Money Laundering and Reshipping Fraud
Email Based
Job Scams
Abuse Reporting Information
Contact Us
or Report a Scam
Don't Bear Internet Fraud
Please note. As the owner of this site I have decided to retire and as a result this site is now under new management as from 03-May-2010. I would just like to thank all of my supporters and day to day helpers without whom none of this would have been possible. A big thanks also to everyone who has submitted suspected frauds for analysis over the years and thank you all so much for the kind messages of thanks and encouragement that have helped make it all worthwhile. Last but not least, thanks to all the ethical and helpful service providers out there that help to keep the internet a safer place.
Please be aware that criminals attack this website and the Bobbear reputation. I NEVER accept or solicit for money and I NEVER send out spam, so if you receive any spam referring to me or my domain bobbear.co.uk in any way whatsoever it has NOT come from me but from criminals attempting to discredit me. If you receive any unsolicited email referring to me or my website - please send me a copy, then either delete it or report it using SpamCop. To learn more and to find out how to report all of these criminal fraudsters to their hosts and registrars yourself, check out my site and fight back! This & this Sophos blog & this Sophos press release refer to the criminal's past efforts against me, as does this VNUNET article and this Infosecurity.us article among many others. Google for more articles and information. No doubt there will be more attacks. Thanks to everyone for the support I've received. If it hadn't been for the criminals attacking me I would not have had the publicity, so I guess I owe them one too. 
Search This Site (Javascript must be enabled)
bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka 'payment transfer agent' scams and the related reshipping fraud or 'parcels agent' scams. We also provide what victim advice and support we can. If you receive a spam offering you a job, then please send us a copy, preferably including headers. We can't cover '419' or lottery scams.
Money Laundering and Reshipping Fraudsters
Money laundry logo
On This Page
Money Laundering & Re-shipping Fraud Information
The Strawberry Site (Asprox) Money Laundering Fraud
The Victims
Notes For Abuse Teams
Money Laundering - One detailed Method of Operation
Email based fraud
Fraud Forums
The Zombie Botnet 'Host By Proxy' (Fastflux, Asprox etc.
Further Reading on Money Mule and Re-shipping fraud
Law Enforcement Links
Other Anti-Fraud Resources, Useful Links & Victim Support
Are You A Victim Or Have You Any Information?
Fake Anti-Fraud Websites
Top Twenty Scams [02-May-2010]
Most visited pages in order of popularity which reflects the level of spamming and fraud activity.
www.bobbear.co.uk/page8.html
www.bobbear.co.uk/flex-group-inc.html
www.bobbear.co.uk/infinia-group-inc.html
www.bobbear.co.uk/vitrea-estate-group.html
www.bobbear.co.uk/perseus-group-inc.html
www.bobbear.co.uk/jerkku-pekka-oy.html
www.bobbear.co.uk/alaniz-group-inc.html
www.bobbear.co.uk/allston-group-inc.html
www.bobbear.co.uk/mymobile-medical-inc.html

www.bobbear.co.uk/vistar-group-inc.html
www.bobbear.co.uk/angel-financial-advisors-group.html
www.bobbear.co.uk/
www.bobbear.co.uk/international-design-guild-inc.html
www.bobbear.co.uk/abela-financial-group.html
www.bobbear.co.uk/accessusa.html
www.bobbear.co.uk/global-shipping-agency.html
www.bobbear.co.uk/archived_frauds/sunreefyachts.html

www.bobbear.co.uk/help-to-haiti-children.html

If you receive any offers of part-time home employment either cashing checks and transferring the balance, or reshipping parcels, or purchasing goods on your credit card for onward shipment or placing job adverts in newspapers, or printing checks, be aware that ALL such offers are fraudulent and are simply attempting to involve you in criminal activity which will result in your bank account being closed, your assets frozen and you possibly ending up with a criminal record.

If you have received a suspect job spam and it doesn't appear to be listed on my website then please send me the details, for example a working website link and/or a copy of the spam and I will be happy to investigate.

Active Frauds

1K Management
1M Diversified Financial
1st Class Recruitment
1st Edition Process Service
1st Quest Technology
2 Affordable
20th Century Financial
2Consumer Ltd.
21st Century Advanced Technologies
24 Hour Express Service
24 Spanish Realty
Abcat Finance
ABC Brokerage
ABC Web Design Inc
Abela Financial Group
ABP Group
A-Cape Transportation, LLC
AccessUSA (Stolen Identity)
Active Solutions Inc.
Adamas Jewellery LLC
Adam Diaz International
Adecco
AdexComp
Adiv Financial (Rockphish)
AD Machinery
Adriatic Finance Services [**Rockphish**]
Advanced Design Services, Inc (Stolen Identity)
Advanced Finance Inc.
Advance Finance Group LLC
Advance Finance LLC
Advanta TN
ADVERTISING AGENCY LLC
Advertising Enterprises, LLC
Advertising International Company
Affina Group Inc
AFG Financial Group
AFS Financial Group
Agrimpex Co. (Stolen Identity)
AGS Consult Ltd.
AirInstant (Logistic Worldwide Service)
Air Road Seas Logistics Inc.
Ajax Delivery Service, Inc.
A.K. Constructions & Designs, Inc. (Stolen Identity)
Alaniz Group Inc
Allegro Medical Inc. (Stolen Identity)
All Group Inc.
Alliance Asset Management
Alliance Global Limited
Alliance Group Inc.
Allied Insurance LLC. (Allied Group, Inc.)
All-Pro Design, Inc (Stolen Identity)
Allston Group Inc
allweb-pr.com
ALPHA DESIGN SERVICES, LLC (Stolen Identity)
Alt Group Inc
Altitude Group Inc
Alwyn Group Inc
American Finance
AmexFinance
Amex International
Analytics [**Rockphish**]
Angel Financial Advisors Group
Annuity Group Inc
API Advertising, Inc.
Apollo Forwarding Inc.
Apple Town Forwarding, Inc.
Approved Finance Solutions
Aqualine Design, Inc. (Stolen Identity)
Archway Group Inc
Arco Recruitment (Stolen Identity)
AREM Networks
Arena Financial Group [**Rockphish**]
Armor Group Inc.
Arnold Bryant International
Arvina Group Inc
Asap Financial Group [**Rockphish**]
Asia Finance Group
Asperity Group Inc
Asset Management Company (Stolen Identity)
Assets Group Inc
Assets Variety
Assurity Group Inc.
AST Finance & Consult
Astin Delivery
Aston Group Inc
Astra Group Inc
AstrumaSoft Ltd.
Atlantic Finance LLC
Atlantic Group Inc
Atlantis Group Inc
Auction Online Solution
Audio Buy
Augment Group Inc
Aura Financial Group [**Rockphish**]
Aurora Financial Corporation
Aurora Group Inc
AutoCourier-Service Shipping Company
AVA Group Inc
Avant-guard Advertising Agency
Avicenna Swiss Medical Centre
AVIO Group Inc
AVO Group Inc
AVY Group Inc
Awesoft Inc.
Awesome Transportation
Axelor Logistic (Axelor Logistics Service)
Babochka
Baltic Transport Logistics Systems
Barington Capital Group (Stolen Identity)
Bars Corporation
Barur (Barur Global)
BBK Group
BBM Group Inc.
BCA FINANCIAL SERVICES, INC.
BCG Group Inc.
Bear Group Inc
Bernard Herrera International
Berrco Orange Cosmetics
Best Concierge (Stolen Identity)
Bestway International
BFS Group Inc.
Bim Medical OY
BIN FINANCE OY
Birchmount Financial Services
Blue Chip Financial Corporation
BogoService, Inc.
bongo-group.com (Bongo Group)
Brain Group Inc
Breakthrough International Organization
British Central Garage
British Fast, Secure Shipping Ltd
British Trades Deals
British Worldwide Ltd Agencies
Broadex Group Inc
Browncorp Financial Services
Bruce Barrett International
Brutto IT Services
Business On-line
Buyer Guardian
Calvin Torres International
Campbell & McConnachie LLC (Stolen Identity)
Capella Finance Inc.
Carex Estate Ltd [**Rockphish**]
Cargo Partner Inc.
CASE Group Inc.
Castellum Group
CCN Group Inc.
CDI Group Inc.
Cefin consulting & Finance
Celerity Group Inc

Center Motos Ltd. (Moto Service Centres Ltd)
Central-Garages-Ltd  (Central Transglobal-Garage)
CentroMed Finance Inc.
Centurion Logistic Group
CERT Group Inc.
cheap-jetski.net
Chernobyl Children Charity
Chris Bradham Galleries
Citadelle Ind. Company
Citizen Group Inc
CJHotel
Clarkson Logistics
Classic Group Inc
CNC Solutions
Coin Group Inc
Company (Advantage Co.) [**Rockphish**]
Construction Installations, LLC (Stolen Identity)
Constructions Services and Exports,Inc (Stolen Identity)
Contant OY (Contant Finance) - Stolen Identity
Co-Processing Pty Ltd
Cosco Group Inc.
Cosco Logistics
Crampton Investments
Credit Group Inc
Criscom Group Inc
Cronos Group Inc
Cronos Ice Moon inc.
CTK Finance Group
CurrencySource (Stolen Identity & Site)
Cyprus Hotel
Data Systems Limited
DC Group Inc.
DDK Group Inc.
Degpack LTD
Delivery Solutions Inc.
Delivery Specialist Inc.
DelPack LTD
Den Payments Inc.
Denson Realty
Deplast GmbH
Design 2 Fit, LLC (Stolen Identity)
Design 2 Studio LLC
DESIGN 4 ADVERTISING, INC.
Design 2000, LLC (Stolen Identity)
DESIGN ACCENTS, INC.
Design Alterations, Inc. (Stolen Identity)
Design & Promotions Corporation
Design Build Company
DESIGN BUILD INNOVATIONS, L.L.C
Design Engineering, INC
DESIGN EXTENSIONS, LLC (Stolen Identity)
DESIGN FACTORY INC.
DESIGN FORCE, LLC (Stolen Identity)
Design For You llc
Design Gold Group, Inc. (Stolen Identity)
Design Group 7 Inc (Stolen Identity)
DESIGN HOME REMODELING CORP. (Stolen Identity)
DESIGN +, INC.
DesignNext
Design Nuovo
Design Place Real Estate, LLC (Stolen Identity)
Design Products Inc.
Design Pro Screens, Inc.
Design Radiance, LLC. (Stolen Identity)
Design Rerceptions, Inc. (Design Perceptions, Inc.)
Design to Perform
Despack LTD
Direct Delivery Service Limited (Stolen Identity)
DOMO Inc.
DOROSINSKI, CAMPBELL DESIGN ASSOCIATES, INC. (Stolen Identity)
Dove Group Inc.
Dream Group Inc.
DSN Finance Ltd
Duty Free Airport
Duty Free Shopping
Eagle Group Inc.
Eagles Textile Company
East Delivery Inc.
Eastline Logistics
EasyGo Transportation
Easy Web Company
eBay Express Services Inc
Ecos Group Inc.
EDS Solutions Inc.
Edward Shaw International
Edward White International
eFinance Group Inc.
EFIS Company
EFS Capital Group Inc.
e-Innovative Inc.
ELEMENT Group Inc
Elite Delivery Service, Inc.
Elite Jewelry
Elit-Trans
Elkins Realty  [**Rockphish**]
El Trust Inc.
Emerge Group Inc.
Encore Media Solutions
Enex Inc.
Engineering Design-Build, Inc. (Stolen Identity)
Entrust Group Inc
E.P & CO
EPS Corporate Finance Ltd
Eq Pankki OY (Stolen Identity)
Erik Mills International
Erik Stanley International
ESKOFORT A.G.
Euro-Design Corp
European Cosmopolitan Bank
europen-consalt.net

Eurostars Travel Inc.
Ewin Group Inc.
Excel Group Inc
Export Metals Ltd.
Express-ebay
Extreme Group Inc.
Fairline Group Inc
Fancy Group Inc
Fargo River Goods
Fast Logistic Services (Stolen Identity)
Fast Logo Service
Fast, Secure Shipping Cargo Ltd Agencies
Fastwire Group
FB&B Group Inc.
FCB Group Inc.
FD Service
Fecunda Group Inc
Fender Group
FES Pty Ltd.
FIAS
Finance
Finance & Trade Advisory
Financial Advantage
Financial Center
Financial Group Inc
Fincore Group Inc
Finha Capital OY (Stolen Identity)
First Design Group
First Europe Postal Service
First Fidelity Investment Corp
FIS Company
Flagston
Flar Group Inc.
Flash Group Inc
Flat Group Inc.
Fleet Group Inc
Flex Group Inc
FMC Reselling
Focal Financial Group
Focus Group Inc.
Foreaim Group Inc
FORIS Company
Fusion Group Inc
G and M Stacey, Inc.
gaterk.com
Gendor Group (Gendor Logistics)
Geo Electronics Ltd
Geostar Logistics
German Autoexport
GFC Inc (Global Forwarding Company)
Gio Group Inc.
Glen Hamilton International
Global AutoShippers
Global Dexx
Global Network Logistics
Global Shipping Agency
Global Shipping Agency Ltd
Global Tractors Ltd.
Glorex Business Solutions
Goffin Escrow (GoffinCompany)
Golden Gate Inc
Great Expedition
Green Mile Inc.
Grehem GmbH
Growth Properties
Gumpstores Corporation, LLC
Guy Welch International

Active Frauds - continued

Harper Logistic
Healthcare Payments Inc.
Help to Haiti Children
Henry Dedek Finance
Hermes International
HHT Logistic Company
HighSky Group Inc
Highway Group Inc.
Hiresaurus (Hiresaurus Recruitment Agency)
Hitech Investments Inc.
Hiwatch Investments Inc
HLB SERVICES LLC.
Hoffmann & Horst Logistics
Hogan Capital
Holding Group Inc
HOUSE & DESIGNS, INC.
HUB Group Inc.
Huge Group Inc.
IBC Group Inc
IBS Group Inc.
IDS Solutions Inc.
IGT Group Inc.
Imagine Design Studio,Inc
Imex Group Inc
Impact Group Inc
Independent Financial Services, LLC.
Index Group Inc.
Industial Machines Ltd. (Industrial Machines Ltd)
Infinia Group Inc
Ing Group Inc.
Innoverse Software
Instant IT Solutions Ltd
Intaro Safe Business Group
Integrity Group Inc
Internationale Delivery
International Design Center, LLC
International Design Guild, Inc. (Stolen Identity)
International Design Source, Inc
International Real Estate
InterWeb Exchange
Intime Group Inc
Intracom
Invalda Group Inc.
Investment Alliance, LLC
Investment Provider
Investors Protection Association LLC
Invintec Inc.
Iris Group Inc
Irish River Goods
IT Complex Ltd
IT Express Ltd
IT Logistics
ITS Financial Corp
ITS Group Inc
Ivan Meyer International
JAMESON-RECRUITMENT
Jerkku Pekka OY
Jimmy Hudson International
Job at Home
Job Instructor
Job Specification
Jon Caldwell International
Jongsun Electronics Ltd
Joseph Joy
Joshua Burton International
JSR Group Inc.
Junior Group Inc.
Jupiter Group Inc
Kell Quip Ltd.
Kelly Perez International
Kempco Marketing, Inc (Kempcomarketinginc)
Kemp Oil
Kenneth Shelton International
Key Group Inc.
Komerset Logistics
Kurt Powell International
KZ Retail, Co
L&D INTERIOR DESIGN, INC. (Stolen Identity)
Land Group Inc
Landor Financial
LC Escrow & Consulting
LDS-Transfer
Leader Group Inc
Leading Delivery Service, Inc.
Leon Young International
Leslie Fisher International
Lime Group Inc
Limited Design, Inc
Liram Delivery Service
Logicor Express
Logistic Sense Inc. (Logistic Sence Inc.)
Logistics Online
Logistic Vision, Inc.
Log-Mag Art Company
LP World Investments
Lucky Parcel ltd.
Luis Chapman International
Luxor Group Inc
LX Cargo Express
MAC Group Inc
Machinery Garage Ltd
Magnet Group Inc
Mallard & Mays Inc.
Mallow & McAllister Inc.
Margin Group Inc
Market Vision Inc
Massive Group Inc.
Master Group Inc
Mayers Ltd
McKenna & Morrow Inc.
Measure Group Inc
Med Finance Flow Inc.
MedFinance Inc.
Medical Direct Inc.
Medical Finance Inc.
Medium Group Inc
Medical Payments Inc.
Medical Payment Solutions Inc. (Stolen Identity)
Med Payments Inc.
Mellis Group Inc.
Melson Group Inc.
MENA Group Inc.
Merci Group
METROAIR EXPRESS
Metropolitan Transportation Inc.
Micheal Lewis International
Milet Business, Inc.
Millennium Group Inc
Minara Company
Mirax Cargo
Mirax Finance LLC
Modern Design & Development, LLC
(Stolen Identity)
Moonbeam Logistics, Inc.
Moranna [**Rockphish**]
Morgan Trading Co.
Movement Ltd.
MTK
Multiconcept Group Inc.
Multi Group Inc.
My Health Direct Inc.
MyMobile Medical Inc.
MyUs (Stolen Identity)
MyUS Mail, Co
Nano Logistic (Awesome Transportation)
Navitex
Navy Finance and Payroll Inc.
N Design Studio, Inc
NEO INVESTMENT MANAGEMENT
"New City" Building Company
Neweca Payments Inc.
Nexins Inc.
Neztro Corporation
NG Logistics
Nixon Consult, LLC.
Noir Medical Inc. (Stolen Identity)
Norsten Logistics
NTT Pty Ltd
NURIS Group Inc
Nvidia Group Inc
OCEAN Group Inc
OG Express
Oka Overseas Agencies
One Box Advertising
Onicks Group Inc.
OnlineCompanySite Inc
OnlineOfficeSource
OPM Group Inc
Optimus Group Inc
Orion Logistic Group
Ortex Group
Pacer Group Inc
Pacific Corporation
Pacific Group Inc
Palladium Group Inc
Paradise Touristics
Parcel Alliance
Partner Group Inc
PARTNERS-Group Inc
Paymate Solutions Inc.
PayResult
Perfect USA Inc.
Perseus Group Inc
Personal Escrow Service
Personal Finance Ltd
PFG, Inc.
Phaselis Travel Inc.
Phoenix Group Inc
Piccini Real Estate (Stolen Identity)
PJ Equipments
PK Solicitors Ltd.
Platinum Funds Inc.
Platinum Group Inc
Platinum Properties
Point Group Inc
Poland Autoparts
Poland Job Office
Poland Real Estate
Porte Financial Services
Premier Building Company
Premier Finance Group
Premier Group Inc
Premium Escrow Service
Premium Financial Services (P-F Services Inc)
Prestige Group Inc
Prime Group Inc
PRIME WEB SOLUTIONS INC
Professional Building City Company
Professional Escrow Service (Fin. Corp)
Property Group & Invest Inc.
Property Investment
Property Investment Group
Prospera Group Inc.
Proteus Solutions
Puritan Group Inc
Quantel Medical Inc. (Stolen Identity)
Que Gusta Oak Furniture
Rams International [**Rockphish**]
Randall Barnes International
Range Financial Corporation
Raul Washington International
Raymond Graves International
rdnets.com
Reach Group Inc.
Real Team Design
Realtek Group Inc
Realty One
Realty Power
Redeye Group Inc.
Reed Financial Services
Regency Group Inc
Remington Finance
Render Group Inc
Rengo Group Inc.
River Group Inc.
RoChamp Benz
Rocking Icons (Ebook/Devbill)
Rodney Arnold International
Rodney Lawrence International
Rodney Neil Financial Services (Stolen Identity)
Romad Financial Services
Ron Jenkins International
RXE Financial Services Ltd (Stolen Identity)
S&E Sales Corp
Safe Group Inc
Sam Rose International
San Marca
Santarex Toys
Saturn Group
Scope Group Inc.
Second Hand Sale Ltd
Securities Group Inc
Seed Enterprises Ltd
Selective
SeoMosaic Ltd

Serenity Exclusive
Server Solutions
Shelffin Oil and Gas Corporation
ShipAll
Shipping All Over The World, LLC
Shopping Provider
Sigma Realty Group
Silver Finance Inc.
Silver Services Inc.
Silverwood Financial Services
Single Group
Sion Enge
Six Sigma Realty
Six Whole Miles Ltd aka Six Miles Ltd (Stolen Identity)
SLG-Logistics, Inc.
Smart Home Sys
Smart Logistics Group
Smart Technologies
Smith Medical Inc.
SMTP Group Inc.
Software Maintenance Ltd
Solution Design Limited, Inc. (Stolen Identity)
Solutions Consulting
Solvent Group Inc
SPACE Group Inc
Spal Group Inc.
Spark Group Inc
Spintex A.G.
Spread Group Inc
STA Investments Ltd.
Star Group Inc. (2)
Starling Business Group
Stаrtex А.G. (Stolen Identity)
Star Travel
Statecorporate
Steffen Gems Design
Stevens Financial Solutions
ST Money Transfer
Stock Group Inc
Stockli Gems & Diamonds
Stokton Global Trading
Stone Capital Advisors (Stolen Identity)
Storage Shipping Inc.
Street Sport Ltd.
Strol Group Inc.
SUCCESS Group Inc
Success Payment
Sunrise Service Center
Swiss Erlin
Swiss Espe
Swiss Internet Trading
Synapse Group Inc
SZ Solutions Ltd
Target Group Inc
Tarock Inc
Taurus Business Consulting
TDK Group Inc.
Tenturio Management Group
Terra Cargo Ltd Agencies
Terrasat (International Money Transfer)
Texxton International
The Debra Toney Companies (Stolen Identity)
The Design & Build Group, Inc
The Design Agency, LLC
The Design Studio, LLC (The Desugn Studio, LLC)
The Robert Wahle Galleries
The Shipping Company Limited
The Shipping Express
TNM Group Inc
Toft Business Group
Toll Finance
 [**Rockphish**]
Total Group Inc
Total River Goods
Tractors Agiaffairs Ltd
Tractors Center Ltd
Tractors Sale Ltd
Tractor World Ltd.
TransBridge-us
Transcargo International Logistics
Trans Group Inc.
TransitSystem-Express
Travis Gilbert International
Trend Analytics [**Rockphish**]
Trinitron Chase Bank
Trinitron Trust Bank
Trustline Logistics
TUTO Tour
TVS Group Inc.
UK Garage Dealer
Ultra Web Solutions Inc
Unifex
UNIS Holding Group Inc
United Group Inc.
United Managment GmbH
United Swiss Trading Group
us-consalt.com
USEU-Parcel Moving
Utex Diamond Boutique
Valdez Website Inc.
Valid Wide Inc
Value Trans Financial Group, Inc.
Vector Group Inc.
Verdana Hotel
VERO DESIGN, INC. (Stolen Identity)
Versocom Solutions
Vestiga Travel
Veston Group Inc.
Vexmarc
Victor Oliver International
Vincent Black International
Vision Group Inc
Vistar Group Inc
Vitrea Estate Group
V-Medical Payments Inc.
Walt Group Inc
Ward Group Inc.
Wave Group Inc
WEB DNA Ltd (Stolen Identity)
Webeca Payments Inc.
Web Hosting
Web Productions Limited
web-sys-it.net
Well Express (Well Ex)
Wescom Group Inc.
Westend Group Inc
Westend Payments Inc.
Western Dynamics Inc.
Western Financial Homes
Western Trust, LLP
West Offshore Inc.
West Offshore Trust
Westpac Company (Westpac Escrow)
WFD Management Group, LLC
WFS Group Inc.
Wood Planet Furniture
Work Online
World Estate Group
World Import
World Medical Payments Inc.
World Wide Auctioneer
World Wide Postal Service
World Wide Logistics Services (WLC)
Worldwide Network (aka Worldwide International Domain Registration)
Xeon Hosting
Yachts Universe
YT Finance
Zexchange
Zeus Financial Group
Zicom Ltd
Zoom Financial Services [**Rockphish**]
Zurich Finance Management SA (ZFM)

Undocumented, Verified Fraud Sites
[Spam copies required please for all sites below]
***All of the sites below are criminal fraud websites - exercise caution when browsing to them***
ABL business
Assets Capital
Astara Trade
AWD Holding
BWC LTD. (bwc-ferc-uk.com)
Condor Business
Essex Investments
European Design and Trading Company, Inc
Euro Route GmbH
Global Offshore Inc.
HPS Motorcycles
INTERNATIONAL DESIGN PARTNERSHIP, INC
International Transport Autos Motors
Lesopttorg
Logicom (Greece)
LT Estate Company
Martinez Web Designs Inc
Online Bid Solution
OPEX Shipping
Prico Service
Pro Business
Raymond Business Consulting
Rocket WebMinds Inc
The international fund of the help "Here and Now"
Top Web Services Inc.
Trans-Shipping Inc.
TSRH Company
UNLIMITED WEBSERVICES INC
USAMailForwarding
Vedex Business
Warding Business Group
Waters & Co. LLP
Website Strategy Inc
World Import Group
ZED Express Delivery
Archived Frauds

ABC Realty Brokers
ABP Properties
Abyline
ACCA
Accent Company
AC Consult Finance
Ace Check Express
AceChecktronic
Ace Global Inc.
Ace Rentals
ACH Consulting Group
Adamant Global
ADT Solutions Inc.
ADX Trans Express
AFC Financial Services
AIF Investment Consulting
Air Group Inc.
Air Parcel Express
AlfaCor
Alfred Simons Textiles & Fabric Company
A-Logistics Inc.
Alpha Financial
Alta Crossing
Ameca
AnimalSafe Inc.
Anthem Premium Finance
Any Art Services (AAS Inc.)
AP Finance
Apollo Business Services
Around The Globe
Asia Consultancy Group
Aska Group
ATG Groups
ATN Services
AUCSTRADE Inc.
Avanta Group
AXA Invest
Bahamas Agents Ltd.
Baltic Finance Group
Baltic Logistic Group Corporation
BBI Business Finance
Belgium Market Money/MarketMoney.cc
Best Finance Invest
Best Global Road
Best Money Invest
BestTradeSolutions
Better Rentals
B.L.G. Corporation
BNT Express International Finance
BroadCapital
Bullet Motorsports Speedlab (BMS)
Burneys Finance
Business & Professional Consultants Inc.
Business Care
Business Trade
Calisto Trading Inc.
Capital Group
Capital Group Inc.
Cargo Alliance
Cargo East Line
Cargo Giant (Cargo Gaint)
Cargo Logistic
Casa Blanca Real Estate
CBA Properties
Central Access
Charles Jones Textiles & Fabric Company
Chernobyl Child Project International
Clayton Investments
Coffe Furniture Design
Comerset Logistics
Commerce Online
Consumer Financial Group
Creovision Laboratories
Cronos Investment
DBI Business Finance
Decapolis Investments
De Cart Ltd.
DeMarck Pharmaceuticals
DES Group Inc.
Design Build Studio, Inc
Design Resources, Inc
DGB properties
Diamond-Exchange Inc.
Digital Investment Projects Inc.
Direct Commerce GmbH
Divine Fabriks
Dominion Financial Co.
Draper Investment
Duty Free International
EastAntiques
East Trading
East Way Inc.
Ebusiness Group Inc.
Eden Financial Group
e-Digital Corporation Inc
E-Investment Projects Inc.
E-Investments Provider Inc.
Electronic Payment Services, Inc.
Electronics Distribution Group
Elite Finance Group
Emarket Solutions Inc.
Enter-Post Inc.
Epayment Solutions Inc.
Eric Ager Logistics Inc.
ESB Finance Group
EU Investment Solutions
Euro Finance Consulting
Euro Globax
Euro Invest Germany
EURO Investment Solutions
Europe Commercial Group
Europe Financial Solutions
Euro Transfer Group
Eu Trust Invest Inc.
Expressdeal
Fair Group Inc.
Farelli.net
Fargo Shipping
Fartex Group Inc.
FASEX (Fine Art Services)
Fast Global Shipping Ltd Agencies
FastWire
F-Consulting Group
Fexco
Finance and Credit
Finance Corp International Inc. (Professional Escrow Service)
Finance International
Finance Link GmbH
Financial Open Inc
Fine Rentals
First Global Road
First Miami Cargo
First Promote Invest Inc.
First Rate Finance

Form Promo Invest Inc.
Fortis Capital Trust
Fortix Investments
Fox Group Inc.
Front Asset
FXM Investment
G9Finance
GamePower Systems
GCS Group
Gen Corp Financial Consulting Group
Geneva Finance (Stolen website)
German Autoimport
Global Delivery Inc.
Global Eu Invest Inc.
Global Financial Group
Global Group Consulting
Global Network Solutions
GlobalSoft
Global Trans Funding LLC
Global Union Inc.
GlobaxTrans Finance
Globe Group
GMT Technology
Golden Finance
Grand Financial (Grand Finance)
Great Game Ltd.
Green Tree (Warehousing) Ltd
Guardian Consulting
Guardian Trading Inc
Happy Children
Happy Kids
Harris Business Solutions
Harsdorf's Financial Group
Harvey Investment
Hays Financial Consulting (Hays Transfers)
Henwood Business Solutions
Highfreight
High Level
Horizon Company
IBN Group Ltd.
IC Audit & Consulting
ICG Technology
Idea Group Inc.
Ideal Group Inc.
Import Export Finance Company
Independent Group Inc.
Independent Postal Service
Infinity Real Estate
Infobite Software
Instar Logistics
InterBuyers
InterLink Development Ltd
International Bidding Solutions
International Logistic Company
International Trading Place
Internet Fidelity Association
Interpay Group
IntFinanz GmbH
Investment Assistance
ITP
IT-security Business Alliance
IT-Service & Network
ITV International
ITV Solutions
JCP Management SA
Jeanius Delivery Company
JE Delivery Company
Joy & Joseph Inc.
JS Partner Group
Ketler Group Inc.
King Finance Group
K-Investment Group
Kleinstern Group
Kraemer Logistics
Lachlands Textiles Ltd
Latvia Web Finance
Legal Operations Inc.
LNM Bidding Services
Logic Group Inc.
Logistic Worldwide Direct (L.W.W.D)
Logistic Worldwide Service (L.W.W.S)
Loox Company
Maestro Hosting
Magnus Business Community
Main Global Road
Malfour F.G. Inc.
Marseille-shipping
Marvell Financial Group
Maxi Group Inc.
MGPA Group Inc.
ML-Group
MMA Solutions
MMM Reselling
Moon Group Inc.
Morgan Investment Co.
Morrison Business Solutions
MT Rushphase
MU Trust Company
M Web Hosting
Mynes Consulting & Finance
National Solutions GmbH
NBB Company
NBIV, Co.
NeoLenses Laboratories
NESCO Accounting & Finance
Newman, Esmond & Eisenberg
Next Level
NitrosGroup Finance
NTI Consult
O&V Brokerage
Obis Consulting Group
Office Online
Offshore Loans Ltd.
Olan Complex Co.
OnaOdna Company
Onis Business Group
OPO Consulting Estonia
Optimus Inc.
Oranta Group Inc.
Osell International
Oversea Delivery
Palmer & Stokes Ltd
Paramount Finance
Penton & Sheppard Ltd.
Penton & Sullivan Ltd.
PF Inc.
PHC Consulting
Phillips & Seymoure Ltd.
Polfreight
Polo Company
Precont
Premium Invest (Premium Finance)
Premium Rentals
Preston & Swane Ltd.
Principle Partners World GmbH
Priority Global Road
Private Business Consulting
Professional Assistants, LLC
Professional Escrow Service Group
Profit Financing Inc.
Progold Incorporation
Progold Investments
Progressive Escrow
Projection Technologies Inc.
Promo Invest
Pro MShine Co.
Property Group
Property Inc.
Property Invest
Rapid Delivery System
Real Consulting Group
Renaissance Capital Advisors Ltd.
Retoneva
Reynolds Investments
Rimm Systems Inc.
RLS-Logistics
Roland Consulting Group
Rossenbaum
Royals Yacht Sales
Safe Way Worldwide
S&T Offshore Inc.
SB Systems Inc.
Secure Financing Inc.
Secure Operations Inc.
Services R Us
Shaller Finance
Ship It, Inc.
Shopper4U
Shopping Assistance
SIBERIA Hunting Agency
Sigma Motion
Silverlens Laboratories
Simple Investments Inc.
Sky Group Inc.
SmartOne Inc.
SNB Auctions
SouthWool Land
SP Group
Star Group Inc.
Star Net
STK Consult
Summit Trading
Sun Hosting
Sunreef Yachts
Sydney Car Centre
Synovus Trade Inc.
T-Consulting Group
Terpax
Toshiba UK Inc.
TradeFinans
Trans Atlanta Services
Trans Atlantic Logistics
Transfer Invest
Transfex Inc.
Transinvest Gateway Corporation
TransWest Pacific
Treenity Real Estate
TR-Finanz GmbH
TriplexDirect Finance
Trust Company Inc
TrustSolution Gateway
TR-Wires GmbH
Tyler Success Group
Ultragame
Unique Fabriks
United Finance GmbH
United Merchants
United Sellers
Unix Hosting
USA Business Solutions Inc.
Usfin Standart
US Money Invest
VBV-Logistic
Velocity Global Resources
Venice Inc.
Vidal Architects, Inc
Vienna Finance
VIP Linda Hotel
Waldman Business Solutions
Walker & Sons Inc
Waller Truck Co.
Wangle Group Inc.
Webcardmaster
Web Ground
Web Star
Western Cargo Logistics
WestHold Transfers
West Metrology Product Company
WidePay Inc.
World Duty Free
World Finance Group
Worldlines
World Market Auction
WorldPay Motors
World Rentals
World Trading Post
WorldTrans Inc.
World Wide Express Services (W.W.E.S.)
Xerpat
Yachts Planet
Your First Global Road
Your Global Road
YourShopper
Zales
ZupaZula

The above are all verified money laundering & reshipping criminal fraud websites & prolific spammers run by criminal gangs who often host their sites using 'botnets' of 'zombie' computers, i.e. PCs that have been infected with a trojan/virus. See The Zombie Botnet 'Host By Proxy'
section for an explanation of this common method by which these criminals host their fraud sites.

The well known 'Rockphish' phishing criminals also operate money laundering websites - they frequently use a zombie botnet method of distributing their spam, (not to be confused with the above different zombie botnet method of hosting websites), and the 'phishing' emails often contain exactly the same spurious code used as Bayesian filter avoidance text.

The registrars of the above criminal's domains are generally chosen by the criminals to be ones they think will be resistant to abuse reports. The criminals generally favour a mixed selection of domain registrars & they vary all the time as they attempt to find a 'criminal friendly' one. Most registrars eventually respond positively once they appreciate the situation, although there are always going to be a small minority of 'blackhat' providers who irresponsibly adopt a "we don't get involved" attitude and ignore abuse reports.


Where multiple domains are used for the same website, the whois data in the registrar look-up for a domain is almost always different and always bogus.

Money Laundering, Re-shipping & Purchase Agent Fraud Information

Money Laundering Fraud

Fraudsters send unsolicited e-mails or place job offers on legitimate Internet recruitment sites or forums looking to recruit 'Money Transfer Agents' with bank or Paypal accounts. These bogus companies offer part-time employment as an agent receiving payments in the form of fake checks or stolen money transfers, sometimes for goods which the company claims to be supplying, and then passing the payment on to the company via a money transfer company such as Moneygram and/or Western Union less an 'agent's percentage', (usually in the range 5-10%).


These job offers are always illegal and fraudulent. Any person who agrees to act as an agent, (more correctly a money laundering 'mule'), is actually receiving stolen or counterfeit funds into their account. The final destination of the transferred funds will be an organised crime syndicate, generally overseas.

Re-Shipping Fraud

Another variation of this fraud is to offer part time employment as a 'Re-shipping Agent'. This consists of accepting parcels to your home address and forwarding them on to criminals. Needless to say these goods are either stolen or obtained by fraudulent means. This type of fraud is well documented by many authoritiative sources such as Monster and the US Postal Inspection Service. Needless to say this occupation as a 'Reshipping Donkey' leaves the unsuspecting dupe as the only contactable 'fall guy', guilty of handling stolen goods.

Purchase Agent Fraud (aka 'Personal Shopper' fraud)

A third type of fraud is becoming increasingly common, this is the 'Purchase Agent' scam. In this scenario the potential dupe is offered the position, (often well disguised), of working for a company and one of his first tasks will be to purchase equipment for the company on his credit card, all paid for by funds directly transferred into his credit card account. There are two aspects to this, firstly the criminals need your credit card details, "to be able to make payment to you", and they will request you to ship the purchased items to them. Needless to say, any transferred funds will eventually come back as fraudulent and what they will do with your credit card details does not need much imagination. A variant of this is the bogus job of 'Personal Shopper' where you are asked to purchase goods on your credit card for onward shipment, usually to Russian or other Eastern European addresses.

Newspaper Job Advertisement Placers

In this scam the potential mark is asked to place job adverts in local newspapers for "$100 an advert". Needless to say these jobs are one of the above fraud jobs that the Eastern European criminals can't place themselves, (or are not willing to take the risk).
 
No legitimate company would offer a 'Money TransferAgent' 'job' to a home-based private individual - such a job is always illegal and the company offering it is always a criminally run 'front' company. Similarly, no legitimate company would offer a job as a 'Re-shipping Agent' or a 'Purchase Agent' or 'Personal Shopper' to an unknown, unverified home based private individual. Such a 'job' is always a solicitation from
a bogus criminal company to fence stolen goods or to simply defraud.

These companies can be very convincing in their attempts to perpetrate their fraud. Many of them try and give an air of legitimacy by displaying bogus 'Verisign' and other certificates. Learn to recognise fake 'Verisign' certificates which will simply be .gif images on the criminal's own webserver and when clicked on will not display information that originates from the genuine Verisign https secure server, but simply another bogus .gif image from the criminal's site. Always ensure that the URL of the pop-up seal verification page begins with the address https://seal.verisign.com. If it doesn't, the seal is fraudulent.

Any person who suffers financial loss as a result of acting as an "agent" for any of these organisations would not be eligible for any form of refund from the bank concerned who would recover any monies, close the account involved in this scam and criminal charges could follow, not just for the "agent" but for anyone knowingly involved in provision of services to the criminal:

Knowingly supplying services to these fraudsters is a criminal offence in the UK under the UK Proceeds of Crime act (2002) Section 328 "A person commits an offence if he enters into or becomes concerned in an arrangement which he knows or suspects facilitates (by whatever means) the acquisition, retention, use or control of criminal property by or on behalf of another person". The notification level for this offence is low. Would all hosts and registrars with a UK presence please bear this in mind. Other countries will undoubtedly have similar provisions.

If you think that being a 'Money Mule' or a 'Reshipping Donkey' or a 'Purchase Agent' is a relatively safe and profitable occupation, then think again - the paper trail leads directly to you and you may well find yourself in the same position as these 14 Dutch entrepreneurs or these UK chancers or this US woman or even this girl here. Don't be a mug - don't do it or you'll certainly end up with huge losses, probably get arrested and possibly earn yourself a criminal record.

Brian Krebs of The Washington Post often produces excellent articles about these fraudsters. This article details how a particularly prolific gang obtain their funds and this one details how the 'mule' is recruited by a fake company documented on this website and the sequence of events.


For further information regarding UK money laundering law, please refer to:
http://www.lawsociety.org.uk/professional/conduct/guideonline/view=page.law?POLICYID=225029

The USA has similar provisions in law to the above making it an offence not only to commit money laundering fraud but also to knowingly facilitate money laundering fraud as an 'Accessory after the fact'. For further information regarding those provisions see these Cornell University Law School links:
U.S. Code collection

1956. Laundering of monetary instruments
3. Accessory after the fact

Whether the fraudster uses a website, as in the examples above, or simply uses a response email address, (as these criminals also do - see below), the fraud is exactly the same. Remember the first rule of spam, i.e. All spammers are liars - if you receive a 'job offer' in an unsolicited email, (spam) it is invariably a scam. Always abide by the Boulder Pledge and never respond in any way whatsoever to anything that is spamvertized whether it is goods or services. [Return To Top]
The Strawberry Site Money Laundering Fraud
[AKA Devbill, Ebooks etc webites]

This is a variation of the standard money mule operation and recruits unwitting mules who are requested to register 'genuine' limited companies complete with merchant accounts in what on the face of it appears to be a franchise operation selling website templates or software or whatever, (the actual 'product' doesn't even exist - it is irrelevant to the fraud). The criminals supply a website, (in the UK this currently has a distinctive 'Strawberry' 'Flash' template) which bears the name of the company that has been set up by the 'mule'. This is the scam operated by Infobite Software and has been in existence for some time in the US, with many previous aliases. The criminals use stolen credit card data to make small charges against numerous cards for fake products allegedly supplied by the 'front' company which has been newly registered by the unwitting mule. The mules function is then to wire 90% of these fraudulent charges back to the controlling criminals.

This is a simple overview of what is a huge worldwide credit card fraud operation. For a full history and an amazing in depth analysis of the fraud, have a look here, along with the aa419.org coverage here.

So, if you are offered what appears to be a franchise operation, (especially if it comes out of the blue in a spam, probably purporting to come from a job website), and are asked to set up a limited company and open a merchant account to operate a website supplied by the 'company', then it is likely that you are being recruited for this illegal money laundering operation. Don't be tempted.

If you see a small, (usually 9.90), unknown charge on your credit card from one of these 'front' companies
then your credit card data is known to the criminals. You should report it as a fraudulent charge, (not a disputed charge), and request a new card and associated details. You may also wish to file a crime report on the Metropolitan police 'Fraudalert' website.

This fraud has now been replaced by a new alias and a new generic mule website - see
AlfaCor for details. [Return To Top]
The Victims

I receive many responses from visitors to my site, some from victims who have been defrauded by the fraudsters that I document on this website and many more who are just upset by the volume and nature of these criminal's spam. I find some of them quite upsetting myself. An example of the former is a response from a CEO of a Credit Union who tells me of some of her members who have lost thousands of dollars to these criminals. An example of the latter, and these can be just as upsetting, is from a UK lady who wrote to me, (& has kindly given me permission to print this):

"Harvey Investment Co.- totally sick of their invites. I am a 73 year old UK voiceless (cancer) female needing my pc for my only communication".

So, if you are the sort of host or registrar who sees nothing wrong in providing services to these criminal fraudsters under the argument that "What they do with the hosting/domain I provide is none of my business" then I have zero regard for you. If you knowingly host these criminal's zombie botnets and register their domains and ignore abuse reports then as far as I am concerned you are aiding and abetting their criminal activity and that makes you as guilty as they are.

If you are tempted by the thought of easy money and wonder what might happen if  you reply to these fraudsters and take up their offer, then this cautionary tale received from "Dave" from California might just dissuade you:

"
I have been recruited by 5 different companies. 3 of which actually have sent me checks or moneygrams. 2 of which I have deposited into my account. Although I have not released any funds, Thank God. Due to the fraudulent payments that were deposited into my account have I committed a crime? My bank has frozen all of my assets and are talking about criminal charges".

Then this is what "John"
from the UK tells me happened to him:

"Hi, Good Evening. I've just this afternoon had my Bank Account suspended - yes, you may have guessed - Cronos. I fell for it. Laid off work on the 19 Sep so searched the internet for home based jobs, which most are scams and I avoided them. There amongst the other emails was one from Cronos inviting me to be a 'regional rep' for their company. All I had to do was have money transferred to my account and then pass via western union to their reps. in Poland. Yes, same addresses you have here on your website. They transferred 2115.00 cash which was immediately available and I duly transferred the monies, (what a fool I was ), & took 10%. This morning there was another cash transfer of 3882. What alerted me this morning was that I went to the hole in the wall, like you do, and it took my card. I went straight to the call centre who gave me a number to ring which turned out to be the fraud dept. I had an interesting conversation and went straight to my branch with all the details I had - emails, Western Union transfers and addresses of the people, (although I guess these will be false). Hope this helps someone somewhere".

John also tells me that the number that they called him from was
44+78124496357

Sometimes the consequences of getting involved with any of the criminals that I document on my website can be very traumatic. This is the cautionary tale sent to me by a lady from the US:

Well I was actually arrested for fraud after getting lured into the Trans Invest Site. After being pulled over for speeding I discovered there was a warrant for my arrest and was taken to jail. After a call to a local detective it seems that the forgery charges are a result of me receiving a check, cashing and transferring funds...i have now taken the brunt of the scam. I can tell you that I have NEVER been arrested and was HORRIFIED that this has happened. Yes, after the fact I am completely taken back about what has happened and the fact that I let myself be taken like this. As I now face criminal charges and trying to investigate this I am trying to find others that have been scammed by this particular Company in hopes that it may help my case. I have seen this on TV, radio..etc but never in a million years thought it would be me. I would appreciate any information that you can provide that might be able to help me. Thanks.

The message is clear, unless you have a strange liking for prison food, do not get involved with any of the criminals that I publicise and always be wary of part time work at home 'jobs' where the rewards seem to be too good to be true - they almost certainly will be. NEVER accept checks into your personal bank account or goods for reshipping.
[Return To Top]
Notes For Abuse Teams

Please appreciate that I do receive a lot of spam from these fraudsters & I think it only fair to pass appropriate reports on to the relevant abuse teams. If you disagree with this policy and do not wish to receive further abuse reports then please click on the 'Contact Us' link to send me a request - I have no wish to annoy you unnecessarily, but please bear in mind that the spam is not the major issue - the major issue is the victims that are sucked into this criminal's net of deception & theft - those are the ones to consider. The spam is very much a secondary issue compared to the misery and distress these criminals cause to their victims.

I'd like to thank the many honest, ethical & caring hosts, (& registrars), who have disconnected these fraudsters within an hour of receiving an evidential abuse report, (several in c. 20 minutes). However, the zombie botnet controlling nameservers seem to be occasionally hosted by Colocation/VPS service providers who do not respond to criminal fraud abuse reports in a reasonable time scale. The vast majority of honest, ethical & caring SPs will respond with an immediate, (preferably not 24 hours or 48 hours & certainly not never...), disconnection on receipt of a criminal abuse report, having quite rightly considered the evidence & investigated, but a few service providers stall or simply ignore abuse reports. This latter minority of uncaring, unethical or even downright criminal hosts are aiding and abetting criminal fraud and the victims suffer because of it.

Companies who deal with these criminals should be aware that according to my information from abuse teams they have in the past paid for their services using Paypal linked to stolen credit cards, so a chargeback may be expected. Even if a chargeback is not forthcoming, please bear in mind that the money that is paying for the hosting or domain is money obtained from the proceeds of crime & in accepting it you are also profiting from the crime. The bottom line is please be proactive in attacking these criminals - please do not be an accessory to internet crime by ignoring abuse reports or dragging your feet - please be a part of the solution, not a part of the problem - please spare a thought for the victims of these fraudsters. A prompt response to criminal abuse reports is essential, i.e. preferably minutes, but at worst hours - certainly not days. These criminals rely on abuse teams who take days to react if at all. If you do not respond to abuse reports, or if you do not receive them due to spam filtering on your abuse reporting address, please do not criticise me for simply posting the fact in my daily blogs - they are simply a factual record of my daily experiences. N.B. - Spam filters on abuse reporting addresses are a serious hindrance to genuine abuse reporting, especially if NDRs are disabled. These remarks are not aimed at the ethical majority of hosts who are a pleasure to deal with, just the unethical or simply uncaring few.

These are prolific criminals who have been in this business for many years & most are linked to the 'rockphish' phishing criminals and other commercial crime. If you aid and abet these criminals then you are aiding and abetting the 'phishing' & auction fraudsters too. Please consider immediate termination of these fraudster's accounts when I report them to you. If you receive an abuse report from this website you can be assured that the utmost care has been taken to ensure its accuracy and justification, including the use of reputable 'real time' DNS tools and top level whois data from the likes of ARIN APNIC, LACNIC, RIPE etc. I do not rely on conjecture or opinion - my reports are based on solid, irrefutable evidence of criminality.

Abuse teams may wish to consider passing on any details to the authorities that might lead to arrests & convictions. It is possible to glean a lot of information from the criminal's server before it is shut down.
[Return To Top]

Money Laundering - One detailed Method of Operation

This method of operation is documented for the Adamant Global fraudster, but I am confident that it equally applies to the rest of the criminal aliases that I document who are all from the same stable.

Once you have contacted them, these criminals ask you to set up a bank account, or ask for existing account details, (or merely use your Paypal account if you have one). After you have done that, you will receive an email to tell you that funds have been sent or transferred to that account and to wire it on to them as soon as possible less 10% for yourself. Those funds may be in the form of a direct transfer or a mailed cheque, but whichever way you receive the funds, they will be counterfeit or the proceeds of fraud - one method at the moment seems to be using fake Ebay auctions that name you as the recipient of the funds, so you will probably receive an irate email from someone who hasn't received the computer or camera or whatever that you have received the money for. This is the Adamant Global scam that Ms. X in the USA fell for and who sent me this information:

I have been taken by this scam. I received money on my paypal account and transferred the money to two people. Islam Nikaev 02-758 Mangalia 3B Warszawa, Poland (1078.38) and Idris Mazaev 04-12824 04-128 24 Omulewska Str, Warszawa, Poland (1082.38). Following is the email that I got letting me know that the money was in my paypal account. I was to keep 10% and wire the rest. I now have a very angry person contacting me because he said he won a computer on ebay and spoke to a women (not me) and still has not received the computer:

From: a.melba@globaladamant.com Save Address To: xxxxxxxxx@xxxxxxxx Subject: new payment, instructions Date: Tuesday, September 18, 2007 2:33:09 PM [View Source] Good day, New payment of $2,601 has been transfered to your paypal account, please withdraw them to your bank account (instruction below). Log in to your PayPal account. Click Withdraw. Click the Transfer funds to your bank account link. Enter the amount of the withdrawal, choose the bank account to withdraw funds to and click Continue. Click Submit. Please confirm reception of the funds and let us know when they are cleared. Regards, A. Melba

Mr. X in the USA received this email after falling for this fraud:

Dear Mr. X,

As soon as your bank has confirmed that the money is available to be  
withdrawn, please calculate and take out your 10% commission out of the  
total amount that you have on your account.  
 
After that,  withdraw the remaining 90% balance and carry it to the  
Western Union.  
The money should be transferred via Western Union for the  
following person(he is our  agent in the regional branch).  
 
First name: Magomed
Last name: Ezhiev
Country: Poland
City: Warszawa   
      
Adress: 04-128 24 Omulewska str.

As can be seen, the recipients of these transfers are ostensibly based in Warsaw, Poland, but with these criminals everything is fake and nothing is ever quite what it seems..

If you have any information regarding these fraudsters along the above lines then please do contact me.
If you are sending me any communications from one of these criminals then to be of most use the full email headers are necessary. How to reveal these are shown here for many popular mail clients. If you come across any money laundering fraud that is not documented on my website then do please let me know.

It's interesting to note that the criminals use variations of the fraud domains purely as maildrop domains - i.e. the domain
globaladamant.com is actually parked but the criminal is using the mail facility of the domain as a 'secure' mail service. I say secure because it's often hard enough to convince some registrars that the main fraud domains are just that, never mind trying to convince them that a parked domain is being used for criminal purposes as well....
[Return To Top]


Email based fraud
These criminals do not always use a website. They send tremendous amounts of spam offering a part time job of "Regional Assistant" or "Local Manager" or "Finance Assistant" or some such bogus title. The job always consists of accepting stolen or just plain counterfeit funds into your account, (which they may stress doesn't need to have existing funds in it), and forwarding it on to the criminals using Moneygram or Western Union less a percentage for yourself. There may be all sorts of "sweeteners" included in the spam such as "prospects of promotion", "professional advice", "pension scheme" etc, etc. All totally bogus, of course. The initial contact email address is often a Yahoo or AOL, or Gmail or Hotmail address, but whatever it is, the 'job' is fraudulent and illegal and will end up with you losing a lot of money and possibly facing criminal charges. Don't fall for it!

See the section "Email Based Job Scams" for more information on current spamvertised job scams. [Return To Top]


Fraud Forums
I have been made aware of a new? twist to ML fraud. The pharma/rockphish criminal fraudsters are operating phpbb based web forums that actively and openly recruit money laundering mules without attempting to disguise the operation in any way, quite the opposite - they are portraying this activity as legitimate and easy and commonplace. I'm not going to give them any publicity by publishing the links, but if any sections of law enforcement wish further information, please contact me. They are targeting the gullible, the greedy and of course, the outright criminal elements. If you are criminal and/or greedy enough to deliberately get involved in this, let me spell out for you the inevitable course of events. You may initially find that doing these transactions IS easy and you will be making 10% or so from every transaction, but the banks involved are not stupid - they are watching out for this sort of thing. Inevitably, sooner rather than later and without warning your account(s) and all your assets will be frozen, the police will come knocking on your door and you will not be treated as a victim of these criminals but as a criminal accomplice.

These criminals regard their mules as expendable fools - they do not care what happens to them. They know full well that their mules will eventually be arrested, but it's of no interest to them as long as they themselves remain safe and anonymous - they just recruit new ones. Unfortunately there seems to be a plentiful supply. As PT Barnum probably didn't say - "There's a sucker born every minute".
[Return To Top]


The Zombie Botnet 'Host By Proxy' (aka 'Fastflux', 'Asprox' et al)
How to recognise a zombie botnet hosting arrangement, frequently, (but not always), used by these fraudsters to host their websites. Please note that the below data is just an example of the arrangement - the IP addresses and domains used were real but are no longer active as the host & registrar have long since taken action - it is the arrangement and the method of diagnosis that are important.

This arrangement is basically a 'hosting by proxy' arrangement where a traceroute, (tracert), to a criminal website URL ends up on one zombie (virus/trojan infected end user machine), of possibly thousands that are being controlled, ('herded'), by a nameserver or more accurately 'botnet controller' which is registered by the criminal and is the real villain in the piece.

All the tools to help you can be found on the sites:
http://www.domaintools.com/services/
http://www.centralops.net/co/
http://www.robtex.com/
http://www.dnsstuff.com
http://www.dnswatch.info/

1) Check the DNS data for the website domain in question, (e.g. for nwmsmds.org), using one of the above links, (I have done it using the dnsstuff.com 'DNS Traversal' tool as it formats the result conveniently, but the information can be deduced from any good DNS lookup tool):

Looking up at the 2 nwmsmds.org parent servers:

Zombie Botnet Nameserver Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.walillc.com [74.62.155.57] 85.217.201.213 87.207.253.79 89.37.242.97 210.6.255.133 78.52.147.3 79.116.186.67 80.98.245.209
ns2.walillc.com [195.81.52.10] Timeout - Fake nameserver, (never resolves).

2) Note the set of seven IP's in the response column which are the 'A' records returned by the nameserver ns1.walillc.com. If a new lookup is done after a short interval they will have changed to a new set - they rotate at a predetermined interval.

3) Immediately do a tracert on the domain nwmsmds.org, (before the IP's rotate), & it will end up on one of the seven IP's, showing it to be the site host IP at the instant the tracert was done. Do it again some time later and you will get a different host IP from the 'A' records list.

4) Do a whois lookup & ReverseDNS lookup on these IP's - where the data is clear it will show them to be DSL pool or cable, dynamic or static end-user IP's on a myriad of different domains which confirms them to be 'zombie' PCs, (infected end-user machines).

5) Check the date the nameserver domain, (i.e. walillc.com), was registered. They are always 'throw-away' domains registered very recently by the criminals themselves to use to control the zombie botnet as they cannot use a legitimate DNS service for that purpose.

In the above example the botnet controller ns1.walillc.com is hosted on the Roadrunner IP 74.62.155.57. The nameserver domain walillc.com was registered with INTERNET INVEST, INC. DBA IMENA.UA by the criminals as an integral part of their botnet.


The criminals use numerous nameserver domains & nameserver IP's that are frequently shutdown. The life cycle of a nameserver IP of these fraudsters may be only a few days or even hours, depending on how good the relevant abuse team is at understanding the problem, how responsible they are & how quickly they act.

Once again, please note that the above is just an example of the arrangement - the IP addresses and domains used were real but are no longer active as the host & registrar have long since taken action. Some botnets use 5 zombie IPs, some use more and some use only 1. The possibilities are unfortunately almost limitless. The 'Asprox' botnet is currently running 15 zombies per nameserver and the nameservers themselves appear to be hosted on zombies. (See
MU Trust Company)

N.B. - The zombies that were hosting the snbauctions.md domain used for the SNB Auctions fraud and the lnm-online.su domain used for the identical LNM Bidding Services Fraud were also hosting the Sun Reef Yachts domains linking those scams without doubt to the 'Rockphish' group, (Sun Reef Yachts spams contained identical Beysian avoidance code to Rockphish phishing spams). However it's also been noticed here that the Nesco resolving 'Asprox' domain COM45.SU has the same whois data as the domain lnm-online.su used for the LNM Bidding Services Fraud, which therefore undoubtedly links the 'Asprox' and 'Rockphish' gangs - they appear to be one and the same group.

The domains and IPs do not stay active for long if the service providers are ethical and on the ball. Examples of active domains can be found on many current fraud pages on this website. 
[Return To Top]
If you find this site helpful then please feel free to link to it on your website by inserting the following HTML code, (opens site in new window):
<a href="http://www.bobbear.co.uk" target="_blank">Money Laundering Fraud Websites</a>

Further Reading on Money Mule and re-shipping fraud

The UK BankSafeOnline website, (produced by APACS - the UK trade association for payments), has an excellent description of the money 'mule' process, under the Money Mules Explained sub-heading, but there is also a much wider range of excellent information, including information on 'Phishing' and Trojans.

These criminals increasingly attack career and job websites. This Monster article explains both the money laundering and re-shipping fraud aspects.

For further information on these & similar criminal fraudsters, see under 'Job offer scams' on the Wiki page http://www.spamtrackers.eu/wiki/index.php?title=Category:Job_offer_scams and always remember, Google is your friend!

The international law firm Pinsent Masons has an excellent site called 'Out-Law' which
has 7,000 pages of free legal news and guidance, mostly on IT and e-commerce issues. [Return To Top]
Law Enforcement Links

UK Metropolitan Police fraud alert

Philippines National Bureau of Investigation

Hong Kong Police

United States Secret Service, (Financial Crimes Division)

United States Department of Justice (Computer Crime & Intellectual Property Section)
     ●     How to Report Cyber and IP Crime 

The Swiss Coordination Unit for Cybercrime Control (CYCOS)

European Network And Information Security Agency (ENISA)

Europol

Interpol  - International Police Justice links

FBI  - Internet Crime Complaint Centre

Belgian Internet Crime Reporting Site (ECOPS)


The German Federal Criminal Police Office (BKA)


Do you know any links to local or national law enforcement bodies worldwide that may be useful in the field of reporting internet crime? Then please let me know and I'll publish them here.

*** If you are a law enforcement agency and would like feedback or information or copies of abuse reports concerning the providers of this criminal organisation's services pertinent to your area of policing then please contact me via the 'Contact Us' link. N.B. - as I have had some suspicious approaches I will require proof that you are who you say you are***
[Return To Top]
Other Anti-Fraud Resources, Useful Links & Victim Support

Anti-Fraud Websites:
http://www.aa419.org
http://www.scamdex.com

Useful Links
The UK Financial Services Authority - if a company claims to be operating in the UK in the financial sector then it must be registered here. However, it is becoming more common for a fake company to hijack the registration of an existing company.

Here is a useful list of "Unauthorised Internet Banks" from the FSA, but I don't know how up-to-date it is kept.

The UK Companies House - a registered UK company will be recorded here, but once again, thieves and fraudsters do hijack existing company names.


The US Postal Inspection Service (USPIS) has a wealth of information on current scams, victim rights and many other aspects of online scams. They also have a fraud reporting option.


Victim Support:


USA - Fraud Aid - Fraud Aid is a US based non-profit website which not only offers a wealth of information on the mechanics of a wide variety of frauds, but in addition offers support to the victims of fraud. If you are, or suspect that you are the victim of fraud, then you will undoubtedly find information and support here.
UK - Victim Support - Victim Support is an independent national charity which helps people cope with crime. They have a network of local branches covering the whole of England and Wales and separate organisations covering Scotland, Northern Ireland and the Republic of Ireland. 
[Return To Top]
Are You A Victim Or Have You Any Information?

If you are a victim of any of the above criminal fraudsters and/or would like to help to bring them to justice then I would be interested in any information that you have received from them that could help towards that end. For example, that would include source code for any correspondence you have had with them, (or select "Forward as Attachment" in your email client to send the complete message including the headers), & scanned copies of any paper correspondence, (not the originals), such as Western Union receipts for transfers to them etc. If you wish, you may remain completely anonymous - I do not require your own personal details which may be obscured in any material supplied. Please contact me via the 'Contact Us' form if you are willing to help in this way. If you are sending me any communications from one of these criminals then to be of most use the full email headers are necessary. How to reveal these are shown here for many popular mail clients. [Return To Top]
Fake Anti-Fraud Websites

A new development (November 2008) is the appearance of a serious attempt by the criminal fraudsters to imitate the work of anti-fraud websites by offering aid to fraud victims with the added twist of offering to recover the money that they have stolen in the first place! I assume their intention is two-fold. Firstly to try and discredit the genuine anti fraud operations that are undoubtedly making life difficult for them and secondly to try and entice the victims back into their clutches for a second bite at the cherry. The criminals are using a stolen website for this cynical enterprise and they are going under the name of the '
Internet Fidelity Association'. The website, using a host and nameservers used by many other fraudsters, contains the usual 'Runglish' semi-literate mix of bad grammar that betrays its Eastern European origins.

Unfortunately, their offer to recover any losses resulting from fake checks might sound tempting to the victims that have lost thousands of dollars, but the sad fact is that once the money has been sent using Moneygram or Western Union and collected at the remote end it is irrecoverable, and the criminal's promises are just lies upon more lies. Do not be fooled.

'Recovery' scams are not unknown in fraud circles, as this article explains, and the above fake website undoubtedly comes into the category.
[Return To Top]