Author |
Message |
LagosKid
Not quite a Newb
Joined: 12 Jan 2009
Posts: 56
Location: USA
|
Posted:
Wed Jan 21, 2009 12:02 am |
|
I'm just wrapping up my first bait! Its very exciting and hilarious, I think you'll find it fun to read. However he is posing as a BANK of SCOTLAND rep and even sent a link to a phishing site that was pretty dead-on.
I filled out the forms and sure enough he got them. Who do I report this site to when I finish this job? |
|
|
|
|
Scam Patroller
Baiting Guru
Joined: 08 Jul 2004
Posts: 11857
Location: UK
|
Posted:
Wed Jan 21, 2009 12:05 am |
|
|
|
|
LagosKid
Not quite a Newb
Joined: 12 Jan 2009
Posts: 56
Location: USA
|
Posted:
Sat Jan 24, 2009 6:07 am |
|
He is also now using a fake web site to impersonate a real lawyer. (Spaces added to link)
http:// sitebuilder.yell.com/sb/show.do?p=additional&n=3&id= SB0001553427000030
http:// royal bsc.co.uk/royal/online/apply.php
He also sent a very, very real British passport with the lawyers name on it.
This is my very first bait, don't know how to deal with these sites. Can we nail this guy? |
|
|
|
|
DoraTheExplorer
Baiting Guru
Joined: 18 Nov 2008
Posts: 9263
Location: Magnolia, Mississippi
|
Posted:
Sat Jan 24, 2009 6:32 am |
|
Hey LagosKid!
I just took a quick look. This is what I found so far:
Main page is here: http://royalbsc.co.uk/ And it says this in spanish:
Quote: |
Bienvenido a nuestro sitio ...
Por favor, vuelve pronto como sea vamos a actualizar las páginas en breve.
Gracias |
Which babelfish says (since I don't read spanish):
Quote: |
Welcome to our site… Please, it returns soon as it is we are going to update the pages shortly. Thanks |
Which is odd for a UK site, eh?
The insecure application site: http://royalbsc.co.uk/royal/online/apply.php
Quote: |
canonical name royalbsc.co.uk.
aliases
addresses 66.40.52.68 |
Quote: |
Domain Whois record
Queried whois.nic.uk with "royalbsc.co.uk"...
Domain name:
royalbsc.co.uk
Registrant:
Sarah Oshinusi
Registrant type:
UK Individual
Registrant's address:
The registrant is a non-trading individual who has opted to have their
address omitted from the WHOIS service.
Registrar:
eNom, Inc. [Tag = ENOM]
URL: http://www.enom.com
Relevant dates:
Registered on: 10-Dec-2008
Renewal date: 10-Dec-2010
Last updated: 12-Dec-2008
Registration status:
Registered until renewal date.
Name servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com
|
Quote: |
Network Whois record
Queried whois.arin.net with "66.40.52.68"...
OrgName: Peer 1 Dedicated Hosting
OrgID: P1DH-1
Address: 101 Marietta Street
Address: Suite 500
City: Atlanta
StateProv: GA
PostalCode: 30303
Country: US
NetRange: 66.40.0.0 - 66.40.255.255
CIDR: 66.40.0.0/16
NetName: MAXIM-4
NetHandle: NET-66-40-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: PIT.MAXIM.NET
NameServer: PENDULUM.MAXIM.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-10-31
Updated: 2007-12-04
OrgTechHandle: DCOPE2-ARIN
OrgTechName: DC Operations
OrgTechPhone: +1-678-365-2835
OrgTechEmail: [email protected]
|
Looks to me pretty fakey. I would say that it needs to be posted in the Fake Banks http://forum.419eater.com/forum/viewforum.php?f=23 to be researched, DBd, and killed.
Here are the posting guidelines: http://forum.419eater.com/forum/viewtopic.php?t=148917 and you can sign up for site killing help here: http://forum.419eater.com/forum/viewtopic.php?t=146032
Please post the scammer email with headers that you got the site from too, if you have it.
Great find! Come kill a fake bank. |
_________________
x 2714
Paga John Paga Willie Paga Kingsley James
The Dynamic Duo Travels! |
|
|
|
LagosKid
Not quite a Newb
Joined: 12 Jan 2009
Posts: 56
Location: USA
|
Posted:
Sat Jan 24, 2009 7:50 am |
|
Thanks Dora!! I'm pretty deep into screwing with this guy. He has taken on a lawyer persona and emailed me the following. In it he has a fake link and a very real looking passport. By the way, you like the name I've been using with him? He took over after his sister Anita died. Hee hee Cant wait to post the finished product.
Delivered-To: [email protected]
Received: by 10.142.49.18 with SMTP id w18cs258472wfw;
Fri, 23 Jan 2009 19:41:30 -0800 (PST)
MIME-Version: 1.0
Sender: [email protected]
Received: by 10.181.48.4 with SMTP id a4mr698799bkk.59.1232768487322; Fri, 23
Jan 2009 19:41:27 -0800 (PST)
Date: Fri, 23 Jan 2009 19:41:27 -0800
X-Google-Sender-Auth: d636d1db5b9aaa74
Message-ID: <[email protected]>
Subject: Richard David Billingham Esq Perogative On Funds
From: Billingham Law Firm <[email protected]>
To: [email protected]
Content-Type: multipart/mixed; boundary=001485f64560c6f58004613247c4
--001485f64560c6f58004613247c4
Content-Type: multipart/alternative; boundary=001485f64560c6f57904613247c2
--001485f64560c6f57904613247c2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
ATTENTION H A F T A G O F R ADUMP
I am David Richard Billingham, an attorney at Law in the United Kingdom. I am sending this email to you because I desire your trust and if you can assure me of your trust and honesty, then we can work together on what I intend to complete in this transaction with RBS in LONDON who is in possesion of your funds.I am prepared to send a report from the law firm I work for, instructing the ROYAL BANK OF SCOTLAND to release the deposit to 'you' as the closest surviving relation to LATE.ANITA GOFRADUMP according to your wish
One containing $575,000 (Savings)
One containing $25,000 (Checking)
In accordance to the RBS in London, the bank regulations must take its due course by completing the necessary fees as they demanded.An evidence of receipt of the first payment should be forwarded to me for my perusal with a cleared information because that was the RBS complaints during our symposium that the receipt you sent to them was vague.A concrete information on the receipt of the required payment should be forwarded to me and further ararngement should be embark on by you to complete all pending fee in order to hold your facts that you have completed the bank requirements,and on no account should they delay the transaction in your desire.
Repeatdly, required information to enhance the transaction that is pending are:
A) A written figure and words as indicated in RECEIPT OF PAYMENT of $1100
B) Balance unpaid fee to complete the required amount by RBS in London demands.
Above informations will act as my weapon to legally hasten the completion of the trasnaction with RBS in London as you desire.
I am sending my information to you as you did send yours to me so we can trust each other. I do not expect you to act maliciously in any way.
Richard David Billingham
Mill House, Bishops Cleeve, Cheltenham, Gloucestershire, GL52 8LR
The links to my firm's website
http://www.billinghamandpartners.co.uk/
http://sitebuilder.yell.com/sb/show.do?p=additional&n=3&id=SB0001553427000030
I am attaching a copy of my passport. I will inform you as soon as I have sent the report to the RBS in london. Let me have the required above information as my weapons of right to claim the funds .
Richard |
Last edited by LagosKid on Sat Jan 24, 2009 6:46 pm; edited 1 time in total |
|
|
|
LagosKid
Not quite a Newb
Joined: 12 Jan 2009
Posts: 56
Location: USA
|
Posted:
Sat Jan 24, 2009 7:54 am |
|
This is the email linking to the Royal Bank of Scotland fake site...
Delivered-To: [email protected]
Received: by 10.142.49.18 with SMTP id w18cs85684wfw;
Mon, 19 Jan 2009 16:02:17 -0800 (PST)
Received: by 10.214.25.15 with SMTP id 15mr6733620qay.119.1232409737153;
Mon, 19 Jan 2009 16:02:17 -0800 (PST)
Return-Path: <[email protected]>
Received: from blu0-omc2-s11.blu0.hotmail.com (blu0-omc2-s11.blu0.hotmail.com [65.55.111.86])
by mx.google.com with ESMTP id 34si1376191yxl.40.2009.01.19.16.02.16;
Mon, 19 Jan 2009 16:02:16 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.111.86 as permitted sender) client-ip=65.55.111.86;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.111.86 as permitted sender) [email protected]
Received: from BLU119-W30 ([65.55.111.71]) by blu0-omc2-s11.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 19 Jan 2009 16:02:16 -0800
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_f37678ff-dcae-4605-8f8a-d053998b359e_"
X-Originating-IP: [80.255.59.243]
Reply-To: <[email protected]>
From: Steven Muller <[email protected]>
To: <[email protected]>
Subject:
=?windows-1256?Q?ONLINE_ACCOUNT_OPENING_FORM_(RYS/012/OLT/04/101/0)=FE=FE?=
=?windows-1256?Q?=FE?=
Date: Tue, 20 Jan 2009 00:02:16 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 20 Jan 2009 00:02:16.0923 (UTC) FILETIME=[5B1D4AB0:01C97A92]
Good Day Hafta Gofradump,
Prior to your mail, you are advised to fill in a fresh online application form with your given information so as to enhance further opening of the account with your details information.
You ar advised to fill the link of Online Bank Form for the processing of your claims according to the option of payment you may choose.
http://royalbsc.co.uk/royal/online/apply.php
Thank you for your services with Royal Bank Of Scotland.
Steven Muller
Finance Operations
Royal Bank Of Scotland |
|
|
|
|
DoraTheExplorer
Baiting Guru
Joined: 18 Nov 2008
Posts: 9263
Location: Magnolia, Mississippi
|
Posted:
Sat Jan 24, 2009 8:17 am |
|
Nice job, Lagos!
I know I told you to post the emails and headers. And it is great that you have them. Just FYI, the Main forum is googeable. So if you don't want your baiting name googled, you might want to XXXX that out. Even though it is funny.
|
_________________
x 2714
Paga John Paga Willie Paga Kingsley James
The Dynamic Duo Travels! |
|
|
|
kraftstrom
Master Baiter
Joined: 20 Mar 2008
Posts: 107
|
Posted:
Sat Jan 24, 2009 2:28 pm |
|
have a look at some of the files on his webspace:
http:// royal bsc.co.uk/royal/online/
(http://royal bsc.co.uk/royal/online/200901151352190.xxx%5b1%5d.JPG) for example. |
_________________
"You bastards think it’s funny,
Lyin’ and thieving all your life,
Think all there is is money,
Got your future strapped up tight,
Just ‘Cos You Got The Power,
That don’t mean you got the right"
"ONE DAY YOU WILL DIE LIKE ANT!" - Apostle Obinna |
|
|
|
DoraTheExplorer
Baiting Guru
Joined: 18 Nov 2008
Posts: 9263
Location: Magnolia, Mississippi
|
Posted:
Sat Jan 24, 2009 2:50 pm |
|
Nice catch, kraftstrom!
I am not good at looking at all of those things. Does there look to be any potential vic info in there? Anything that needs to be reported to a mod?
|
_________________
x 2714
Paga John Paga Willie Paga Kingsley James
The Dynamic Duo Travels! |
|
|
|
kraftstrom
Master Baiter
Joined: 20 Mar 2008
Posts: 107
|
Posted:
Sat Jan 24, 2009 3:48 pm |
|
There are some images of potential victims but I can't tell if they're fake.
http://royalbsc.co.uk/royal/online/200901081053290.Passap%5b1%5d.1.jpg
http://royalbsc.co.uk/royal/online/200901142045420.mostafa.jpg
http://royalbsc.co.uk/royal/online/200901130424520.foto.jpg
http://royalbsc.co.uk/royal/online/200901151352190.xxx%5b1%5d.JPG
I find it hard to believe that anyone would be willing to enter anything into any of the forms hosted there, but I will try to extract some more data out of them
Edit:
I think the lad tries to sell several passwords to his "clients":
http://royal bsc.co.uk/royal/online/Clearancepage.htm?12345
this seems to be a form for some kind of transfer, you need a password for it. You might now be tempted to pay the lad but before doing so, you might want to try "BIMrc41" as a password
After a bit of "processing" you will be asked for the "United Nations Anti Terrorist Code". The code is "UNatc66".
The transfer will now resume. For a short while, that is.
Next you will have to type in the Financial Action Task Force Code, which is "FA454tf1".
By now you should have saved enough money you would otherwise have spent on "Codes", so go and have yourself a nice glass of whisky
The next code you have to enter is for "Cost of Conversion". Try "COV213sd". Your "Transfer" will complete successfully... |
_________________
"You bastards think it’s funny,
Lyin’ and thieving all your life,
Think all there is is money,
Got your future strapped up tight,
Just ‘Cos You Got The Power,
That don’t mean you got the right"
"ONE DAY YOU WILL DIE LIKE ANT!" - Apostle Obinna |
|
|
|
|
|
View next topic
View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|