Elaborate Scam In a Very Known Watch SIte

[turboGUATE]

Well, one can't always be too careful or too dumb to believe this crap:

For a while I''ve been browsing for a nice gen piece and while doing so in chrono24 I stumble into an "amazing" offer for a $3000 PAM 24A. (I know, it's too good to be true ). Anyways, I contacted the seller he offer a "secure" way to do the transaction. Here's his scheme:

He said I will be contacted by Royal Mail (which by the way is a real company that sends mail) they will hold payment for 5 days for me to review the merchandise and unitl then the payment was to be released. They sent me a complete invoice with very specific instructions and details of the transaction (with everything from logos, to adresses, to everything!) Even a tracking number and a link to the tracking service (but with a slightly different domain: royalmail-international dot com). Since I'm an international customer, I thought this to be true! Damn it!

Anyways, the money was to be send through WU (this should've been sufficient to be suspicious) but I trusted the hole thing since it was supposedly from a reputable company.

Once payment was sent, have not heard since. The sites went down the next day and they where registered to some woman in the US. The name of the person to whom the money was sent was Nik Recob at Edingburgh, UK. So please very careful to whom you deal with.

I sencerely hope this kind of acts get banned and the people behind them brought to a missing internet business justice.

All the best to everyone.

[Spy]

Sorry to hear this.

I am surprised a reputable site allows any fly by night fraudster to advertise there without vetting them first !

Well, one can't always be too careful or too dumb to believe this crap:

For a while I''ve been browsing for a nice gen piece and while doing so in chrono24 I stumble into an "amazing" offer for a $3000 PAM 24A. (I know, it's too good to be true ). Anyways, I contacted the seller he offer a "secure" way to do the transaction. Here's his scheme:

He said I will be contacted by Royal Mail (which by the way is a real company that sends mail) they will hold payment for 5 days for me to review the merchandise and unitl then the payment was to be released. They sent me a complete invoice with very specific instructions and details of the transaction (with everything from logos, to adresses, to everything!) Even a tracking number and a link to the tracking service (but with a slightly different domain: royalmail-international dot com). Since I'm an international customer, I thought this to be true! Damn it!

Anyways, the money was to be send through WU (this should've been sufficient to be suspicious) but I trusted the hole thing since it was supposedly from a reputable company.

Once payment was sent, have not heard since. The sites went down the next day and they where registered to some woman in the US. The name of the person to whom the money was sent was Nik Recob at Edingburgh, UK. So please very careful to whom you deal with.

I sencerely hope this kind of acts get banned and the people behind them brought to a missing internet business justice.

All the best to everyone.

[dadog13]

did I get this right?

you've sent the cash (3000$) and got nothing in return?

the person who received the money should have had some sort of documents to pick it up...so he should be a real person (first and last name) and you could contact the local police from the country/city where he is from and try to locate him....

I hope everything gets right and that you get your money back....

[Watchman]

Hi,

in Romania and in other countries you can buy credible fake ID for small money. They use this ID to pick up the money from a WU office. This scheme is widely used in selling not existing used cars (at least here in Germany).

NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER EVER !!!!

[dadog13]

I've paid using WU at least 50 times and got screwed only once by a dealer on RWI...but he screwed at least dozen of us...those who paid with WU, those who paid with PP and all of us...

[Pugwash]

the person who received the money should have had some sort of documents to pick it up...

Not unless you send the funds to Africa.

If you're sending WU to a European (or Asian, I believe) country, all you need is the code number.

[therooster]

Hey thanks for the heads up. I'm very sorry about what happened to you. Royal Mail is indeed like US Mail in the UK... I can completely understand how you fell for it... Hope you can find the people responsible and recover your money.

[Watchman]

Hey thanks for the heads up. I'm very sorry about what happened to you. Royal Mail is indeed like US Mail in the UK... I can completely understand how you fell for it... Hope you can find the people responsible and recover your money.

Sorry to say ... but there is no realistic chance to catch them. Those guys are very well organised. I talked to someone in the fraud department of our state police when someone tried to pull of a similar scheme on me related to a used car. The chance those guys will get caught is almost zero... sad but true. And unfortunately WU is not really taking any measures to prevent such things from happening.

[dadog13]

Not unless you send the funds to Africa.

If you're sending WU to a European (or Asian, I believe) country, all you need is the code number.

you have the option to specify that the receiver has to have documents to pick up the cash...and the name of the receiver has to be the same as the name on his ID document...

happend in the past that the receiver gave me his name for example Pat (because this is how friends cal him) while his full name was Patrick and the WU office didn't want to give him cash until I've went again to the WU office and ask them to correct the receivers name...funds were sent to UK that time If I am not mistaken....

[turboGUATE]

Sorry to say ... but there is no realistic chance to catch them. Those guys are very well organised. I talked to someone in the fraud department of our state police when someone tried to pull of a similar scheme on me related to a used car. The chance those guys will get caught is almost zero... sad but true. And unfortunately WU is not really taking any measures to prevent such things from happening.

Talked to WU and they said that there have been many reports of scams with the UK. And that the only thing they could do, is to advise people sending to this name to be careful, but that they can't bann or not proceed to this person. Can you believe that? Nothing they can bloody do...

you have the option to specify that the receiver has to have documents to pick up the cash...and the name of the receiver has to be the same as the name on his ID document...

happend in the past that the receiver gave me his name for example Pat (because this is how friends cal him) while his full name was Patrick and the WU office didn't want to give him cash until I've went again to the WU office and ask them to correct the receivers name...funds were sent to UK that time If I am not mistaken....

I thought the same thing. But apparently only in America. The rest can pick it up just with the number.

Any ideas or whom to talk to will be appreciated.

Cheers!

[bwhitesox]

If you send $3000 via western union to someone that you do not know then you need a large injection of common sense. While I feel for you I don't understand why some people just don't get it.

[wiseman]

In my former life I worked 6 years as a security consultant and did - among all the weird stuff I did - forensics and internal crime investigations.

This was some 3.5 years ago so my skills probably need some refreshing (!), but start with the domain that was used to scam you.

Ah, wth, lets do it together....

The domain "ROYALMAIL-INTERNATIONAL.COM" that was used to scam you is still active according to www.dnsstuff.com

This particular domain was registered with a probably fake address and name:

Alexa Stuck (lovetechmusic@yahoo.com)

75 S. Serenity Way

Greenwood

IN,46142

US

It was registered only a couple of weeks ago: Creation Date: 24-Sep-2008

From here you have to choices, yahoo.com keeps the IP-address you use when you sign up for a free account which could give you the IP where this scammer came from.

It

[Shundi]

Wiseman is living up to his name... great stuff...hopefully there will be some sort of resolution!

[vlaletom]

I feel sorry for you!

I once got screwed by an elaborated scam, that a short time menber (of course baneed) had well planed.

I learned the hard way not to ever use WU, unless you have serious reference of the seller, and even with serious reference that you are actually in touch with the real guy !

And unless those scammer did a stupid mistake, you are very unlikly to recover your money from them, as they looks to be profesionals in internet fishing

Maybe you could try to go after Chrono24 as they acted as the "place of market" were you got introduced to scammers?

[wiseman]

I PM

[turboGUATE]

Wiseman

I think your support and help in this matter is just outstanding. I sincerely thank you for it. Your investigation process should be pinned in this section so everyone can have an idea on how to proceed on similar cases.

I will contact the hosting company as to see what can be obtained or just to inform them about this scam. I'll contact you through PM.

All the best!

TURBO

[Pugwash]

Now this is easier than try to approach Yahoo.com, the scammers (assuming that the SolidHost guys are not shady themselves which I doubt) must have left credentials for paying for the serverhosting for SolidHost.

... and they'll then say that the server was compromised and it's just a next-hop caching Proxy to China or Korea. Either that or it was ordered over the internet using a dodgy credit-card and it'll be closed next week.

username@blackbook$ curl -s -I 83.98.189.184 | grep Server

Server: Apache/1.3.39 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.30 OpenSSL/0.9.7a

So, an off-the-shelf commodity UNIX server running all the stuff you'd expect:

Interesting ports on 83.98.189.184:

Not shown: 1013 filtered ports

PORT	STATE  SERVICE

20/tcp  closed ftp-data

21/tcp  open   ftp

22/tcp  open   ssh

25/tcp  open   smtp

53/tcp  open   domain

80/tcp  open   http

110/tcp open   pop3

443/tcp open   https

953/tcp closed rndc

993/tcp open   imaps

995/tcp open   pop3s

Device type: general purpose

Running: Linux 2.6.X

OS details: Linux 2.6.5 - 2.6.11

Uptime 31.281 days (since Sun Aug 31 12:32:50 2008)

You're not going to get there via the domain or the server. This is a well-practised scam.

[turboGUATE]

Any suggestions Pug?

[Pugwash]

Any suggestions Pug?

Well, you can still try the hosting company, even if I'm sceptical. They may well have been stupid.

Wiseman's advice is solid, too. Get Interpol in on it. I have a friend who got scammed over a laptop in the US. The police eventually got the guy.

Oh, and have you tried the site he advertised the watch on? They'll have IPs which should point to a location and time.

[dmastah12]

Damn Wiseman!! Best peice of work i have seen since the 6.75 Rep!!

[turboGUATE]

Well, you can still try the hosting company, even if I'm sceptical. They may well have been stupid.

Wiseman's advice is solid, too. Get Interpol in on it. I have a friend who got scammed over a laptop in the US. The police eventually got the guy.

Oh, and have you tried the site he advertised the watch on? They'll have IPs which should point to a location and time.

Thanks Pug. Already contacted the Chrono guys but they are still working on it. However with Wiseman's help I've seen progress. To the point where the original mail used to make the transaction, someone sent me an email giving specifics of the scammer and some info regarding the scheme.... It was signed "A friend".

So I guess the worst battle is the one not fought.

Cheers!

[wiseman]

I dont want to say too much on the progress since this is an ongoing case, but I eventually used some of my old law enforcement-contacts to see who could help me with this case, and in the end I mailed a lot of info about this to a contact within the London Police, IT-crime department as well as to 2 dutch investigators.

The London police advised me to take it further with the Edinburgh police as well as Royal Mail investigation deptartment, so I did that too.

We can only hope at this point that the bad guys were sloppy at some stage, since they do leave traces, both IPs (which of course can be a proxy-site) and mail-addresses (and the ISP, in this case Yahoo may have IPs from where the use accessed when the mail-address was created respective used) and also cc-info for the hosting site (which also register the IP of the user signing up). The cc could of course be a stolen one.

So it all depends whether the scammers was intelligent enough to hide all their tracks or not.

Actually, to get Europol involved some stuff needs to be fulfilled:

1. It needs to be organised crime

2. It needs to involve more than one EU-country

3. It needs to be initiated by a local law-enforcement from the countries mentioned in item 2 above.

Europol is not allowed to open cases on their own, as far as I understand.

[FxrAndy]

I love RWG, helping others!

[trailboss]

Wiseman you deserve a whole case of gold stars for this one. You are indeed a fine example to our hobby and a credit to your country. Good work. Keeps us informed guys, I hope this works out.

Regards,

Col.

[Toadtorrent]

Wiseman you deserve a whole case of gold stars for this one. You are indeed a fine example to our hobby and a credit to your country. Good work. Keeps us informed guys, I hope this works out.

Regards,

Col.

Agreed. Great work and informative reading Wiseman!!! Glad you're on our side!!