Jump to content
When you buy through links on our site, we may earn an affiliate commission.
  • Current Donation Goals

Elaborate Scam In a Very Known Watch SIte


turboGUATE

Recommended Posts

Well, one can't always be too careful or too dumb to believe this crap:

For a while I''ve been browsing for a nice gen piece and while doing so in chrono24 I stumble into an "amazing" offer for a $3000 PAM 24A. (I know, it's too good to be true :blowup: ). Anyways, I contacted the seller he offer a "secure" way to do the transaction. Here's his scheme:

He said I will be contacted by Royal Mail (which by the way is a real company that sends mail) they will hold payment for 5 days for me to review the merchandise and unitl then the payment was to be released. They sent me a complete invoice with very specific instructions and details of the transaction (with everything from logos, to adresses, to everything!) Even a tracking number and a link to the tracking service (but with a slightly different domain: royalmail-international dot com). Since I'm an international customer, I thought this to be true! Damn it!

Anyways, the money was to be send through WU (this should've been sufficient to be suspicious) but I trusted the hole thing since it was supposedly from a reputable company.

Once payment was sent, have not heard since. The sites went down the next day and they where registered to some woman in the US. The name of the person to whom the money was sent was Nik Recob at Edingburgh, UK. So please very careful to whom you deal with.

I sencerely hope this kind of acts get banned and the people behind them brought to a missing internet business justice.

All the best to everyone.

Link to comment
Share on other sites

Sorry to hear this.

I am surprised a reputable site allows any fly by night fraudster to advertise there without vetting them first !

Well, one can't always be too careful or too dumb to believe this crap:

For a while I''ve been browsing for a nice gen piece and while doing so in chrono24 I stumble into an "amazing" offer for a $3000 PAM 24A. (I know, it's too good to be true :blowup: ). Anyways, I contacted the seller he offer a "secure" way to do the transaction. Here's his scheme:

He said I will be contacted by Royal Mail (which by the way is a real company that sends mail) they will hold payment for 5 days for me to review the merchandise and unitl then the payment was to be released. They sent me a complete invoice with very specific instructions and details of the transaction (with everything from logos, to adresses, to everything!) Even a tracking number and a link to the tracking service (but with a slightly different domain: royalmail-international dot com). Since I'm an international customer, I thought this to be true! Damn it!

Anyways, the money was to be send through WU (this should've been sufficient to be suspicious) but I trusted the hole thing since it was supposedly from a reputable company.

Once payment was sent, have not heard since. The sites went down the next day and they where registered to some woman in the US. The name of the person to whom the money was sent was Nik Recob at Edingburgh, UK. So please very careful to whom you deal with.

I sencerely hope this kind of acts get banned and the people behind them brought to a missing internet business justice.

All the best to everyone.

Link to comment
Share on other sites

did I get this right?

you've sent the cash (3000$) and got nothing in return?

the person who received the money should have had some sort of documents to pick it up...so he should be a real person (first and last name) and you could contact the local police from the country/city where he is from and try to locate him....

I hope everything gets right and that you get your money back....

Link to comment
Share on other sites

Hi,

in Romania and in other countries you can buy credible fake ID for small money. They use this ID to pick up the money from a WU office. This scheme is widely used in selling not existing used cars (at least here in Germany).

NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER PAY USING Western Union! NEVER EVER !!!!

Link to comment
Share on other sites

Hey thanks for the heads up. I'm very sorry about what happened to you. Royal Mail is indeed like US Mail in the UK... I can completely understand how you fell for it... Hope you can find the people responsible and recover your money.

Sorry to say ... but there is no realistic chance to catch them. Those guys are very well organised. I talked to someone in the fraud department of our state police when someone tried to pull of a similar scheme on me related to a used car. The chance those guys will get caught is almost zero... sad but true. And unfortunately WU is not really taking any measures to prevent such things from happening.

Link to comment
Share on other sites

Not unless you send the funds to Africa.

If you're sending WU to a European (or Asian, I believe) country, all you need is the code number.

you have the option to specify that the receiver has to have documents to pick up the cash...and the name of the receiver has to be the same as the name on his ID document...

happend in the past that the receiver gave me his name for example Pat (because this is how friends cal him) while his full name was Patrick and the WU office didn't want to give him cash until I've went again to the WU office and ask them to correct the receivers name...funds were sent to UK that time If I am not mistaken....

Link to comment
Share on other sites

Sorry to say ... but there is no realistic chance to catch them. Those guys are very well organised. I talked to someone in the fraud department of our state police when someone tried to pull of a similar scheme on me related to a used car. The chance those guys will get caught is almost zero... sad but true. And unfortunately WU is not really taking any measures to prevent such things from happening.

Talked to WU and they said that there have been many reports of scams with the UK. And that the only thing they could do, is to advise people sending to this name to be careful, but that they can't bann or not proceed to this person. Can you believe that? Nothing they can bloody do...

you have the option to specify that the receiver has to have documents to pick up the cash...and the name of the receiver has to be the same as the name on his ID document...

happend in the past that the receiver gave me his name for example Pat (because this is how friends cal him) while his full name was Patrick and the WU office didn't want to give him cash until I've went again to the WU office and ask them to correct the receivers name...funds were sent to UK that time If I am not mistaken....

I thought the same thing. But apparently only in America. The rest can pick it up just with the number.

Any ideas or whom to talk to will be appreciated.

Cheers!

Link to comment
Share on other sites

In my former life I worked 6 years as a security consultant and did - among all the weird stuff I did - forensics and internal crime investigations.

This was some 3.5 years ago so my skills probably need some refreshing (!), but start with the domain that was used to scam you.

Ah, wth, lets do it together....

The domain "ROYALMAIL-INTERNATIONAL.COM" that was used to scam you is still active according to www.dnsstuff.com

This particular domain was registered with a probably fake address and name:

Alexa Stuck (lovetechmusic@yahoo.com)

75 S. Serenity Way

Greenwood

IN,46142

US

It was registered only a couple of weeks ago: Creation Date: 24-Sep-2008

From here you have to choices, yahoo.com keeps the IP-address you use when you sign up for a free account which could give you the IP where this scammer came from.

It

Link to comment
Share on other sites

I feel sorry for you!

I once got screwed by an elaborated scam, that a short time menber (of course baneed) had well planed.

I learned the hard way not to ever use WU, unless you have serious reference of the seller, and even with serious reference that you are actually in touch with the real guy !

And unless those scammer did a stupid mistake, you are very unlikly to recover your money from them, as they looks to be profesionals in internet fishing

Maybe you could try to go after Chrono24 as they acted as the "place of market" were you got introduced to scammers?

Link to comment
Share on other sites

Wiseman

I think your support and help in this matter is just outstanding. I sincerely thank you for it. Your investigation process should be pinned in this section so everyone can have an idea on how to proceed on similar cases.

I will contact the hosting company as to see what can be obtained or just to inform them about this scam. I'll contact you through PM.

All the best!

TURBO

Link to comment
Share on other sites

Now this is easier than try to approach Yahoo.com, the scammers (assuming that the SolidHost guys are not shady themselves which I doubt) must have left credentials for paying for the serverhosting for SolidHost.

... and they'll then say that the server was compromised and it's just a next-hop caching Proxy to China or Korea. Either that or it was ordered over the internet using a dodgy credit-card and it'll be closed next week.

username@blackbook$ curl -s -I 83.98.189.184 | grep Server

Server: Apache/1.3.39 (Unix) PHP/4.4.7 mod_log_bytes/1.2 mod_bwlimited/1.4 mod_auth_passthrough/1.8 FrontPage/5.0.2.2635 mod_ssl/2.8.30 OpenSSL/0.9.7a
So, an off-the-shelf commodity UNIX server running all the stuff you'd expect:
Interesting ports on 83.98.189.184:

Not shown: 1013 filtered ports

PORT	STATE  SERVICE

20/tcp  closed ftp-data

21/tcp  open   ftp

22/tcp  open   ssh

25/tcp  open   smtp

53/tcp  open   domain

80/tcp  open   http

110/tcp open   pop3

443/tcp open   https

953/tcp closed rndc

993/tcp open   imaps

995/tcp open   pop3s

Device type: general purpose

Running: Linux 2.6.X

OS details: Linux 2.6.5 - 2.6.11

Uptime 31.281 days (since Sun Aug 31 12:32:50 2008)

You're not going to get there via the domain or the server. This is a well-practised scam.

Link to comment
Share on other sites

Any suggestions Pug?

Well, you can still try the hosting company, even if I'm sceptical. They may well have been stupid.

Wiseman's advice is solid, too. Get Interpol in on it. I have a friend who got scammed over a laptop in the US. The police eventually got the guy.

Oh, and have you tried the site he advertised the watch on? They'll have IPs which should point to a location and time.

Link to comment
Share on other sites

Well, you can still try the hosting company, even if I'm sceptical. They may well have been stupid.

Wiseman's advice is solid, too. Get Interpol in on it. I have a friend who got scammed over a laptop in the US. The police eventually got the guy.

Oh, and have you tried the site he advertised the watch on? They'll have IPs which should point to a location and time.

Thanks Pug. Already contacted the Chrono guys but they are still working on it. However with Wiseman's help I've seen progress. To the point where the original mail used to make the transaction, someone sent me an email giving specifics of the scammer and some info regarding the scheme.... It was signed "A friend".

So I guess the worst battle is the one not fought.

Cheers!

Link to comment
Share on other sites

I dont want to say too much on the progress since this is an ongoing case, but I eventually used some of my old law enforcement-contacts to see who could help me with this case, and in the end I mailed a lot of info about this to a contact within the London Police, IT-crime department as well as to 2 dutch investigators.

The London police advised me to take it further with the Edinburgh police as well as Royal Mail investigation deptartment, so I did that too.

We can only hope at this point that the bad guys were sloppy at some stage, since they do leave traces, both IPs (which of course can be a proxy-site) and mail-addresses (and the ISP, in this case Yahoo may have IPs from where the use accessed when the mail-address was created respective used) and also cc-info for the hosting site (which also register the IP of the user signing up). The cc could of course be a stolen one.

So it all depends whether the scammers was intelligent enough to hide all their tracks or not.

Actually, to get Europol involved some stuff needs to be fulfilled:

1. It needs to be organised crime

2. It needs to involve more than one EU-country

3. It needs to be initiated by a local law-enforcement from the countries mentioned in item 2 above.

Europol is not allowed to open cases on their own, as far as I understand.

Link to comment
Share on other sites

  • 2 weeks later...
Wiseman you deserve a whole case of gold stars for this one. You are indeed a fine example to our hobby and a credit to your country. Good work. Keeps us informed guys, I hope this works out.

Regards,

Col.

Agreed. Great work and informative reading Wiseman!!! Glad you're on our side!!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...
Please Sign In or Sign Up