SmartFeedSmartFeed          



WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Parameters for attacking fake sites

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Old Coaster
Baiting Guru


Joined: 25 Nov 2003
Posts: 3045
Location: Don Quijote Country


PostPosted: Sun Jan 16, 2005 3:15 pm Reply with quoteBack to top

This forum is developing the idea of members joining together to kill fake and fraudulent sites. This is an excellent development.

On the fake bank forum, we have spent a considerable time developing a system which allows any member to prove beyond doubt that a site is fake. This information is posted in the thread relating to the fake site so that everyone can see it is fake.

A standardised kill letter is then produced and sent to the hoster giving the evidence and pointing out that as the site is clearly fake and the hoster has been advised. If no action is taken, the hoster becomes vulnerable to a civil lawsuit from a victim referred to the site after the date of the warning. A copy of the e-mail is sent to 419legal to provide proof that the warning was sent and we are beginning to use readnotify to provide a certificate of receipt, so the hoster cannot claim not to have received the warning. Most hosters co-operate. The lad vampire can be useful in persuading the reluctant ones, but it is only deployed after the hoster fails to take action.

Banks are relatively simple to verify since they are listed by each country's regulator. These sites are far more complicated to prove to be fake. A simple statement from a baiter is unlikely to stand in a court of law.

I think it would be helpful if we could draw up a set of procedures to check out suspect sites, prove that they are fake beyond reasonable doubt, and then the approved methods for closing them down. I would remind everyone that these forums are public and that hacking and the planting of viruses are illegal in the UK and in the US as well as most other countries.

I look forward to seeing your ideas.

OC

de-stickied - 31Jan11 -Ima

_________________
For evil to triumph, good men need merely do nothing!

United Kingdom Nigeria United Kingdom Spain
View user's profileSend private message
kanshi_ng
Baiting Guru


Joined: 13 Dec 2003
Posts: 419
Location: From Hell


PostPosted: Sun Jan 16, 2005 6:17 pm Reply with quoteBack to top

Is there a central register for Escrow sites we could use for the auction frauds?

_________________
Kanshi Ng


"I've got a black cat's bone
I've got a mojo tooth
I've got a John the Conqueroo
I'm gonna mess with you"
Mortar x7
View user's profileSend private messageYahoo MessengerMSN Messenger
pfiesty
Elite Baiter


Joined: 30 Jul 2004
Posts: 1163
Location: between Canada & Mexico


PostPosted: Mon Jan 17, 2005 5:52 pm Reply with quoteBack to top

eBay lists their approved escrow sites on one of their help pages: http://pages.ebay.com/help/sell/escrow.html

From that page:
Quote:
An escrow service is a licensed and regulated company that collects, holds, and sends a buyer's money to a seller according to instructions agreed on by both the buyer and seller. Typically, once the buyer receives and approves the item from the seller within an agreed time frame, the escrow service then sends the payment to the seller.

Escrow is available for any purchase, but typically is used for purchases of $500 or more.

Be vigilant! Use caution when considering an escrow service
If you are a buyer or a seller and choose to pay or be paid through an escrow service, you should only use Escrow.com (www.escrow.com), eBay's approved escrow service.
...

For more information about protecting yourself from fraudulent escrow providers and spoof Web sites, visit the eBay Security Center. Take the Spoof Protection Tour and read our education snapshot on fraudulent escrow services.


International escrow services approved by eBay:

www.eBay.au users:
TradeSecure *

www.eBay.it and www.eBay.es users:
Escrow Europa

www.eBay.de users:
iloxx Safe Trade

www.ebay.fr, www.ebay.nl and www.ebay.be users:
Triple Deal

* Please note: eBay lists TradeSecure on this help page, but (visit the link and see for yourself) they "no longer offer this service." This does not inspire confidence in eBay Rolling Eyes

_________________
Many... Togo Switzerland Hong Kong Czech Republic United Kingdom South Africa Flag Monaco Belize Nigeria Isle Of Man Bahamas, The Netherlands Canada St Kitts and Nevis Ivory Coast United States :flag_bb: :flag_iq: Jolly Roger Mugu Reseller

29: Cellphone Learn how to make a PhoneLad crying Exclamation
View user's profileSend private messageAIM AddressMSN MessengerICQ Number
Old Coaster
Baiting Guru


Joined: 25 Nov 2003
Posts: 3045
Location: Don Quijote Country


PostPosted: Mon Jan 17, 2005 8:00 pm Reply with quoteBack to top

As there have been so few replies, I would assume that those who have posted here are active elsewhere and merely looking for help in their DOS attacks.

My thoughts are therefore:-

    1) Members from here who want to join in such attacks should satisfy themselves that any such attacked sites are genuinely fake before participating.

    2) The forums should concentrate on 419 scammers and the sites associated with them rather than involve ourselves in trying to close down Auction Fraud and Phishing Sites.


If anyone disagrees with me please post your thoughts here before tomorrow night, when the forum rules will be updated to reflect this view

_________________
For evil to triumph, good men need merely do nothing!

United Kingdom Nigeria United Kingdom Spain
View user's profileSend private message
Goatman
Not quite a Newb


Joined: 15 Sep 2004
Posts: 26
Location: Right Coast


PostPosted: Wed Jan 19, 2005 12:34 pm Reply with quoteBack to top

OC,
While your observation regarding the response to your OP is valid, the content of your original post is more so.

I wish I had seen it sooner, because I am fairly certain you were referring to me when you assumed that perhaps others were elsewhere and had only posted here to rally support for an attack.

A few months back, I asked Oz and Shiver to open a forum on auction scams, check fraud and phishing sites, etc. They were gracious enough to put this section up and it has helped expose hundreds of schemes and scams.

I wish I had seen your post earlier, because there really IS a ton of interest in this stuff and I sincerely appreciate having a veteran baiter/bank killer like yourself address this growing concern.
When I established a small off-shoot discussion group (eBay Scam Killers) in Nov.'02, it grew to 100 auction/check scam baiters in 60 days. That's an average of more than one "recruit" per day.

I should add that we also reject numerous Russian and Romanian membership applications each week. These guys have more access to computers and are far more aggressive in their attitude toward baiters and anti-scam campaigns.
(One of our newer members here "No_Muie_4_Youie" has had a $5000 bounty placed on his head PUBLICLY on eBay Forums by a Romanian "vlad.")

(We call the Ru/Ro scammers "vlads" now: a terrible pun derived from "lads" and "Vladimir".)

On the positive; eBSK has thwarted so many eBay Motors fraud auctions that the scammers have moved off the boards. An automobile scam auction is very rare. When a Romanian has 10 offers for his Chevy Camaro that is "stored in Italy" and 9 of those are baits, he's going to move elsewhere.

But our focus is moving beyond the simple baits on eBay to the source of these frauds. Following their paths, we found that they were hiring mules to cash their auction checks in the USA, Canada, UK and Oz. Suddenly, we were finding dozens of fake escrow and Russian check-cashing websites that were recruiting "employees" on almost every online job-seeker website in the afore-mentioned countries.

We also found that these "help wanted" ads are extremely successful - pulling in dozens and dozens of innocent people who are looking for an honest paycheck. Once they are "hired" it only takes a matter of weeks before they are arrested, lose their bank accounts, and owe said bank tens of thousands.

Now we're trying to shut these down in a way that's similar to the 419eater bank killers.
However we are INEXPERIENCED at this and require some guidance.

I would welcome ANY help from the experienced and savvy bank killers at 419Eater. I have been admiring your work in those forums and am duly impressed that OC would recognize this escalating fraud activity and offer some ideas.

I know it is very important to pursue proper avenues before staging a DOS attack.
Don't discount the fact that nobody has responded to this thread. There are several dozen baiters who want to hear ideas from the 419e bank killers, and I, for one, am the most eager!

Thank you for reading this.
Wink

Goatman
View user's profileSend private message
Goatman
Not quite a Newb


Joined: 15 Sep 2004
Posts: 26
Location: Right Coast


PostPosted: Wed Jan 19, 2005 6:22 pm Reply with quoteBack to top

kanshi_ng wrote:
Is there a central register for Escrow sites we could use for the auction frauds?


Kanshi,
I don't know about that, but this site lists them -- real or fraudulent:

http://www.sos4auctions.com/escrow/escrow.asp

Just click on the Search function...

You'll be amazed at how many fraud escrow sites are (were) up!

Goatman
View user's profileSend private message
pfiesty
Elite Baiter


Joined: 30 Jul 2004
Posts: 1163
Location: between Canada & Mexico


PostPosted: Thu Jan 20, 2005 11:14 pm Reply with quoteBack to top

The biggest problem in fake bank killing isn't recognizing whether or not a site is fraudulent. It's writing a convincing letter to a web host Very Happy

We have an explicit legal argument against fake banks -- it is illegal to claim to operate as a financial institution without the proper license from your country's government. Many hosts will consider all points against a fake bank, even the weakest ones (such as, "a scam artist has referred to it"). However, many will consider only the strongest argument we have: whether or not the bank appears in an FSA database of legitimate financial institutions.

I certainly am not trying to detract from SOS4Auction's efforts; they've compiled a thorough, useful database, and if I ever need to look up an escrow site, I now know where to go. However, it will be about as useful for site killing as the aa419.org database is. It's perfect for informing the public, informing bank killers, and adding weight to our case against a fake bank, but it will not be enough on its own to convince some hosts to take a site down.

Ideally we need a government-recognized list (or blacklist). The best alternative would be to check escrow companies/sites against things like the UK Companies House, but that's much harder to find in some countries; in the US, for example, it's done on a state-by-state basis. So it'll take some research Very Happy

_________________
Many... Togo Switzerland Hong Kong Czech Republic United Kingdom South Africa Flag Monaco Belize Nigeria Isle Of Man Bahamas, The Netherlands Canada St Kitts and Nevis Ivory Coast United States :flag_bb: :flag_iq: Jolly Roger Mugu Reseller

29: Cellphone Learn how to make a PhoneLad crying Exclamation
View user's profileSend private messageAIM AddressMSN MessengerICQ Number
kanshi_ng
Baiting Guru


Joined: 13 Dec 2003
Posts: 419
Location: From Hell


PostPosted: Fri Jan 21, 2005 6:55 pm Reply with quoteBack to top

Goatman, personally, I'm drowning in 419 scams, and haven't the experience to get involved with Ebay frauds and such like. it was just a suggestion ot the company in general with OC asking for ideas.

That's certainly the sort of mould you want to follow to identify fakes though - find the offical registers, find out how the scammers sites are different, and use it.

In this case, I'm thinking more of a central register, akin to the financial licensing that banks require, than a list of all escrow companies, both real and fraudulent.

This is the problem, our bank killers experience is limited to banks - you guys are pushing new ground, while we can make suggestions, as we have tried to - we can't give you a killer format, as we simply don't know enough about the targets.

Get those several dozen baiters here - talk about the scams - discuss it, and get some drawn out examples - once we can see what you're doing, perhaps we can assist.

_________________
Kanshi Ng


"I've got a black cat's bone
I've got a mojo tooth
I've got a John the Conqueroo
I'm gonna mess with you"
Mortar x7
View user's profileSend private messageYahoo MessengerMSN Messenger
Daneel_Oliwav
Master of Master Baiters


Joined: 15 Feb 2005
Posts: 732


PostPosted: Mon Sep 05, 2005 11:48 pm Reply with quoteBack to top

Here's something that could be used as a template for abusing mule scam sites. Feel free to offer suggestions/additions/corrections as applicable.

Subject: fake-scam-company.com (Money laundering site hosted by webhoster.com)
Quote:
ABUSE REPORT re (DomainName)

To whom it may concern;

The following domain is hosted on your servers or is within your IP
block. Please forward this report to the correct hosts of this
fraudulent domain:

(NameOfSite)
(Url)
IP (IP)

This email is being sent to notify you of individuals conducting illegal
activities using your servers. You should be aware that if you fail to
take down this website and all associated email addresses, you could be
held liable for any damages incurred to the people who get defrauded
with the help of this site.


__________________________________________________
THIS SITE IS FRAUDULENT FOR THE FOLLOWING REASONS:

+ Site is a fake business used for money laundering and/or fake check
scams. This is what the duties of an employee of this company would be:
(Quote Job Description)
Quote taken from (Give URL or mention the spam email you should
copy into the abuse notice)


They never explain why they need someone to transfer money in this
way, it is after all quite unusual for legitimate businesses. The
reason is that the money the employee would receive has been obtained
in some illegal manner, through phishing, eBay scams or some other
form of Internet fraud. They want it sent to them by Western Union for
reasons of anonymity.

They may also send fake checks to the employee, asking him to send the
money by Western Union, and after a week or so the check bounces and
the bank will demand it's money back.

If the police ever come looking for the money, they will find the
so-called employee and not the real criminals.

+ Site recruits employees through spam e-mails. I have copied one
at the bottom of this email with full headers. They were not sent from
this domain and are only meant to serve as evidence that this business
is not legitimate.

+ Site recruits employees through spam e-mails. I have copied one
at the bottom of this email with full headers. They were sent from
this domain which may also be a violation of your AUP, but mainly
they are copied here to serve as evidence that this business is not
legitimate.

+ Site attempts to hide it's real location.
The spam e-mails do not mention the aforementioned domain but instead
direct people to another site which simply contains a frame displaying
the contents of the domain:
(WebsiteMentionedInSpamMail)

+ This business has no internet presence whatsoever. A Google search
on the name reveals nothing about them.
(Link to Google search)

Despite this fact they make claims to be a major business.
(Quote "We have 200000 customers and 50 offices around the world" etc)
Quote from (URL)

+ Site lists non-existent clients.

(Quote from client page)
None of these clients seem to have any internet presence whatsoever.
Google searches on their names reveal nothing on them.
(Link to Google searches if you like)

Site does not list any contact information for these "clients".

+ Site is mentioned on anti-fraud sites.
(URLs)

+ Mobile/satellite phone used for contact number. No legitimate business
would have this. This is an attempt to remain anonymous.
(Phone number)
This can easily be confirmed with www.numberingplans.com

+ Site gathers personal information on insecure forms. No legitimate
business would gather this type of information without security
precautions.
(URL)

+ Site asks for detailed personal information and has none of the normal
questions an employer would ask. There are no demands for education, CV
or contact information for previous employers.
(Quote requirements listed or registration page as applicable)

This is most likely for the purpose of identity theft.

+ Site does not demand any of the normal information an employer would
ask of a potential employee. There are no demands for education, CV or
contact information for previous employers.


+ The domain registration is typical for fraud sites.

- The domain has only been registered for one year at a time. This is
unusual for legitimate businesses but typical for fraud sites as they
don't expect to stay online for very long.

The WHOIS record states:
(Quote WHOIS registration dates)

- The address used is one they have most likely found on the internet
and simply copied from here:
(Copy URL where it was found and the address)
The person living here is unlikely to have any connection to this
website.

- The address used does not appear to exist according to mapquest.com

- The registration and domain name does not appear to have any
connection to the business the site is representing.

- The e-mail address listed is from a free e-mail service.
(Email)

- The phone number listed is for a mobile/satellite phone.
(Phone)
This can easily be confirmed with www.numberingplans.com

- Contact information is obviously fake.
(Quote if they have phone numbers like 123-456-789)

________________________________________________
WE ASK YOU TO PLEASE TAKE THE FOLLOWING ACTIONS:

* Verify the fraudulent nature of this site, as outlined above.

* Shut down all email accounts and web pages associated with this site,
and hold a copy for the authorities.

* Check for other sites/domains established by this customer.

* Contact the police with any credit card and contact information you
have on record: fraudulent sites are often funded with stolen credit
cards.

________________________________________________________
Sadly there are many naive people out there who do not see these sites
for what they are, and do not realise they are getting involved in
something illegal.
+ They usually get accused of the fraud the real criminals were guilty
of.
+ If they provide personal information they get their identities stolen
so more crimes may be commited in their name.
+ If they provided their credit card information to the scammers they
get their bank accounts emptied.
+ If they cash any fake checks, it will take weeks before they bounce
and the bank will reclaim the money, often leaving the victim with
crippling debt.

For more information on these scams please view these sites:
http://www.banksafeonline.org.uk/what_mule.html
http://ezinearticles.com/?Money-Mule-Email-Scam-Hits-U.S.&id=61504
http://www.fraudaid.com/ScamSpeak/Nigerian/check_processing_scam.htm

Thank you for your prompt attention. If you feel more information is
needed before you can proceed with closing this domain, please feel
free to contact me at:
(Email Address)

If you have any questions about myself or the anti-fraud organisation
I represent feel free to ask. I do not include it here so that if you
feel it is necessary to forward this email to the criminals running the
site you will not be putting us at risk.

Regards,
(Alias)

_________________
United Kingdom Netherlands Nigeria Canada Flag Monaco Spain Bahamas, The South Africa France Benin Isle Of Man Cayman Islands Ivory Coast Russia United States United Arab Emirates
Mortar x11
In Estonia, it only costs $7000 to fix people like me.
View user's profileSend private message
kuman
Guest






PostPosted: Mon Sep 12, 2005 12:27 am Reply with quoteBack to top

Daneel_Oliwav, looks impressive and convincing thoughts.
Capt Spaulding
Not quite a Newb


Joined: 22 Jul 2005
Posts: 40
Location: Exploring The Dark Continent


PostPosted: Mon Oct 24, 2005 10:27 pm Reply with quoteBack to top

Escrow services are often licensed by the various States, and of course each one does it according to their own priorities. Some might be via their Real Estate Department, others via Banking/Lender registration. Some might exempt those not dealing with real estate.

This licensing and bonding started well before the Internet Auction craze -- in response to an escrow company occasionally moving to Brasil some night. Rolling Eyes

Someone needs to spend weeks scouring each State's regulatory agencies to create a list like OC's international list of bank regulators. I'm too busy, LOL, but it's the best evidence in a regulated State to show scamosity.

_________________
Mugu Reseller Mugu Reseller United Kingdom X15 Switzerland X4 Spain X5 Ghana United Nations United Nations Netherlands x5 Canada x4 Nigeria Nigeria South Africa South Africa Ivory Coast United Arab Emirates United States Burkina Faso Burkina Faso Bahamas, The Isle Of Man Saudi Arabia
+Malta +Guyana +Iceland +Maylasia +Cyprus +Monaco +St. Vincent and the Grenadines +Texas
Hooray for Captain Spaulding, the African Explorer, Hooray, Hooray, Hooraaaaay !!!
"We Offer Private Dumberred Accounts" - Everbright Finance Trust
"My name is Johnson Kerosine" - Mr. Johnson Kerosine
"Mr. Mr. George Moranz is recognized not only by publications of which he is authors but also by his love"
View user's profileSend private message
herbashus
Hello I'm New here!


Joined: 31 Jan 2011
Posts: 1


PostPosted: Mon Jan 31, 2011 6:06 pm Reply with quoteBack to top

One way to "validate" fake services like this might be to look at the way spam is scored by mail server

Many mail servers attribute a spam "score" to each piece of mail and the mail is accepted or rejected on the basis of that score and what level of spam is deemed acceptable by the management of the mail server. So I might setup a server for a client and set a threshold of 12 and every piece of mail scoring >=12 is rejected before it hits the server

Using the same approach you could attribute a weighting to each piece of verifiable data about a business - landline phone, business type (sole trader, etc), country of origin, etc, and sum the attributes to generate a crude OK / SCAM, go / no-go summary

If the business was rejected with a high score - bingo, contact the host and let them deal with it. If it's borderline, do more research

This approach can be modified over time & weighting scores adjusted to improve the system without starting again

The big problem, as I see it, with a blacklist is that it would perpetually be out of date. With real-time scoring of a company, assuming it's doable, the system would be avoid that pitfall
View user's profileSend private message
Ima Baeder
Baiting Guru


Joined: 03 May 2007
Posts: 18314


PostPosted: Mon Jan 31, 2011 6:42 pm Reply with quoteBack to top

Welcome, herbashus. This thread is very outdated, from 2005. I didn't realize it was still a sticky topic in this forum. I will edit the OP to un-sticky it.
A lot has changed with fake site killing since 2005. Please visit the fake sites forum for information on our current methods.

_________________
348 Fake Sites killed United StatesUnited KingdomUnited NationsMaltaNigeriaGhanaBeninGermanySouth AfricaRussiaTogoMalaysiaEuropean UnionJapanIvory CoastSpainFranceSwitzerlandChinaCanadaItalyThailand

Star Mugu Reseller Mortar Closed lad accounts x 100 Sand Timer 2 Years Pretty Rose Mc Fry Mc Fry Nurse Nastys Audi TT Goat Flying Monkey Easter Egg 2011
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT