SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 My scammer is phishing now

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
LagosKid
Not quite a Newb


Joined: 12 Jan 2009
Posts: 56
Location: USA


PostPosted: Wed Jan 21, 2009 12:02 am Reply with quoteBack to top

I'm just wrapping up my first bait! Its very exciting and hilarious, I think you'll find it fun to read. However he is posing as a BANK of SCOTLAND rep and even sent a link to a phishing site that was pretty dead-on.

I filled out the forms and sure enough he got them. Who do I report this site to when I finish this job?
View user's profileSend private message
Scam Patroller
Baiting Guru


Joined: 08 Jul 2004
Posts: 11854
Location: UK


PostPosted: Wed Jan 21, 2009 12:05 am Reply with quoteBack to top

You sure it was a phishing site and not a fake bank site? Please post the url, but put some spaces in it so it's not clickable.

_________________
Pith Helmet 10 Safari Safari Safari Safari Safari Safari Safari Safari Suitcase
40x Nigeria 4x South Africa 2x Ghana 2x Benin 10x Ivory Coast 34x United Kingdom 17x United States 9x Spain 1x Belgium 1x 6x European Union 4x Canada 1x New Zealand 6x Netherlands 1x pyramid 23x Cellphone Jolly Roger
Vcamera YMCA Vcamera Summer Holdiay + Bus Hijack

www.scamwarners.com - www.scam-info-links.info - www.aa419.org - The Numpties Gallery
View user's profileSend private message
LagosKid
Not quite a Newb


Joined: 12 Jan 2009
Posts: 56
Location: USA


PostPosted: Sat Jan 24, 2009 6:07 am Reply with quoteBack to top

He is also now using a fake web site to impersonate a real lawyer. (Spaces added to link)

http:// sitebuilder.yell.com/sb/show.do?p=additional&n=3&id= SB0001553427000030

http:// royal bsc.co.uk/royal/online/apply.php

He also sent a very, very real British passport with the lawyers name on it.

This is my very first bait, don't know how to deal with these sites. Can we nail this guy?
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Sat Jan 24, 2009 6:32 am Reply with quoteBack to top

Hey LagosKid!

I just took a quick look. This is what I found so far:

Main page is here: http://royalbsc.co.uk/ And it says this in spanish:

Quote:
Bienvenido a nuestro sitio ...
Por favor, vuelve pronto como sea vamos a actualizar las páginas en breve.
Gracias


Which babelfish says (since I don't read spanish):

Quote:
Welcome to our site… Please, it returns soon as it is we are going to update the pages shortly. Thanks


Which is odd for a UK site, eh? Wink

The insecure application site: http://royalbsc.co.uk/royal/online/apply.php

Quote:
canonical name royalbsc.co.uk.
aliases
addresses 66.40.52.68


Quote:
Domain Whois record

Queried whois.nic.uk with "royalbsc.co.uk"...

Domain name:
royalbsc.co.uk

Registrant:
Sarah Oshinusi

Registrant type:
UK Individual

Registrant's address:
The registrant is a non-trading individual who has opted to have their
address omitted from the WHOIS service.

Registrar:
eNom, Inc. [Tag = ENOM]
URL: http://www.enom.com

Relevant dates:
Registered on: 10-Dec-2008
Renewal date: 10-Dec-2010
Last updated: 12-Dec-2008

Registration status:
Registered until renewal date.

Name servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com



Quote:
Network Whois record

Queried whois.arin.net with "66.40.52.68"...

OrgName: Peer 1 Dedicated Hosting
OrgID: P1DH-1
Address: 101 Marietta Street
Address: Suite 500
City: Atlanta
StateProv: GA
PostalCode: 30303
Country: US

NetRange: 66.40.0.0 - 66.40.255.255
CIDR: 66.40.0.0/16
NetName: MAXIM-4
NetHandle: NET-66-40-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: PIT.MAXIM.NET
NameServer: PENDULUM.MAXIM.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-10-31
Updated: 2007-12-04

OrgTechHandle: DCOPE2-ARIN
OrgTechName: DC Operations
OrgTechPhone: +1-678-365-2835
OrgTechEmail: [email protected]


Looks to me pretty fakey. I would say that it needs to be posted in the Fake Banks http://forum.419eater.com/forum/viewforum.php?f=23 to be researched, DBd, and killed.

Here are the posting guidelines: http://forum.419eater.com/forum/viewtopic.php?t=148917 and you can sign up for site killing help here: http://forum.419eater.com/forum/viewtopic.php?t=146032

Please post the scammer email with headers that you got the site from too, if you have it.

Great find! Come kill a fake bank. Very Happy

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
LagosKid
Not quite a Newb


Joined: 12 Jan 2009
Posts: 56
Location: USA


PostPosted: Sat Jan 24, 2009 7:50 am Reply with quoteBack to top

Thanks Dora!! I'm pretty deep into screwing with this guy. He has taken on a lawyer persona and emailed me the following. In it he has a fake link and a very real looking passport. By the way, you like the name I've been using with him? He took over after his sister Anita died. Hee hee Cant wait to post the finished product.


Delivered-To: [email protected]
Received: by 10.142.49.18 with SMTP id w18cs258472wfw;
Fri, 23 Jan 2009 19:41:30 -0800 (PST)
MIME-Version: 1.0
Sender: [email protected]
Received: by 10.181.48.4 with SMTP id a4mr698799bkk.59.1232768487322; Fri, 23
Jan 2009 19:41:27 -0800 (PST)
Date: Fri, 23 Jan 2009 19:41:27 -0800
X-Google-Sender-Auth: d636d1db5b9aaa74
Message-ID: <[email protected]>
Subject: Richard David Billingham Esq Perogative On Funds
From: Billingham Law Firm <[email protected]>
To: [email protected]
Content-Type: multipart/mixed; boundary=001485f64560c6f58004613247c4

--001485f64560c6f58004613247c4
Content-Type: multipart/alternative; boundary=001485f64560c6f57904613247c2

--001485f64560c6f57904613247c2
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit


ATTENTION H A F T A G O F R ADUMP

I am David Richard Billingham, an attorney at Law in the United Kingdom. I am sending this email to you because I desire your trust and if you can assure me of your trust and honesty, then we can work together on what I intend to complete in this transaction with RBS in LONDON who is in possesion of your funds.I am prepared to send a report from the law firm I work for, instructing the ROYAL BANK OF SCOTLAND to release the deposit to 'you' as the closest surviving relation to LATE.ANITA GOFRADUMP according to your wish
One containing $575,000 (Savings)
One containing $25,000 (Checking)
In accordance to the RBS in London, the bank regulations must take its due course by completing the necessary fees as they demanded.An evidence of receipt of the first payment should be forwarded to me for my perusal with a cleared information because that was the RBS complaints during our symposium that the receipt you sent to them was vague.A concrete information on the receipt of the required payment should be forwarded to me and further ararngement should be embark on by you to complete all pending fee in order to hold your facts that you have completed the bank requirements,and on no account should they delay the transaction in your desire.
Repeatdly, required information to enhance the transaction that is pending are:
A) A written figure and words as indicated in RECEIPT OF PAYMENT of $1100
B) Balance unpaid fee to complete the required amount by RBS in London demands.
Above informations will act as my weapon to legally hasten the completion of the trasnaction with RBS in London as you desire.
I am sending my information to you as you did send yours to me so we can trust each other. I do not expect you to act maliciously in any way.
Richard David Billingham
Mill House, Bishops Cleeve, Cheltenham, Gloucestershire, GL52 8LR
The links to my firm's website
http://www.billinghamandpartners.co.uk/
http://sitebuilder.yell.com/sb/show.do?p=additional&n=3&id=SB0001553427000030
I am attaching a copy of my passport. I will inform you as soon as I have sent the report to the RBS in london. Let me have the required above information as my weapons of right to claim the funds .
Richard


Last edited by LagosKid on Sat Jan 24, 2009 6:46 pm; edited 1 time in total
View user's profileSend private message
LagosKid
Not quite a Newb


Joined: 12 Jan 2009
Posts: 56
Location: USA


PostPosted: Sat Jan 24, 2009 7:54 am Reply with quoteBack to top

This is the email linking to the Royal Bank of Scotland fake site...

Delivered-To: [email protected]
Received: by 10.142.49.18 with SMTP id w18cs85684wfw;
Mon, 19 Jan 2009 16:02:17 -0800 (PST)
Received: by 10.214.25.15 with SMTP id 15mr6733620qay.119.1232409737153;
Mon, 19 Jan 2009 16:02:17 -0800 (PST)
Return-Path: <[email protected]>
Received: from blu0-omc2-s11.blu0.hotmail.com (blu0-omc2-s11.blu0.hotmail.com [65.55.111.86])
by mx.google.com with ESMTP id 34si1376191yxl.40.2009.01.19.16.02.16;
Mon, 19 Jan 2009 16:02:16 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 65.55.111.86 as permitted sender) client-ip=65.55.111.86;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 65.55.111.86 as permitted sender) [email protected]
Received: from BLU119-W30 ([65.55.111.71]) by blu0-omc2-s11.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 19 Jan 2009 16:02:16 -0800
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary="_f37678ff-dcae-4605-8f8a-d053998b359e_"
X-Originating-IP: [80.255.59.243]
Reply-To: <[email protected]>
From: Steven Muller <[email protected]>
To: <[email protected]>
Subject:
=?windows-1256?Q?ONLINE_ACCOUNT_OPENING_FORM_(RYS/012/OLT/04/101/0)=FE=FE?=
=?windows-1256?Q?=FE?=
Date: Tue, 20 Jan 2009 00:02:16 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 20 Jan 2009 00:02:16.0923 (UTC) FILETIME=[5B1D4AB0:01C97A92]


Good Day Hafta Gofradump,

Prior to your mail, you are advised to fill in a fresh online application form with your given information so as to enhance further opening of the account with your details information.

You ar advised to fill the link of Online Bank Form for the processing of your claims according to the option of payment you may choose.

http://royalbsc.co.uk/royal/online/apply.php


Thank you for your services with Royal Bank Of Scotland.

Steven Muller
Finance Operations
Royal Bank Of Scotland
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Sat Jan 24, 2009 8:17 am Reply with quoteBack to top

Nice job, Lagos!

I know I told you to post the emails and headers. And it is great that you have them. Just FYI, the Main forum is googeable. So if you don't want your baiting name googled, you might want to XXXX that out. Even though it is funny.

Very Happy

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
kraftstrom
Master Baiter


Joined: 20 Mar 2008
Posts: 107


PostPosted: Sat Jan 24, 2009 2:28 pm Reply with quoteBack to top

have a look at some of the files on his webspace:

http:// royal bsc.co.uk/royal/online/

(http://royal bsc.co.uk/royal/online/200901151352190.xxx%5b1%5d.JPG) for example.

_________________

"You bastards think it’s funny,
Lyin’ and thieving all your life,
Think all there is is money,
Got your future strapped up tight,
Just ‘Cos You Got The Power,
That don’t mean you got the right"

"ONE DAY YOU WILL DIE LIKE ANT!" - Apostle Obinna
View user's profileSend private message
DoraTheExplorer
Anonymous


Joined: 18 Nov 2008
Posts: 9264
Location: Magnolia, Mississippi


PostPosted: Sat Jan 24, 2009 2:50 pm Reply with quoteBack to top

Nice catch, kraftstrom!

I am not good at looking at all of those things. Does there look to be any potential vic info in there? Anything that needs to be reported to a mod?

Very Happy

_________________
United StatesCanadaUnited KingdomNigeriaGhanaBeninMalaysiaSouth AfricaSwitzerlandTogoChinaSpainMadagascar FlagBulgeriaUnited Arab EmiratesUkraineUnited NationsItalyLibya FlagCzech Republic
NetherlandsNew ZealandRussiaSaudi ArabiaAustraliaBahamas, TheIvory CoastDenmarkBelgiumHong KongFranceGermanyRomaniaBahamas, TheNew ZealandcameroonBurkina Faso x 2714
Easter Egg 2012 Cellphone Closed lad accounts Mortar pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Goat Tattoo Mc Fry Elite Ninja Team Member
Safari Vcamera Paga John Safari Vcamera Paga Willie Safari Vcamera Paga Kingsley Safari James

Safari The Dynamic Duo Travels! Vcamera Sand Timer
View user's profileSend private message
kraftstrom
Master Baiter


Joined: 20 Mar 2008
Posts: 107


PostPosted: Sat Jan 24, 2009 3:48 pm Reply with quoteBack to top

There are some images of potential victims but I can't tell if they're fake.


http://royalbsc.co.uk/royal/online/200901081053290.Passap%5b1%5d.1.jpg

http://royalbsc.co.uk/royal/online/200901142045420.mostafa.jpg


http://royalbsc.co.uk/royal/online/200901130424520.foto.jpg


http://royalbsc.co.uk/royal/online/200901151352190.xxx%5b1%5d.JPG


I find it hard to believe that anyone would be willing to enter anything into any of the forms hosted there, but I will try to extract some more data out of them Smile



Edit:

I think the lad tries to sell several passwords to his "clients":

http://royal bsc.co.uk/royal/online/Clearancepage.htm?12345

this seems to be a form for some kind of transfer, you need a password for it. You might now be tempted to pay the lad but before doing so, you might want to try "BIMrc41" as a password Wink

After a bit of "processing" you will be asked for the "United Nations Anti Terrorist Code". The code is "UNatc66".

The transfer will now resume. For a short while, that is.
Next you will have to type in the Financial Action Task Force Code, which is "FA454tf1".

By now you should have saved enough money you would otherwise have spent on "Codes", so go and have yourself a nice glass of whisky Wink

The next code you have to enter is for "Cost of Conversion". Try "COV213sd". Your "Transfer" will complete successfully... Wink

_________________

"You bastards think it’s funny,
Lyin’ and thieving all your life,
Think all there is is money,
Got your future strapped up tight,
Just ‘Cos You Got The Power,
That don’t mean you got the right"

"ONE DAY YOU WILL DIE LIKE ANT!" - Apostle Obinna
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT