dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
815295
MGD
MVM
join:2002-07-31

1 recommendation

MGD

MVM

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

moskaltemplates.com AKA Moskal and Associates, LLC 270-975-4864




----------------------
Contact us

Moskal and Associates, LLC
www.moskaltemplates.com
613 Nairn Circle, Highland, MI, 48357

Phone/Fax:
1-(270)-975-4864

Support e-mail:
support@moskaltemplates.com
----------------------

At some point in the last 10 hours GoDaddy pulled the domain registration, maybe for carding. The registration data is now NLA:
quote:
Results returned from whois.godaddy.com:

No match for "moskaltemplates.com" in the registrar database.
Updated Date: 23-sep-2008
Creation Date: 18-aug-2008

Archived:


Registrar: GODADDY.COM, INC.
.
Registrant:
Milton Lawrence
22001 Trailway LN
Lake Forest, California 92630
United States
.
Domain Name: MOSKALTEMPLATES.COM
Created on: 18-Aug-08
Expires on: 18-Aug-09
Last Updated on: 18-Aug-08
.
Administrative Contact:
Lawrence, Milton miltonlaw1948@yahoo.com
22001 Trailway LN
Lake Forest, California 92630
United States
(610) 822-5839 Fax --



Moskal and Associates, LLC appears to be recycled and was originally registered on March of 2007:





MOSKAL & ASSOCIATES L.L.C.
.
ID Num: D1559G
.
Name:MOSKAL & ASSOCIATES L.L.C.
.
Type: Domestic Limited Liability Company
Resident Agent: NICOLE MOSKAL
.
Registered Office Address:
329 RUSTIC TRAIL
LINDEN MI 48451
Mailing/Office Address:
.
Formation/Qualification Date:3-8-2007
.
Jurisdiction of Origin:MICHIGAN
.
Managed by: Members
.
Status: ACTIVE Date: Present



The filing documents indicate that the business was originally established as a: "consultation services for real estate transactions and similiar investments."




Though the domain was set up on August 18th., they may now register another look alike domain name and continue.

MGD
MGD

1 recommendation

MGD

MVM

eawebsolutions.com AKA E W Designs 857-995-3434




-----------------------------
Contact us

E W Designs
www.eawebsolutions.com

Phone/Fax:
1-(857)-995-3434

Support e-mail:
support@eawebsolutions.com
-----------------------------

Not sure which state the business is registered in. The fake domain registration was done in the middle of August:


Registrant:
CHRISTOPHER JONES
3432 Waltham Circle
VIRGINIA BEACH, Virginia 23452
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: EAWEBSOLUTIONS.COM
Created on: 13-Aug-08
Expires on: 13-Aug-09
Last Updated on: 13-Aug-08
.
Administrative Contact:
JONES, CHRISTOPHER earea4963@yahoo.com
3432 Waltham Circle
VIRGINIA BEACH, Virginia 23452
United States
(610) 887-1797

.

»eawebsolutions.com
Snapped 2008-09-23 22:21:04


MGD
discgolfer
join:2008-09-24

discgolfer to MGD

Member

to MGD
Wow who knew...just got hit on debit card (9-23-08) for $4.78 from www.intelipalm.com 434-336-4079...called the no. same woman difficult to hear. For what its worth I use this card daily/exclusively, just lost my cell/palmtreo the same day this hit my bank account, also spent several days before in tourist type location (Lake Placid NY), coincidence or connection? From what I've read this activity wont be traceable...I have notified bank and closed the card. Is it necessary to call the equifax's etc? Theres not much one can do to protect against this?
MGD
MVM
join:2002-07-31

1 edit

MGD

MVM

said by discgolfer:

....... coincidence or connection? From what I've read this activity wont be traceable...I have notified bank and closed the card. Is it necessary to call the equifax's etc? Theres not much one can do to protect against this?
There is no need to contact Equifax etc, cancelling and replacing your card will cover it. There has never been any evidence to suggest that they have anything other than your full card account data. Once the number is cancelled and replaced, that should end it, for that card. Do check your last few prior statements to make sure that you did not miss any small fraud charges from before.

Was there a state code listed on the intelipalm.com line item charge?. So far I have been unable to track the cyber-mule down, and need to narrow down their location to a state level.

Also, any of the heavily advertised paid consumer protection services can not prevent this type of card fraud, regardless of the impression that they give. For most consumers these services are not worth it, and do little to protect them.

[EDIT ADD]
It is very difficult to tell on a case by case basis if there is any coincidence or connection to recent activity. It could just as easily be a recent infiltration of transaction data from a year or two ago. Then you have the card victims that never had prior tranactions at all.
[END EDIT]

MGD
discgolfer
join:2008-09-24

discgolfer

Member

Just spoke w bank again and no state code avail. Waiting on typical paper work...it was mentioned I could fill out add'l paper work for a police report...worth the time if it will help you out?
MGD
MVM
join:2002-07-31

MGD

MVM

said by discgolfer:

...it was mentioned I could fill out add'l paper work for a police report...worth the time if it will help you out?
If it's not needed by the bank to process the fraud claim, then a better option, at your convenience, is to file a report at IC3 »www.ic3.gov/ That will at least keep a centralized database of all the reports, and make the data available for multiple agencies.

What will help in tracking down the as yet unidentified merchant account and associated cyber-mule that was used to process your fraud charge, is, if you can send me via IM, the transaction reference number listed on that line item charge. There is embedded code within the reference charatcers that can be used to identify the originating merchant account. That information can be very helpful in the cases where the LLC / Corp and cyber-mule have not yet been identified.

MGD
MGD

1 recommendation

MGD

MVM

ahptemplates.com AKA Alternecare Health Products, Inc. 402-408-9453




--------------------
Contact us

Alternecare Health Products, Inc.
www.ahptemplates.com

Phone/Fax:
1-(402)-408-9453

Support e-mail:
support@ahptemplates.com
--------------------

A muti state search for the corporation led to Florida. That was corroborated by the fact that the crime syndicate used the corporation owner's name DONALD MONTELLESE, in the domain contact email address donaldmontel@yahoo.com. That is a common tactic used in many of the fraudulent registrations.





Florida Profit Corporation
ALTERNECARE HEALTH PRODUCTS, INC.
Filing Information
Document Number P02000003007
FEI Number 043626812
Date Filed 01/09/2002
State FL
Status ACTIVE
.
Principal Address
1825 NW 38TH AVENUE
LAUDERHILL FL 33311
Changed 08/18/2006
.
Mailing Address
1825 NW 38TH AVENUE
LAUDERHILL FL 33311
Changed 08/18/2006
.
Registered Agent Name & Address
MARGOLIS, JOHN A
9990 S.W. 77TH AVENUE
SUITE 330
MIAMI FL 33156-2699 US
.
Officer/Director Detail
Name & Address
Title DP
MONTELLESE, DONALD
1825 NW 38TH AVENUE
LAUDERHILL FL 33331-1


The above is a 2002 corporation and appears to be in the supplement business. the contact number on this website:

[imaging failed]
»www.alternecare.com/cont ··· us.shtml
Snapped 2008-09-24 20:47:46
matches to the the number listed for their address here: »integrativepractitioner. ··· 308.aspx

The domain registration is just over amonth old:

[imaging failed]
»ahptemplates.com
Snapped 2008-09-24 20:47:28



Registrant:
Katherine Fitzgerald
344 East 112th Street Apt 4B
NEW YORK, New York 10029
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: AHPTEMPLATES.COM
Created on: 15-Aug-08
Expires on: 15-Aug-09
Last Updated on: 15-Aug-08
.
Administrative Contact:
Fitzgerald, Katherine donaldmontel@yahoo.com
344 East 112th Street Apt 4B
NEW YORK, New York 10029
United States
(720) 596-3375
.
Domain servers in listed order:
NS1.HOSTDONE.COM
NS2.HOSTDONE.COM

.

MGD
MGD

1 recommendation

MGD

MVM

quote:
Mystery charge shows up on Lawrence woman’s credit card
Wednesday, 6 August 2008

Judi Mahaley almost didn’t notice the $9.87 billing to one of her little-used credit cards.

The Lawrence woman checks her statements online to avoid receiving paper statements. She was checking this particular card’s statement to review her finance charges when she saw the a mysterious charge from Imagecrater.com.

“I have hardly used that card at all,” Mahaley said. “I had not been to that Web site.”

Mahaley checked the Web site and found what appeared to be a harmless place to view and order photographs and art images. She did other online searches and found there were plenty of other people who also had received credit card charges without their initial knowledge from the same Web site.

Mahaley called a phone number listed with the charge on her bill and which also is listed as a contact number on the Web site. She got a recording saying the call could not be completed ......
....
..

Continued:
ref:»www2.ljworld.com/blogs/c ··· y_theft/

MGD
Expand your moderator at work

jeph89
@comcast.net

jeph89 to MGD

Anon

to MGD

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

i have some serious anger issues re: $11.89 (ktech solutions). thanks for your obvious hard work MGD, before today i knew nothing of this scam. are the mules really innocent? i notice they have relatively common names. was wondering if looking up their criminal histories is/has been helpful?

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds

Premium Member

said by jeph89 :

are the mules really innocent? i notice they have relatively common names. was wondering if looking up their criminal histories is/has been helpful?
I've not seen any with known criminal histories. Most all are duped. There are regular people missing the needed technical knowhow to spot a scam business model.

StillAtIt
@pacbell.net

1 recommendation

StillAtIt to MGD

Anon

to MGD
I found this site as I was backtracking a fraudulent Amex charge from "24-hour corp" in Carmichael, CA. The now defunct website for them, accept-all-payments.com (AKA AL-Pay and E-Sprint) came back from a whois search as:
Registrant:
ESprint Corp.
4351 marysville blvd
Sacramento, California 95838
United States
Domain Name: ACCEPT-ALL-PAYMENTS.COM
Created on: 27-Apr-08
Expires on: 27-Apr-09
Last Updated on: 27-Apr-08
Administrative Contact:
piglitsin, roman
ESprint Corp.
4351 marysville blvd
Sacramento, California 95838
United States

This information will look familiar to you guys. I won't bore you with the same details of fake websites that are there only to launder credit card charges, but this scam is global (UK in particular as well as here in the US).
MGD
MVM
join:2002-07-31

3 edits

1 recommendation

MGD

MVM

said by StillAtIt :

I found this site as I was backtracking a fraudulent Amex charge from "24-hour corp" in Carmichael, CA. .....
Thank you for posting, and what a coincidence !!

I ran across that several days ago while performing routine searches looking for signs of the American Express card fraud division. As some of you may recall, it has been almost 6 months since a posting has been made on this division which uses Sacramento County based Russian expatriate cyber-mules. Previous reports have been under the heading of:
--------------------------------------------------
VALL-JRSX, VIN-DESIGN, aka VIN DESIGN, E NAT, PARADISE WEB, aka PARADISEWEB, TIM-WEB, SOLOMKA DESIGN, Mobil Txt, MOBIL DESIGN LLC, ROMAN I PIGLITSIN Telecom Service, DBA ROMAN PIGLITSIN, et all

What do they all have in common?. They are a just a few of the LLCs or Fictitious Business Names that were registered in the Sacramento County or surrounding area by Russian expatriate cyber-mules. The business were registered for the sole purpose of obtaining a business merchant processing account from American Express. They were specifically set up in order to use AMEX's own system to launder hijacked American Express victim card data into cash. This was done by submitting and processing fraudulent charges against the stolen card data. The cyber-mules then wired the hijacked funds out of the country which presumably ended up in Russia and the Ukraine. This fraud has been operating out of that area, virtually uninterrupted since at least 2003 - 2002. The fraud runs in parallel with the indentical Visa / MasterCharge operation.
--------------------------------------------------

I have been scouring for signs of their continued operation, which is sometimes difficult to find. However, knowing that this operation has been running in parallel for several years also, I knew that they were active somewhere, and it was just a matter of time before they hit the radar again.

I was preparing a post over the last several days, while digging into:

ACCEPT-ALL-PAYMENTS.COM AL-Pay, E-Sprint, and 24-hour corp

I can now tie this recent American Express card fraud directly to the same operation, no question about it.

I will follow with with the post that I have been preparing over the last several days, which includes both the UK and USA victim reports of the Amex fraud charges.

In the interim watch this local Sacramento CBS 13 news report:

»cbs13.com/video/?id=3937 ··· port.com

They are correct in that it is the "tip of the iceberg". However a whole section of the iceberg has been revealed already. The worst part of the American Express fraud charges, is that Amex has known about this format for over two years, and supposedly investigated it. Yet they are either unable, or unwilling, to take simple preventative measures to at least make it somewhat difficult for these cyber-mules to keep obtaining Merchant accounts from American Express.

Remember, American Express has their own proprietary merchant processing system. This organized crime syndicate obtains the merchant account via the Sacramento County Russian cyber-mules direct from AMEX. That is how the American Express card holders become victims of this fraud. The bad part is that the syndicate has been obtaining these accounts from AMEX via this modus operandi for at least 5 years

In an excerpt from my work in progress post, I prepared a simple script example of how they could have screened this out:




Now obviously that will not shut down the operation. After all, the organized crime syndicate has had a constant supply of American Express card holder account data for years. However, American Express ought to at least make it somewhat difficult for the criminals to launder that card data into cash using the Amex merchant processing system.

With the Visa / MasterCharge fraud division, the cyber-mules can be located anywhere within 50 states, which is a little more difficult to nail down. This one is so simple to at least place a minor road block in front of, that it borders on negligence, in my opinion.

In addition, if you have not been alert to this over the past 5 years, then you have also lost the ability to do specific card fraud analysis on all of the data that was submitted via the dozens of fraudulent merchant accounts. That analysis is a crucial function as it may well reveal some of the points of initial compromise of the data. If so, that would have enabled those sources to be re-secured, and if unique, possibly prevent other sources from being compromised.

MGD
EDIT= corrected FBN/LLC names, added text
MGD

2 recommendations

MGD to StillAtIt

MVM

to StillAtIt

Re: ACCEPT-ALL-PAYMENTS.COM, AL-PAY, E-SPRINT, 24-HOUR CORP

ACCEPT-ALL-PAYMENTS.COM, AL-PAY, E-SPRINT, 24-HOUR CORP 800 682-7189 800-683-6024

It has been almost six months since we have heard anything regarding the parallel AMEX fraud charges ran by Sacramento California Russian Expatriate cyber-mules. History tells us that even though we are not hearing anything, the chances that this multi year fraud operation has been abandoned, are between slim and none. Though I have routinely sniffed around looking for signs of them, unsuccessfully, that certainly did not mean they had stopped. Since fraud reports can show up in a myriad of places, it can be very difficult to monitor.

What brings the Sacramento county Russian cyber-mule operation to the forefront once again, is a recent ongoing AMEX fraud with a twist, and some publicity. The current Amex fraud charge run can be directly tied to the same long running criminal operation, and also highlights new cyber-mules. The twist is that the fraudulent AMEX merchant accounts are now processing bogus charges to both US and UK victims with AMEX affiliated cards. I hit on this by changing some of the key word combo searches that I mentioned earlier that were routine exercises.

It unfolded as follows:

First was a search that returned a TV News video report from CBS 13 News in Sacramento, CA.
quote:
Local residents Targeted By Credit Card Scam
Worldwide complaints from American Express card owners have led investigators to the Sacramento area, where a false business was allegedly making false charges. Elyce Kirchner reports: »cbs13.com/video/?id=3937 ··· port.com

Well with those keywords "American Express" "Sacramento" "false business" false charges", I knew before I even watched the video where and to who this would lead to.

Sure enough, a new crop of Russian expatriate Amex cyber-mules, and one not so new. What was driving this were complaints from the USA and UK victims of fraud charges originating from:

24 HOUR CORP 800-682-7189

6104 Holt Ln.
Carmichael, CA 95608
800-682-7189

By the way, these fraud charges vary from $25 to $50 per hit.

Sample extracts follow from:

»www.complaintsboard.com/ ··· 7/page/1
quote:
18 days ago by Aimee
Same exact thing just happened to me- amex card, same business name, same notes, except they did it 2 times, and the charge was 44.19 each time.

--------------------------------------------------

17 days ago by Michele
Same thing. Two charges on my AX card for $37.69 each!

When you double hit in this range, then these are intended to be short lived fast burn accounts. Remember they can usually draw the money within 48 hours of submitting the charge. As long as they pile them in they can cover and keep adding to the draw, they can move the funds out fast. it is long gone by the time the victim sees the statement.

Emphasis added:
quote:
16 days ago by J. F. [send email]
I agree that I think this company is fraudulent. This is the information that I have found about the supposedly company.

I did a reverse search lookup for the company's address on whitepages.com and these are the results that I have found:

1 Result matching "6104 Holt Ln, Carmichael, CA."

Andrey Yakovlev ------------->Strike One = Russian
6104 Holt Ln
Carmichael, CA 95608-3972 ----->Strike Two = Sacramento County
phone number unavailable

Fraud charges in these amounts are what drew the national media attention to the "Pluto" and "Digital Age" card fraud. Likewise here:
quote:
9 days ago by Katie

ATTENTION ALL VICTIMS OF 24 HOUR CORP SCAM:

I work for the Better Business Bureau in North East California. We are currently working on the 24 Hour Corp Scam with AMEX card holders. This scam has reached all the way to the UK.

PLEASE EMAIL ME at your earliest convenience. We are meeting with channel 3 and 13 and would love to schedule more interviews and find out more information as to the number of people affected.

I look forward to hearing from you. Thanks,

Sincerely,
Katie Robison
Public Relations and Program Services
katier[@]necal.bbb.org

Several, but not all, of the UK victims had visited the USA:
quote:
14 days ago by Nigel Barber
I went to the States in May and only spent money at the hotel on my credit card and got US Dollars before I went.
I have been back for nearly 4 months and now I get a 24hour corp on my statement for 23.18$.
I have phoned my bank and they are aware of it and now they are investigating. Ihave given them the address above and we shall see what happens. This really is annoying.

More on why AMEX could should have prevented this, they have known about this fraud group for several years. This is not "new" to American Express, at all.
quote:
7 days ago by Janice
I am based in the UK and noticed the unauthorised charges because they were the only ones in US Dollars on my statement. I hadn't used my card abroad or over the internet.

Amex (in the UK) said that they are aware of the problem and their fraud team are investigating. They have stopped my card and will credit me for the two unauthorised charges which were $28.04 each.

Many thanks for posting the alerts. Without it, I would not have known I was a victim of fraud.

Can you believe this bank !!!
This is asinine!:
quote:
13 days ago by Clare Gomme
Each month for the last 3 months, I have had charges on my Lloyds card to this company. I have tried to cancel the card to prevent this fraudulent use but Lloyds inform me that, even though they are investigating this company on behalf of a large number of clients, my account cannot be closed until the investigation is complete. In the mean time I am having to phone up each month to dispute this charge. This month I have also been charged for late payment with interest for the disputed amounts on my current statement. To make matters worse I have never used the Amex card on this duo card account so how has 24 hour corp got hold on my account number. Could the fraudster must be an employee of Lloyds?

And it is not just that thread, this one too:

24 hour corp and/or e-sprint LLC

800 682-7189 and 800-683-6024

accept-all-payments.com

»www.complaintsboard.com/ ··· 057.html
quote:
28 days ago by Pl
AMEX (from MBNA) in the UK recognised this as fraud & cancelled the card - it is said that the amounts are low because its below the authorisation limit so they go through automatically - but some AMEX issuers are waiting for customers to complain before they do anything.

Spreading to other countries:
quote:
27 days ago by George
I had two charges from them on my Greek Alpha Bank AMEX, within July, the amounts were 17, 05 and 17, 18 euros...it is amazing the way they let this company charging people all this time. The Bank returned the amounts but I still find it unacceptable...
I have reported it since 4 of AUGUST and AMEX still let them charge.

A UK victim's thread on the UK forums Moneysavingsexpert.com:

»forums.moneysavingexpert ··· 1&page=2
quote:
Lloyds TSB Credit Card

------------------------

Beware, its seems that some thing suspicious is happening with transactions with Lloyds TSB cards.

LLoyds TSB have said they have had alot of the same, but they dont know who the company is.

It showed on some statements as

24 HOUR CORP 24HOUR CARMICHAEL CA£18.340806 35.37 USD @ 1.9286

24 HOUR CORP 24HOUR CARMICHAEL CA £19.54
##0805 37.69 USD @ 1.9289

So make sure you check your statements!!

-------------------------------------------------------

I have had a charge on my Virgin Amex for approx $23 which translates at £13.84 from 24 Hour Corp Carmichael. Virgin have said they will contact the merchant and ask for documentation. They give them 40 days for a response and if it's not a legitimate charge they will refund the money back to my account. In the meantime the amount is frozen so it doesn't accrue interest but they won't issue me with a new card until it is confirmed as a fraudulent transaction.

This is a known fraud

------------------------------------------------------

A similar charge has appeared on my British Airways Blue Amex card. $44.92 USD on 10 Aug 08.

I am just off the phone to Amex and I was told that this is a known fraud which is impacting numerous cardholders. They will refund it and they have insisted that my card is cancelled and a replacement issued.

What dissapoints me is that their fraud team are aware of this and they are not proactively identifying customers that are impacted. When I pushed them on this I was told: "It would take too long to review every account, so we are waiting for customers to call us - Amex have revoked the merchant's Amex authorisation, but because the transactions are below the "floor limit" they are applied automatically to customer accounts without being checked to see if they are valid".

Please keep your eyes open!!!

What is even more disappointing is the fact that American Express has known about this specific fraud operation for several years. Contributing to the problem is how easy Amex doles out merchant accounts. Since a core function of this long running fraud is the use of Russian expatriate cyber-mules from a concentrated area around Sacramento County, a simple add on in the vetting process that was listed in the above post, could easily filter these out at application time.

So lets look over some of the info that has already been posted, and add some to it:

ACCEPT-ALL-PAYMENTS.COM, AL-PAY, E-SPRINT, 24-HOUR CORP 800 682-7189 800-683-6024

The website ACCEPT-ALL-PAYMENTS.COM is now down, two cached pages still exist from August 26th 2008:





»74.125.45.104/search?hl= ··· G=Search
Snapped 2008-10-01 06:12:04






»74.125.45.104/search?hl= ··· G=Search
Snapped 2008-10-01 06:11:46


from the page:

Contact Us
E-Sprint LLC,.
2721 Rio Linda blvd. Sacramento, CA, 95815
Phone/fax +1(800)683-6024

So, did American Express improve the vetting process for individual merchant accounts, and the criminals moved up to the next rung on the ladder and were operating as a secondary wholesaler / affiliate?:
quote:
Welcome to AL-Pay! The best credit card and E-check payment system on the net.

Did you know that when you accept credit cards and checks online, you can expect your sales to increase by an astounding 50 to 400%? You simply can't compete if you don't accept credit cards and e-check. With our free online application, you can start accepting credit cards and e-checks on your web site in less than 24 hours! In addition to accepting credit cards and e-checks on your web site in real-time, you will also receive our simple-to-use, web-based payaments administration system. With our versatile ecommerce software, you have a complete solution.

Or was that just a ruse?

Running down the names:

E SPRINT is a California LLC registered on March 11th 2008 by a PAVEL UDALOV:





LP/LLC
E SPRINT LLC
Number: 200807110216
Date Filed: 3/11/2008 Status: active
Jurisdiction: CALIFORNIA
.
Address
2721 RIO LINDA BLVD
SACRAMENTO, CA 95838
.
Agent for Service of Process
PAVEL UDALOV
2721 RIO LINDA BLVD
SACRAMENTO, CA 95838


There was also a matching Sacrament Country Fictitious Business Registration for E SPRINT LLC:




There is no phone listing for either PAVEL UDALOV or a reverse for that address. In fact, there is no public records for a Pavel Udalov within the entire state of California. That home however does show up as having being last purchased on 08/07/2007 and was put back on the market a month later. That home was recently listed on "Sacramento Area Flippers In Trouble", as having a 37% drop in asking price from the previous sale, and has unpaid back property taxes for 2007.




»74.125.45.104/search?q=c ··· =5&gl=us The address is no longer on the MLS listing.

I am unable to find anything specific for "Al-Pay". However, the ACCEPT-ALL-PAYMENTS.COM domain as "StillAtIt" posted, brings us to a very familiar name:


Registered through: GoDaddy.com, Inc
.
Whois Record
Registrant:
ESprint Corp.
4351 marysville blvd
Sacramento, California 95838
United States
.
Domain Name: ACCEPT-ALL-PAYMENTS.COM
Created on: 27-Apr-08
Expires on: 27-Apr-09
Last Updated on: 27-Apr-08
.
Administrative Contact:
piglitsin, roman piglitsin@hushmail.com
ESprint Corp.
4351 marysville blvd
Sacramento, California 95838
United States
(916) 308-7086 Fax --
.
Domain servers in listed order:
NS13.DOMAINCONTROL.COM
NS14.DOMAINCONTROL.COM


From February 2008:
quote:
Julia:
VIN design, Roman Piglitsin and Solomka from Sacramento and Plumas, CA have hit my Amex three times now since November for $12.38, $9.45 and $9.59. Fortunately, Amex has been good about crediting my account.

»Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

From March 2008:
quote:
Angry:
Oh my! I did a search of some bogus charges that were on my AMEX and this site popped up! Thank goodness I'm not alone. I apologize in advance if this is not the correct place to post this or if you all have discussed this information previously.

The two companies that charged my AMEX have already been posted by others:

1) ROMAN I PIGLITSIN Telecom Service 2/20/08, $11.87
ROMAN I PIGLITSIN DBA
4351 Marysville Blvd
Sacramento, CA 95838
Cellular Telephones
R And P Web Designer

2) SOLOMKA DESIGN, Computer network 2/08/08 $11.95
SOLOMKA Design
4282 Pinell St Ste 101
Sacramento, CA 95838
Internet Downloads

I immediately flagged it online, but didn't submit it as a fradulent charge. At the time I thought it MIGHT have been something connected to my MONTHLY charge from EXPERIAN that is SUPPOSED to cover credit report monitoring and protection. Imagine that! ....
..

AMEX has sinced given me a credit and sent letters stating they are investigating.

»Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

That ties ROMAN I PIGLITSIN to SOLOMKA, which ties to VALLJRSX VALL-JRSX »Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto and also to Mobil Txt, and on up the ladder we go!.

Roman's directory listing does show him as the owner of "R And P Web Designer",




which means that the White Pages picked it up from a business filing, a search of both Sacramento County, and California records does not yield a hit. It is possible that it could be registered in another county.

These are the only two listings:





Did the crime syndicate do the same as they do in the other divisions, and after the ROMAN I PIGLITSIN DBA cyber-mule merchant account burned up, and he became black listed, then used his identity to register the ACCEPT-ALL-PAYMENTS.COM domain?

The last several months have been a dry spell in terms of fraud charge information on this Amex division, though I doubt that they were on vacation. In fact Domain Tools shows that there are a total of 6 domains registered using the piglitsin@hushmail.com email address.




One of them as late as July. You should presume the other 5 are also tied to fraudulent American Express merchant accounts that we do not know about. Some of them may have been already active, I have searched for fraud reports.

That brings us to 24-HOUR CORP, there were three Corporate registrations of that name:

The first one was in the beginning of 2005, and subsequently suspended:





Corporation
24 HOUR CORP.
Number: C2715247
Date Filed: 1/10/2005
Status: suspended
Jurisdiction: California
.
Address
6104 HOLT LANE
CARMICHAEL, CA 95608
.
Agent for Service of Process
LEO YAKOVLEV
6104 HOLT LANE
CARMICHAEL, CA 95608


Then registered again on 08/18/2006 with a new address:





Corporation
24 HOUR CORP.
Number: C2892866
Date Filed: 8/18/2006
Status: suspended
Jurisdiction: California
.
Address
2370 MARKET ST STE 111
SAN FRANCISCO, CA 94114
.
Agent for Service of Process
LEO YAKOVLEV
2370 MARKET ST STE 111
SAN FRANCISCO, CA 94114


Registered for a third time in June of 2008, new agent name, but the same address as the 2006 registration:





Corporation
24 HOUR CORP
Number: C3150801
Date Filed: 6/23/2008
Status: active
Jurisdiction: California
.
Address
2370 MARKET ST STE 111
SAN FRANCISCO, CA 94114
.
Agent for Service of Process
DAVID BLESS
2370 MARKET ST STE 111
SAN FRANCISCO, CA 94114

.

The 2370 MARKET ST STE 111 address is the same as that of a company called Ferro Rosso Corp. www.ferro-rosso.com »www.ferro-rosso.com


»www.ferro-rosso.com/contact.htm
Snapped 2008-10-01 06:11:29


Yelena Milovanova
2370 Market Street, Suite 111
San Francisco, CA 94114
888-870-7797

Ferro Rosso Corp.
2370 Market Street, Suite 111
San Francisco, CA 94114

What the connection is to this apparently legit company, I do not know. However, they have more than an address in common:




They share the same "24 Hour Corp" as the agent, which in 2007 would have been LEO YAKOVLEV. A check of all FBNs' registered to either Andrey or Leo:




With so little information thus far, I do not necessarily suspect a formal conspiracy between the criminals and the cyber-mules, because of the common Russian heritage link. Evidence of hiding, or otherwise participating in the obfuscation of the set ups would indicate some level of complicity.

However, what has been frustrating, is the inability to obtain information from known cyber-mules. Their unwillingness to even talk about it, or cooperate, certainly leaves an impression of being complicit, which may or may not be accurate. Repeated contact attempts yields mules who claim to be only able to speak Russian. When you hear others speaking English in the background, and point that out, they still refuse to have them act as translators. They do know the subject matter, and most of the calls end abruptly. In a case where a translator was available and the issue was discussed with them, they offered to call back with the cyber-mule present, but never did. Repeated follow up calls were ignored. That makes the Sacramento case a difficult area to crack and gather intelligence data on. Based on this stonewalling, which may be more cultural that anything else, a Dslr member who spends time in that area attempted several months ago to generate local media interest in the case, and was not successful.

How complicit some of these cyber-mules are may be revealed in the upcoming Federal case of the 2005 cyber-mule, ALEX BERNIK of LEXBAY LIMITED ROSEVILLE CA: »Re: VALL-JRSX, VIN-DESIGN, E NAT, PARADISE WEB

MGD

Whip412
@embarqhsd.net

Whip412 to MGD

Anon

to MGD

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Can we assume this is from the syndicate? I have my own business so I don't have a resume on the job employment websites.

Content-Type: text/plain; charset="us-ascii"
Date: Wed, 1 Oct 2008 09:19:59 +0200 [10/01/2008 02:19:59 AM CDT]
Delivery-date: Wed, 01 Oct 2008 02:20:10 -0500
Envelope-to: john@not-so-scammable.com
From: Adele Payton
Importance: Normal
MIME-Version: 1.0
Message-ID:
Received: from [193.110.165.112] (helo=ip165-112.mono.lv) by server147.hostingrevolution.com with esmtp (Exim 4.63) (envelope-from ) id 1Kkw08-0005nx-1V for john@not-so-scammable.com; Wed, 01 Oct 2008 02:20:01 -0500
from [193.110.165.112] by pbimail1.prodigy.net; Wed, 1 Oct 2008 09:19:59 +0200

Return-path:
Subject: ***SPAM*** Job position
To: john@not-so-scammable.com
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663
X-Priority: 3 (Normal)
X-Spam-Bar: +++++
X-Spam-Flag: YES
X-Spam-Report: Spam detection software, running on the system "server147.hostingrevolution.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Greetings dear potential employee! PHC Consulting has an opening for a Transaction Specialist position. We do our best to fit all our customers needs as soon as possible. Thats why all are staff is professionally trained and can solve any problem that occurs on their way. We are not just a set of people, we are a family. And we offer you to join us. The details on the position opened right now are below: [...] Content analysis details: (5.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: consulting-phc.biz] 1.6 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist [URIs: consulting-phc.biz] 2.1 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist [URIs: consulting-phc.biz] 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
X-Spam-Score: 58
X-Spam-Status: Yes, score=5.8
Headers: Show Limited Headers

Greetings dear potential employee!
PHC Consulting has an opening for a Transaction Specialist position.

We do our best to fit all our customers needs as soon as possible. Thats why all are staff is professionally trained and can solve any problem that occurs on their way.
We are not just a set of people, we are a family. And we offer you to join us. The details on the position opened right now are below:

General Requirements:

- Be at least 21 years old.
- No special Qualifications Needed.
- Have a minimal experience and knowledge of basic bank operations.
- Ability to maintain confidentiality of all information.
- Willingness to work from home, take responsibility, set up and achieve goals.
- The ability to create good administrative reporting.
- Honesty, responsibility and promptness in operations.
- The ability to operate with more than one task effectively, and have an adaptable, flexible, professional attitude.
- The ability of stable communication with our company and on-time and detailed reporting.
- Be Familiar to working online, Internet and e-mail skills.

What we offer:

- Generous salary (over 3,000.00 USD monthly).
- Free training.
- Paid Holidays plus 2 weeks of Paid Time Off (PTO).
- Trial period of a month
- 5% Commision from our deals.

This is not a hard job, but your help is very important for us and our clients. This job does not require any special education. You wouldn't have to pay us for taking you on our list. However we guarantee stable income.

If you are interested, please send your resumes to us and also feel free to ask any questions to the email adress you can see below. You will be replied the same day:

phc.consulting.staff.department@gmail.com

Best regards,
German Makovski
hxxp://consulting-phc.biz/

___________________________________________________________

Suspect registration as it is new and an incomplete contact number.

Domain Name: CONSULTING-PHC.BIZ
Domain ID: D27355059-BIZ
Sponsoring Registrar: ESTDOMAINS INC
Sponsoring Registrar IANA ID: 832
Domain Status: clientDeleteProhibited
Domain Status: clientHold
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: DI_8774114
Registrant Name: Richard Summers
Registrant Organization: N/A
Registrant Address1: NY st.17, 24
Registrant City: New York
Registrant State/Province: New York
Registrant Postal Code: 93583
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +534.767567
Registrant Email: mail@consulting-phc.biz
Administrative Contact ID: DI_8774114
Administrative Contact Name: Richard Summers
Administrative Contact Organization: N/A
Administrative Contact Address1: NY st.17, 24
Administrative Contact City: New York
Administrative Contact State/Province: New York
Administrative Contact Postal Code: 93583
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +534.767567
Administrative Contact Email: mail@consulting-phc.biz
Billing Contact ID: DI_8774114
Billing Contact Name: Richard Summers
Billing Contact Organization: N/A
Billing Contact Address1: NY st.17, 24
Billing Contact City: New York
Billing Contact State/Province: New York
Billing Contact Postal Code: 93583
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +534.767567
Billing Contact Email: mail@consulting-phc.biz
Technical Contact ID: DI_8774114
Technical Contact Name: Richard Summers
Technical Contact Organization: N/A
Technical Contact Address1: NY st.17, 24
Technical Contact City: New York
Technical Contact State/Province: New York
Technical Contact Postal Code: 93583
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +534.767567
Technical Contact Email: mail@consulting-phc.biz
Name Server: NS1.EGNS.IR
Name Server: NS2.EGNS.IR
Created by Registrar: ESTDOMAINS INC
Last Updated by Registrar: ESTDOMAINS INC
Domain Registration Date: Mon Sep 29 12:03:04 GMT 2008
Domain Expiration Date: Mon Sep 28 23:59:59 GMT 2009
Domain Last Updated Date: Tue Sep 30 10:35:00 GMT 2008

If this is in error or in the incorrect place, feel free to delete or move. Just trying to help.

nwrickert
Mod
join:2004-09-04
Geneva, IL

nwrickert

Mod

Can we assume this is from the syndicate?
It sure looks like a mule recruiting email.

And yes, some of those are sent out to spam mailing lists. People registering on job sites are not the only targets.
MGD
MVM
join:2002-07-31

2 edits

2 recommendations

MGD to jeph89

MVM

to jeph89
said by jeph89 :

i have some serious anger issues re: $11.89 (ktech solutions). thanks for your obvious hard work MGD, before today i knew nothing of this scam. are the mules really innocent? i notice they have relatively common names. was wondering if looking up their criminal histories is/has been helpful?
I did actually do some background checking in 2005, as the first layers of this criminal operation began to be unfolded, and the role of a "cyber-mule" surfaced. At that time I did not know who the real criminals behind it were, so anyone connected to the operation, was considered a suspect.

The first break in 2005 came after multiple fraud charge reports from GENEREXTECH.COM, some in tandem with the Digital Age fraud charges. After hours of sifting through public records a related LLC was uncovered in Ohio, GENEREX TECHNOLOGY, LLC which ultimately lead to the first designation of a "cyber-mule", the registrant, Mambwene L Wamba. That was followed by a second cyber-mule in 2006 for a sister website MOBALLTECH.COM which also had fraud charge reports coming in to DSLR. Moball turned out be an LLC registered in Virginia by an Allan F. Burns. Mr. Burns was a retired physician and Cornell graduate, and certainly did not fit any profile of a criminal. In fact, though he did not reveal much about his role, it was enough to establish that he was for certain a duped cyber-mule. The little information that he provide was enough to lead to the first Command and Control recruiting site, Circa 2004/2005: MODERNNETSERVICE.COM operating under the name of Modern Network Service Using a headquarter address in the now familiar Baltic States of: Sutiste tee 180, 51019, Tartu, Estonia was, along with the non native English website configurations, the first clue that this criminal enterprise was probably based somewhere in Eastern Europe, most likely Russia.

At that time I still had yet to uncover the mechanics of how the operation functioned, and where and how the stolen money went. However it was clear that the US operatives were being recruited unknowingly, and duped into playing a crucial role necessary for the operation to function. The third operation to be cracked in 2006 was Z-WEB-TEMPLATES.COM which was billing fraud charges as On-X Inc out of Minnesota. The individual who set it up, Dennis Cote, was also no criminal, but rather another duped cyber-mule. He shut the operation down shortly after being contacted. The two facts that were established, was, that the domestic portion of each fraud operation was set up by a recruited and duped cyber-mule, and that authorize.net was always mandated by the criminals as the sole and exclusive merchant gateway provider. Though, it has taken a few thousand hours of research to get from there to where we are at now in late 2008, those two items have been a constant ingredient in every operation that has been rolled over.

To expand on what Doctor Olds See Profile stated, while every cyber-mule is duped into the operation at start up, there are some that have ignored copious warning signs, and clearly embraced their role with some vigor. This year there are at least two cyber-mules, who, in my opinion, have gone way past the role of being duped, and ignored repeated evidence that they may be participating in an organized criminal conspiracy. If you continue for almost a year, ignore the massive chargebacks and account cancellations, and participate in setting up eight distinct operations, you have crossed the line. If you have been contacted and shown that the operation is a fraud, ignored the evidence and chosen to continue, you have crossed the line also. There is clearly a greed factor that motivates one to throw all caution to the wind. Remember that many of the cyber-mules have ceased participation of their own accord at various stages, once the mounting evidence became clear.

MGD
MGD

1 recommendation

MGD to Whip412

MVM

to Whip412
said by Whip412 :

Can we assume this is from the syndicate? I have my own business so I don't have a resume on the job employment websites.
..
.
If you are interested, please send your resumes to us and also feel free to ask any questions to the email adress you can see below. You will be replied the same day:

phc.consulting.staff.department@gmail.com

Best regards,
German Makovski
hxxp://consulting-phc.biz/
As nwrickert See Profile postd it is obviously a mule recruiting spam. The consulting-phc.biz website had been removed so I contacted them in order to see what specific mule job this was. The cyber-mule function of this criminal operation involves the mule registering an LLC/Corp, obtaining an IRS ein number, and opening a business bank account an obtaining merchant card processing services. The other common mule recruiting functions involve package re-shipping. That is where the criminals purchase electronics, etc, with stolen credit card data or Paypal accounts, and have them shipped to the mule, who then forwards the packages abroad to the criminals. Another mule function involves depositing either fraudulent checks, or transfers from hijacked accounts, into the mules personal bank acount then forwarding the cash via Western Union/ MoneyGram to the criminals.

The reply from the criminals indicates that this job is the latter.
quote:
from Jonny Dwayne jd.phc.consulting@gmail.com
date Oct 8, 2008 5:37 PM
subject Re: Employment Offer
mailed-by gmail.com

Hello George
We do have a web site: www.phc-consulting.org
Also to clear out some questions have a look at our FAQ:

Q - What does your company do?

A-
We are selling consulting software to clients in Europe and USA however as our corporate account is located abroad we use third-party people to receive the payments and then send them to our colleagues.
This reduces transaction costs and we get to pay less taxes. This is absolutely legal, there is now law in US which prohibits to do so.

Q How does the job process?

A –
1) You send us your account details (we are NOT asking for any passwords or security codes or any other information that can possibly give us access to your funds, we are only asking for details required to make a transfer to your account)
2) We add you in our database and make you available to our clients.
3) In a few days you will be informed about a transaction coming to your account.
4) As soon as you receive the payment, we will contact you and explain what to do next.
5) You will be informed about your commission that you receive as being a "middle-man" which you then will have to deduct yourself.

Q- What are the daily responsibilities?
A- You daily responsibilities are to check your email at least twice a day, check your voice mail also and respond on the phone during the day if possible.

Q- What is the salary and who pays for the expenses for Western Union transfers?
You get a fixed monthly salary which is $2000 plus 5% commission from each deposit our clients make to your account.
We pay for WU commission, when you come to their office just say that you have X amount of money and ask them to calculate how much that would be with the commission.

If you are willing to work with us, please let me know and I'll send you all the necessary forms.

Jonny Dwayne !! LOL! Jonski Dwanski.. maybe

Though the dns server for the original site: consulting-phc.biz and the replacemnet listed above www.phc-consulting.org is NS1 & NS2.EGNS.IR registered in Iran, it clearly controlled by Russian criminals:


domain: egns.ir
remarks: (Domain Holder) Farshad Esmailian
remarks: (Domain Holder Address) No.4, Nesa st,
Zafar st., Shariati st.,, Tehran, Tehran, IR
admin-c: as558-irnic
tech-c: as558-irnic
zone-c: as558-irnic
nserver: ns1.egns.ir
nserver: ns2.egns.ir
source: IRNIC # Filtered

person: Ahmad Shaban
remarks: ---
address: ---
e-mail: ahmad.sheban4@gmail.com
phone: +96472371831
fax-no:
nic-hdl: as558-irnic
source: IRNIC # Filtered


The DNS domain along with the fraud sites are all hosted in Buenos Aires, Argentina.


IP Address/Hostname:
.
190.183.63.224
.
1. Phc-consulting.biz
2. Phcconsulting.biz
3. Phc-consulting.org


.
Many of the domains are registered to carded victims. The contact email address that the criminals use shows up on multiple fraud listings on aa419.org »www.google.com/search?hl ··· e+Search

In fact an audit of a range of that IP space shows that it is under the control of Russian criminals, and is infested with various fraud recruiting., Package reshipping, and money transfer, Escrow fraud, and other financial fraud websites:


IP Address/Hostname:
.
190.183.63.220
.
1. Ablb.org
2. Bestglobalroadinc.com
3. Bgremail.com
4. Ejeg.biz
5. Employment-mgr.com
6. Google-analysing.com
7. Hini.biz
8. Mgr2u.com --> SEE »Mgr2u.com
9. Mgrepost.com
10. Olsie.com
11. Removeeis.com
12. Talogist.com
13. Thenationalsolutionsonline.com
14. Yrue.org
15. Advena-exchange.com
16. Advena-exchnage.com
17. Abl-acp.com
.
IP Address/Hostname:
.
190.183.63.221
.
1. Academicleague.net
2. Darthvader777.com
3. Italia777.com
4. Jasonpipes.com
5. Xdraculaxs.com
.
IP Address/Hostname:
.
190.183.63.223
.
1. Alphafox.info
2. Baserfox.com
3. Daserfox.com
4. Deifafox.com
5. Nalogirf.com
6. Nalogirf.org
7. Nalogivrf.com
8. Rfconsalt.com
9. Rfkonsult.com
10. Rfnalogi.com
11. Ruseminars.com
12. Vierafox.com
13. Zarubli.com
14. Zazerfox.com
.
IP Address/Hostname:
.
IP 190.183.63.225
.
1. Kraemerlogistics.com ->See »Kraemerlogistics.com
.
190.183.63.228
.
1. Trustshippingcompany.com

.
The EGNS.IR DNS servers control some 47 odd domains, all of which are fraudulent Russian operations. That entire netspace needs to be blacklisted and wiped clean.

It is a Russian operated criminal operation, however on the face of it, it does not appear to have any direct linkage to this one.

MGD

Whip412
@embarqhsd.net

Whip412 to MGD

Anon

to MGD
I did a search on this site for these and nothing came up.
Here appears to be a new one.
The original site I researched is suspended:

aif-investment-consulting

Registration Service Provided By: COMPLETE OFFSHORE SOLUTIONS
Contact: +74.9592798

Domain Name: AIF-INVESTMENT-CONSULTING.COM

Registrant:
aif-investment-consulting
John Walker (mail@aif-investment-consulting.com)
Washington st.7
Washington
Washington,435905
US
Tel. +435.94535353

Creation Date: 28-Sep-2008
Expiration Date: 28-Sep-2009

Domain servers in listed order:
ns2.egns.vg
ns1.egns.vg

Administrative Contact:
aif-investment-consulting
John Walker (mail@aif-investment-consulting.com)
Washington st.7
Washington
Washington,435905
US
Tel. +435.94535353

Technical Contact:
aif-investment-consulting
John Walker (mail@aif-investment-consulting.com)
Washington st.7
Washington
Washington,435905
US
Tel. +435.94535353

Billing Contact:
aif-investment-consulting
John Walker (mail@aif-investment-consulting.com)
Washington st.7
Washington
Washington,435905
US
Tel. +435.94535353

Status:SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.
The data in this whois database is provided to you for information purposes only,

However, another variation has the same contact info but is active:

aif-invest-consulting.com

Registration Service Provided By: COMPLETE OFFSHORE SOLUTIONS
Contact: +74.9592798

Domain Name: AIF-INVEST-CONSULTING.COM

Registrant:
aif-investment-consulting
John Walker (mail@aif-investment-consulting.com)
Washington st.7
Washington
Washington,435905
US
Tel. +435.94535353

Creation Date: 28-Sep-2008
Expiration Date: 28-Sep-2009

Domain servers in listed order:
ns2.egns.vg
ns1.egns.vg

Administrative Contact:
aif-investment-consulting
John Walker (mail@aif-investment-consulting.com)
Washington st.7
Washington
Washington,435905
US
Tel. +435.94535353

Technical Contact:
aif-investment-consulting
John Walker (mail@aif-investment-consulting.com)
Washington st.7
Washington
Washington,435905
US
Tel. +435.94535353

Billing Contact:
aif-investment-consulting
John Walker (mail@aif-investment-consulting.com)
Washington st.7
Washington
Washington,435905
US
Tel. +435.94535353

Status:ACTIVE

The data in this whois database is provided to you for information purposes only,

As you can see, they were create in Sept.2008 but the sites(suspended site is in google cache) both have job opening listings for 5 months prior to attempt to look legit. There are also too many digits in the zip code as well as a funky phone number.
K Patterson
Premium Member
join:2006-03-12
Columbus, OH

1 recommendation

K Patterson

Premium Member

y'all might want to look at the news link in this thread.

»C1al!$$ and V14GrA Might Dissappear from Inbox

"Credit card information being processed in Cyprus and Georgia"

Now, where have I heard that before?

Hmm.

POd in USA
@direcpc.com

POd in USA to MGD

Anon

to MGD
16 Oct 08-- yet another site perpetrating fraudulent credit card charge, same home page template as recent predecessors:
WebPage USA, LLC
www.wp-technolgies.com
»www.wp-technologies.com
WHOIS registration info:
Visit AboutUs.org for more information about WP-TECHNOLOGIES.COM
AboutUs:
WP-TECHNOLOGIES.COM


Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: »www.namecheap.com/

Domain name: WP-TECHNOLOGIES.COM

Registrant Contact:
wstd llc
john stobbe

14909 17th Ave E
Bradenton, FL 34212
US

Administrative Contact:
wstd llc
john stobbe (wstdesign@yahoo.com)
+1.3094376756
Fax: +1.3094376756
14909 17th Ave E
Bradenton, FL 34212
US

Technical Contact:
wstd llc
john stobbe (wstdesign@yahoo.com)
+1.3094376756
Fax: +1.3094376756
14909 17th Ave E
Bradenton, FL 34212
US

Status: Locked

Name Servers:
ns1.hostdone.com
ns2.hostdone.com

Creation date: 08 Jul 2008 17:07:07
Expiration date: 08 Jul 2009 17:07:07
=-=-=-=
The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about or
related to a domain name registration record. We make this information
available "as is," and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful
purposes and that, under no circumstances will you use this data to: (1)
enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or (2) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic
mail, or by telephone. The compilation, repackaging, dissemination or
other use of this data is expressly prohibited without prior written
consent from us.

We reserve the right to modify these terms at any time. By submitting
this query, you agree to abide by these terms.
Version 6.3 4/3/2002

Current Registrar: ENOM, INC.
IP Address: 66.152.162.116 (ARIN & RIPE IP search)
IP Location: US(UNITED STATES)-CALIFORNIA-CANYON COUNTRY
Lock Status: clientTransferProhibited
DMOZ no listings
Y! Directory: see listings
Data as of: 14-Jun-2005

Rowan
@swbell.net

Rowan to MGD

Anon

to MGD
>>The other common mule recruiting functions involve package re-shipping. That is where the criminals purchase electronics, etc, with stolen credit card data or Paypal accounts, and have them shipped to the mule, who then forwards the packages abroad to the criminals.

Hello,

I was dunned $.15 by EST Company last week, then yesterday someone tried to purchase three gift cards -- Dell, in fact. Fortunately I caught on and my debit card is cancelled. I don't have the transaction reference (I don't get that kind of detail online), but I'm sure I can get it from my bank if it will be of any help.

And thanks for everyone's efforts in trying to run these fools down. Until yesterday, I was totally ignorant of this nonsense. ~Rowan
MGD
MVM
join:2002-07-31

1 recommendation

MGD to POd in USA

MVM

to POd in USA
said by POd in USA :

16 Oct 08-- yet another site perpetrating fraudulent credit card charge, same home page template as recent predecessors:
WebPage USA, LLC
www.wp-technolgies.com
»www.wp-technologies.com
WHOIS registration info:
Visit AboutUs.org for more information about WP-TECHNOLOGIES.COM
...
..
Thanks for the alert. Though I originally located the fraud site wp-technologies.com AKA WebPage USA, LLC 405-463-2417 at the beginning of September, and posted it on the 7th: »Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto there were no reports of fraud charges at that time. Thanks to your heads up, there are now, on two threads: starting on 09/29: »800notes.com/Phone.aspx/ ··· 463-2417
and 10/07:
»phoneowner.info/Number.a ··· 54632417

This set up also confirms a new emerging pattern. On my 09/07 posting, I listed the contents of the "contact us" page:

------------------------------
Wp-technologies.com

WebPage USA, LLC

Contact us

WebPage USA, LLC
www.wp-technologies.com
8507 Capricorn Way # 74,
San Diego, CA,
92126, USA

Phone/Fax:
1-(405)-463-2417

Support e-mail:
support@wp-technologies.com
------------------------------

Now that information has been changed, and the address details have been removed:




------------------------------
Contact us

WebPage USA, LLC
www.wp-technologies.com

Phone/Fax:
1-(405)-463-2417

Support e-mail:
support@wp-technologies.com
------------------------------

That address, apparently an apartment:

8507 Capricorn Way # 74,
San Diego, CA,
92126, USA


Does correspond to the address that the cyber-mule used to register the California LLC:


LP/LLC
WEBPAGE USA LLC
Number: 200816410193
Date Filed: 6/4/2008
.
Status: active
Jurisdiction: CALIFORNIA
.
Address
8507 CAPRICORN WAY #74
SAN DIEGO, CA 92126
.
Agent for Service of Process
SPIEGEL & UTRERA, P.A.,
WHICH WILL DO BUSINESS IN CALIFORNIA AS
SPIEGEL & UTRERA, P.C. (C2237836)


During the merchant account application and vetting time period, the organized crime syndicate is listing the full contact details of the cyber-mule on the webpage, which matches the LLC reg. This is done to "appear" legit and pass the vetting. However, the syndicae removes the detail contact info as soon as the account is approved, and before the victims see the fraud charges and reach the website.

That is done in order to hide the cyber-mule, and thwart any attempt to locate them. Remember, they are already using a contact number of 405-463-2417, that is an Oklahoma area code. So victims will think the fraud operater must be in Oklahoma. Complaints directed to state authorities in OK., will be a dead end. Likewise, if victims check the domain registration for wp-technologies.com, that fake registration will lead to Bradenton, FL 34212, another dead end. So once the operation is up and processing fraud charges, and victims start looking for a culprit, they will be diverted to Oklahoma, or Florida. In the interim the Russian / Ukrainian criminals have hidden the cyber-mule, who is actually located in San Diego, California, and at this stage would be very difficult to find.

This tactic, now seen repeatedly, is the result of discovering the fraud operations during the pre-op, or manufacturing stage. You can only see it if you catch the contact page at that stage and shadow them. There will be no archived record of that page, as the website is again coded via a robots.txt file to block all search engine archiveing:




In the last several pages of this thread I have posted over a dozen sites that had no record of fraud reports at the time of archiving. So if there are now fraud victims who search and do not see fraud charge reports here for a particular fraud entity, please post them. it is difficult to keep back tracking and repeatedly checking for fraud reports.

It is worth mentioning, that the reason why the crime syndicate mostly directly targets potential cyber-mules, and is less likely to mass email spam for them, is that not everyone duped individual will make an ideal cyber-mule candidate. While mass spamming for carded electronics re-shippers and check cashers is common, as the former requires no set up by the mule, and the latter only needs a personal bank account. The ideal cyber-mule for this criminal operation is someone who has an excellent credit rating. The syndicate directs the cyber-mules to one of the Banks that are affiliated with Authorize.net / Cybersource. When a mule submits his LLC/Corp documents to the listed banks and opens a business account, they then ask to apply for a merchant card processing account. As part of the approval process the bank will check the cyber-mules credit rating. A good credit rating is needed because the bank will require the cyber-mule to sign a personal liability guarantee. That will negate the cyber-mule's banking and merchant activities from the LLC protection, and make them personally responsible for any and all debts. A cyber-mule's excellent rating is also ideal for the crime syndicate, because if they qualify with the bank for the liability waiver, there is an inherent reduction in the merchant account vetting process. The bank is less apt to review the website set up with a fine tooth comb, because the cyber-mule meet the qualifications for the personal guarantee and LLC liability waiver.

There have been many examples of fraud setups where the cyber-mules did not apparently have a squeaky clean credit rating and qualify for a merchant account at the bank. The syndicate subsequently sent the mules in to the secondary market for a merchant account. While those are easier to obtain they are far more stringent in the vetting process. Chances are, if you see a website that is processing fraud charges, and there is a full name and address on the contact page, then that is a secondary market merchant account. Further evidence of that will be a cloaked or privacy domain registration, because it will be registered to the cyber-mule. Approvals for those type accounts are far more stringent due to the higher rate of fraud. They will mandate a matching contact listing info on the website, and will make sure that the domain is in fact owned by the applicant.

MGD
MGD

2 edits

1 recommendation

MGD to Rowan

MVM

to Rowan
said by Rowan:



Hello,

I was dunned $.15 by EST Company last week, then yesterday someone tried to purchase three gift cards -- Dell, in fact. Fortunately I caught on and my debit card is cancelled. I don't have the transaction reference (I don't get that kind of detail online), but I'm sure I can get it from my bank if it will be of any help.

And thanks for everyone's efforts in trying to run these fools down. Until yesterday, I was totally ignorant of this nonsense. ~Rowan
Hi Rowan,

Absolutely, I am in dire need of that transaction reference number, usually 23 alpha numeric digits called an ARN number. I need that refernce from any victims of the toll free / generic named fraud divisions, as none of that group have been tracked down. As stated previously there is embedded code within the reference characters that can be used to identify the originating merchant account, and have it shut down promptly.

For the record, the crime syndicate has two fraud operations that are currently charging between $.09 and $.15 to thousands of cards. This is a process known as "pinging" to validate the card data. The ping charge is a precursor to additional fraud charges.

EST has been operating and processing fraud charges since October of 2007.

Originally as: EST COMPANY Boca Raton, FL US 800-596-7814. See page 1 from circa 12/2007: »whocallsme.com/Phone-Num ··· 63470931 When you get to Page 3 at the end of September victims are the reporting the 10 cent ping charges in lieu of the $10 fraud charges: »whocallsme.com/Phone-Num ··· 470931/3 There are another four pages of fraud reports dating back to 12/2007 also on 800Notes.com: »800notes.com/Phone.aspx/ ··· 347-0931

In addition, they are now processing fraud charges using a new number EST COMPANY 866-347-0931 There are multiple forums with fraud reports and pinging charges under the new number: »www.google.com/search?hl ··· e+Search

Rowan I am very anxious to obtain that transaction ARN number in order to identify and shut down this long running fraud entity.

DO NOT post the ARN number in public on the forum. Instead just register on this site, it is free, and then you will be able to send me an Instant Message. I would post an email contact address except that cyber criminals monitor the forum, and, as before, they will quickly mailbomb the account out of existence within hours. Sending me an Instant Message via this forum, is the easiest way.

EDIT ADD:

EST has been directly tied to this organized crime syndicate because back in December they were cross hitting fraud charges alongside many of the template / Ebook sites.

EDIT #2

Changed the EST company first contact number that was used in 2007.
correct listing:

original ~ $10 fraud charges:

EST COMPANY Boca Raton, FL US 800-596-7814.

now, submitting 10 cent ping charges:

EST COMPANY 866-347-0931

MGD
Rowan
Premium Member
join:2008-10-16
Longview, TX

Rowan

Premium Member

Absolutely, MGD, I'll get it to you via IM as soon as my bank responds (usually takes 24 hours). I joined the site this afternoon. I'm interested in joining the fight against these jerks. Is there a place on this site (or some other site) where I can learn how to track down the different bits of information to add to the mix?

Thanks again, and I'll be in touch. Oh, and BTW, sorry for the clumsy reply format (i.e., no quote) -- I haven't figured out how to do anything other than cut & paste, and that didn't work very well either. ~Rowan
Rowan

1 recommendation

Rowan to MGD

Premium Member

to MGD
said by MGD:

said by Rowan:



Hi Rowan,

Absolutely, I am in dire need of that transaction reference number, usually 23 alpha numeric digits called an ARN number. I need that refernce from any victims of the toll free / generic named fraud divisions, as none of that group have been tracked down. As stated previously there is embedded code within the reference characters that can be used to identify the originating merchant account, and have it shut down promptly.

For the record, the crime syndicate has two fraud operations that are currently charging between $.09 and $.15 to thousands of cards. This is a process known as "pinging" to validate the card data. The ping charge is a precursor to additional fraud charges.

EST has been operating and processing fraud charges since October of 2007.

Originally as: EST COMPANY Boca Raton, FL US 800-596-7814. See page 1 from circa 12/2007: »whocallsme.com/Phone-Num ··· 63470931 When you get to Page 3 at the end of September victims are the reporting the 10 cent ping charges in lieu of the $10 fraud charges: »whocallsme.com/Phone-Num ··· 470931/3 There are another four pages of fraud reports dating back to 12/2007 also on 800Notes.com: »800notes.com/Phone.aspx/ ··· 347-0931

In addition, they are now processing fraud charges using a new number EST COMPANY 800-596-7814 There are multiple forums with fraud reports and pinging charges under the new number: »www.google.com/search?hl ··· e+Search

Rowan I am very anxious to obtain that transaction ARN number in order to identify and shut down this long running fraud entity
I have requested it from my bank, and will get it to you via IM (I joined the site this afternoon). I'm also interested in 'joining the fight' as it were. Is there a place on this site where I can learn how to track the different information? The more the merrier, I always say!

Will get back to you as soon as I hear from my bank.
~Rowan
Rowan

1 recommendation

Rowan

Premium Member

MGD, I sent the ARN number to you a bit ago via IM. Let me know if you've received it, and if there's anything else I can do. ~Rowan PS: Yes, it was the -7814 number that appeared on my statement.
MGD
MVM
join:2002-07-31

1 recommendation

MGD

MVM

said by Rowan:

MGD, I sent the ARN number to you a bit ago via IM. Let me know if you've received it, and if there's anything else I can do. ~Rowan PS: Yes, it was the -7814 number that appeared on my statement.
Excellent, thank you Rowan See Profile , got it, I have already forwarded the ARN number for processing. The toll free division of this fraud has been very difficult to track down, and they tend to survive much longer than the others. The tool free group never list associated domains / websites in their contact info, and repeated searches for matching business FBN and LLC/Corp registrations have been fruitless.

MGD

jorge08
join:2008-10-23
El Paso, TX

jorge08 to MGD

Member

to MGD
Hi I wish to post more information about another one of these websites "synergetic experts and synergetic games" were another copy of oivabisness crime syndicate, please anyone!!!!!!! help me !!!!!!!

I have information you may need

Please give me a contact I can email or call

Jorge08
MGD
MVM
join:2002-07-31

1 recommendation

MGD

MVM

said by jorge08:

Hi I wish to post more information about another one of these websites "synergetic experts and synergetic games" were another copy of oivabisness crime syndicate, please anyone!!!!!!! help me !!!!!!!

I have information you may need

Please give me a contact I can email or call

Jorge08
.

Hi jorge08 See Profile,

I sent you an Instant Message (IM) which includes an email address for you to contact me at. Look for a flashing icon on the upper left. I do need to make contact you, and have been trying to reach you for several months. The fact that you connected oivabisness


»oivabisnes.com/
Snapped 2008-10-27 12:20:17


to synergetic experts and synergetic games tells me a lot. oivabisness AKA Oiva Bisness is one of many major Command & Control Hub and recruiting sites operated by this crime syndicate. They have been repeatedly trolling and recruiting cyber-mules from resumes posted on Careerbuilders.com and others. They were first reported on here as the C&C that recruited the cyber-mule for:

BENNUTECH.COM AKA BENNU TECHNOLOGIES LLC 973-944-3970
and
CALLIDORADESIGNS.NET AKA CALLIDORA DESIGNS LLC 973-735-2361

»Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Jorge, Please contact me as soon as possible.

MGD