Zoom Financial Services (Stolen Identity) scam

Zoom Financial Services (Stolen Identity) Fraud

Don't Bear Internet Fraud

This fraud should not be confused with any other company of the same or similar name - the following fraud evidence defines and refer to this fake Zoom Financial Services company alone and no other. The website has been stolen in its entirety from the legitimate company Como Financial Services - clear evidence of criminal fraud in itself. These criminals have also stolen their name from this genuine Australian NSW company - do not be fooled, it is their usual modus operandi.

Zoom Financial Services scam screenshot (Stolen Website & Identity) - 23-Oct-2009

Zoom Financial Services scam is yet another 'Rockphish' serial fraud consisting of a fake, (stolen), financial site used as a vehicle to legitimise a money laundering fraud job scam. The only reason it looks so glossy and professional is because the website has been stolen in its entirety from the genuine financial organisation Como Financial Services. That much is self evident and as such it is irrefutable evidence of fraud. The fake website is also hosted on a 'Fastflux' botnet using zombies that are also used for other frauds and also for 'phishing' fraud domains. It's not the only scam website this fraudster has produced using an identical MO. He has previous aliases of Paramount Finance, First Rate Finance, World Finance Group, Zeus Financial Group, Toll Finance, Range Financial Corporation, Adriatic Finance Services, Arena Financial Group, Rams International and many others.

The initial website fraud domain zoomfinancialservices.com was only registered with DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM (MIRhosting.com) (22-Oct-2009) for the usual 'criminal's domain' minimum period of only one year and the crook has no genuine web presence at all, (not to be confused with the Australian NSW company of the same name whose identity the criminal has stolen, as is their normal MO). All absolutely irrefutable evidence of fraud.

Current Zombie Botnet Controller Hosts

WholeSale Internet, Inc./Hosting Ventures, LLC/Jumpserver.net - ns1.loginjors.com [69.197.142.240] - Notified 24-Oct-2009 - No response ever received.

Ethical hosts respond within hours to abuse reports of these criminals. Unfortunately there are hosts who are quite happy to shelter them and ignore abuse reports.

Blackhat Provider: Wholesale Internet were informed of the criminal activity that they are hosting on 24-Oct-2009 and a further report was sent on 29-Oct-2009 to all relevant listed email addresses. There has been no response. If you wish to contact them, here are their published contact details:

Address
324 E. 11th Street
Suite 1000
Kansas City, MO 64106

Phone
816-256-3031

Fax
816-841-4702

E-mail

General: info@wholesaleinternet.net
Sales: sales@wholesaleinternet.net
Billing: billing@wholesaleinternet.net
Legal: legal@wholesaleinternet.net
Abuse: abuse@wholesaleinternet.net

Evidence of Criminal Fraud:

i) Zombie botnet hosted: First and foremost, this criminal fraud site is hosted on a 5-IP 'FastFlux' 'Rockphish' zombie botnet as clearly evidenced by the DNS data. As no legitimate site is hosted on a zombie botnet this site is irrefutably defined as criminal. The zombies involved are also hosting other 'Rockphish' frauds such as his other aliases as listed above. Reverse IP data on the zombies involved shows other hosted 'Rockphish' domains and phishing URLs.

ii) Stolen website: It is obvious that the Zoom Financial Services criminals have stolen their entire fraud site from the genuine Como Financial Services and modified it for their own fraud purposes by adding the usual fake "Payment Protection" menu option - clear evidence of site theft and fraud.

iii) As the Zoom Financial Services criminals have stolen the website from the genuine Como Financial Services company, the content has no real relevance, although they claim on their 'About Us' page to have been in business since 2002, but the fraudster's domain zoomfinancialservices.com was only registered with DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM (MIRhosting.com) (22-Oct-2009) for the usual 'criminal's domain' minimum period of only one year. Clear evidence of fraudulent misrepresentation.

iv) Serial fraudster - this is just the latest zombie botnet hosted alias from the 'Rockphish' group as listed above.

v) As is usual for these criminals, a Google search shows that they have absolutely no internet presence at all despite the claim on their About Us page to have been in business since 2002. Do not confuse the criminals with an Australian NSW company of the same name whose identity these crooks have clearly stolen as is their normal practice from previous aliases.

vi) The 'Payment Protection Services' scam pre-amble from the website:

Payment Protection

When buying-selling operations via the Internet are concerned, the buyer and the seller don’t know each other and are placed in different corners of the world. Therefore it is important both to the buyer and the seller to ensure that their transaction is made safely. Payment Protection means receiving payments, documents, goods (it might be both the seller’s and the buyer’s) concerning the transaction by a reliable, experienced, impartial person - our Payment Protection agent. The agent will hold the funds and documents until all the terms of the deal are satisfied.

"Payment Protection" fraud is of course simply "Escrow" Fraud under a new name. "receiving payments" is simply receiving stolen funds to your bank account and transferring a balance back to these criminals, i.e. the classic money laundering mule function.

vii) The Spam:

From: Steven Brooks <job@zoomrecruit.com>
Subject: TotalJobs Employment Offer
Date: Friday, 23 October, 2009

Zoom Financial Services
275 Burwood Rd, Burwood,
NSW, 2134, Australia.

Hello,
my name is Steven Brooks and I am Zoom Financial Services Hiring manager. We have found your CV at TotalJobs jobs board and decided to offer this job to you.

Our services
When buying-selling operations via the Internet are concerned, the buyer and the seller don't know each other (they may be placed in different corners of the world) - it is very important both to the buyer and the seller for their deal to be made safe. Payment Protection means receiving money, documents, goods (it might be both the seller's and the buyer's) concerning the transaction to a reliable, experienced, impartial person - our Payment Protection agent. The agent will hold all the documents and money until all the terms of the deal are satisfied and only then release them to the intended receiver. Please, visit our web-site for more information. (http://www.zoomfinancialservices.com/)


Why we need Payment Protection agents
Having a Payment Protection agent in every country we can quickly transfer funds inside a country without wasting time on the international bank transfers, and continue our rapid growth rather than overwhelming our own bank account with inbound and outbound transactions leading to severe hold times and possible service interruption. It is time that is of significant importance to our clients.

Career and Benefits
Your main task will be receiving money transactions to any bank account you would like to use for the purposes of this job; and then forwarding these transactions to the next party of the Payment Protection process according to our instructions. You will benefit from the commissions, which are 5-7% of each transaction and depend on the quantity of the completed transactions and the speed of your work. Besides, you will be paid a basic salary of 1500 GBP per month.


For your convenience there will be no paychecks, your commission will remain in your account after every successfully completed transaction. The money transfer fee is not included in your commission, meaning that you will deduct it from the received amount, not from your commission. Also you receive 5-7% of the transaction amount. Normally the amounts that we process vary from 2,000 GBP to 10,000 GBP, but can go higher on special occasions.

Job details
As the financial activity in your area is not too high, a Payment Protection agent will be processing approximately 1-2 transactions per week. Each transaction requires approximately 4-5 hours of the agent work. Our manager always calls the agent beforehand to provide all the instructions. Therefore, with the due time management, the agent is able to combine this job with other activities (e.g. primary job or studies).

If you are ready to proceed, please provide your AVAILABLE phone number to our hiring manager (Alexander Allen) at hiring@zoomfinancialservices.com

Please do not hesitate to contact us if you need more information.

--
Yours Sincerely,
Steven Brooks,
Zoom Financial Services
http://zoomfinancialservices.org/

viii) If you contact them to show interest in the 'job', you receive this reply containing the usual hidden website link to the job specification:

Zoom Financial Services Pty. Ltd., Agent Agreement
Friday, 23 October, 2009
From: "Alexander Allen" <hiring@zoomfinancialservices.com>

Dear xxxxxxxx,

Thank you for showing your interest in our company.

1) In order to find more information about the Payment Protection Agent
job, please visit the link below:
http://www.zoomfinancialservices.org/aboutprot.php

2) To join our team now, you have to confirm your intention by filling &
signing the Agent Agreement.
http://www.zoomfinancialservices.org/PaymentProtectionAgentUK.pdf

3) If you agree with ALL conditions of the Agent Agreement, please fill in
the registration form online at
http://www.zoomfinancialservices.org/registrationuk.php

4) Send us a scanned copy of your ID or DL.
NOTE: This is for the security and identification purposes.

Thank you for choosing Zoom Financial Services Pty. Ltd.

--
Sincerely yours,
Alexander Allen

ix) I won't print all of the fakery from those links, but here is the 'Payment Protection Agent' Job Specification from the above hidden website link:

About Payment Protection Services

Benefits for Payment Protection Agents

The main chain of our Payment Protection service is a Payment Protection agent who is carefully selected before he is admitted to the job. We need agents all over the world that is why the majority of our agents work on a part-time basis from home, although there are agents who work full-time. Payment Protection agents get the commission for every successfully-completed transaction, which is 5-7% (depending on the quantity of processed transactions) from the amount of each transaction. As an agent, you will be granted 24/7 support and assistance from our help-desk in case of emergency. A secure online environment makes the work of a Payment Protection agent easier. Bank deposits and withdrawals are not taxable by EU/EU/US/AU law, making it a comfortable source of income.

Benefits for the seller

The seller must be ensured that while selling goods or services online he/she will eventually receive the payment. That is why online sellers turn to our company; on our behalf we garantee that if they sell online, they will receive payments according to the terms agreed upon in advance. Our company provides a safe environment for internet transactions making it easy for all participants to be completely protected.

Benefits for the buyer

The buyer must be ensured that while purchasing goods or services online he/she will eventually receive the item he/she paid for. Conducting online payments through our Payment Protection agents garantees a risk-free internet purchase, because Payment Protection agents release the payment to the seller only after all the terms of the agreement are satisfied and the required documents are processed.

Benefits for our company

Year by year the amount of e-commerce is increasing, the services of our company are becoming more and more demanded, which gives us an opportunity to expand our business and provide fast, secure and professional services. The more Payment Protection agents we attract the quicker we can perform Payment Protection procedures, as inner transfers take no more than an hour. The transaction time depends on the physical location of the sender and the receiver of the funds. Our agents get 5-7% from each transaction, while we get 3% more for our services, and that's how we benefit from the business to ensure a sustainable growth and development.

That spells out to you the crystal clear part-time, work from home money laundering mule position of accepting stolen funds, (hijacked from 'phished' bank accounts - these are the 'Rockphish criminals after all), to your personal bank account which will get your account closed, your assets frozen and will lose you all of the money that you send to the criminals. No legitimate company is going to advertise for this sort of trusted position among the untrained, inexperienced and uncertified general population overseas - it is clear evidence of criminal fraud.

x) Fake 'Contact Us' Details from website:

Contact Details

275 Burwood Rd
Burwood, NSW, 2134
Australia

Phone: +61 02 8088 7329
Fax: +61 02 8088 7329
Email: info@zoomfinancialservices.com

• - Note the common phone and fax. number these crooks generally use but no genuine reputable company does.
• - A Google search for the telephone/fax. number "+61 02 8088 7329" returns no results.
• - A Google search for "275 Burwood Rd Burwood, NSW" returns no results for the criminals, nor does a Google Maps business lookup.

All clear evidence of fake contact/location details and a fake company.

The above evidence clearly demonstrates beyond any doubt that the Zoom Financial Services website has been set up very recently by 'Rockphish' money laundering criminals purely for the purpose of spamvertising an illegal money laundering 'mule' job. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of criminal activity - please don't delay - these criminals will not respond to any communication from you, (all their whois data is false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.

Main Website Domains

zoomfinancialservices.com
zoomrecruit.com
zoomfinancialservices.org

Registrar

DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM (MIRhosting.com) (22-Oct-2009)
DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM (NICS.NAME) (22-Oct-2009)
OnlineNIC Inc. (R64-LROR) (27-Oct-2009)

Botnet Nameserver Domains

loginjors.com

Registrar

RANGER REGISTRATION (MADEIRA) LLC. - 24-sep-2009

Nameserver Host

Host IP

Active
Suspended/Disabled
Parked

Domain Whois Data

Domain Name: ZOOMFINANCIALSERVICES.COM
Registrar:     DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Status:        clientDeleteProhibited
Dates:         Created 22-oct-2009   Updated 22-oct-2009 Expires 22-oct-2010
DNS Servers:   NS1.LOGINJORS.COM NS2.LOGINJORS.COM

domain.MIRhosting.com
Register your domain on http://domain.mirhosting.com

Registrant:
    N/A
    Klan Jored        (support@hosting-offshore.biz)
    Joser 33/4
    Moresa
    Kamen,343299
    AT
    Tel. +3.434423483993

Creation Date: 22-Oct-2009
Expiration Date: 22-Oct-2010

Domain servers in listed order:
    ns2.loginjors.com
    ns1.loginjors.com

Administrative Contact:
    N/A
    Klan Jored        (support@hosting-offshore.biz)
    Joser 33/4
    Moresa
    Kamen,343299
    AT
    Tel. +3.434423483993

Technical Contact:
    N/A
    Klan Jored        (support@hosting-offshore.biz)
    Joser 33/4
    Moresa
    Kamen,343299
    AT
    Tel. +3.434423483993

Billing Contact:
    N/A
    Klan Jored        (support@hosting-offshore.biz)
    Joser 33/4
    Moresa
    Kamen,343299
    AT
    Tel. +3.434423483993

Domain Name: ZOOMRECRUIT.COM
Registrar:     DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Status:        clientTransferProhibited
Dates:         Created 22-oct-2009   Updated 22-oct-2009 Expires 22-oct-2010
DNS Servers:   NS1.LOGINJORS.COM NS2.LOGINJORS.COM

Registration Service Provided By: NICS.NAME
Contact: +7.8469724045
Website: http://nics.name

Registrant:
    PrivacyProtect.org
    Domain Admin        (contact@privacyprotect.org)
    P.O. Box 97
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

Creation Date: 22-Oct-2009
Expiration Date: 22-Oct-2010

Domain servers in listed order:
    ns2.loginjors.com
    ns1.loginjors.com

Administrative Contact:
    PrivacyProtect.org
    Domain Admin        (contact@privacyprotect.org)
    P.O. Box 97
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

Technical Contact:
    PrivacyProtect.org
    Domain Admin        (contact@privacyprotect.org)
    P.O. Box 97
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

Billing Contact:
    PrivacyProtect.org
    Domain Admin        (contact@privacyprotect.org)
    P.O. Box 97
    Note - All Postal Mails Rejected, visit Privacyprotect.org
    Moergestel
    null,5066 ZH
    NL
    Tel. +45.36946676

Status:ACTIVE

Domain ID:D157448452-LROR
Domain Name:ZOOMFINANCIALSERVICES.ORG
Created On:27-Oct-2009 10:04:04 UTC
Last Updated On:27-Oct-2009 12:06:27 UTC
Expiration Date:27-Oct-2010 10:04:04 UTC
Sponsoring Registrar:OnlineNIC Inc. (R64-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Status:ADDPERIOD
Registrant ID:ONLC-3903117-4
Registrant Name:Serhio Mako
Registrant Organization:Serhio Mako
Registrant Street1:93333 po box
Registrant Street2:93333 po box
Registrant Street3:
Registrant City:New York
Registrant State/Province:NY
Registrant Postal Code:33057
Registrant Country:US
Registrant Phone:+1.2128849443
Registrant Phone Ext.:1111
Registrant FAX:+1.2128849443
Registrant FAX Ext.:
Registrant Email:p444otenciallio@safe-mail.net
Admin ID:ONLC-3903117-1
Admin Name:Serhio Mako
Admin Organization:Serhio Mako
Admin Street1:93333 po box
Admin Street2:93333 po box
Admin Street3:
Admin City:New York
Admin State/Province:NY
Admin Postal Code:33057
Admin Country:US
Admin Phone:+1.2128849443
Admin Phone Ext.:1111
Admin FAX:+1.2128849443
Admin FAX Ext.:
Admin Email:p444otenciallio@safe-mail.net
Tech ID:ONLC-3903117-2
Tech Name:Serhio Mako
Tech Organization:Serhio Mako
Tech Street1:93333 po box
Tech Street2:93333 po box
Tech Street3:
Tech City:New York
Tech State/Province:NY
Tech Postal Code:33057
Tech Country:US
Tech Phone:+1.2128849443
Tech Phone Ext.:1111
Tech FAX:+1.2128849443
Tech FAX Ext.:
Tech Email:p444otenciallio@safe-mail.net
Name Server:NS1.LOGINJORS.COM
Name Server:NS2.LOGINJORS.COM

The Zombie Botnet DNS Data (Valid for domain zoomfinancialservices.com, zoomrecruit.com)

DNS Lookup: zoomfinancialservices.com A record
Searching for zoomfinancialservices.com A record at i.root-servers.net [192.36.148.17]: Got referral to E.GTLD-SERVERS.NET. (zone: com.)
Searching for zoomfinancialservices.com A record at E.GTLD-SERVERS.NET. [192.12.94.30]: Got referral to ns1.loginjors.com. (zone: zoomfinancialservices.com.)
Searching for zoomfinancialservices.com A record at ns1.loginjors.com. [66.207.173.148]: Reports zoomfinancialservices.com.
Response:

Domain	Type	Class	TTL	Answer
zoomfinancialservices.com.	A	IN	1800	190.55.229.32
zoomfinancialservices.com.	A	IN	1800	59.3.227.47
zoomfinancialservices.com.	A	IN	1800	116.120.144.78
zoomfinancialservices.com.	A	IN	1800	121.158.38.102
zoomfinancialservices.com.	A	IN	1800	125.187.143.28
zoomfinancialservices.com.	NS	IN	1800	ns2.loginjors.com.
zoomfinancialservices.com.	NS	IN	1800	ns1.loginjors.com.
ns1.loginjors.com.	A	IN	1800	66.207.173.148
ns2.loginjors.com.	A	IN	1800	146.30.45.31

Looking up at the 2 zoomfinancialservices.com. parent servers:

Zombie Botnet Nameserver	Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.loginjors.com [66.207.173.148]	116.120.144.78 121.158.38.102 125.187.143.28 190.55.229.32 59.3.227.47
ns2.loginjors.com [146.30.45.31]	Timeout

The data shows a standard 5-IP site hosting zombie botnet where the criminal owned nameserver ns1.loginjors.com hosted by ColoGuys, Inc. (Cologuys.com) on IP address 66.207.173.148 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT/NSLOOKUP). See The Zombie Botnet 'Host By Proxy' for an explanation of this method of hosting.

***Latest News*** 23rd. October 2009
Webpage created.

Later: Cologuys have disconnected the above criminal's zombie botnet.

Later: The crooks are back up on another botnet host - WholeSale Internet, Inc./Hosting Ventures, LLC:
The Zombie Botnet DNS Data (Valid for domains zoomfinancialservices.com, zoomrecruit.com, zoomfinancialservices.org)
Looking up at the 2 zoomfinancialservices.com. parent servers:

Zombie Botnet Nameserver	Botnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.loginjors.com [69.197.142.240]	125.4.81.96 222.117.57.103 85.216.209.56 89.132.100.112 91.97.216.47
ns2.loginjors.com [146.30.45.31]	Timeout - Fake nameserver, (never resolves).

The data shows a standard 5-IP site hosting zombie botnet where the criminal owned nameserver ns1.loginjors.com hosted by WholeSale Internet, Inc./Hosting Ventures, LLC on IP address 69.197.142.240 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT/NSLOOKUP). See The Zombie Botnet 'Host By Proxy' for an explanation of this method of hosting.

***Latest News*** 24th. October 2009
The domains zoomfinancialservices.com and zoomrecruit.com have been suspended by the registrar - please notify me of any active domains for this criminal.

***Latest News*** 29th. October 2009
New domain notified by site contact - zoomfinancialservices.org registered with OnlineNIC Inc. (R64-LROR) and hosted on the above Wholesale Internet hosted zombie botnet. Wholesale Internet have failed to respond to an abuse report sent 24-Oct-2009.

***Latest News*** 16th. November 2009
The domain zoomfinancialservices.org has been terminated by the registrar at long last and the criminal's nameserver domain loginjors.com has also been parked. These criminals were supported for a long time, especially by the service provider Wholesale Internet of Kansas City/jumpserver.net who never did respond to multiple abuse reports and will in future be regarded as a blackhat host. Please notify me of any active domains for this criminal.