Current Status

This blog is not frequently updated because most case-by-case scam reports are now listed in subordinate blogs. At this point in time, most of my efforts are targeted at documenting employment scams in the Suckers Wanted blog.

2005-10-27

Job Scam: Mr.Wankeng Zhang

Mr. Wankeng Zhang? Quite a name. Anyhow this is a nondescript troll for money laundering mules. It was received from 65.54.249.100 (omc3-s26.bay6.hotmail.com) on Thu, 27 Oct 2005 03:11:06 -0000. The mail claims some sort of association with "cmiec.com", but there's no substantiating evidence for this claim, and good cause to disbelieve it -- after all, we already know that the sender is a blatant liar. Message text follows.

Dear Sir/Madam,

I am Mr.Wankeng Zhang,we are a group of business men
who deal on
importand export raw materials  into the
canada,america AND europe.We
are searching for representatives who can  help us
establish a  medium
of getting to our costumers in the canada, america AND
europe as well as
making payments
through  you to us. Please if you are interested in
transacting
business with us we will be very glad. Please contact
me for more information via zhang_com@myway.com
Subject to your satisfaction you will be given the
opportunity  to
negotiateyour mode of which we will pay for your
services as our
representative in canada,america  and europe.
Regards.
Vice President
(CMIEC)
www.cmiec.com
Mr. Zhang.

2005-10-25

Job Scam: Italy Representative Group

This is a fairly straightforward "money laundering disguised as payment processing" job scam. It targets USA residents, whereas most of the spam I get targets Australians, but is unremarkable in all other aspects. The job offer presents itself as being from "Italy Representative Group", and they offer an address in Rome to back up this identity. There may be a business of that name at that address for all I know, but I'll wager pounds to pence that these spammers have nothing whatsoever to do with it. Don't touch unsolicited money-handling jobs with a barge-pole -- you'll wind up being the fall guy for a bunch of thieves.

The spam originated at 85.237.182.182 on Mon, 24 Oct 2005 23:58:33 -0000. Body text follows for reference.

Good day sir/madam,

We inform you about new vacancies in our company.

Do you want to start a successful carrier right now without any entrance fees, without buying goods or involving other people? Do you want to start a successful career in financial sphere without economical education or special experience? Do you want to work at home? If it is so, this suggestion is for you!
Our company is ready to offer you the chance. At this moment we are enlarging our staff and you have a chance to become a member of our team and get additional earnings spending 2 - 3 hours per week. But it isn.t all. We can send you a long term contract if you prove us your reliability.

Our company.s name is IRG "Italy Representative Group". Our company is new and fast developing in the USA commercial holding. We work with clients and companies from all over the world and now we are looking for talents in the USA. Our firm is founded in 1993 and our head office is located in Viale Praco de Medici 37 00148 Roma, Italy.

You can earn up to 5000 USD per month, taking into the account the fact that you will work at home, have a flexible working schedule, simple and small amount of work.You will receive 7 % from the sum of payment for this service (you just take this sum out of the total amount of money you get).

To qualify, you MUST:

1. Be at least 21.
2. Check your email several times a day (each hour
if possible).
3. You need to respond immediately to emails.
4. Be responsible, hard working and communicable.
5. Be able to answer phone calls.

If you are interested in our suggestion please e-mail to our manager
Laurie Fantauzzi <alluringjob@mail.com>

Regards,
"Italy Representative Group"

2005-10-24

Phish of the Day: egold2gold.com

Most instances of phishing fraudulently represent themselves as some legitimate business or other. Here's a case where the phisher would have me believe that someone has sent me money out of the blue, and all I need to do in order to collect is sign up at a payment processing thing I've never heard of before called "egold2gold.com". But I'm a sceptical so-and-so, and I don't believe a word of it -- especially given the following evidence.

The original phish message directs me to a "sign up" page at egold2gold.com. There's nothing too sinister-looking here (although I admit not checking it for malicious payload -- I haven't been that diligent in a while). All I need to do is provide a username, a password, and an email address. I provide some fairly arbitrary data for all the above, including a "mailinator" email address, to see what turns up. What turns up is a confirmation request. "Click on the link to continue," it requests. Unless you're silly enough to use the same username and password that you use for something else, all the phisher has at this point in time is a known-good email address -- expect the spam rate on that address to go up.

Of course, if you actually want to claim any of this money that's allegedly been sent to you, you need to fill in a whole swag of stuff -- all the usual bank details, credit card details, drivers licence number -- all the stuff that a craftly little phisher wants so that he can impersonate you for financial gain.

One other thing to note -- the facade isn't terribly convincing. I also signed up with my "ideceive" gmail account because that's the one I have to use to claim my money, you see. But it wouldn't let me sign up, because it only allows one sign-up per source IP address. This is obviously to prevent disgruntled spam-recipients from flooding it with bogus data -- I've seen it happen. But I was able to sign up with the same "username" and a different password from a completely different source IP address! That's no way to handle your accounts!

My conclusion: egold2gold.com is a phishing operation, pure and simple. It's a facade of a respectable payment system with a bunch of nasty crooks lurking behind it. It will probably vanish in the near future and spring up elsewhere under a different name. If you want to risk poking around in this hive of scum and villainy, you can try logging in to http://egold2gold.com/ as "zig" with password "bomb". It may work if nobody else has signed up with that username since I did -- and if they haven't made a run for it yet.

The spam in question originated at 70.84.130.228 on Mon, 24 Oct 2005 02:52:29 -0000. The message was as follows.

Hello,

This is not SPAM, this is an e-mail from egold2gold.com containing a notification of money paid to you...

A egold2gold.com user has just successfully sent you money!  Please look at the below details for information on this transaction.

Sender: payments
Sender's E-Mail: payments@egold2gold.com
Amount Received: 200.00
Sender's Comments: Money Transfer To ideceive@gmail.com

In order to claim this money, you must signup for an account with egold2gold.com  To do so, navigate to the below URL.

http://egold2gold.com?a=signup&semail=ideceive@gmail.com

The e-mail address you signup with must be the one you are receiving this e-mail at.  You should claim this money quickly, if you don't, the sender may cancel the transaction.

Thank you for your time,

egold2gold.com Services Team
http://www.egold2gold.com/
"The New Online Universal Payment System!"

2005-10-23

Phish of the Day: St George Bank

This was received at the address which attracts the vast majority of my "scams targeted at Australians" junk, and it's fairly and squarely targeted at Australians. The body text is as follows.

Your Bill Payment from your Access Cheque Account to OPTUS LONG DISTANCE - 
OPTUS 1684 0032 dated 22/10/2005 for $953.44 was successfully processed. 

For more information regarding bill payments or transfers, 
please refer to your Past Internet Banking Payments/Transfers page, 
or contact the St.George Bank Internet Banking Help Desk. 


St.George Bank
http://www.stgeorgebank.org/traffic


Card/Access Number: 4239530000568075
Security Number: 1426
Internet Password: G5q71HRg

"St George Bank" and "Optus" are, as far as I'm aware, well-known entities in Australia. That's how phishing works, of course. I've never seen a genuine St George Bank payment processing notification, but I doubt that this one looks very authentic. I'm also pleased to report that the URL referenced in the spam is now 404, although it may have been active earlier.

The domain name "stgeorgebank.org" was registered on 20-Oct-2005 11:37:09 -0000. The spam itself originated at 83.176.34.230 (d83-176-34-230.cust.tele2.ch) on Sat, 22 Oct 2005 15:24:30 -0000.

2005-10-13

Meta: Stock Spam Gets Its Own Blog

My primary aim with 419s, lottery scams, and stock spam is just to make people aware it's happening -- that they aren't privileged recipients of fortuitous information, but rather just another recipient of scatter-shot scamming. To this end, my sub-blogs on 419s and lottery scams have been working well, saving me time while maximising search opportunities. I've now followed suit with Stock Spam, so I won't be reporting any more of that here.

Given that I'm pretty much tired of phishing scams, that leaves me to report Job Scams here, plus whatever else comes up that's new.

2005-10-05

Job Scam: dsoftsolutions.com

This is an ordinary "Work at Home (doing money laundering, but we won't tell you that part)" job scam. The target audience is Australians, and the initial spam was received from 203.45.69.9 (appears to be a compromised Australian broadband customer) on Wed, 5 Oct 2005 22:12:18 -0000. The contents of the spam was as follows.

GET A JOB!

For online work in largest Advertising group are require managers with minimal computer knowledge.
Work with e-mail, MS Office, Internet etc.
- Australia resident(prefer)
- Excellent ability to problem solve.
- Flexible hours
- No financial risk, you do not need pay money for start work!
Just honest hard working people that are willing to earn an extra income!
Best regards,
Bratello Mancini

Check up our site for the further information

The final link was to http://www.dsoftsolutions.com/. That page has a very generic "work from home" ad (using graphics I've seen associated with this scam time and time again), and a form in which to supply your name and email address. I filled this in with a "@yahoo.com.au" address, and received the following only-too-predictable response.

Dear friend, 

Nowadays vacancies: 
-Home manager; 

Description. 
We are looking for honest and smart people for this position. 

Requirements: 
- computer with e-mail; 
- Australia resident; 
- Adult people only (we cannot hire people who don’t reach the adult 
edge); 
- 2-3 hours free during the week (mainly in the evening / non-business 
hours) 
  for communication; 
- bank account; 

Job description: 
Persons who will be accepted for this job will follow these simple 
instructions: 

1. Receive the money from our clients to your bank account; 
2. You take 8 % of the sum and the rest you should send to us via 
Western Union or Money Gramm  (the money is transferred at our expense) 
to our company (you'll be informed about  the account data after 
transmission) 

All transactions are completely legal.
We can supply detailed information about the owner of the account.
We guarantee you full security of your account information and 
non-disclosure
of it to any third parties. You can trust us completely.

3. Report to our manager the following details concerning the money 
transferring: 

1) Sender's Name 
2) Money Transfer Control Number (MTCN). 
3) Amount 
4) City of sending 


You will need no money to start, just fill the form with your personal 
information 
and send it to us by e-mail. Every completed form will be reviewed and 
our manager 
will contact you same day. 

PERSONAL INFORMATION: 
First name: 
Last name: 
Address: 
City: 
Phone:
Mobile Phone: 
E-mail: 
Bank Name:
BSB No:
Acc/No:
Acc/Name:

Thank you for reading this document. Good luck.
Advertising International Company 
http://www.aic-uk.org

"Advertising International Company" sounds familiar. In that particular instance, I was of the opinion that they'd compromised someone else's domain to host their web page. That may also be the case here, but there's little evidence that the web pages at dsoftsolutions.com have ever been developed much beyond the "template" stage, and the Google cache of the site shows that it recently held an ANZ Bank phishing page. Regardless of whether this is a spammer-registered domain, or a badly neglected and poorly protected set of web pages that's been hijacked (which is what I suspect), the game here is clear: the scammers behind this ad have been doing a spot of ANZ Bank phishing, and now they want assistance shifting money out of the compromised accounts and out of the country.

2005-10-02

Stock Spam: Roundup

September wasn't exactly a huge month for stock spam, but spams promoting the following stocks were seen: WWBP (x3 on 2005-09-01), APWL, UAIG, NNYG, VNBL, CDIT, and MBAP. These are mostly low-valued pinksheet stocks, from which I would surmise that the activity is predominantly "pump and dump".