Money Laundering and Reshipping Fraud
 We are also available on bobbear.com Email Based
Job Scams		 Abuse Reporting
Information		 Contact Us Don't Bear Internet Fraud
Please be aware that criminals attack this website & my reputation. I NEVER accept or solicit for money and I NEVER send out spam, so if you receive any spam referring to me or my domain bobbear.co.uk in any way whatsoever it has NOT come from me but from criminals attempting to discredit me. If you receive any unsolicited email referring to me or my website - please send me a copy, then either delete it or report it using SpamCop. To learn more and to find out how to report all of these criminal fraudsters to their hosts and registrars yourself, check out my site and fight back! This & this Sophos blog & this Sophos press release refer to the criminal's past efforts against me, as does this VNUNET article and this Infosecurity.us article among many others. Google for more articles and information. No doubt there will be more attacks. Thanks to everyone for the support I've received. If it hadn't been for the criminals attacking me I would not have had the publicity, so I guess I owe them one too. 
Search This Site (Javascript must be enabled)
 Bobbear.co.uk is a voluntary, non-profit site dedicated to providing information on fake companies offering part-time, work from home job scams, in particular money mule or money transfer fraud, aka 'payment transfer agent' scams and the related reshipping fraud or 'parcels agent' scams. We also provide what victim advice and support we can. If you receive a suspect spam offering you a job then please send us a copy. We do not cover '419', (Advance Fee), frauds or fake lottery scams.
Powered ByDNSStuff.com - Your Destination For DNS and Networking Tools Money Laundering and Reshipping Fraudsters
Money laundry logo
Hostpuppy banner
On This Page
Money Laundering & Re-shipping Fraud Information
The Strawberry Site (Asprox) Money Laundering Fraud
The Victims
Notes For Abuse Teams
Blackhat Service Providers
Money Laundering - One detailed Method of Operation
Email based fraud
Fraud Forums
The Zombie Botnet 'Host By Proxy' (Fastflux, Asprox etc.
Further Reading on Money Mule and Re-shipping fraud
Law Enforcement Links
Other Anti-Fraud Resources, Useful Links & Victim Support
Are You A Victim Or Have You Any Information?
Fake Anti-Fraud Websites
Top Twenty Scams [03-Jul-2009]
Most visited pages in order of popularity which reflects the level of spamming and fraud activity.
www.bobbear.co.uk/
www.bobbear.co.uk/huge-group-inc.html
www.bobbear.co.uk/flat-group-inc.html
www.bobbear.co.uk/junior-group-inc.html
www.bobbear.co.uk/all-group-inc.html
www.bobbear.co.uk/index.html
www.bobbear.co.uk/poland-real-estate.html
www.bobbear.co.uk/clarkson-logistics.html
www.bobbear.co.uk/page8.html
www.bobbear.co.uk/poland-job-office.html
www.bobbear.co.uk/global-forwarding-company.html
www.bobbear.co.uk/global-shipping-agency.html
www.bobbear.co.uk/highway-group-inc.html
bobbear.co.uk/
www.bobbear.co.uk/westpac-company.html

www.bobbear.co.uk/abusereport.html
www.bobbear.co.uk/multi-group.html
www.bobbear.co.uk/global-shipping-agency-ltd.html
www.bobbear.co.uk/case-group-inc.html
If you receive any offers of part-time home employment either cashing checks and transferring the balance, or reshipping parcels, or purchasing goods on your credit card for onward shipment or placing job adverts in newspapers, be aware that ALL such offers are fraudulent and are simply attempting to involve you in criminal activity which will result in your bank account being closed, your assets frozen and you possibly ending up with a criminal record.

If you have received a suspect job spam and it doesn't appear to be listed on my website then please send me the details, for example a working website link and/or a copy of the spam and I will be happy to investigate.
My website is purely voluntary and I cannot accept monetary donations, but if you are willing to offer services that may be of help in investigating and fighting this sort of fraud then I am always grateful for such help. If you are a company that offers subscription accounts for investigative services such as DNS tools, passive RDNS data etc than I would be most grateful for a free account for which in return I can offer an advertising slot on the site. Please consider offering secure website hosting, (again for an advertising slot, of course!), which would enable me to mirror my site in order to harden its operation. DDOS protection would also be very welcome. Please contact me via the webform if you are willing to help me continue to publish this criminal fraud activity.  Input from law enforcement agencies is always welcome.
As I've got some free space here at the moment I'd just like to say a big Thank You to all who contribute information and help to this website, especially to Simon Bear and Frank Bear and BK Bear and all the many other unsung heroes who beaver away in the background, providing me with news & updates of new and old frauds and reporting active frauds to the abuse teams. I couldn't do it without you all! Keep up the good work!
Active Frauds

2 Affordable
20th Century Financial
Abcat Finance
ABC Realty Brokers
Abela Financial Group
ACCA
AccessUSA
 Ace Check Express
ACH Consulting Group
Active Solutions Inc.
Adamas Jewellery LLC
Adecco
AdexComp
Advanced Finance Inc.
Advance Finance Group LLC
Advance Finance LLC
AGS Consult Ltd.
AIF Investment Consulting
Air Group Inc.
Air Parcel Express
AlfaCor
Alfred Simons Textiles & Fabric Company
All Group Inc.
Alliance Global Limited
A-Logistics Inc.
Alta Crossing
American Finance
AmexFinance
Analytics
Anthem Premium Finance
Any Art Services (AAS Inc.)
AP Finance
API Advertising, Inc.
Apollo Business Services
Apollo Forwarding Inc.
Approved Finance Solutions
AREM Networks
Around The Globe
Asia Finance Group
AST Finance & Consult
Astin Delivery
AstrumaSoft Ltd.
ATG Groups
ATN Services
AUCSTRADE Inc.
Auction Online Solution
Audio Buy
 Avant-guard Advertising Agency
Avicenna Swiss Medical Centre
Awesoft Inc.
Awesome Transportation
AXA Invest
Bahamas Agents Ltd.
Baltic Finance Group
Baltic Logistic Group Corporation
Baltic Transport Logistics Systems
Bars Corporation
BBM Group Inc.
BCA FINANCIAL SERVICES, INC.
BCG Group Inc.
Berrco Orange Cosmetics
Best Global Road
Bestway International
B.L.G. Corporation
British Fast, Secure Shipping Ltd
British Worldwide Ltd Agencies
Browncorp Financial Services
Brutto IT Services
Bullet Motorsports Speedlab (BMS)
Business On-line
Buyer Guardian
Capella Finance Inc.
Capital Group
Capital Group Inc.
Cargo Alliance
Cargo East Line
Cargo Partner Inc.
Casa Blanca Real Estate
CASE Group Inc.
Centurion Logistic Group
Charles Jones Textiles & Fabric Company
Chernobyl Child Project International
Citadelle Ind. Company
CJHotel
Clarkson Logistics
CNC Solutions
Comerset Logistics
Commerce Online
Co-Processing Pty Ltd
Cosco Logistics
Cyprus Hotel
DC Group Inc.
DDK Group Inc.
Delivery Solutions Inc.
Denson Realty
Deplast GmbH
Design 2 Studio LLC
Design Build Company
Design Build Studio, Inc
Design Resources, Inc
Design to Perform
DGB properties
Divine Fabriks
DOMO Inc.
Dove Group Inc.
Dream Group Inc.
Duty Free Shopping
Eagle Group Inc.
East Delivery Inc.
Eastline Logistics
East Trading
East Way Inc.
Easy Web Company
eBay Express Services Inc
Ebusiness Group Inc.
Ecos Group Inc.
EDS Solutions Inc.
eFinance Group Inc.
EFIS Company
EFS Capital Group Inc.
e-Innovative Inc.
Elite Jewelry
Enex Inc.
 Enter-Post Inc.
Eric Ager Logistics Inc.
Euro Finance Consulting
EURO Investment Solutions
Europe Commercial Group
Europe Financial Solutions

Eurostars Travel Inc.
Ewin Group Inc.
Fartex Group Inc.
Fast Global Shipping Ltd Agencies
Fast, Secure Shipping Cargo Ltd Agencies
FastWire
Fastwire Group
FB&B Group Inc.
FCB Group Inc.
FES Pty Ltd.
Fexco
FIAS
Finance and Credit
Finance & Trade Advisory
Finance Corp International Inc. (Professional Escrow Service)
Finance Link GmbH
Financial Advantage
Financial Center
First Design Group
First Europe Postal Service
First Fidelity Investment Corp
FIS Company
Flagston
Flar Group Inc.
Flat Group Inc.
FMC Reselling
Focal Financial Group
Fortis Capital Trust
Fox Group Inc.
FXM Investment
Active Frauds - continued

G9Finance
Geneva Finance (Stolen website)
German Autoexport
GFC Inc (Global Forwarding Company)
Gio Group Inc.
Global Delivery Inc.
Global Group Consulting
Global Network Logistics
Global Network Solutions
Global Shipping Agency
Global Shipping Agency Ltd
Globe Group
Glorex Business Solutions
GMT Technology
Golden Finance
Grand Financial (Grand Finance)
Great Expedition
Green Mile Inc.
Grehem GmbH
Guardian Trading Inc
Gumpstores Corporation, LLC
Harper Logistic
 Hays Financial Consulting (Hays Transfers)
Hermes International
HHT Logistic Company
Highfreight
Highway Group Inc.
HLB SERVICES LLC.
Hoffmann & Horst Logistics
Hogan Capital
HUB Group Inc.
Huge Group Inc.
IBN Group Ltd.
IBS Group Inc.
Idea Group Inc.
Ideal Group Inc.
IDS Solutions Inc.
 Import Export Finance Company
Infinity Real Estate
Innoverse Software
Instar Logistics
Intaro Safe Business Group
International Logistic Company
Internet Fidelity Association
Intracom
Investment Assistance
Investment Provider
IT Logistics
ITP
IT-Service & Network
ITS Financial Corp
JAMESON-RECRUITMENT
JCP Management SA
JE Delivery Company
Jimmy Hudson International
Job at Home
JSR Group Inc.
Junior Group Inc.
Kemp Oil
Kenneth Shelton International
Key Group Inc.
Kleinstern Group
Komerset Logistics
Kraemer Logistics
Lachlands Textiles Ltd
Landor Financial
Latvia Web Finance
LC Escrow & Consulting
Leading Delivery Service, Inc.
Limited Design, Inc
Liram Delivery Service
LNM Bidding Services
Logicor Express
Logistic Sense Inc. (Logistic Sence Inc.)
Logistics Online
Logistic Vision, Inc.
Logistic Worldwide Direct (L.W.W.D)
Logistic Worldwide Service (L.W.W.S)
LP World Investments
Lucky Parcel ltd.
LX Cargo Express
Main Global Road
Malfour F.G. Inc.
Marseille-shipping
Maxi Group Inc.
Mayers Ltd
Merci Group
METROAIR EXPRESS
MGPA Group Inc.
Milet Business, Inc.
Minara Company
Mirax Cargo
ML-Group
MMA Solutions
MMM Reselling
Moon Group Inc.
Morgan Trading Co.
MTK
Multiconcept Group Inc.
Multi Group Inc.
MU Trust Company
M Web Hosting
National Solutions GmbH
Navitex
NBB Company
NBIV, Co.
NESCO Accounting & Finance
Nixon Consult, LLC.
Norsten Logistics
NTT Pty Ltd
Obis Consulting Group
Offshore Loans Ltd.
OG Express
OnaOdna Company
One Box Advertising
Onicks Group Inc.
Onis Business Group
Oversea Delivery
Pacific Corporation
Paradise Touristics
PayResult
Penton & Sheppard Ltd.
Perfect USA Inc.
Personal Escrow Service
PHC Consulting
PK Solicitors Ltd.
Platinum Properties
Poland Autoparts
Poland Job Office
Poland Real Estate
Polfreight
Precont
Premier Finance Group
Premium Escrow Service
Premium Financial Services (P-F Services Inc)
Professional Assistants, LLC
Professional Escrow Service (Fin. Corp)
Professional Escrow Service Group
Pro MShine Co.
Property Group
Property Inc.
Property Invest
Que Gusta Oak Furniture
Range Financial Corporation
Real Consulting Group
Real Team Design
Realty One
Remington Finance
Retoneva
Rimm Systems Inc.
River Group Inc.
RLS-Logistics
RoChamp Benz
Roland Consulting Group
Rossenbaum
Royals Yacht Sales
S&E Sales Corp
S&T Offshore Inc.
SB Systems Inc.
Selective
Serenity Exclusive
Server Solutions
Shelffin Oil and Gas Corporation
ShipAll
Ship It, Inc.
Shipping All Over The World, LLC
Shopper4U
Shopping Assistance
Shopping Provider
SIBERIA Hunting Agency
Silver Finance Inc.
Silver Services Inc.
Single Group
Sion Enge
Sky Group Inc.
SLG-Logistics, Inc.
Smart Logistics Group
SNB Auctions
Software Maintenance Ltd
Solutions Consulting
SouthWool Land
Spal Group Inc.
Star Group Inc.
Star Travel
Steffen Gems Design
Stockli Gems & Diamonds
Storage Shipping Inc.
Street Sport Ltd.
Sun Hosting
Swiss Erlin
Swiss Espe
Swiss Internet Trading
SZ Solutions Ltd
T-Consulting Group
TDK Group Inc.
Tenturio Management Group
Texxton International
The Design & Build Group, Inc
The Shipping Express
Toft Business Group
Toshiba UK Inc.
TradeFinans
Trans Atlanta Services
Trans Atlantic Logistics
TransBridge-us
Transcargo International Logistics
TransWest Pacific
Trend Analytics
Trinitron Chase Bank
Trinitron Trust Bank
TVS Group Inc.
Tyler Success Group
Unifex
Unique Fabriks
UNIS Holding Group Inc
United Merchants
United Sellers
United Swiss Trading Group
USA Business Solutions Inc.
Usfin Standart
Utex Diamond Boutique
Valdez Website Inc.
Value Trans Financial Group, Inc.
VBV-Logistic
Verdana Hotel
Versocom Solutions
Vestiga Travel
Veston Group Inc.
Victor Oliver International
Vidal Architects, Inc
Vienna Finance
Vincent Black International
VIP Linda Hotel
Ward Group Inc.
Web Hosting
Web Productions Limited
Well Express (Well Ex)
Western Cargo Logistics
Western Trust, LLP
WestHold Transfers
West Metrology Product Company
Westpac Company (Westpac Escrow)
Work Online
World Estate Group
World Finance Group
Worldlines
World Market Auction
WorldPay Motors
World Rentals
World Trading Post
World Wide Express Services (W.W.E.S.)
World Wide Postal Service
World Wide Logistics Services (WLC)
Xeon Hosting
Yachts Planet
Yachts Universe
Your First Global Road
Your Global Road
YourShopper
YT Finance
Zeus Financial Group
Zicom Ltd
ZupaZula
Undocumented, Verified Fraud Sites
[Spam copies required please for all sites below]

4LINX
Acorus Estate Group
Advertising International Company ***EXPLOIT***
Bmdelivery
Bradford Financial
Couriers Unlimited Inc.
Cronos Ice Moon Inc.
Crystal Investments Ltd.
Datasys Software
Down Town Services S. A.
Escrow 4S
Euro Agency
FBVSolutions
International Real Estate
Isis Financial Investment Inc.
Lester estate
MoneyLineCorp
Morris
Moto Ride
package4you.com
Phisko Service
Post Express
Power Postal
San Diego Car Centre
Sea Cruiser
Sigma Realty Group
Statecorporate
Velso Estate Solutions
Warszawa Consult
Wootech Worldwide Limited
Wtorplast Ind. Company
Xtra Hosting
Archived Frauds

ABP Properties
Abyline
Accent Company
AC Consult Finance
AceChecktronic
Ace Global Inc.
Ace Rentals
Adamant Global
ADT Solutions Inc.
ADX Trans Express
Aegis Capital Group
AFC Financial Services
Alpha Financial
Ameca
AnimalSafe Inc.
Asia Consultancy Group
Aska Group
Avanta Group
BBI Business Finance
Belgium Market Money/MarketMoney.cc
Best Finance Invest
Best Money Invest
BestTradeSolutions
Better Rentals
BNT Express International Finance
BroadCapital
Burneys Finance
Business & Professional Consultants Inc.
Business Care
Business Trade
Calisto Trading Inc.
Cargo Giant (Cargo Gaint)
Cargo Logistic
CBA Properties
Central Access
Clayton Investments
Coffe Furniture Design
Consumer Financial Group
Crampton Investments
Creovision Laboratories
Cronos Investment
DBI Business Finance
Decapolis Investments
De Cart Ltd.
DeMarck Pharmaceuticals
DES Group Inc.
Diamond-Exchange Inc.
Digital Investment Projects Inc.
Direct Commerce GmbH
Dominion Financial Co.
Draper Investment
Duty Free International
EastAntiques
Eden Financial Group
e-Digital Corporation Inc
E-Investment Projects Inc.
E-Investments Provider Inc.
Electronic Payment Services, Inc.
Electronics Distribution Group
Elite Finance Group
Emarket Solutions Inc.
Epayment Solutions Inc.
ESB Finance Group
Escrow Deals
EU Investment Solutions
Euro Globax
Euro Invest Germany
Euro Transfer Group
Eu Trust Invest Inc.
Expressdeal
Fair Group Inc.
Farelli.net
Fargo Shipping
FASEX (Fine Art Services)
FastTransfer
F-Consulting Group
FIC Financial
Finance International
Financial Open Inc
Fine Rentals
First Global Road
First Miami Cargo
First Promote Invest Inc.
First Rate Finance
Form Promo Invest Inc.
Fortix Investments
Fresh Solutions Inc.
Front Asset
GamePower Systems
GCS Group
Gen Corp Financial Consulting Group
German Autoimport
Global Austrian Syndicate
Global Eu Invest Inc.
Global Financial Group
GlobalSoft
Global Trans Funding LLC
Global Union Inc.
GlobaxTrans Finance
Globus Capital Group
GoGreen Solutions
GoodWell Services Inc.
Great Game Ltd.
Green Tree (Warehousing) Ltd
GUARANTEE-TRADING Corporation
Guardian Consulting
H&A Trade Group Inc
Happy Children
Happy Kids
Harris Business Solutions
Harsdorf's Financial Group
Harvey Investment
HeartMicrotech Inc.
Henwood Business Solutions
High Level
Honda-Handle
Horizon Company
IC Audit & Consulting
ICDBShipping
ICG Technology
iCTransport, Inc
Impex Consult
Independent Group Inc.
Independent Postal Service
Indigo Global Consulting Services
Infobite Software
InterBuyers
InterLink Development Ltd
International Bidding Solutions
International Trading Place
Interpay Group
IntFinanz GmbH
Israeli Brokerage Services
IT-security Business Alliance
ITV International
ITV Solutions
Jeanius Delivery Company
Job Stock Resource
Joy & Joseph Inc.
JS Partner Group
Ketler Group Inc.
King Finance Group
K-Investment Group
LCD Systems
Legal Operations Inc.
Logic Group Inc.
Loox Company
Lux Capital
Maestro Hosting
Magnus Business Community
Marvell Financial Group
Millennium Business Online
Morgan Investment Co.
Morrison Business Solutions
MT Rushphase
Mynes Consulting & Finance
Necessary Financial Solutions
NeoLenses Laboratories
Newman, Esmond & Eisenberg
Next Level
NitrosGroup Finance
Norden United
Norway Consulting Group
NTI Consult
O&V Brokerage
Office Online
Olan Complex Co.
On Plane Solutions
OPO Consulting Estonia
Optimus Inc.
Oranta Group Inc.
Osell International
Palmer & Stokes Ltd
Paramount Finance
Payday Loan
Penton & Sullivan Ltd.
PF Inc.
Phillips & Seymoure Ltd.
Plasmasell
Platinumbank Donation Corp.
PMI inc (Gold Investments)
Polo Company
Premium Invest (Premium Finance)
Premium Rentals
Preston & Swane Ltd.
Principle Partners World GmbH
Priority Global Road
Private Business Consulting
Profit Financing Inc.
Progold Incorporation
Progold Investments
Progressive Escrow
Projection Technologies Inc.
Promo Invest
Property Group
Quality Style Reliability, Inc.
Radius Group
Rain Solutions Inc.
Rapid Delivery System
Renaissance Capital Advisors Ltd.
Reynolds Investments
Royal Port
Safe Way Worldwide
Secure Financing Inc.
Secure Operations Inc.
Services R Us
Shaller Finance
Sigma Motion
Silverlens Laboratories
Simple Investments Inc.
Smartec-uk
SmartOne Inc.
Smart Pay Inc
SP Group
Star Net
STK Consult
Summit Trading
Sunreef Yachts
Swiss Invest
Sydney Car Centre
Synovus Trade Inc.
Terpax
Transfer Invest
Transfex Inc.
Transinvest Gateway Corporation
Transport Financial Inc.
TransWest Pacific
Treenity Real Estate
TR-Finanz GmbH
TriplexDirect Finance
TrusInvest Gateway Corporation
Trust Company Inc
Trust-Key Inc.
TrustSolution Gateway
TR-Wires GmbH
Ultragame
Union Of Beauty
United Cargo Solutions
United Finance GmbH
Unix Hosting
US Money Invest
Velocity Global Resources
Venice Inc.
Waldman Business Solutions
Walker & Sons Inc
Waller Truck Co.
Wangle Group Inc.
Webcardmaster
Web Ground
Web Star
West Eagle Cargo
Western Solutions
WidePay Inc.
World Duty Free
World Money Transfer Service Company
WorldTrans Inc.
World Wide Mail Inc.
WSCC International
www-firstusa.com
Xafalo [***Beware - Exploit***]
Xerpat
Zales
ZinexFinance

The above are all verified money laundering & reshipping criminal fraud websites & prolific spammers run by criminal gangs who frequently, (but not always), host their sites using 'botnets' of 'zombie' computers, i.e. PCs that have been infected with a trojan/virus. See The Zombie Botnet 'Host By Proxy' section for an explanation of this common method by which these criminals host their fraud sites.

The well known 'Rockphish' phishing criminals also operate money laundering websites - they frequently use a zombie botnet method of distributing their spam, (not to be confused with the above different zombie botnet method of hosting websites), and the 'phishing' emails often contain exactly the same spurious code used as Bayesian filter avoidance text.

The registrars of the above criminal's domains are generally chosen by the criminals to be ones they think will be resistant to abuse reports. The criminals generally favour a mixed selection of domain registrars & they vary all the time as they attempt to find a 'criminal friendly' one. Most registrars eventually respond positively once they appreciate the situation, although there are always going to be a small minority of 'blackhat' providers who irresponsibly adopt a "we don't get involved" attitude and ignore abuse reports.

Where multiple domains are used for the same website, the whois data in the registrar look-up for a domain is almost always different and always bogus.
'Blackhat' Service Providersblackhat icon
The criminals also naturally favour hosts and zombie botnet nameserver hosts that they also think will be the least responsive to abuse reports. Unfortunately, they are occasionally right - there are a few unethical or even criminal providers who continue to provide services for these criminals despite having been notified of the clear criminal abuse, thus aiding the criminals and flouting the law.
Yahoo Domains and Hosting - Yahoo do not respond to reports of criminal activity involving both domains registered by them as resellers of Melbourne IT and hosting of those domains on their network. Melbourne IT are also unhelpful in resolving the ongoing situation.
If you are listed here it means that seven days or more have elapsed since you were notified of criminal activity involving your clients and you have failed to take effective action to end it. Please contact me to resolve this issue.
[Return To Top]

Money Laundering, Re-shipping & Purchase Agent Fraud Information

Money Laundering Fraud

Fraudsters send unsolicited e-mails or place job offers on legitimate Internet recruitment sites or forums looking to recruit 'Money Transfer Agents' with bank or Paypal accounts. These bogus companies offer part-time employment as an agent receiving payments in the form of fake checks or stolen money transfers, sometimes for goods which the company claims to be supplying, and then passing the payment on to the company via a money transfer company such as Moneygram and/or Western Union less an 'agent's percentage', (usually in the range 5-10%).

These job offers are always illegal and fraudulent. Any person who agrees to act as an agent, (more correctly a money laundering 'mule'), is actually receiving stolen or counterfeit funds into their account. The final destination of the transferred funds will be an organised crime syndicate, generally overseas.

Re-Shipping Fraud

Another variation of this fraud is to offer part time employment as a 'Re-shipping Agent'. This consists of accepting parcels to your home address and forwarding them on to criminals. Needless to say these goods are either stolen or obtained by fraudulent means. This type of fraud is well documented by many authoritiative sources such as Monster and the US Postal Inspection Service. Needless to say this occupation as a 'Reshipping Donkey' leaves the unsuspecting dupe as the only contactable 'fall guy', guilty of handling stolen goods.

Purchase Agent Fraud (aka 'Personal Shopper' fraud)

A third type of fraud is becoming increasingly common, this is the 'Purchase Agent' scam. In this scenario the potential dupe is offered the position, (often well disguised), of working for a company and one of his first tasks will be to purchase equipment for the company on his credit card, all paid for by funds directly transferred into his credit card account. There are two aspects to this, firstly the criminals need your credit card details, "to be able to make payment to you", and they will request you to ship the purchased items to them. Needless to say, any transferred funds will eventually come back as fraudulent and what they will do with your credit card details does not need much imagination. A variant of this is the bogus job of 'Personal Shopper' where you are asked to purchase goods on your credit card for onward shipment, usually to Russian or other Eastern European addresses.

Newspaper Job Advertisement Placers

In this scam the potential mark is asked to place job adverts in local newspapers for "$100 an advert". Needless to say these jobs are one of the above fraud jobs that the Eastern European criminals can't place themselves, (or are not willing to take the risk).
 
No legitimate company would offer a 'Money TransferAgent' 'job' to a home-based private individual - such a job is always illegal and the company offering it is always a criminally run 'front' company. Similarly, no legitimate company would offer a job as a 'Re-shipping Agent' or a 'Purchase Agent' or 'Personal Shopper' to an unknown, unverified home based private individual. Such a 'job' is always a solicitation from a bogus criminal company to fence stolen goods or to simply defraud.

These companies can be very convincing in their attempts to perpetrate their fraud. Many of them try and give an air of legitimacy by displaying bogus 'Verisign' and other certificates. Learn to recognise fake 'Verisign' certificates which will simply be .gif images on the criminal's own webserver and when clicked on will not display information that originates from the genuine Verisign https secure server, but simply another bogus .gif image from the criminal's site. Always ensure that the URL of the pop-up seal verification page begins with the address https://seal.verisign.com. If it doesn't, the seal is fraudulent.

Any person who suffers financial loss as a result of acting as an "agent" for any of these organisations would not be eligible for any form of refund from the bank concerned who would recover any monies, close the account involved in this scam and criminal charges could follow, not just for the "agent" but for anyone knowingly involved in provision of services to the criminal:

Knowingly supplying services to these fraudsters is a criminal offence in the UK under the UK Proceeds of Crime act (2002) Section 328 "A person commits an offence if he enters into or becomes concerned in an arrangement which he knows or suspects facilitates (by whatever means) the acquisition, retention, use or control of criminal property by or on behalf of another person". The notification level for this offence is low. Would all hosts and registrars with a UK presence please bear this in mind. Other countries will undoubtedly have similar provisions.

If you think that being a 'Money Mule' or a 'Reshipping Donkey' or a 'Purchase Agent' is a relatively safe and profitable occupation, then think again - the paper trail leads directly to you and you may well find yourself in the same position as these 14 Dutch entrepreneurs or these UK chancers or this US woman or even this girl here. Don't be a mug - don't do it or you'll certainly end up with huge losses, probably get arrested and possibly earn yourself a criminal record.

For further information regarding UK money laundering law, please refer to:
http://www.lawsociety.org.uk/professional/conduct/guideonline/view=page.law?POLICYID=225029

The USA has similar provisions in law to the above making it an offence not only to commit money laundering fraud but also to knowingly facilitate money laundering fraud as an 'Accessory after the fact'. For further information regarding those provisions see these Cornell University Law School links:
U.S. Code collection
§ 1956. Laundering of monetary instruments
§ 3. Accessory after the fact

Whether the fraudster uses a website, as in the examples above, or simply uses a response email address, (as these criminals also do - see below), the fraud is exactly the same. Remember the first rule of spam, i.e. All spammers are liars - if you receive a 'job offer' in an unsolicited email, (spam) it is invariably a scam. Always abide by the Boulder Pledge and never respond in any way whatsoever to anything that is spamvertized whether it is goods or services. [Return To Top]
The Strawberry Site Money Laundering Fraud
[AKA Devbill, Ebooks etc webites]

This is a variation of the standard money mule operation and recruits unwitting mules who are requested to register 'genuine' limited companies complete with merchant accounts in what on the face of it appears to be a franchise operation selling website templates or software or whatever, (the actual 'product' doesn't even exist - it is irrelevant to the fraud). The criminals supply a website, (in the UK this currently has a distinctive 'Strawberry' 'Flash' template) which bears the name of the company that has been set up by the 'mule'. This is the scam operated by Infobite Software and has been in existence for some time in the US, with many previous aliases. The criminals use stolen credit card data to make small charges against numerous cards for fake products allegedly supplied by the 'front' company which has been newly registered by the unwitting mule. The mules function is then to wire 90% of these fraudulent charges back to the controlling criminals.

This is a simple overview of what is a huge worldwide credit card fraud operation. For a full history and an amazing in depth analysis of the fraud, have a look here, along with the aa419.org coverage here.

So, if you are offered what appears to be a franchise operation, (especially if it comes out of the blue in a spam, probably purporting to come from a job website), and are asked to set up a limited company and open a merchant account to operate a website supplied by the 'company', then it is likely that you are being recruited for this illegal money laundering operation. Don't be tempted.

If you see a small, (usually £9.90), unknown charge on your credit card from one of these 'front' companies then your credit card data is known to the criminals. You should report it as a fraudulent charge, (not a disputed charge), and request a new card and associated details. You may also wish to file a crime report on the Metropolitan police 'Fraudalert' website.

This fraud has now been replaced by a new alias and a new generic mule website - see AlfaCor for details. [Return To Top]
The Victims

I receive many responses from visitors to my site, some from victims who have been defrauded by the fraudsters that I document on this website and many more who are just upset by the volume and nature of these criminal's spam. I find some of them quite upsetting myself. An example of the former is a response from a CEO of a Credit Union who tells me of some of her members who have lost thousands of dollars to these criminals. An example of the latter, and these can be just as upsetting, is from a UK lady who wrote to me, (& has kindly given me permission to print this):

"Harvey Investment Co.- totally sick of their invites. I am a 73 year old UK voiceless (cancer) female needing my pc for my only communication".

So, if you are the sort of host or registrar who sees nothing wrong in providing services to these criminal fraudsters under the argument that "What they do with the hosting/domain I provide is none of my business" then I have zero regard for you. If you knowingly host these criminal's zombie botnets and register their domains and ignore abuse reports then as far as I am concerned you are aiding and abetting their criminal activity and that makes you as guilty as they are.

If you are tempted by the thought of easy money and wonder what might happen if  you reply to these fraudsters and take up their offer, then this cautionary tale received from "Dave" from California might just dissuade you:

"I have been recruited by 5 different companies. 3 of which actually have sent me checks or moneygrams. 2 of which I have deposited into my account. Although I have not released any funds, Thank God. Due to the fraudulent payments that were deposited into my account have I committed a crime? My bank has frozen all of my assets and are talking about criminal charges".

Then this is what "John" from the UK tells me happened to him:

"Hi, Good Evening. I've just this afternoon had my Bank Account suspended - yes, you may have guessed - Cronos. I fell for it. Laid off work on the 19 Sep so searched the internet for home based jobs, which most are scams and I avoided them. There amongst the other emails was one from Cronos inviting me to be a 'regional rep' for their company. All I had to do was have money transferred to my account and then pass via western union to their reps. in Poland. Yes, same addresses you have here on your website. They transferred £2115.00 cash which was immediately available and I duly transferred the monies, (what a fool I was ), & took 10%. This morning there was another cash transfer of £3882. What alerted me this morning was that I went to the hole in the wall, like you do, and it took my card. I went straight to the call centre who gave me a number to ring which turned out to be the fraud dept. I had an interesting conversation and went straight to my branch with all the details I had - emails, Western Union transfers and addresses of the people, (although I guess these will be false). Hope this helps someone somewhere".

John also tells me that the number that they called him from was 44+78124496357

Sometimes the consequences of getting involved with any of the criminals that I document on my website can be very traumatic. This is the cautionary tale sent to me by a lady from the US:

Well I was actually arrested for fraud after getting lured into the Trans Invest Site. After being pulled over for speeding I discovered there was a warrant for my arrest and was taken to jail. After a call to a local detective it seems that the forgery charges are a result of me receiving a check, cashing and transferring funds...i have now taken the brunt of the scam. I can tell you that I have NEVER been arrested and was HORRIFIED that this has happened. Yes, after the fact I am completely taken back about what has happened and the fact that I let myself be taken like this. As I now face criminal charges and trying to investigate this I am trying to find others that have been scammed by this particular Company in hopes that it may help my case. I have seen this on TV, radio..etc but never in a million years thought it would be me. I would appreciate any information that you can provide that might be able to help me. Thanks.

The message is clear, unless you have a strange liking for prison food, do not get involved with any of the criminals that I publicise and always be wary of part time work at home 'jobs' where the rewards seem to be too good to be true - they almost certainly will be. NEVER accept checks into your personal bank account or goods for reshipping. [Return To Top]
Notes For Abuse Teams

Please appreciate that I do receive a lot of spam from these fraudsters & I think it only fair to pass appropriate reports on to the relevant abuse teams. If you disagree with this policy and do not wish to receive further abuse reports then please click on the 'Contact Us' link to send me a request - I have no wish to annoy you unnecessarily, but please bear in mind that the spam is not the major issue - the major issue is the victims that are sucked into this criminal's net of deception & theft - those are the ones to consider. The spam is very much a secondary issue compared to the misery and distress these criminals cause to their victims.

I'd like to thank the many honest, ethical & caring hosts, (& registrars), who have disconnected these fraudsters within an hour of receiving an evidential abuse report, (several in c. 20 minutes). However, the zombie botnet controlling nameservers seem to be occasionally hosted by Colocation/VPS service providers who do not respond to criminal fraud abuse reports in a reasonable time scale. The vast majority of honest, ethical & caring SPs will respond with an immediate, (preferably not 24 hours or 48 hours & certainly not never...), disconnection on receipt of a criminal abuse report, having quite rightly considered the evidence & investigated, but a few service providers stall or simply ignore abuse reports. This latter minority of uncaring, unethical or even downright criminal hosts are aiding and abetting criminal fraud and the victims suffer because of it.

Companies who deal with these criminals should be aware that according to my information from abuse teams they have in the past paid for their services using Paypal linked to stolen credit cards, so a chargeback may be expected. Even if a chargeback is not forthcoming, please bear in mind that the money that is paying for the hosting or domain is money obtained from the proceeds of crime & in accepting it you are also profiting from the crime. The bottom line is please be proactive in attacking these criminals - please do not be an accessory to internet crime by ignoring abuse reports or dragging your feet - please be a part of the solution, not a part of the problem - please spare a thought for the victims of these fraudsters. A prompt response to criminal abuse reports is essential, i.e. preferably minutes, but at worst hours - certainly not days. These criminals rely on abuse teams who take days to react if at all. If you do not respond to abuse reports, or if you do not receive them due to spam filtering on your abuse reporting address, please do not criticise me for simply posting the fact in my daily blogs - they are simply a factual record of my daily experiences. N.B. - Spam filters on abuse reporting addresses are a serious hindrance to genuine abuse reporting, especially if NDRs are disabled. These remarks are not aimed at the ethical majority of hosts who are a pleasure to deal with, just the unethical or simply uncaring few.

These are prolific criminals who have been in this business for many years & most are linked to the 'rockphish' phishing criminals and other commercial crime. If you aid and abet these criminals then you are aiding and abetting the 'phishing' & auction fraudsters too. Please consider immediate termination of these fraudster's accounts when I report them to you. If you receive an abuse report from this website you can be assured that the utmost care has been taken to ensure its accuracy and justification, including the use of reputable 'real time' DNS tools and top level whois data from the likes of ARIN APNIC, LACNIC, RIPE etc. I do not rely on conjecture or opinion - my reports are based on solid, irrefutable evidence of criminality.

Abuse teams may wish to consider passing on any details to the authorities that might lead to arrests & convictions. It is possible to glean a lot of information from the criminal's server before it is shut down. [Return To Top]

Money Laundering - One detailed Method of Operation

This method of operation is documented for the Adamant Global fraudster, but I am confident that it equally applies to the rest of the criminal aliases that I document who are all from the same stable.

Once you have contacted them, these criminals ask you to set up a bank account, or ask for existing account details, (or merely use your Paypal account if you have one). After you have done that, you will receive an email to tell you that funds have been sent or transferred to that account and to wire it on to them as soon as possible less 10% for yourself. Those funds may be in the form of a direct transfer or a mailed cheque, but whichever way you receive the funds, they will be counterfeit or the proceeds of fraud - one method at the moment seems to be using fake Ebay auctions that name you as the recipient of the funds, so you will probably receive an irate email from someone who hasn't received the computer or camera or whatever that you have received the money for. This is the Adamant Global scam that Ms. X in the USA fell for and who sent me this information:
I have been taken by this scam. I received money on my paypal account and transferred the money to two people. Islam Nikaev 02-758 Mangalia 3B Warszawa, Poland (1078.38) and Idris Mazaev 04-12824 04-128 24 Omulewska Str, Warszawa, Poland (1082.38). Following is the email that I got letting me know that the money was in my paypal account. I was to keep 10% and wire the rest. I now have a very angry person contacting me because he said he won a computer on ebay and spoke to a women (not me) and still has not received the computer:

From: a.melba@globaladamant.com Save Address To: xxxxxxxxx@xxxxxxxx Subject: new payment, instructions Date: Tuesday, September 18, 2007 2:33:09 PM [View Source] Good day, New payment of $2,601 has been transfered to your paypal account, please withdraw them to your bank account (instruction below). Log in to your PayPal account. Click Withdraw. Click the Transfer funds to your bank account link. Enter the amount of the withdrawal, choose the bank account to withdraw funds to and click Continue. Click Submit. Please confirm reception of the funds and let us know when they are cleared. Regards, A. Melba
Mr. X in the USA received this email after falling for this fraud:

Dear Mr. X,

As soon as your bank has confirmed that the money is available to be  
withdrawn, please calculate and take out your 10% commission out of the  
total amount that you have on your account.  
 
After that,  withdraw the remaining 90% balance and carry it to the  
Western Union.  
The money should be transferred via Western Union for the  
following person(he is our  agent in the regional branch).  
 
First name: Magomed
Last name: Ezhiev
Country: Poland
City: Warszawa   
      
Adress: 04-128 24 Omulewska str.
As can be seen, the recipients of these transfers are ostensibly based in Warsaw, Poland, but with these criminals everything is fake and nothing is ever quite what it seems..

If you have any information regarding these fraudsters along the above lines then please do contact me. If you are sending me any communications from one of these criminals then to be of most use the full email headers are necessary. How to reveal these are shown here for many popular mail clients. If you come across any money laundering fraud that is not documented on my website then do please let me know.

It's interesting to note that the criminals use variations of the fraud domains purely as maildrop domains - i.e. the domain globaladamant.com is actually parked but the criminal is using the mail facility of the domain as a 'secure' mail service. I say secure because it's often hard enough to convince some registrars that the main fraud domains are just that, never mind trying to convince them that a parked domain is being used for criminal purposes as well.... [Return To Top]
Email based fraud
These criminals do not always use a website. They send tremendous amounts of spam offering a part time job of "Regional Assistant" or "Local Manager" or "Finance Assistant" or some such bogus title. The job always consists of accepting stolen or just plain counterfeit funds into your account, (which they may stress doesn't need to have existing funds in it), and forwarding it on to the criminals using Moneygram or Western Union less a percentage for yourself. There may be all sorts of "sweeteners" included in the spam such as "prospects of promotion", "professional advice", "pension scheme" etc, etc. All totally bogus, of course. The initial contact email address is often a Yahoo or AOL, or Gmail or Hotmail address, but whatever it is, the 'job' is fraudulent and illegal and will end up with you losing a lot of money and possibly facing criminal charges. Don't fall for it!

See the section "Email Based Job Scams" for more information on current spamvertised job scams. [Return To Top]
Fraud Forums
I have been made aware of a new? twist to ML fraud. The pharma/rockphish criminal fraudsters are operating phpbb based web forums that actively and openly recruit money laundering mules without attempting to disguise the operation in any way, quite the opposite - they are portraying this activity as legitimate and easy and commonplace. I'm not going to give them any publicity by publishing the links, but if any sections of law enforcement wish further information, please contact me. They are targeting the gullible, the greedy and of course, the outright criminal elements. If you are criminal and/or greedy enough to deliberately get involved in this, let me spell out for you the inevitable course of events. You may initially find that doing these transactions IS easy and you will be making 10% or so from every transaction, but the banks involved are not stupid - they are watching out for this sort of thing. Inevitably, sooner rather than later and without warning your account(s) and all your assets will be frozen, the police will come knocking on your door and you will not be treated as a victim of these criminals but as a criminal accomplice.

These criminals regard their mules as expendable fools - they do not care what happens to them. They know full well that their mules will eventually be arrested, but it's of no interest to them as long as they themselves remain safe and anonymous - they just recruit new ones. Unfortunately there seems to be a plentiful supply. As PT Barnum probably didn't say - "There's a sucker born every minute". [Return To Top]
The Zombie Botnet 'Host By Proxy' (aka 'Fastflux', 'Asprox' et al)
How to recognise a zombie botnet hosting arrangement, frequently, (but not always), used by these fraudsters to host their websites. Please note that the below data is just an example of the arrangement - the IP addresses and domains used were real but are no longer active as the host & registrar have long since taken action - it is the arrangement and the method of diagnosis that are important.

This arrangement is basically a 'hosting by proxy' arrangement where a traceroute, (tracert), to a criminal website URL ends up on one zombie (virus/trojan infected end user machine), of possibly thousands that are being controlled, ('herded'), by a nameserver or more accurately 'botnet controller' which is registered by the criminal and is the real villain in the piece.

All the tools to help you can be found on the sites:
http://www.domaintools.com/services/
http://www.centralops.net/co/
http://www.robtex.com/
http://www.dnsstuff.com
http://www.dnswatch.info/

1) Check the DNS data for the website domain in question, (e.g. for nwmsmds.org), using one of the above links, (I have done it using the dnsstuff.com 'DNS Traversal' tool as it formats the result conveniently, but the information can be deduced from any good DNS lookup tool):

Looking up at the 2 nwmsmds.org parent servers:

Zombie Botnet Nameserver Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.walillc.com [74.62.155.57] 85.217.201.213 87.207.253.79 89.37.242.97 210.6.255.133 78.52.147.3 79.116.186.67 80.98.245.209
ns2.walillc.com [195.81.52.10] Timeout - Fake nameserver, (never resolves).

2) Note the set of seven IP's in the response column which are the 'A' records returned by the nameserver ns1.walillc.com. If a new lookup is done after a short interval they will have changed to a new set - they rotate at a predetermined interval.

3) Immediately do a tracert on the domain nwmsmds.org, (before the IP's rotate), & it will end up on one of the seven IP's, showing it to be the site host IP at the instant the tracert was done. Do it again some time later and you will get a different host IP from the 'A' records list.

4) Do a whois lookup & ReverseDNS lookup on these IP's - where the data is clear it will show them to be DSL pool or cable, dynamic or static end-user IP's on a myriad of different domains which confirms them to be 'zombie' PCs, (infected end-user machines).

5) Check the date the nameserver domain, (i.e. walillc.com), was registered. They are always 'throw-away' domains registered very recently by the criminals themselves to use to control the zombie botnet as they cannot use a legitimate DNS service for that purpose.

In the above example the botnet controller ns1.walillc.com is hosted on the Roadrunner IP 74.62.155.57. The nameserver domain walillc.com was registered with INTERNET INVEST, INC. DBA IMENA.UA by the criminals as an integral part of their botnet.

The criminals use numerous nameserver domains & nameserver IP's that are frequently shutdown. The life cycle of a nameserver IP of these fraudsters may be only a few days or even hours, depending on how good the relevant abuse team is at understanding the problem, how responsible they are & how quickly they act.

Once again, please note that the above is just an example of the arrangement - the IP addresses and domains used were real but are no longer active as the host & registrar have long since taken action. Some botnets use 5 zombie IPs, some use more and some use only 1. The possibilities are unfortunately almost limitless. The 'Asprox' botnet is currently running 15 zombies per nameserver and the nameservers themselves appear to be hosted on zombies. (See MU Trust Company)

N.B. - The zombies that were hosting the snbauctions.md domain used for the SNB Auctions fraud and the lnm-online.su domain used for the identical LNM Bidding Services Fraud were also hosting the Sun Reef Yachts domains linking those scams without doubt to the 'Rockphish' group, (Sun Reef Yachts spams contained identical Beysian avoidance code to Rockphish phishing spams). However it's also been noticed here that the Nesco resolving 'Asprox' domain COM45.SU has the same whois data as the domain lnm-online.su used for the LNM Bidding Services Fraud, which therefore undoubtedly links the 'Asprox' and 'Rockphish' gangs - they appear to be one and the same group.

The domains and IPs do not stay active for long if the service providers are ethical and on the ball. Examples of active domains can be found on many current fraud pages on this website. [Return To Top]
If you find this site helpful then please feel free to link to it on your website by inserting the following HTML code, (opens site in new window):
<a href="http://www.bobbear.co.uk" target="_blank">Money Laundering Fraud Websites</a>
Further Reading on Money Mule and re-shipping fraud

The UK BankSafeOnline website, (produced by APACS - the UK trade association for payments), has an excellent description of the money 'mule' process, under the Money Mules Explained sub-heading, but there is also a much wider range of excellent information, including information on 'Phishing' and Trojans.

These criminals increasingly attack career and job websites. This Monster article explains both the money laundering and re-shipping fraud aspects.

For further information on these & similar criminal fraudsters, see under 'Job offer scams' on the Wiki page http://www.spamtrackers.eu/wiki/index.php?title=Category:Job_offer_scams and always remember, Google is your friend!

The international law firm Pinsent Masons has an excellent site called 'Out-Law' which has 7,000 pages of free legal news and guidance, mostly on IT and e-commerce issues. [Return To Top]
Law Enforcement Links

UK Metropolitan Police fraud alert

Philippines National Bureau of Investigation

Hong Kong Police

United States Secret Service, (Financial Crimes Division)

United States Department of Justice (Computer Crime & Intellectual Property Section)
     ●     How to Report Cyber and IP Crime 

The Swiss Coordination Unit for Cybercrime Control (CYCOS)

European Network And Information Security Agency (ENISA)

Europol

Interpol  - International Police Justice links

FBI  - Internet Crime Complaint Centre

Belgian Internet Crime Reporting Site (ECOPS)

The German Federal Criminal Police Office (BKA)

Do you know any links to local or national law enforcement bodies worldwide that may be useful in the field of reporting internet crime? Then please let me know and I'll publish them here.

*** If you are a law enforcement agency and would like feedback or information or copies of abuse reports concerning the providers of this criminal organisation's services pertinent to your area of policing then please contact me via the 'Contact Us' link. N.B. - as I have had some suspicious approaches I will require proof that you are who you say you are*** [Return To Top]
Other Anti-Fraud Resources, Useful Links & Victim Support

Anti-Fraud Websites:
http://www.aa419.org
http://www.scamdex.com

Useful Links
The UK Financial Services Authority - if a company claims to be operating in the UK in the financial sector then it must be registered here. However, it is becoming more common for a fake company to hijack the registration of an existing company.

Here is a useful list of "Unauthorised Internet Banks" from the FSA, but I don't know how up-to-date it is kept.

The UK Companies House - a registered UK company will be recorded here, but once again, thieves and fraudsters do hijack existing company names.

Victim Support:

USA - Fraud Aid - Fraud Aid is a US based non-profit website which not only offers a wealth of information on the mechanics of a wide variety of frauds, but in addition offers support to the victims of fraud. If you are, or suspect that you are the victim of fraud, then you will undoubtedly find help and support here.
UK - Victim Support - Victim Support is an independent national charity which helps people cope with crime. They have a network of local branches covering the whole of England and Wales and separate organisations covering Scotland, Northern Ireland and the Republic of Ireland. [Return To Top]
Are You A Victim Or Have You Any Information?

If you are a victim of any of the above criminal fraudsters and/or would like to help to bring them to justice then I would be interested in any information that you have received from them that could help towards that end. For example, that would include source code for any correspondence you have had with them, (or select "Forward as Attachment" in your email client to send the complete message including the headers), & scanned copies of any paper correspondence, (not the originals), such as Western Union receipts for transfers to them etc. If you wish, you may remain completely anonymous - I do not require your own personal details which may be obscured in any material supplied. Please contact me via the 'Contact Us' form if you are willing to help in this way. If you are sending me any communications from one of these criminals then to be of most use the full email headers are necessary. How to reveal these are shown here for many popular mail clients. [Return To Top]
Fake Anti-Fraud Websites

A new development (November 2008) is the appearance of a serious attempt by the criminal fraudsters to imitate the work of anti-fraud websites by offering aid to fraud victims with the added twist of offering to recover the money that they have stolen in the first place! I assume their intention is two-fold. Firstly to try and discredit the genuine anti fraud operations that are undoubtedly making life difficult for them and secondly to try and entice the victims back into their clutches for a second bite at the cherry. The criminals are using a stolen website for this cynical enterprise and they are going under the name of the 'Internet Fidelity Association'. The website, using a host and nameservers used by many other fraudsters, contains the usual 'Runglish' semi-literate mix of bad grammar that betrays its Eastern European origins.

Unfortunately, their offer to recover any losses resulting from fake checks might sound tempting to the victims that have lost thousands of dollars, but the sad fact is that once the money has been sent using Moneygram or Western Union and collected at the remote end it is irrecoverable, and the criminal's promises are just lies upon more lies. Do not be fooled.

'Recovery' scams are not unknown in fraud circles, as this article explains, and the above fake website undoubtedly comes into the category.
[Return To Top]