Scams / Phishing/ Mail

Posts pertaining to various scams via Email, Postal Mail etc

Spammers and Hackers need to get a life or just up and die

Since I have Counterize enabled on my blogs it’s always interesting to see what’s going on, and it’s kinda cool that the blogs will email me if there’s an error somewhere like someone trying to go somewhere on my site and not being able to access it…

Lately I’ve come across quite a few ‘hacker’ entries, and actually backtracked them to the originating server, and even went so far as to explore the stuff they’ve got in there, all of there hacking tools, like scanners etc. It’s really interesting because they like have their names right in there, or at least their aliases, they sign their programs and work, leave email addresses and IRC channel addresses to contact them with…

I also found it interesting that most of the hackers use PocketPCs to do this stuff…

Here’s a screencap from Counterize showing what I mean:

screencap.jpg

You can click the tiny one for it to open full screen to 1137×153 size…

anyway, I even went through their directories and downloaded the tools they use just to check them out and get some more info about them.. why, curiosity I guess…

as for Spammers, I was thinking, they are a real PITA, I get quite a bit of spam, thank God for Akismet really, but wouldn’t it be cool if those spammers would at least click on one of our ads? I mean they make use go through these junk messages/comments, couldn’t they at least make it worth our while to do so?

Back to the hackers… these guys are a trip, here’s an excerpt from their code:

# Release Name : XxX-SuperScan-XxX
#
# RFi Scanner Christmas Release ! šŸ˜€
#
# ————- [% Notes %] ————-
# This rfi scanner contains piece of code from; PitBull CreW, Mic22, Inphex.
# And also lets just say more version wil come šŸ˜›
#
# With this release you must be happy since its the best RFi Scanner around.
# And its even public, happy x-mas ! šŸ˜€
#
# You can also PM the bot with your scan, this is handy when you have loaded multiple scanners.

and here’s another that I found rather funny as well:

# Mafia_KB, i hope i pretty fucked up your sell
# asking 2000 fucking euros for a crappy scan ?
# this one is 1000 times better so i hope
# it affects your sell even more lol.

Oh well.. tis life I guess

350-018 is related to AES and EAP wireless protocols that maintain safe wireless access to devices across the branch networks. 70-297 is related to devising an Active Directory in addition to network infrastructure. 640-816 explains how VLANs produce logically detached networks and the requirement for routing between them. 156-215 generate rules and adapt a Security Policy’s properties. Candidates for 70-528 should have a functioning knowledge of Visual Studio 2005 and a solid knowledge of the latest features of ASP.NET 2.0.

www.checkgrants.com

I’ve been a busy little bee lately… Doing what you might wonder? well, uncovering a wonderful little scam…

This scam involves www.checkgrants.com www.checkgrants.biz and www.checkgrants.net

It all started when I got another of those too good to be true letters and checks in the mail just like the Inslink Financial Inc scam I already told you about. It’s yet another one of those deposit the check and send a percentage to get the rest of the money deals… Yeppers it’s a scam alright…

First here’s the letter/check I received, I blacked out my home address… You can click it to see a large image in a new window to read everything in details.. it’s kinda funny actually!

If you paid attention to the actual check which I’m sure you did you can see it appears it’s from Metavante Corporation, and a little further digging led me to learn that Metavante is a huge financial consortium type company…

So of course I had to go poking around their website to find a contact to ask about all of this, and I found one whom I emailed and actually called, it’s their PR rep, Chip Swearngan, which his contact info you can easily find on the site if you wish. He actually forwarded me to their abuse department who I spoke with on the phone, they do know about this scam involving their company and they are working with law enforcement to put and end to it once and for all.

If anyone receives a letter involving Metavante Corporation they are asked to contact their abuse department at abuse[at] metavante.com (obviously the [at] is supposed to be the @ symbol in the email address…)

When I first emailed Chip about this, this was the response I got:

Metavante is aware of the fraudulent scheme that you have reported. We have been working with law enforcement agencies as these instances are brought to our attention. The check is counterfit and misappropriates the name and trademark of our company. Furthermore the fraud seeks to deceive unsuspecting consumers. We appreciate your notifying Metavante. By copy of this email I will ask our Information Security team to follow up with you.

Then the abuse team contacted me as I mentioned above and well it’s being worked on…

It gets better though.. if you read the letter you’ll see it mentions places to go to send your % commission to collect the rest of your fee. When I first got the letter of course I went to the sites, what’s funny is that it says checkgrants.com is NOT their website, and it directs you to the same .net and .biz sites. When I first got the letter the .net and .biz sites didn’t exist, but the .com version had a brief message directing me to go to the .biz site.

Then yesterday I decided to check on these sites again, well the .com site was online and it was so bad it was actually funny, it’s something out of the web .5 days design period. The site is down now (dunno how that could have happened hehehe) but I managed to grab a screenshot for you, click it to see it larger in a new window:

You see al those people there who are your official grant brokers, well if you look back at the letter I received you’ll see that Jim Welch is my personal grant broker:

Friendly looking guy isn’t he? I wonder who he really is?! Look like he could be an attorney, most likely lifted from some corporate website of somewhere…

Anyway, if you click on any of the names other than Jim, you get a canned brief message telling you to send the commission payment to:

Check Grants
29350 Pacific Coast Highway
Malibu, CA 90265
Fax: 310-421-0311

But if you click on Jim’s profile you get a large in depth message explaining how he wants paid, and that he just happens to be away in Europe on emergency business, yeah the FBI came knocking huh ?!

Anyway here’s the text I lifted from the site, I didn’t have time to grab the pictures but they were just screen grabs from the Greendot site anyway…

Hello, Iā€™m Grant Broker Jim Welch,

If I acquired your grant for you you must choose me to send the 10% commission to.

I had to fly to Europe on an emergency business errand and I will not be back in the United Statesā€™ office in Malibu, California until late next month. However, the deadline to pay the commission and qualify to receive the other half of your payment is still 5-days after you cash or deposit the check. I have your checks with me in Europe. Please follow the instructions below to allot me the10% commission of your first payment and I will still send your other check ā€“ for the same amount as the first check you received ā€“ by Next Day Air from Europe!

I Accept Commission Payments Via: GREENDOTĀ® ā€“ A New Way To Send Cash

You can send me a cash payment by adding money onto a GREENDOTĀ® Universal Reload Card or a GRENDOTĀ® MoneyPak (same thing) and sending me the card number. This will allow me to load the money into my bank account instantly. You can purchase these cards in the prepaid section of any Right Aid, Walgreens, CVS, Ralphā€™s and many other smaller retailers throughout the United States. The prepaid section is the section with the gift cards, cell phone cards and etc.

Here is what the cards look like:

Notice that Iā€™ve circled in red the words MoneyPak on one card and MoneyPak ā€“ Universal Reload on the other card. This is because GREENDOTĀ® also sells Pre-Paid Visa & MasterCard Credit Cards as shown below.

Warning: Here Is What The Cards DO NOT Look Like:

Notice that none of these cards says MoneyPak or Universal Reload! They say Prepaid Visa or Prepaid MasterCard as Iā€™ve also circled in red. You DO NOT want to get any of these cards as I cannot accept them. Again the card you want Must Say, ā€œMoneyPakā€ or ā€œMoneyPakā€ & ā€œUniversal Reloadā€ near the GREENDOTĀ® logo. If you ask the cashier for a GREENDOTĀ® MoneyPak or Universal Reload card they may hand you a Pre-Paid Visa or MasterCard by mistake, because many of them donā€™t know the difference. It is your responsibility to make sure the card you load funds onto says either ā€œMoneyPakā€ or ā€œMoneyPakā€ and ā€œUniversal Reload.ā€

It cost only $4.95 to load up to $500 on one of these cards. If the 10% commission your paying is over $500 because your first check was over $5,000, simply load money onto additional cards.

Letā€™s Start

If you donā€™t know where a local RiteAid, CVS Drugs, Walgreens, Ralphā€™s or Albertsons supermarket is, Click Here to find the nearest GREENDOTĀ® Universal Reload Card or GREENDOTĀ® MoneyPak vender in you aria.
Come back to this page once you have the card and Click Here electronically send me the number which will be located on the back of this card along with your name and the amount you loaded onto the card. I can then instantly transfer the funds to my bank account and Iā€™ll send you your other check, which is being held in waiting, by Next Day Express Airmail.

There’s is a link there that leads to an http address, not even an https address for you to input the information from the cards. The site is a joke, there are so many spelling and grammar mistakes it’s actually sort of funny… I do think it’s funny how he helps you out by letting you know where to get the card locally and even links to a ‘finder site’ to find places near you to get the card, and he goes in depth about how to do everything..

The site was originally hosted on zettahost.com / atspace.com (same company) and they did an excellent job of shutting the site down for us in record time.

All of the information about these domains is readily accessible through any whois query, and in that query it pretty much tells you who, if anyone is hosting the site:
Domain Name: CHECKGRANTS.COM
Registrar: NETFIRMS, INC.
Whois Server: whois.netfirms.com
Referral URL: http://www.netfirms.com
Name Server: NS1.ATSPACE.COM
Name Server: NS2.ATSPACE.COM
Status: ok
Updated Date: 03-aug-2007
Creation Date: 24-jul-2007
Expiration Date: 24-jul-2008

What I found funny is that the domain was registered on July 24th 2007, but yet the ‘About’ page goes to mention about what they (CheckGrants.com) were doing for thousands of people in 2006..?!?!

and here’s the other one:

Domain Name: CHECKGRANTS.NET
Registrar: INTERNET.BS CORP.
Whois Server: whois.internet.bs
Referral URL: http://www.internet.bs
Name Server: No nameserver
Status: redemptionPeriod
Updated Date: 08-aug-2007
Creation Date: 24-jul-2007
Expiration Date: 24-jul-2008

This one as you can see has no nameserver which essentially means it’s not hosted yet… have to keep checking that one eh?!

I forgot one didn’t I.. hmm the checkgrants.biz Whois got me quite a bit more information including names, addresses, telephone numbers etc of the registrant, which I’m sure are all false, but I’ve forwarded it all to the proper authorities and they can handle it from there… I’ll leave it as a surprise for you, if you wish to check it out go HERE and learn!

Remember though there is a disclaimer on the link and it might not be accurate, or correct according to NeuLevel Inc who the Whois query went through…. and of course remember please most likely the information in the Whois entry is false and if probably someone else’s address and contact information…

Well that’s my PSA for the day…

These scammers need to be stopped and be shut down!

Inslink Financial Inc

Well I’ve totally lost the post for Inslink Financial Inc, or North American Millions Jackpot or USA Millions Jackpot. So I thought I would post the pictures again of the actual letter and check for all to see. The thumbnails link to large hi-res scans.
Here’s the check they sent to me, yeah it looks very real:

and here’s the actual letter:

And here’s a bit more information:

Robert Smith or Catherine Jennings
Ph: 1-778-316-8161

North American Millions Jackpot
USA Millions Jackpot
Inslink Financial Inc.

Head Office:
Suite 500
3100 Temple Drive
Windsor, Ontario, Canada N8w 5j6

US Branch:
Suite 500
665 Broadway St.
New York, New York US 10012

John Adams
Chief Financial Officer, Phd

Essentially it says I’ve won $250,000 and if I don’t clain the prize in thirty days it will be returned to USA Millions Jackpot…

but I thought it was the North American Millions Jackpot, but now they say it’s the USA Millions Jackpot.

-Says I have to cash check and give them $2,900 for taxes by calling Rob or Catherine at the above listed number… umm yeah right..

Well I knew it was a scam but I was curious so I called Horizon Bank just to see, they directed me to customer service and immediately knew what I was talking about. So it’s well known to them…

as I said this is an abridged version of the original post, I can’t even find it on Google Cache…

and as sort of an update to this I’ve got yet another scam post coming up in a few.. need to scan it in.. but it’s another good one…


The professionals in the field of website development look for internet advertising of their web portfolio so that they could showcase their talent to more and more people around the world. No business can prosper without good online marketing. Even no one is coming to buy a domain on your site unless you donā€™t tell them that you are selling cheapest domain name.