Feb 11:21PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
webperfecttemplates.com 760-690-3138 Web Perfect Designs, LLC is finished as of several days ago, the merchant account is locked, all transfers have ceased. The criminals subsequently pulled the website »webperfecttemplates.com
MGD
reply
anon @ 25th Feb 08:55AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I'm pretty naive about this. I got a call from my bank's fraud dept. yesterday. I was also hit with the fraudulent charge from Monrovia Designs. They charged $12.79. A few days prior, I noticed an unfamiliar hold on my account from "Triprents.com" for $6. I tried to dispute this charge but my bank does not allow holds to be disputed until they post to the account. When the charge didn't go through, I thought nothing of it until I received the call yesterday.
My card has now been frozen. Forgive me if my questions are very basic, but I'd like to know a little more about what happened.
1. From what I've read, a Brian Meyer from Alexandria, Virginia is some kind of registered agent for a "Monrovia Incorporated." Is that a real person or just an alias?
2. What exactly is a cyber mule?
Thanks.
reply
pleekmo @ 25th Feb 01:02PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by jd08 :
2. What exactly is a cyber mule?
Thanks.
A cyber mule is an on-line (computer-using) money mule.
--
HCN: Because you deserve a rest!
Proud member of the Free Omelas Liberation Front.
reply
garys_2k @ 26th Feb 03:39PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by jd08 :
1. From what I've read, a Brian Meyer from Alexandria, Virginia is some kind of registered agent for a "Monrovia Incorporated." Is that a real person or just an alias?
2. What exactly is a cyber mule?
Thanks.
1. It's likely a real person, the "cyber mule" running that particular business. It's entirely possible that he thinks he's running a legitimate business and is amazed at how easy it is to make money. Essentially he's the front man for the Russian mobsters that really set it all up, and he's (quite possibly unwittingly) taking care of the bank chargebacks as they hit.
2. See above. In crime, a "mule" is the person seen to be fronting the operation and they may think that they're actually running an ordinary, legit. business. They pull the freight for the criminals behind the curtain.
reply
MGD @ 27th Feb 04:56PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by jd08 :
.....I got a call from my bank's fraud dept. yesterday. I was also hit with the fraudulent charge from Monrovia Designs. They charged $12.79. A few days prior, I noticed an unfamiliar hold on my account from "Triprents.com" for $6. I tried to dispute this charge but my bank does not allow holds to be disputed until they post to the account. When the charge didn't go through, I thought nothing of it until I received the call yesterday...............
You are the first to report the pre authorization or card ping from "Triprents.com" that I have read.
"Triprents.com" is owned by the same group that also owns "arealhome.com". Arealhome.com has been repeatedly reported for showing up as a ping charge right before the fraud charge proper. This pre validation procedure has been a common tactic, going all the way back to the height of the Digital Age Fraud in 2005.
In fact Doctor Olds posted back in Sptember 2005 how his card was first pinged with a small charge to test it. Then he was hit with a KCSOFTLLC.com template charge, which was then folowed by a Digital Age charge: »[scam] Digital Age, KCSOFTLLC and Coastal Wave Int
The people at Travelegia.com who own both arealhome.com and Triprents.com have stated that their billing account has been hijacked, the password to the account was hacked.
They said that they are fielding numerous calls from people complaining about this. They stated that many many cards were processed through their merchant account. they said that they are victims too, and are left with a mess to clean up. They also said that they have filed a police report.
As stated in a previous post Travelegia appears to be a legitimate established business entity, and is one of numerous entities that has been hacked in order to use their accounts for card list cleaning.
They may be willing to provide more details publicly on what happened.
MGD
reply
sch9171 @ 27th Feb 07:29PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD :
As stated in a previous post Travelegia appears to be a legitimate established business entity, and is one of numerous entities that has been hacked in order to use their accounts for card list cleaning.
I trust your judgement, if you talked to them and believe that they are victims in this too. However, I do find it strange that according to their domain registration, they're a US company, but their websites are hosted in Russia. And not only are they hosted in Russia, but they are hosted on the same IP as a templates site. It's not common for US companies to host their website in Russia, especially when they don't appear to be targeting the Russian market.
Are they claiming that their domain registration or DNS has also been hijacked, to point their DNS records to this Russian server? Or do they have any other explanation?
reply
MGD @ 27th Feb 08:39PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
You raised excellent points, and I am following up with them. I asked if they would provide additional corroborating information, and they asked me to submit questions to them for a response. They are aware up front that I am seeking a reply that can be published.
The company representative would not answer the question regarding the hosting location that I asked. However, he said to submit questions to them and they would respond. He said that he was not authorized and did not want to carry on a detailed conversation without some vetting.
On the face of it, it seemed like a reasonable request, and I am following up with them. I will specifically include that question. At that point I was willing to give them the benefit of the doubt pending these response. There may also be a public record of police reports. The fact that the holding company Travelegia has been around for several years 2003/04, and that this is a known tactic, is why I still have an open mind. Historically, hijacked accounts have been used for the pinging process, as it racks up a hefty bill, and does not generate revenue.
I am not vouching for them, and I should have included quotations around the "they said" portion above, as I was quoting what hey said. If there is the possibility that a legit business has been maligned by having their accounts hijacked. I at least want to error on the side of caution. There is no history prior to the current event, of any of those domains being associated with fraud charges.
Hopefully additional data can be obtained that can nail this down. I will also provide them a link to the thread in case they want to comment directly.
MGD
reply
MGD @ 27th Feb 08:54PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by sch9171 :
... However, I do find it strange that according to their domain registration, they're a US company, but their websites are hosted in Russia. ..
Yes, that was one of the very first questions I asked, and caused some confusion. He initially denied they were hosted on a Russian server. I contacted what appears to be the main company Travelegia.com, and that is hosted in the US. I then said that I was referring to the group hosted on IP 81.177.22.77 I even wondered why there were merchant accounts on some to begin with. He said that the accounts that were hijacked and where the fraud billing from, were PayPal business accounts.
MGD
reply
anon @ 29th Feb 11:00AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
VIN design, Roman Piglitsin and Solomka from Sacramento and Plumas, CA have hit my Amex three times now since November for $12.38, $9.45 and $9.59. Fortunately, Amex has been good about crediting my account.
reply
anon @ 29th Feb 03:38PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Yes, we " www.hostdone.com " are working for clean intetnet hosting service.
www.hostdone.com has delete any Fraud web site from our system and warn any other website to get hosted, it is very clear that is against of our terms of used.
Best Regards
HOSTDONE
»www.hostdone.com
reply
anon @ 4th Mar 11:32AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Confirming reports on Monrovia Incorp (aka Monrovia Designs). On 2/27/08 they charged 11.89 to my Chase Visa. I am currently in process of getting Chase to flag them as a fraudulent vendor. They actually posted this charge as though it was signed for (some kind of code Chase recieves) and manually keyed in off the physical card! I am in Arizona, and this charge was put through as if it were from Huntsville, Alabama?! Also, I called the "support" number that Chase had (same as was listed here 703-349-7199)...goes straight to voicemail greeting stating all agents are busy, please leave a message or email them at support@monroviadesigns.com. Looking up www.monroviadesigns.com, it is an obviously false front, created using homestead.com. States their business is outsourcing. I have forwarded all the great information in this post to Chase. Keep up the great work!!!
reply
stevedaytona @ 4th Mar 12:20PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Thanks for this thread! Amazing work, MGD.
I found this after I discovered my wife's debit card got hit for a $11.89 charge from Interactive Designs of Seattle (phone number shown is 2063198144, which is the same as shown on the Crystal Clear Designs website). I reported this to my Bank today.
The day before this transaction, there was a pending charge of $4.95 for a company in Tennessee called Fantastic Plants. This is a small bona fide company and were obviously inundated with phone calls as there was a recprded message saying they believed card numbers weres stolen from Paypal. From what I am reading this was the 'ping' charge and never got posted to our account.
I'll also now report this on the IC3 website.
reply
MGD @ 4th Mar 03:26PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by stevedaytona :
Thanks for this thread! Amazing work, MGD.
......The day before this transaction, there was a pending charge of $4.95 for a company in Tennessee called Fantastic Plants. This is a small bona fide company and were obviously inundated with phone calls as there was a recprded message saying they believed card numbers weres stolen from Paypal. From what I am reading this was the 'ping' charge and never got posted to our account.......
Thanks you, and glad you posted. Great info on the prior ping charge, as that further confirms this ongoing pre testing of cards. I wonder if the reason that Fantastic Plants mentions PayPal is because that was their merchant account that was hacked. The people at Arealhome.com and Triprents.com which was another multiple reported ping entity, stated that it was their business PayPal account that was hacked. The card pinging was done from that account.
From the previous reports of multiple pinging names, there is no doubt that there is another side to this operation. That component is one that involves the routine hacking of business merchant accounts. They are then used to pre screen lists for currently valid cards, which are then proecessed throught the fake businesses.
MGD
reply
MGD @ 4th Mar 04:02PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by d3na3az :
Confirming reports on Monrovia Incorp (aka Monrovia Designs). On 2/27/08 they charged 11.89 to my Chase Visa. I am currently in process of getting Chase to flag them as a fraudulent vendor. They actually posted this charge as though it was signed for (some kind of code Chase recieves) and manually keyed in off the physical card! I am in Arizona, and this charge was put through as if it were from Huntsville, Alabama?! ......
Do you have any more information on the Huntsville, Alabama angle. Monrovia is operating out of Virginia. However, your statement that the charge was posted as a "signed for" transaction, is something that I have seen on just about all of the charges that I have looked at. They were all coded as processed "POS" transactions. Point of Sale coding usually refers to the card being present, a card scan.
However, all of the charges are obviously "CNP" Card not present transactions. I assumed it to be incorrect coding, as the process is very different. POS is a card swipe via a terminal or manual entry, and only picks up the strip data. That data only has card number, first and last name, and expiration date. In contrast, a CNP entry, in addition to the above data would need a complete address, usually verified via AVS, and also the 3 digit security code.
I see the POS data line coded on most of the debit card transactions. maybe someone can query their bank, though I have found that most do not really know the finer deatails at that level.
MGD
reply
Laurie @ 4th Mar 05:13PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I was told the fraudulent charge on my debit card from Crystal Clear Designs was "keyed in."
reply
Laurie @ 4th Mar 05:16PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
And this is what it said on my statement:
CKCD DEBIT 01/22 CRYSTAL CLEAR DESI206-3198144 WA $11.89
reply
MGD @ 4th Mar 05:37PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Laurie :
And this is what it said on my statement:
CKCD DEBIT 01/22 CRYSTAL CLEAR DESI206-3198144 WA $11.89
Thanks, that does look like a CNP card not present transaction, which is expected, and the way it should be. Meaning your data was submitted on a form. That would have included name address etc., along with a security code from the back of the card.
Here is an example of the fraud type that I was talking about, that are coded as Point of Sale transactions, when clearly they were not:
quote:
12/24/2007 POS PURCH - 5732 EST COMPANY FL 866-347-0931 EST COMPANY $9.40
MGD
reply
anon @ 6th Mar 12:06PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Great work and very informative!I came accross this thread after receiving a fraudulant charge of $11.89 on 3/3/08 from Mca Web Technologies, 623-742-3769. I reported it as fraud and the card company removed it from my account and are sending new cards. I did not see Mca Web discussed or listed on previous posts.
reply
anon @ 7th Mar 05:40PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Fantastic Plants got hit with 29,000 "pings" via their PayPal account in an hour and half, according to the owner. Uh...that's quite a few.
reply
anon @ 11th Mar 09:05PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I received a bogus charge to my bank account. I was checking my account online on 3/7/08 and there was a Pending Transaction of $9.15 by CCSITE SERVICESLAKE SUCCESS NY 000456119162. The charge was made using my Visa debit care info. I called my bank and was told that I had to wait until the $9.15 transaction went through and then I could dispute the charge. The original date of the Pending Transaction was 3/7/08. On 3/8/08 the date of the Pending transaction was changed to 3/10/08 and the description was changed to CARD PURCHASE. The transaction went through and was posted to my acct on 3/11/08 and the description was changed to SITE SERVICES 888-590-9662 NY 5207434 0748 and the $9.15 was taken out of my acct. I went to the bank and my Visa debit card was terminated and I told them that I wasn't disputing the charge, but that it was a fraudulent charge. I made a police report with local law enforcement. I had a fraud alert placed with the credit report agencies. Hope this information is helpful.
reply
Zenith @ 12th Mar 05:19PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I wanted to add a couple other notes:
I checked my credit reports via annualcreditreport.*** on 1/23/08. I had problems with getting two of the reports and it wasn't due to having requested them too early. I, also, went to optoutprescreen.*** on that day and opted out of marketing. Not sure if any of this is relevant.
I made a purchase from tigerdirect.*** on 3/4/08 using my Visa. My bank had recently began using "Verified by Visa" from Visa USA so I had to enter a pass code to authorize the transaction. This may all be a coincidence, but I think it odd that my Visa card gets hit during my first use of what is suppose to be another security layer.
reply
MGD @ 14th Mar 04:52PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by ivy1 :
Fantastic Plants got hit with 29,000 "pings" via their PayPal account in an hour and half, according to the owner. Uh...that's quite a few.
They probably have an automated script that runs them through. Looks like they stuck someone with a large invoice as well, may be as high as $10,000 depending on the success rate. That is only an average volume, they may churn north of 100,000 thousand cards a month. Factor in a failure rate of around 30%.
MGD
reply
sch9171 @ 14th Mar 05:47PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
My own credit card got hit with fraud this week, but it wasn't this M.O. In a way, I'm disappointed...
(I got several charges from an airline in Slovenia.)
reply
MGD @ 14th Mar 06:11PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Zenith :
.... Hope this information is helpful.
Yes indeed, excellent information, and thanks for posting. The question now is who "CCSITE SERVICES LAKE SUCCESS NY 000456119162." are. Was that really a pre authorization charge to validate the card from a hacked account, or something else.
I am trying to find more data on the LAKE SUCCESS NY angle. Was that a pre auth form a hacked account, or are they one and the same. A run through New York's corporations database does not turn up any direct hits. need to also check Nassau County DBA filings, if they exist.
The SITE SERVICES 888-590-9662 line charge has been showing up on fraud charges since at least the first of the year. This I believe is the first time that it has shown up with " NY 5207434 0748 " along side it. Previous reports have listed it as ""At Site Services" and banks have commented that it was computer maintenance. Not sure if that was just a csr speculating or a code look up.
MGD
reply
MGD @ 14th Mar 06:21PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by sch9171 :
My own credit card got hit with fraud this week, but it wasn't this M.O. In a way, I'm disappointed...
(I got several charges from an airline in Slovenia.)
Wow !! sorry to hear that, if there is any consolation, it was at least in the same geographic neighborhood.
Sooner or later we will all probably get hit by this group. Apparently just owning and never using a card will not keep you off the list:
quote:
RE: Monrovia designs
tree - 9 Mar 2008
The cc# they used was my husbands he had the card for over a year and had never used it, but some how this company got the # and charged 11.89 on our account.
»800notes.com/Phone.aspx/1-703-348-7199/2
MGD
reply
Zenith @ 14th Mar 07:27PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I entered both groups of numbers listed on pending and completed transactions into google search. One set didn't bring up anything. The group "5207434 0748" did however. The hit was on 5207434 and has to do with the Dept of Treasury in Michigan. Probably doesn't mean anything, but money and Dept of Treasury is a strange coincidence I think.
reply
Laurie @ 16th Mar 11:10AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Just a thought... I saw a post recently on another board where the person got hit with a bogus charge on a card that he'd only used once in 6 months, to pay for something through Google Checkout (not sure of the merchant).
My bogus charge also came a few days after I used Google Checkout for the first time, to order through buy.com
Not sure if it means anything, just throwing it out there to see if maybe anyone else had the same experience.
reply
Zenith @ 17th Mar 03:21PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
See previous posts please.
I received a letter from my bank dated 3/13/08 stating that the bank had concluded their investigation regarding unauthorized electronic fund transfer. “The merchant has issued credit to your account. A credit for $9.15 from CC Site Services posted to your account on 3/13/08.” I called the 800 number included in the letter and requested the complete address of where the unauthorized electronic fund transfer had originated from and was told that my bank didn't’t have that information and only had the toll free number of 888-590-9662 available to contact the thieves. The bank didn't say "thieves"......that was mine!
reply
anon @ 18th Mar 07:23AM:
TO MDG - VERY IMPORTANT
Mr. MDG.
Please drop me an email at red@mail-eye.com
I know exactly who operates Innowest, Midtown and Innovative Systems.
All three companies belong to a financial company, similar to E-Passporte, which uses these companies for funds transit and has thousands of clients. Most of the clients are adult webmasters, or alike.
Obviously the system is not providing services to hackers, frauders,etc, otherwise I would not be here, and obviously system was abused as well and now all three companies will have a lot of fuss with investigators.
However, we can not track here, on which account in the system, the funds from this particular frauders came, so it is even worse because they will keep on using it, even though Innowest and other companies will no longer be used.
If we could find the account in the system which was abused, we could assist in tracking these frauders further, in the Russian financial web as well, as funds were probably transferred further.
email: red@mail-eye.com
ICQ: 43432801
Regards,
RedEye.
reply
MGD @ 18th Mar 12:00PM:
Re: TO MDG - VERY IMPORTANT
said by Real RedEye :
Mr. MDG.
Please drop me an email at red@mail-eye.com
I know exactly who operates Innowest, Midtown and Innovative Systems.
All three companies belong to a financial company, similar to E-Passporte, which uses these companies for funds transit and has thousands of clients. Most of the clients are adult webmasters, or alike.......
Excellent, I was hoping that someone who knew Inowest would eventually find this thread. As you mentioned, I did see where they show up as as an e-currency payment method for adult referral sites. I did suspect that these criminals were abusing that system since it is the first drop that the fraudulent funds are wired to in the laundering process.
I od know that the crime syndicate has been laundering the funds through Inowest for at least two years. As I posted earlier in the thread, stolen funds collected in late 2006 and early 2007 from the fake template sites were wired to:
---------------------------------------------
Beneficiary's Bank Name: EUROBANK PLC
Beneficiary's Bank SWIFT code: EUBKBGSF
Beneficiary's Bank Address: 43 Cherni Vrah Blvd.,
1407 Sofia, Bulgaria
Beneficiary Account: BG96PIRB91701745144579
Beneficiary Name: Inowest Enterprises Inc
---------------------------------------------
In late 2007 fraudulent funds from several of the e-book sites were wired to:
---------------------------------------------
Beneficiary's bank name: ASIAUNIVERSALBANK
Beneficiary's Bank SWIFT code: ASUJK22
Bank address: 59, togolok moldo str., 720033,
BISKHEK, KYRGYZSTAN REPUBLIC
Beneficiary account: 1231128530000131
Beneficiary name: Inowest Enterprises Inc
Beneficiary address: same as bank address
---------------------------------------------
I know for a fact that within the last 30 days fraud funds from several sites were wired to:
---------------------------------------------
Beneficiary's Bank Name: Piraeus Bank
Beneficiary's Bank SWIFT code:
Beneficiary's Bank Address: 43 Cherni Vrah Blvd.,
1407 Sofia, Bulgaria
Beneficiary Account: BG73PIRB74051735052201
Beneficiary Name: Midtown Intergroup Ltd.
---------------------------------------------
That is the same physical bank as the 2006 drops. In the interim, the Greek Bank "Piraeus Bank" bought out Eurobank. These recent transfers were also the first time that the Beneficiary Name: Midtown Intergroup Ltd. showed up. I did find where Midtown also appears to be used for referral payments. However, until you posted I did not know that they were directly connected to Inowest.
It makes sense that a virtual e-currency organization would want to rid itself of criminals using their system to launder the proceeds from crime. I have seen multiple cases of international banks freezing asset accounts because some of the inbound funds were the subject of laundering allegations. Payment providers that want to maintain a legitimate operation will try to keep criminals out of their system as much as possible to avoid those problems.
I am not sure if those deposit account numbers are unique to the criminals, or if they are general inbound accounts. if so, the only unique identifier would be that the funds are sent from the LLC named bank account that each website is using for the set up. The outbound transfers do not contain any other identification to enable the criminals to "claim" the funds.
Thanks again for posting, I will contact you via email from 007MGD
MGD
reply
MGD @ 18th Mar 03:26PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Zenith :
See previous posts please.
I received a letter from my bank dated 3/13/08 stating that the bank had concluded their investigation regarding unauthorized electronic fund transfer. “The merchant has issued credit to your account. A credit for $9.15 from CC Site Services posted to your account on 3/13/08.” ....
What you have just experienced is the essence of how this fraud operation is preserved. As far as the bank is now concerned this was a billing error. That scenario probably occurs a few thousand times a month, for the victims that actually catch and pursue it. The charges are then never classified properly as fraud. Nor is there a chance of of a SAR being filed: »www.ffiec.gov/bsa_aml_infobase/p···_112.htm
This fraud has reached the optimum level of operation. Maximizing the returns, while preserving both the operation itself, and the source of the card data. From trial and error, they have found the sweet spot of ~ $10 a time per card.
You can see the lessons learned from the 2005 Pluto scam. Hitting the cards for $30 gets a lot more attention. Plus, running such a high volume through one account versus the now widely dispersed multiple entities, makes a huge difference in the noise volume. Circa early 2005 Pluto: »www.firstcoastnews.com/money/new···id=34431
Now when you yell "robbery", in many cases the response is, "no, it's a billing error, and it is only $10".
MGD
reply
anon @ 18th Mar 08:18PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by MGD :
Now when you yell "robbery", in many cases the response is, "no, it's a billing error, and it is only $10".
MGD
I currently have a fraud case open with my long time bank bank. For the sake of brevity, I won't detail the really poor job they did and are doing at protecting or stopping anything based on how they handled my case.
Recently, I noticed my provisional credit was reduced, by breaking out the charges that were less than $10 ($9.95ers) and just refunded by the bank. Their reason was the amounts under $10 are just refunded by them per policy.
Back when this started, and during the first call to them, my bank even attempted to break the total fraud amount into 2 groups, in order to keep the total under an amount that the agent said, "would trigger a different kind of investigation". *AAAAAH*
Keep up the good work, MGD. At times, I think you are one of the only ones who care.
reply
garys_2k @ 18th Mar 08:59PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Regarding my current situation »[Credit Card Fraud] PW EAUCTION, aka Pacific Webworks I told my card provider (Chase, via the 800 number on the back of the card) straight out that the charges I saw were fraudulent. I repeated that several times and I was put through to the fraud center pretty much straight away. I told the CSR there that the charges were clearly unauthorized and indicated that my data was now "out there" for the picking. She never argued.
reply
anon @ 19th Mar 03:24AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Sure.
Again, Innowest, Midtown and Innovative Systems are all companies which are used by a financial system designed for adult webmasters.
The system has tens of companies tied one to each other.
By the way, the system indeed is Russian.
However the first time the system ever received information that something is wrong is may be a month ago, when one of normal clients received questionarries from FBI in USA when he attempted to make a transfer to Innowest.
In order for us to track these criminals of Yours, we need to see the sender of the funds (to Innowest or Midtown).
Then we will locate the client in the system.
When You adress me in the email (I still havent got it) we can also point further to Russian e-money systems and how US forces could further track these people.
Reason is: It is 100% against the system rules to use it for fraud related funds.
reply
anon @ 19th Mar 12:43PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by garys_2k :Regarding my current situation »
[Credit Card Fraud] PW EAUCTION, aka Pacific Webworks I told my card provider (Chase, via the 800 number on the back of the card) straight out that the charges I saw were fraudulent. I repeated that several times and I was put through to the fraud center pretty much straight away. I told the CSR there that the charges were clearly unauthorized and indicated that my data was now "out there" for the picking. She never argued.
I am glad you had a better experience than I did with my bank (Wachovia). I did the same exact thing as you (immediately recognized it as fraud and insisted it be all classified as fraud.. rather than disputers). However, when I was immediately transferred to the 'fraud investigator' it all fell apart to near negligence.
Despite the fact it was clearly fraud, and I was insisting all 10 charges be classified as such; and despite the fact that the 'investigator' claimed they were filing it as such; they still attempted to do a line by line dispute but did not let on.
After being transferred around to close my account, etc, (it was a debit card), I had to be transferred back to the fraud department. In speaking with this new agent, it came to light that by my 10 reference numbers on my case, that my case was entered as 10 'disputes' regardless of what I asked and was agreed by the first agent. I probably would not have known if agent #2 was not trying to transfer me off his desk because I was sent to the 'wrong' department by my case numbers.
Furious, I made this new agent reclassify everything correctly as a 'fraud case'. Great.. except it was this agent who wanted to break my case in 2's to keep the 'amount' down. This was all in my initial call.
Insult to injury was their recent new 'change' to the total amount of the provisional credit I mentioned in my post above.
It's not a hard reach to grasp that many banks are motivated to sweep this activity under the rug.
This will continue to be the case until either, a) The banks who do suffer some massive fines for it; or b) The amount of these losses become greater than the amount of potential revenue lost when the public stops using electronic credit/debit cards from rightful fear.
/end rant
reply
Zenith @ 19th Mar 06:59PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I've read this thread twice and may have missed what I was looking for? Has anyone done a toll free number reverse look up on 888-590-9662 to see if they can obtain a business name, address, or whatever? I've tried doing it online at some "free" reverse look up sites and keep getting directed to "Intelius"(sp) which wants to charge around $14 dollars for the information.
Noticed that there is a intelius.com and an intellius.com
Another scam I suppose?
reply
Owlbet @ 20th Mar 12:06AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
MGD, I need to visit this forum more often. I'm only here because of the recent DDOS of the site. The work you are doing, in this thread especially, is amazing.
I love Ann Rule crime novels, and this thread piques forensic interest for me.
I, too, want to know the common denominator for the card data harvesting and one thing sticks out for me. It seems the card authorization process is the data leak, but not once did I see it mentioned in this topic about the card makers. The data has to be put on the card. The only organization with that information are the credit card companies and the companies they contract to issue or make new cards.
Keep up your good works. When you write your book, I'll be sure to buy a copy. :)
--
Team Discovery
Alaska Aces 2007-2008 record as of this post: 37-22-5
reply
MGD @ 23rd Mar 11:25PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Zenith :
... Has anyone done a toll free number reverse look up on 888-590-9662 to see if they can obtain a business name, address, or whatever? ...
According to the RespOrg database, the responsible party for the toll free number 888-590-9662 is vCom Solutions 800-804-8266. However, further checking indicates that the line is sub leased to RingCentral 888-898-4591 These criminals have repeatedly used this service to set up virtual phone accounts. Enrollment and set up can be done over the internet, and they mostly likely use victim card data to pay for it. In fact, the 888-590-9662 number has already been disconnected, indicating a possible chargeback.
The problem is that they can keep coming back and set up new accounts.
MGD
reply
anon @ 25th Mar 06:21PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I just got a charge on my account from byers ebooks. I attempted to call my bank before it actually posted however, they told me it had to clear before they could do anything. This is adgitating because they could have stopped this and did not. Mine was only for $4.95 but that is not the point.. I called and left a nasty message today as it cleared my bank today. Has anyone called Byers ebooks and rec. a return call back?
Beth
reply
Zenith @ 25th Mar 06:24PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Not sure how you find all of your information, but it's appreciated.
Almost seems like a hopeless situation when it comes to stopping the crooks.
reply
MGD @ 26th Mar 01:56PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Owlbet :
...... I love Ann Rule crime novels, and this thread piques forensic interest for me.
I, too, want to know the common denominator for the card data harvesting and one thing sticks out for me. It seems the card authorization process is the data leak, but not once did I see it mentioned in this topic about the card makers. The data has to be put on the card. The only organization with that information are the credit card companies and the companies they contract to issue or make new cards. ...
Thank you,
Good catch, yes card makers have been on my list of potential sources for some time. They meet several criteria, in that the full name and mailing address of the holder would be in their database, in addition to the card data.
Also, information that the criminals clearly do not have with respect to some cards, is that they do not know the frequency of use or when it was last used. That is information that would not be in that kind of data.
Clearly from the syndicate's point of view it makes no sense to hit a 18 month dormant card with a charge. That is almost a 100% guaranteed chargeback, why even do it, unless you don't know. Also, if the card data was intercepted from recent transactions there would be no need to ping them. We know that thousands or cards are pinged via hijacked accounts every month. We also know that some of the card data and holder combo is incorrect based on processing rejections.
Obviously there can be multiple sources and combinations for this data. However, there are distinct patterns that enable some conclusions to be drawn.
MGD
reply
MGD @ 26th Mar 02:28PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by BYERSEBOOKS :
I just got a charge on my account from byers ebooks. ....
Wow they are still going strong !! They were in the first group listed in the thread. They are a prime example of just how long each fraudulent entity can survive. byersebooks.com Byers Ebooks was set up back in December of 2006 on JAGUARPC.NET, a long time favorite haunt of the criminals.
said by BYERSEBOOKS :
...I attempted to call my bank before it actually posted however, they told me it had to clear before they could do anything. This is adgitating because they could have stopped this and did not. Mine was only for $4.95 but that is not the point..
That is correct, there is no mechanism available to preempt or reject a charge in process, at least at the receiving end. Though they can see them in process, they have to wait until it posts in order to manipulate it.
said by BYERSEBOOKS :
...I called and left a nasty message today as it cleared my bank today. Has anyone called Byers ebooks and rec. a return call back?
Beth
I do not know specifically, however that listed number will forward to the criminal's command and control. They will issue a credit, however that is not the best route to take. Allowing the criminals to rescind the charge, helps them preserve the criminal operation.
It is imperative to have your bank classify this charge as fraudulent, which is exactly what it is, and immediately charge it back. Also, your card needs to be cancelled and replaced. Your account data is compromised, and you will get additional charges until your card is cancelled.
I have made repeated attempts to reach the female cyber-mule in New Jersey, Mrs Jane Byers, and failed. The registrant of the LLC is the one who will be wiring the proceeds from these fraud charges out of the country and into the crime syndicate's hands. That is the weak point in the system, and the optimum place to cut off the operation in the interim.
MGD
reply
Doctor Olds @ 26th Mar 03:25PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Laurie :
I saw a post recently on another board where the person got hit with a bogus charge on a card that he'd only used once in 6 months, to pay for something through Google Checkout (not sure of the merchant).
My bogus charge also came a few days after I used Google Checkout for the first time, to order through buy.com
Not sure if it means anything, just throwing it out there to see if maybe anyone else had the same experience.
I hope it isn't related since I also recently (in the last 2 weeks) used Google Checkout at Buy.com myself. I've just checked my CC details online and nothing out of line is showing yet, knock on wood. :huh:
Regards,
Doctor Olds
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 26th Mar 03:35PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Zenith :
Not sure how you find all of your information, but it's appreciated.
Almost seems like a hopeless situation when it comes to stopping the crooks.
Thanks, after uncovering and tracking this operation for well over two years, I consider myself an authority on the matter.
said by Zenith :
...Almost seems like a hopeless situation when it comes to stopping the crooks.
Well.. maybe, ... maybe not, however, I am giving it one last shot. I cannot continue to devote the resources necessary to stay on top of this. It is a very complex and sophisticated operation. It is also dynamic, and is changing to adapt to any roadblocks that are being placed in their path. So it is vital to intensively monitor their activities, so as not to loose track of the mechanics of the operation.
Besides cutting off the operation, and attempting to identify the core group of criminals behind it, there are also the changes that need to made in the financial system to prevent it from happening. Remember, this amounts to millions of dollars a year, and has been operating unfettered for several years. Though the charges that are caught by victims are removed, consumers are still footing the annual bill for this. When you add the cost of card replacement, and the time, effort, calls, and paperwork that each victim has to go through, the total cost of the crimes are considerable.
There are no line item deductions from bonus checks for fraud each year, that cost in its entirety is passed on to consumers. Despite the promoted image of relative safety in the financial system, to the contrary, there are numerous gaping security holes. It is a misnomer to state that consumers are not liable for fraud. They may not be individually, but they still pay for it collectively.
The problem with this long running criminal enterprise is that it has been missed completely year after year, by the banks, the card brands, and the merchant processors, e.g. authorize.net / cybersourse.
At the lowest common denominator level, you actually have card victims where their own bank is processing the fraud charge out of their account, and into another one at the same institution belonging to the criminals. So while some customer of the bank is on the phone complaining, and getting the runaround about the charge. The criminals are having the fraud proceeds wired out of another account there, in increments under $10,000, off to Eastern Europe. All occurring week after week, right under their nose. Also, don't forget about the gateway processor, oblivious to this, year after year.
Remember, this massive criminal operation has been identified and documented from the outside. Just imagine the data and resources that are available on the inside to have detected this. The problem with the cost benefit decision calculations that are made in writing off financial crime, are flawed. The fraud that you are writing off today, becomes the epidemic that you will have to deal with tomorrow. Tolerance and inaction breeds future epidemics.
MGD
reply
Zenith @ 26th Mar 07:30PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Was wondering if you have ever received positive feedback from www.IC3.gov?
I've called several ID Theft hotlines and made a few reports. One report was made to the FTC and they actually gave me a report number. I told the person that my situation only involved a small amount and the person said, "The amount doesn't matter......it's still fraud" and took the information for the report. This happened prior to your post about 888-590-9662 no longer being active. Difficult for me to understand why there are so many Government ID Theft hotlines. Does anyone know if there is a central Government hub for ID Theft reports and information?
reply
anon @ 26th Mar 08:20PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
If I may ask, where is the alleged NJ mule located. I am in Califon NJ and may be able to find something out.
reply
MGD @ 26th Mar 09:13PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
They are located in Mahwah according to the relevant State of New Jesey business registration. Additional address details are listed in the first post, scroll down: »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
There is a public listing for the phone number matching to the address, or was back at the time of the original post. Several messages left at the number were not returned, so verbal confirmation is needed that they were in fact recruited and set up both the merchant processing and bank accounts.
Once contact is made and it is confirmed that they are in fact a duped cyber-mule, there is a suggested procedure given to them to extricate themselves from that role, and promptly shut the operation down.
I will post the procedure in an upcoming post shortly, where a new Command and Control website will be documented, along with all the recruitment documents and employment contracts that are given to cyber-mules.
MGD
reply
MGD @ 26th Mar 09:29PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Zenith :
Was wondering if you have ever received positive feedback from www.IC3.gov?
........ Does anyone know if there is a central Government hub for ID Theft reports and information?
IC3 is the most appropriate in this situation, since they are a Federal entity. They will disseminate the reports to the relevant agencies, and are a central database where this information can be collected. Unfortunately they do not usually respond or reply to submissions. However, that does not mean that they are not acted upon.
Since this criminal operation involves multiple class A federal felonies, includes money laundering, ID theft, credit card fraud, data hijacking, etc., IC3 is the best place to report it.
In addition, the multiple bank accounts and corresponding LLCs are located in many different states. Plus the major criminals who operate this crime syndicate, live and operate it from outside of the jurisdiction. The process of identifying, and eventually arresting and charging them will require cooperation and participation from foreign governments.
MGD
reply
anon @ 27th Mar 05:09AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
MGD
Thank you for the work you've done here. I stumbled upon this thread when I received a charge on my debit card and didn't recognize it. It is listed as "03/24/2008 POS Debit / HTTP://www.mcatemplates.c" for $11.89 on my checking account. I assumed the description field was too short to include the full ".com". When I typed that address, to my surprise it said it couldn't find the website, but did say "did you mean"... I'm not very computer/internet savvy, so I clicked the link. When the new search came up with EVERY link stating "fraud" I was horrified. This thread was the first, so I began reading it and just finished the 12 pages of posts. Just now I tried typing the web address and this time it brought up the bogus website. Looks very convincing.
I have 2 other charges that I was hoping you could shed some light on, or possibly bring to your attention as possible fraud. Both posted to my account on 3/17/2008, both as "POS Debit" one is from "DRG Enterprises LLC" for $10.29 the other is from "Business Solutions Intern" for $9.98. I know I did not make purchases at either of these, so I questioned my husband and he also does not recognize the charges. I will be going to my bank this afternoon to cancel both mine & my husband's checkcards! I will also be reporting all three charges as fraudulent. And I will go to ic3 to report as fraud.
Someone had posted that the size of the bank seemed to not matter. I concur! We currently live in Germany (husband is active duty Army). Our bank is a small subsidiary of BOA whose clients/customers are all either stationed here with the U.S. military or as DOD employees. Having worked as a CSR for a large regional bank as well as a CC company, I thought that if an item posted as "POS Debit" that my PIN was used. Am I mistaken? I can also attest that in my training for both CSR positions, we were taught to tell the customer to contact the merchant before filing a dispute. Also, we were taught that such a small dollar amount should be treated as a dispute as it cost the bank/credit card company too much to file it as fraud. Of course, we were also taught not to let on with the customer that we were filing it as a dispute when the customer specifically asked for it to be filed as fraud. I never did that though! Morally, I could have never had a clear conscience treating my callers that way. As I still have accounts with both of these companies, I will refrain from naming them. Luckily, I have never had to report fraud on either of my accounts with these companies.
Again, thank you for putting together a wealth of information. If they do ever catch these creeps, I hope they have a reward that could be given to MGD. And if MGD feels he doesn't deserve a reward, he could always make a donation to his favorite charity.
reply
Zenith @ 27th Mar 06:40PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Seems like no one should be able to make a charge against an individual's account unless they have a business license, tax ID number, or are registered as tax exempt. Boggles the mind.
reply
Doctor Olds @ 27th Mar 09:05PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Zenith :
Seems like no one should be able to make a charge against an individual's account unless they have a business license, tax ID number, or are registered as tax exempt. Boggles the mind.
You have not been reading any of these threads? They have all that covered and it is easy to get and even easier to get a Merchant Account opened in order to start collecting the money. The US based Mules that are hired setup a fictitious business name and get a Employer Identification Number for the Business then get the Merchant Account. A,B,C, easy as 1,2,3. Boom!
Apply for an EIN (Employer Identification Number) Online
»www.irs.gov/businesses/small/art···,00.html
Merchant Account
»en.wikipedia.org/wiki/Merchant_account
[att=1]
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
Zenith @ 28th Mar 10:37AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
I've read this thread several times. My point is that the mules should be very easy to locate or have I missed something else. I suppose I could have clarifed my point in the previous post. Sorry.
reply
Doctor Olds @ 28th Mar 02:39PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by Zenith :
I've read this thread several times. My point is that the mules should be very easy to locate or have I missed something else. I suppose I could have clarifed my point in the previous post. Sorry.
How so? They are using fictitious Business names, Fictitious names in the Contact Info and they have cloaked domains that don't show who truly registered the Domains. Only when they slip up then MGD can find some of the Mules, otherwise it is hide and seek. The biggest issues are that Law Enforcement and the CC Issuers don't see the big picture and choose to write it off and passing the cost of losses to the customer instead of tightening their procedures and adding vetting processes (which is what the Web Hosting providers need to also do).
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time?
reply
MGD @ 28th Mar 06:06PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by ArmyWife :
MGD
Thank you for the work you've done here. ......
I have 2 other charges that I was hoping you could shed some light on, or possibly bring to your attention as possible fraud. Both posted to my account on 3/17/2008, both as "POS Debit" one is from "DRG Enterprises LLC" for $10.29 the other is from "Business Solutions Intern" for $9.98. I know I did not make purchases at either of these, so I questioned my husband and he also does not recognize the charges. I will be going to my bank this afternoon to cancel both mine & my husband's checkcards! I will also be reporting all three charges as fraudulent. And I will go to ic3 to report as fraud.
...... Having worked as a CSR for a large regional bank as well as a CC company, I thought that if an item posted as "POS Debit" that my PIN was used. Am I mistaken? .......
Thank you,
and thanks for that insiders view of the bank card processing. There are legitimate billing errors within the millions of card charges processed daily. However, as you can see, the banks are making a huge assumption error in treating them all the same way. This fraud is specifically set up to successfully take advantage of many generic assumptions that are made in the entire process.
The fraud charges to debit cards have been showing up as "POS", which as you noted, is incorrect. They have always shown up coded as such, it must be a coding issue in the merchant processing system. That POS code for debit, denotes a card swipe and signature, or a card swipe and pin. However, I know for a fact they are not pin transactions. They are in fact "CNP" transactions, card not present.
The two charges which preceded the mcatemplates.com - 623-444-2173 M.C.A fraud charge, are also fraud charges from the same crime syndicate. "DRG Enterprises LLC" and "Business Solutions Intern" are two of a new batch of several dozen fraud sites set up by the criminals in the last 90 days. This criminal enterprise is constantly setting up new fake sites. There is an assembly line process that is needed to generate the millions of dollars a year in fraudulent proceeds.
drgtemplates.com 206-569-4765 DRG Enterprises, LLC
.
[att=1]
Multiple reports of fraud charges: »800notes.com/Phone.aspx/1-206-569-4765
.
Registrar: ENOM, INC.
.
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
.
Domain name: drgtemplates.com
IP 66.152.162.116
.
Registrant Contact:
DRG
Claudia Thorstensen (drginter58@yahoo.com)
+1.3203868193
Fax: +1.3203868193
37 Bancroft Ave
Reading, MA 01867
US
.
Status: Locked
.
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
.
Creation date: 03 Jan 2008 22:22:35
Expiration date: 03 Jan 2009 22:22:35
.
As usual, hidden from the internet:
[att=2]
.
.
"Business Solutions Intern" is actually:bsi-concepts.com
.
bsi-concepts.com 609-910-2942 Business Solutions International, LLC
[att=3]
.
Registrar: ENOM, INC.
.
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
.
Domain name: bsi-concepts.com
IP 66.152.162.116
.
Registrant Contact:
BSI LLC
Sami Omar (sami_omar48@yahoo.com)
+1.7202288698
Fax: +1.7202288698
360 Jefferson Avenue
Brooklyn, NY 11221
US
.
Status: Locked
.
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
.
Creation date: 21 Jan 2008 22:24:41
Expiration date: 21 Jan 2009 22:24:41
.
Once again, hidden from the internet:
[att=4]
.
Following the crime syndicates trail from the reports adds another name to the mix:
mcatemplates.com ---->Business Solutions International ---->DRG Enterprises LLC---->MCG Enterprises LLC:
quote:
BigOps96 - 21 Mar 2008
I received an unknown charge for $11.89 from MCG Enterprises LLC with a phone number of 541-306-6075, which looks almost exactly like the charge I got for the same amount from DRG Enterprises LLC, 206-569-4765. I am reporting both to my bank and getting a new credit card number (unfortunately).
»800notes.com/Phone.aspx/1-541-306-6075
.
mcg-websolutions.com 541-306-6075 MCG Enterprises, LLC
.
[att=5]
.
Registrar: ENOM, INC.
.
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
.
Domain name: mcg-websolutions.com
IP 66.152.162.116
.
Registrant Contact:
fbrt llc
Jennifer Gough-Belleau (goughbelleau@yahoo.com)
+1.8017570168
Fax: +1.8017570168
39 country club drive apt g
coram, NY 11727
US
.
Status: Locked
.
Name Servers:
ns1.hostdone.com
ns2.hostdone.com
.
Creation date: 21 Feb 2008 00:27:38
Expiration date: 21 Feb 2009 00:27:38
.
mcg-websolutions.com is still in the seasoning phase, however, reports of the fraud charges are starting to come in: »800notes.com/Phone.aspx/1-541-306-6075
Also blocked from search engine archiving. Confirming the fact that they are not engaged in e-commerce, and are just a fake front operation to process hijacked credit cards and launder the funds out of the country:
[att=6]
This is pretty bad:
quote:
escalatorgirl04@gmail.com - 22 Mar 2008
I have just been a victim as well only my bank refuses to reimburse me (bank of america). i stopped my card and got a new one. I saw a purchase for 11.89 that i did not authorize from chula vista CA and aother one from AZ with a different company. I called as well and got the same voice mail. WHO can i contact to get this guy f*cked up?
»800notes.com/Phone.aspx/1-206-569-4765
Need to contact her, and explain the process that the bank is required by federal law to follow. She does not need to eat these charges. Also would like more specific data on those other names.
I am in the process of sniffing out, identifying, and locating the cyber-mules who set up the merchant and bank accounts on behalf of the criminals, and are funneling the proceeds out of the country.
PLEASE NOTE
The names and addresses used for these domain registrations may be bogus, I am attempting to establish if they are or not. However, THEY ARE NOT THE CYBER-MULES. If in fact they turn out to be real, they will be victims of either a fraud charge for the hosting on their cards /Paypal account, or they are random. They are not connected to the fraud. The listed phone numbers will be bogus, or relay numbers that go to the criminals.
Also, for victims of these charges, be careful when you search these names. The LLC names are only unique within the jurisdiction that they are registered in. There may, and in fact are, similarly named legitimate companies, who are in no way connected to this fraudulent operation.
Be advised that running a search on the names will produce legitimate business with the same name or close to it. Over the years that this fraud has been tracked on this forum, many legitimate unrelated companies have been inundated with calls from angry victims.
With this criminal enterprise, all listed phone numbers and email addresses will relay back to the Command & Control center. The only local person connected will be the duped cyber-mule.
For those of you with multiple charges from names that are not already listed, Please list the specific line item fraud charge as it appeared on your bill along with the date. Despite the length of this thread we have only covered a small amount of the fraudulent names that either have been used, or are in use. Posting the full deatails of any additional charges that have not been covered, is very helpful in tracking this criminal operation.
Coming up next, I will document a new C&C hub website that is running the mule recruitment and herding operation for this new group of fraud sites.
MGD
reply
MGD @ 28th Mar 08:35PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
The C&C and recruitment division of this crime syndicate has a new hub site that has been recruiting cyber-mules, primarily from job postings on Craigslist during the past three months.
The job ads are very generic, and advertise part time management positions. There are no links or leads in the postings as to who they are. Once a potential cyber-mule submits their resume they first receive the following response:
quote:
------------------------------------------------------------
From: Aleksandr Kostanda aleksandr_kostanda7@fellowsolutions.com
To: Potential Cyber-mule
Subject: Job offer on Craigslist, Fellow Solutions, Inc
Hello "Potential Cyber-mule"
Thank you for responding to Fellow Solutions, Inc's job offer on
Craigslist.
I represent Fellow Solutions, Inc. My name is Aleksandr Kostanda, I'm
a manager of this company. We are a rapidly growing comprehensive
Business Solutions, Internet and Website Design company. We specialize
in getting businesses onto the Internet quickly and professionally.
Our manager team will grow the next 3 months.
In this letter I will kindly let you into the details of Fellow
Solutions, Inc position of Manager.
We have been in Business 7 Years and many of our staff have been
involved with the Internet for a lot longer, we are somewhat of an OLD
business in this relatively new industry.
Our Marketing Department has developed a perfect idea to boost sales
(our company produces web items).
The idea is to have more subsidiaries that would resell our Webstite
Templates.
As more we have the websites (subsidiaries) as more we can get new
customers and of course we get more profit. The advantage of having
such subsidiaries lies in having different business names sell our
web design services. It's business strategy.
Manager is the person who owns a subsidiary company.
Anyone can do this, because setting up a small company of your own is
very simple, and provided with easy-to-follow step-by-step
instructions of your personal Fellow Solutions, Inc manager.
After your company is set up, Fellow Solutions, Inc will create a
website (online store) for you which will resell our templates.
Final step is launching your store live on the web and taking your
commission from sales.
Your income will increase as the business progresses.
Let me emphasize extremely advantageous features that are sure to help
you make the right decision and become our partner. They are:
- No skills and experience in programming and web design are required
from you. Fellow Solutions, Inc professionals will handle all
technical questions;
- You will not have to sell or advertise anything. It is our special
marketing department that will be responsible for it;
- It's good opportunity for the manager because for this work he
spends not too much time and can work for his usual work and for our
company because we have the opportunity to enter to the USA's market.
If you've got a burning desire to succeed and are interested in
maximizing your personal and professional growth, please kindly get
back to us via our email address
( aleksandr_kostanda7@fellowsolutions.com). I will get back to you with
every little detail of how our cooperation will develop.
Please reply to this email: aleksandr_kostanda7@fellowsolutions.com
Respectfully,
Aleksandr Kostanda,
Fellow Solutions, Inc.
36 Dragan Tsankov Blvd.,
Sophia, 1057
Bulgaria,
Phone/Fax for US: (606) 764-1922
------------------------------------------------------------
Should the potential "employee" move forward on this "job" offer, they will be sent the following instructions. They will have to submit identity documents, and be subject to a background check:
Instructions:
[att=1][att=2][att=3]
Employment Agreement:
[att=4][att=5][att=6]
In addition, they will receive instructions on how to obtain an EIN number from the IRS. Also, how to set up a merchant bank account.
[att=7]
They will also be told which banks not to use, and steered towards banks affiliated with the processing gateway of Authorize.net / Cybersource. The other criteria is that the bank account must have online access, so the criminals can log in and monitor the the results and funds from the fraudulent card processing.
Once this is in place the website will be up and running. The Cyber-mule will not have access to the the website control panel, or be able to see logs etc.
They are also provided with a FAQ:
[att=8][att=9]
After the operation is up and running the cyber-mule's only duties are to follow the instructions from the C&C herder on when and where to wire funds out of the country.
fellowsolutions.com AKA Fellow Solutions Inc.
are probably accurate when they say they have been in business for 7 years:
[att=10]
That is about when the first signs of the modus operandi of this fraud can be tracked back to.
[att=11]
Don't bet that this is actually whee they are, go East.:
Site Contact info:
Fellow Solutions, Inc.
»fellowsolutions.com/
Phone : +1-530-618-6428
Address : Bulgaria,
Sophia 1057
36 Dragan Tsankov Blvd.
E-Mail : support@fellowsolutions.com
The domain registration:
Domain Name: FELLOWSOLUTIONS.COM
Registrar: ONLINENIC, INC.
Whois Server: whois.35.com
Referral URL: »www.OnlineNIC.com
Name Server: NS8.888HOSTINGS.COM
Name Server: NS9.888HOSTINGS.COM
Status: ok
Updated Date: 07-jan-2008
Creation Date: 07-jan-2008
Expiration Date: 07-jan-2009
.
Registrant:
John Millad johnmillad57@yahoo.com +1.5306186428
fellowsolutions.com
1825 Benson Street
Philadelphia,PA,UNITED STATES 19152
.
Domain Name:fellowsolutions.com
Domain servers in listed order:
.
ns8.888hostings.com
ns9.888hostings.com
They push the fact that no technical skills are needed, they want novices, and non net savvy victims.
Techies that may first show interest, will catch on:
»forums.invisionpower.com/index.p···y1707105
and:
»thebecauseeverybodyhasoneblog.bl···ive.html
MGD
reply
anon @ 29th Mar 05:27PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Mgd please contact me when you can i have alot to talk about with you...
reply
anon @ 31st Mar 02:27AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Oh my! I did a search of some bogus charges that were on my AMEX and this site popped up! Thank goodness I'm not alone. I apologize in advance if this is not the correct place to post this or if you all have discussed this information previously.
The two companies that charged my AMEX have already been posted by others:
1) ROMAN I PIGLITSIN Telecom Service 2/20/08, $11.87
ROMAN I PIGLITSIN DBA
4351 Marysville Blvd
Sacramento, CA 95838
Cellular Telephones
R And P Web Designer
2) SOLOMKA DESIGN, Computer network 2/08/08 $11.95
SOLOMKA Design
4282 Pinell St Ste 101
Sacramento, CA 95838
Internet Downloads
I immediately flagged it online, but didn't submit it as a fradulent charge. At the time I thought it MIGHT have been something connected to my MONTHLY charge from EXPERIAN that is SUPPOSED to cover credit report monitoring and protection. Imagine that! :mad: The so-called monintoring service by Experian is $11.95 a month...eerily close to the amounts charged by the 'fake companies'. I immediately called Experian and cancelled and I told the account rep that I was cancelling because I had two charges that were unfamilar and I felt they were connected. I just had a really bad feeling. on my AMEX statement, the same exact language and location (california)used to describe the 'legit' Experian charges is also used with the fake charges. Of course the Experian rep said the standard line of 'we would never knowingly pass your information along to third parties, blah, blah, blah'.
AMEX has sinced given me a credit and sent letters stating they are investigating. I'm hoping they don't 'recharge' my account. But they gave me an immediate credit, no questions asked. I wonder if it's because this has happened to so many other card holders recently??
I have scanned this site for about 10 minutes and I'm thankful I found all of this information. Interesting and VERY scary stuff! Also, I noticed where there were some posts that stated this may have started with Equifax. Do we know if Experian has also experienced (pardon the pun :uhh:) the same kind of leaks? Can anyone tell me HOW I became a victim? Are there some sites I may have visited or do we think it truly is related to Experian? Is there a way of finding out?
I am glad (for lack of a better term) that when I signed up for this service through Experian I used my credit card and not my bank card. I truly meant to cancel the service months ago and kept forgetting. I never meant for it to be an on-going charge. I only wanted the service that one time, but I was constantly getting updates of who was viewing my credit, etc, so I felt it may have been worth it. Never again will I let this kind of stuff fall by the wayside!
Thanks for any updates you can provide.
Angry in Birmingham, Alabama
reply
anon @ 31st Mar 09:35AM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Did you actually sign up through some bonefide Experian site or through a site like 'freecreditreport.com'?
reply
noebook4me @ 31st Mar 06:13PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Just joining in with the "it happened to me" list.
Had two charges listed on my account as "Debit Card Electronic Business". The first for $4.95 left me wondering just who it was who had a legitimate charge for using a debit card. Three months later I had another $2.95 charge listed the same way. Decided I would never use my card wherever they charged for using debit cards. The inquiry to my bank led to EBSEbooks. Strange, we NEVER got any e book download, and never even heard of them.
The annoying thing is the amount of the charge. These charges in and of themselves are too small to peak the interest of the bank or any law enforcement agency. I suspect that is why it is so.
reply
Laurie @ 31st Mar 08:09PM:
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
said by angry :
Oh my! I did a search of some bogus charges that were on my AMEX and this site popped up! Thank goodness I'm not alone. I apologize in advance if this is not the correct place to post this or if you all have discussed this information previously.
The two companies that charged my AMEX have already been posted by others:
1) ROMAN I PIGLITSIN Telecom Service 2/20/08, $11.87
ROMAN I PIGLITSIN DBA
4351 Marysville Blvd
Sacramento, CA 95838
Cellular Telephones
R And P Web Designer
2) SOLOMKA DESIGN, Computer network 2/08/08 $11.95
SOLOMKA Design
4282 Pinell St Ste 101
Sacramento, CA 95838
Internet Downloads
I immediately flagged it online, but didn't submit it as a fradulent charge. At the time I thought it MIGHT have been something connected to my MONTHLY charge from EXPERIAN that is SUPPOSED to cover credit report monitoring and protection. Imagine that! :mad: The so-called monintoring service by Experian is $11.95 a month...eerily close to the amounts charged by the 'fake companies'. I immediately called Experian and cancelled and I told the account rep that I was cancelling because I had two charges that were unfamilar and I felt they were connected. I just had a really bad feeling. on my AMEX statement, the same exact language and location (california)used to describe the 'legit' Experian charges is also used with the fake charges. Of course the Experian rep said the standard line of 'we would never knowingly pass your information along to third parties, blah, blah, blah'.
AMEX has sinced given me a credit and sent letters stating they are investigating. I'm hoping they don't 'recharge' my account. But they gave me an immediate credit, no questions asked. I wonder if it's because this has happened to so many other card holders recently??
I have scanned this site for about 10 minutes and I'm thankful I found all of this information. Interesting and VERY scary stuff! Also, I noticed where there were some posts that stated this may have started with Equ
Tomas_Lasinkas_3.wav 1,445,208 bytes
