WatchOut

Fake Google Award

2012-02-08T04:41:00.000-08:00

More phishing spam, a fake google Award win. Never mind I received this in February...

Dear Google Award Winner.

We wish to congratulate you on this note, for being part of our lucky winners selected this month of December 2011.Please read the Award Notification from the attach file for your Winning details and procedures,do contact the claims manager for claims procedures.

The management,
Google Security Team

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

Fake tax office message

2012-02-07T04:17:00.000-08:00

A fishing expedition from Germany, pretending to be from the tax office.

Sehr geehrte Damen und Herren,

für Sie wurde von Ihrem Finanzamt bzw. Ihrer Steuerverwaltung über das Verfahren ELSTER eine verschlüsselte Datei
(Einkommensteuerbescheid) zur Abholung bereitgestellt.

==========Ihre Datei finden Sie als PDF-Datei im Anhang dieser E-Mail. =======

Sollten Sie die Daten nicht abholen, so werden diese nach 6 Monaten automatisch gelöscht.

Dies ist eine automatisch generierte E-Mail - bitte antworten Sie nicht an diese Mailadresse.

Mit freundlichen Grüßen
Ihr Finanzamt / Ihre Steuerverwaltung
www.elster.de

HINWEIS:
Sie erhalten diese E-Mail, weil Sie bei der Datenübermittlung z.B. Ihrer Steuererklärung die
Mailbenachrichtigung auf diese E-Mailadresse gewünscht haben.
Bei Steuerbescheiden ist allein die Papierausfertigung rechtlich relevant.

Fake meeting

2012-02-06T04:23:00.000-08:00

Another fake meeting invitation came in via Spam. Don't fall for it, they just want your registration money.

The CLINTS Charitable Trust International Multi-Sectoral conference on Women/Youth Empowerment.
Theme: WOMEN/YOUTH EMPOWERMENT AND HIV/AIDS PREVENTION -THE WAY FORWARD Venue: The American Square International Conference Center Newcastle from the 26TH MARCH to 5TH APRIL 2012.

-----------------------------------------------------------------------------------------------------------------------

Dear Invited Delegates,
You are invited to participate in this international multi-sectoral conference bringing together Leading figures, Governments and Various Non-Governmental Organizations (NGOs) from across the World to discuss and debate the possible ways and strategies through which the global fight against HIV/Aid Prevention can maximally be attained.

The main Objectives of the Event are given as follows:

Reflection on the scale and manifestation of poverty around the World;
* Practical evaluation of the impact and success of poverty eradication strategies;
* Assessing the role of the International Humanitarian Agencies in coordinating International poverty eradication efforts;
* Highlighting the role of governments, companies, NGOs and the civil society in poverty eradication;
* Considering the formation of partnerships among key stakeholders as a strategic approach to meeting International MDG targets as well as eradicating poverty.

The Conference will also provide an opportunity for participants to share insights and experiences and to network with other colleagues from voluntary sectors, health, education, religious groups, governments, local authorities and other areas. It is also an opportunity to get direct access to loans and grants from participating Humanitarian Agencies.

Speakers:
A comprehensive list of Speakers will be posted on our website in due course. However, the opening address will be given by the Former United States President - His Excellency Mr. Jimmy Carter. Keynote Speakers include Dr Margaret Chan: Director General of World Health Organization, Mr. Ben Bradshaw: Minister of Health in England and the Scottish Minister of Health: Andy Kerr and others. We also expect numerous Top Government officials, scholars and philanthropists from across the world to grace this event.

Proposed Agenda:

* Women empowerment
*Youth empowerment
* HIV and Aids prevention and treatment
* Child development* Employment
* Priority Public Health issues
* Child Abuse * Social exclusion
* Women and Gender equality
* Women and Sex Education
* Health Improvement
* Globalization and Health
* Peace and Security
* Women and Child Trafficking.
* Human Rights Protection.
* Violence Against Women.etc

Side Attraction:

* Book launching
* Artistic and cultural activities
* Exhibitions and Grants Approvals
* Banquets, coffee break services
* Musical and Cultural presentations *Presentation of Grant and Charity Awards
* Humanitarian visits to selected Orphanages and Hospitals
* Opportunities for informal networking and alliance building

There will Interpretations in English, Spanish, Portuguese, Russian and French languages during the period of this event.

Registration / Participation fee:
Registration is free. All invited delegates are advised to contact the Secretary of the Local Organizing Committee on the contact address supplied below for more information and Registration Forms.

Who can participate:
Entrepreneurs, Businessmen, Industrialists, Economists, Politicians, Company Executives, Health Practitioners, Professionals in relevant fields, Lawyers, Psychologists, Women and Youth organizations, The Clergy, Religious groups, Social Development Groups, Government Officials, Donor Agencies, Non-Governmental Organizations, Voluntary and Social Workers.

I can't afford the cost - Can you help?
The Clints Charitable Trust UK and our co-sponsors (Subsea7 (UK) Ltd London) have set up an Access Fund to support the travel expenses for all qualified participants. This is will be on a first-come-first-serve policy as a result of the large number of delegates who are expected to attend this conference. More than 200 representatives from the NGO sector, development funding agencies, Religious Bodies, Government departments and research institutions are expected at this event.

Accommodation /Reservations:
All Intending Participants are required to book for Accommodation / Reservation at the designated Hotel. A proof of your Reservation qualifies you for participation. At this point we are providing for just 200 participants so certain logistic Provisions like Flight tickets, local transportation to the Venue of the Conference, Banquet, All meals and coffee break sessions will be taken care of by our Foundation. Final Beneficiaries of these logistic entitlements will be selected on a first-come-first processed basis and as a result of this, the sooner we receive your applications, the earlier we can process them.

NB. Prospective Participants must apply in groups of 2-4 persons

Visas and Letters of invitation:
Special arrangements have been made by our foundation through our travel consultants for professional immigration assistance to be given to participants who will require a Visa into the United kingdom. The Conference Organizers will arrange for the Letters of Invitation to be sent to appropriate Embassies as soon as we receive a Proof / Confirmation of Hotel Reservation via email.

Presentation Proposal:
Participants wishing to make speech presentations on topical issues during the conference are also encouraged to indicate their interests to enable us enlist them in the Programme Time table which is being drafted. You should submit a one page presentation Abstract and your Curriculum Vitae which should be less than 4 pages.

For more Information and Registration Forms, please contact the Local Organizing Committee using the contact information given below:

Rev. Steve Ken. (PhD)
Contact EMAIL: clintcharitable@yahoo.co.uk
Website: clintscharitytrustuk.co.cc

We look forward to meeting you here in Newcastle.

CLINTS CHARITABLE TRUST (Registration No: 279615)

Vallis House, 57 Vallis Road,

Frome, Somerset, NEWCASTLE, BA11 3EG,ENGLAND.

TEL: +44 704 579 2701

FAX: +44 700 594 7275

EMAIL: clintcharitable@yahoo.co.uk

Website: www.clintscharitytrustuk.co.cc

Criminal suits against ColonyInvest and Blue Ocean Siam

2012-01-23T03:20:00.000-08:00

According to a report from Nov 11, 2010 in the Nation (Bangkok), the Department of Special Investigation (DSI) filed cases against two pyramid schemes, one the ominous Colony Invest (colonyinvest), see the report.

Fraudulent meeting invitation

2012-01-23T02:47:00.000-08:00

Spam email, advertising a meeting. It's a fraud, the meeting does not exist, they get your personal details, and ask for fees.

Dear Sir/Madam.

We are inviting you to participate in the upcoming international conference meeting on Importance of national economic integration and health security. The international conference will commence from 20th to 24th February 2012 here in United States of America. It is our great privilege to invite you to attend this conference meeting with us.

The meeting will contain various discussions and mini workshops related to the issues of national economic integration and importance of health security as it affects our society. For more information regarding the conference meeting please contact the conference secretary via email indicated below.

Head of secretariat
International Affairs Director
Email: secretarydesks@postakutusu.org

Note: you will be provided with visa assistant by the organization here in United States to attend the meeting with us, along with air round trip tickets.

The Workshop welcomes paper presentation from any interested participants willing to present papers during the meeting. Your accommodation here in United States will be your own responsibility for the period of days you are to stay. Do contact the conference secretary for guidance regarding your registration immediately to avoid delay.

I look forward to hear from you.

Yours Sincerely,
Ms. Jose. Pedro

Director of Public Relation.

Email phishing

2010-07-12T06:06:00.000-07:00

Yet another example of a fraudulent email that is going around, claiming to be from your IT services, asking for all your personal information. Simply DO NOT reply to that.

Ignore this type of email:

From: © XXXXXXX

Subject: Dear XXXXX Webmail User,

To: undisclosed recipients: ;

Reply-to: maintainance-dpt@w.cn

Dear XXXXX Webmail User,

We wish to inform you about our recent development on our web database and upgrade process which every subscriber must take part on.

We will be shorting our website down within the next 24hours and we need you to verfy your account information with the us for security reasons.

This is to help us recover your email account after this upgrade process has been carried out, we promice that you will not loose any information from your email and we shall not temper with your private informations.

You are required to provide the informations below for verification.

1) Full Name:

2) Email Address:

3) User ID:

4) Password:

5) Date of Birth:

Faliure to patiipate in this upgrade will automatically shortdown your email account with us.

Thank you

Webmaster Service

XXXXXXXXXXXXXXXXXXXXXXXX

Adobe Acrobat Reader phishing attack

2010-06-28T05:53:00.000-07:00

Fake emails pretending to come from Adobe guide you to a Web site, where you supposedly can download a new version of Adobe Acrobat Reader.
Alas, this is a phishing attack.
When you look up adobe-acrobat-upgrade.com, you will find that it is running on a Russian server, and the registrar is an address in London that is probably hijacked, since Google maps/street view shows the address to be a single residental house. This is certainly not Adobe's headquarters....

The whois entry:

Domain name: ADOBE-ACROBAT-UPGRADE.COM
Name Server: ns3.nic.ru
Name Server: ns4.nic.ru
Name Server: ns8.nic.ru
Creation Date: 2010.06.25
Updated Date: 2010.06.25
Expiration Date: 2011.06.25

Status: DELEGATED

Registrant ID: MYWBV2V-RU
Registrant Name: Emily Johnson
Registrant Organization: Emily Johnson
Registrant Street1: 11 Uxbridge Road
Registrant City: London
Registrant Postal Code: W7 3ST
Registrant Country: GB

Administrative, Technical Contact
Contact ID: MYWBV2V-RU
Contact Name: Emily Johnson
Contact Organization: Emily Johnson
Contact Street1: 11 Uxbridge Road
Contact City: London
Contact Postal Code: W7 3ST
Contact Country: GB
Contact Phone: xxx
Contact E-mail: xxx

Registrar: Regional Network Information Center, JSC dba RU-CENTER

Here the phishing email:

From: Adobe Acrobat Reader
Subject: Download New Adobe Acrobat Reader For Windows
......

HTML clipboard

Dear valued customers,

We are pleased to announce new release of Adobe Acrobat Reader 2010 which will give you more options to view, create, edit, print and share PDF documents.

+ 50% of your daily office works requires document handling.
+ 70% of your documents requires extra processing.
+ 15-20% of your documents requires exchanging with your peers, customers or partners.
+ 30% of such documents are in PDF format, and you need to view, edit, print and share them.

To learn more about new features and install Adobe Acrobat Reader 2010, please:

+ Go to: http://www.adobe-acrobat-upgrade.com/
+ Choose your options, download and start to improve your works.

A full version of Office suite is also available for your download.

Download Today: http://www.adobe-acrobat-upgrade.com/

Best regards,

Adobe Acrobat Reader 2010
--------------------------
Copy rights PDF Pro 2010 © All rights reserved
Website: http://www.adobe-acrobat-upgrade.com/

Amazon phishing emails.

2010-06-21T07:49:00.000-07:00

Phishing emails pretenting to come from Amazon.com are presently flooding into the mail box. However, the links do not go out to Amazon, but to townknow.com. Further, if you look at the numbers, they do not add up. Of the more than 10 emails I got, each had a different amounts for ordering. The number are just made up randomly.

Here is an example:

Thanks for your order, xxxxx

Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.

Order Information:

E-mail Address: ?xxxx

Order Grand Total:?$ 57.99
?
Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More

Order Summary:
Details:
Order #: D93-0103230-8760417 Subtotal of items:? $ 41.99 ? ------ Total before tax:? $ 25.99 Sales Tax:? $ 0.00 ? ------ Total for this Order:? $ 52.99

The following item was ordered:
Click here and see items, Price: $ 82.99
By: Click here
Sold by: Amazon Digital Services, Inc.
?

The charge for this order will appear on your credit card statement from the merchant 'AMZN Payment Services.'

You can review your orders in Your Account. If you've explored the links on that page but still have a question, please visit our online Help Department.

Please note: This e-mail was sent from a notification-only address that cannot accept incoming e-mail. Please do not reply to this message.

Thanks again for shopping with us.

Amazon.com
Earth's Biggest Selection

In another example the total order was 74.99, with a total of 0.99. What rubbish. Don't click on this.

Order Grand Total:?$ 74.99
.....

Total for this Order:? $ 00.99

Fraud email: European Economic and Social Committee

2010-06-21T07:22:00.000-07:00

I am reposting this from an earlier blog entry, just as a reminder.

Another fraud email. Sure, a European Committee has a Chinese email - yeah, right.

The European Economic and Social Committee (EESC)
99, rue Belliard
B-1040 BRUSSELS
TEL/FAX:0032 (0)2 513 48 93
eesc.europa.eu

Notification of Cash Grant

We bring to your notice the decision by the board of directors of the European Economic and Social Committee in conjunction with the United Nations to choose you as the recipients of a cash grant for your own personal, educational, and business development(SME funding). To promote growth and avert the effect of the ongoing global credit crisis.

We are giving out a yearly donation of $500,000.00 to 1000 lucky recipients selected from over 150 countries all over the globe with assistance from local community schemes and welfare institutions.
To file for claims, do forward all relevant information about you as well as contact details to the commission's secretary on;

Contact Person: Ann Ruthford
Email: eescgrants@w.cn

Endeavour to quote your qualification numbers: EU/UN001/210AB/YZ676 and must be kept confidential.
Congratulations from members of staffs and directors of the scheme.
Best Wishes
George Green.
EESC Social welfare director

The usual Email quota phishing SPAM email

2010-06-08T09:34:00.001-07:00

Yet another example of a SPAM email that tries to fish data from you.

Your mailbox has exceeded the allocated storage limit as set by the administrator,
you may not be able to send or receive new mail until you upgrade your allocated
quota.

To upgrade your quota, please click on the following link:

http://beam.to/accountupdate8457

Thank you for your anticipated cooperation.

Webmail Support Team.

Tabnabbing, a New Type of Phishing Attack

2010-06-08T09:16:00.000-07:00

Tidbits reports on a new type of Phishing attack using tabs in many browsers.
The link to the article.
Basically, you are surfing a compromised web site. Then you switch to another tab. When return to the original site, you see now a login screen, which is fake.
So, the solution at present: If you ever switch to a tab and it's displaying a login screen, just close the tab, ignore the login.

Plenty of fraudulent phishing emails that try to get your username and password

2009-12-10T06:24:00.000-08:00

There are plenty of SPAM emails going around these days, claiming to come from the support desk of your email provider, or some other place such as ebay or paypal. Usually, in one form or another, they ask that you reply to them with your username and password to take care of a problem, or they provide a link to a dodgy web site. DO NOT CLICK on the links, or DO NOT REPLY to the email. This is phishing, they simply want your account to abuse it. NEVER give out account information, without verification.
Examples:

Dear PayPal User,

We are currently under maintenance and we will like you to Update your account in other for you to be able to Send Money, Receive Money, and also Shop online with your PayPal account Click on this Link Below to Update Your Account.

CLICK HERE
Thanks For Your Co-Operation,

PayPal Account Department.

Your mailbox quota has been exceeded the storage limit which is 20GB as set by your administrator, You are currently running on 20.9GB.

You may not be able to send or receive new mails until you re-validate your mailbox.

To re-activate your account please click the link below:

http://www.acc-central.com/

Thanks and we are sorry for the inconveniences

Local Host.

Your mailbox quota has been exceeded the storage limit which is 20GB

as set by your administrator, You are currently running on 20.9GB.

You may not be able to send or receive new mails until you re-validate
your mailbox.

To re-activate your account please click the link below

http://www.icebrrg.com/Public/ViewForm.aspx?formID=44302

Thanks and we are sorry for the inconveniences

Local host

We would like to inform you that we are currently carrying out scheduled maintenance and upgrade of our webmail service and as a result of this; our e-mail client has been changed and your
original password will be reset. We are sorry for any inconvenience caused.

To maintain your e-mail account, you must reply to this email immediately, and provide the the following details of your account:

Account Name:
Current Password:
Contact Phone:

Failure to do this within the next forty-eight hours will immediately render your email account deactivated from our database.

For Help and Support, contact the Technical Support help desk at:technicalsupportteam20009@gmail.com

Thank you for using our webmail.

Webmail Service,
Technical Team.
©Networks All Rights Reserved.

Dear Webmail Account User,

This message was sent automatically by a program on Webmail admin center
which periodically checks the size of inbox, The program is run
automatically to ensure no user inbox grows too large. If your inbox
becomes too large, you will be unable to receive new emails. Just before
this message was sent, you are currently running on 20.9 GB, You have has
exceeded the storage limit which is 20GB.

To help us re-set your Account SPACE on our database prior to maintain
your INBOX, you must reply to this e-mail providing us your the Below
information:

E-mail ( ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... )
Username/ID ( ... ... ... ... ... ... )
Current Password ( ... ...... ... ) Retype Password: ( ... ...... ... )

From this point you will be unable to receive new email as it will be
returned to the sender, Provide the above information to enable us help
reset your webmail immediately.

NOTE: Your Webmail Account Expire in Three (3) Days. After you read this
message, it is best to REPLY with the required information to upgrade
MailBox. Reply to this message immediately to Re activate your Account.

Thank you for your cooperation.
Webmail Help Desk. System Administrator
--------------------------------------------------

Confirm Your Webmail Identities.

Your Webmail Quota Has Exceeded The Set Quota/Limit Which Is 20GB.
Your Are Currently Running On 23GB due to hidden files and folder on your
Mailbox.Please you are to follow the Below information to Validate Your
Mailbox And Increase Your Quota.

First Name:
Username/ID:
Password:
Confirm Password:

*Important*
Please provide all these information completely and correctlyotherwise due
to security reasons we may have to close your accounttemporarily.We have
been sending this notice to all our email accountowners and this is the
last notice/verification exercise.

Thanks
HELPDESK SUPPORT.

Dear Webmail User,
This message was sent automatically by a program on Webmail which
periodically checks the size of inboxes, where new messages are
received.
The program is run weekly to ensure no one's inbox grows too large. If
your inbox becomes too large, you will be unable to receive new email.
Just before this message was sent, you had 18 Megabytes (MB) or more of
messages stored in your inbox on your Webmail. To help us re-set your
SPACE on our database prior to maintain your INBOX, you must reply to
this e-mail and enter your

Current User name (_________)
and Password(________ )

You will continue to receive this warning message periodically if your
inbox size continues to be between 18 and 20 MB. If your inbox size
grows to 20 MB, then a program on Bates Webmaiwill move your oldest email
to a
folder in your home directory to ensure that you will continue to be
able to receive incoming email. You will be notified by email that this
has taken place. If your inbox grows to 25 MB, you will be unable to
receive new email as it will be returned to the sender.
After you read a message, it is best to REPLY and SAVE it to another
folder.

Thank you for your cooperation.
Webmail Help Desk

Obnoxious malware site

2009-06-16T08:55:00.001-07:00

Just stumbled across the obnoxious malware site Netsecurityworks.com. Claimed to scan my harddrive and found lots of viruses. Haha, it found windows viruses, but there is no Windows on the computer. Trying to close the annoying window triggered an automatic download of an .exe file. BAD...

Here is a web site which lists URLs for highly suspicious/malware web: MalwareULR.com

The conference scam

2009-04-02T07:36:00.000-07:00

I haven't seen this one yet, but it has all the hallmarks of a scam:

PARTICIPATION IN THE UNITED STATES AND UNITED KINGDOM EVENTS OF (IWCO)

Greetings,

We at Ideal World Concept Organization (IWCO) send our warm greetings to our entire

members worldwide. And with great enthusiasm, we wish to invite groups, youths, women

and youth focused organizations to be part of our forthcoming combined international
conference on child labour, abuse and neglect taking place in the United States and the
United Kingdom respectively. The combined conferences are of two segments.

The first segment shall commence in Andalusia, Alabama USA on 16th till 19th June, 2009.The venue is BLUE LAKE AUDITORIUM, 8569 Oakwood lane, Andalusia, Alabama 36241, USA.

The second segment shall take place in London from 22nd till 25th June, 2009 at FLOSSIES CONFERENCE CENTRE Station Road, East Tisted, Near Alton, Hampshire, GU34 3QP, United Kingdom.

THE OBJECTIVES:

1. To discuss the root causes of child labour, abuse and neglect in order to help in
eradicating these social ills.

2. To re-educate and enlighten the youths and adults about these social vices and
also promote community organizing as a tool to re-connect people to each other with
a common goal of building safe, supportive and good communities.

3. To create spaces for the youths of the world to acquire the power of collective action,
critical dialogue and community organizing to undermine child labour, abuse and neglect.

4. To equip the youth and adult participants with vital tools and know-how.
This will aid them in conducting such workshops amongst youths and women in their various
countries.

We have noticed that this is an incredible means of interacting with different organizations
of the world on a particular issue as it affects youths, women and adults. Moreover, funding may
be provided for individuals from qualifying organizations. Provisions have been made for
all delegates to this event, all round tickets, feeding and accommodation in USA by our sponsors.
Please note that all delegates will take care of their feeding and accommodation in the UK as the resources of (IWCO) do not cover that.

CRITERIA FOR PARTICIPATION:

Only groups with member delegates between the numbers of five (5) minimum and ten (10) maximum selected would be allowed to participate from each of the selected countries. Also individuals who do not belong to any of the organizations but are sincerely interested to participate should form a group of at least five and then apply as group. Please note that all participants MUST be part of the two segments (U.S.A. and U.K.) or their registration forms will not be processed by the IWCO secretariat.

MODE OF APPLICATION:

Interested organizations should forward the following information about their organization.

1. Aims and objectives of their organization.
2. Organization profile.
3. Achievements so far.

N.B. Intending participants are expected to direct their responses to the coordinator Wilson Divine at willsondivine.iwco@gmail.com for more details. The deadline for application is as set by the Organizing Committee of (IWCO). Also note that (IWCO) will only respond and attend to the applications forward to the above contact email address.

Yours Faithfully,

WILSON DIVINE.

(Coordinator-IWCO)

willsondivine.iwco@gmail.com

MS word document appended.

This text looks like a copy from the ICO web site
This web site about ICO looks also a bit funny, could find any information that this is a legitimate NGO.

In any case, there are a lot of similar conference frauds listed here.

Pyramid scam leader convicted.

2009-03-23T04:48:00.000-07:00

The BBC News reports today on a Chinese man, who masterminded a pyramid scheme. Investors lost a total of ~250 Million US$, and the man was sentenced to 15 years in prison. Any investment opportunity that promises unrealistic returns, such as HYIPs etc. are simply a fraudulent pyramid scheme.

Conficker worm sinks French navy network

2009-02-10T07:53:00.000-08:00

The Conficker worm is a highly dangerous worm spreading through USB sticks or cameras when connected to a PC. A recent victim was the French navy, see this report. The Houston justice system was infected, computers at three London hospitals were infected. It is estimated that by the end of January 10 Million Windows PCs were infected. Conficker could possibly be activated at some point in the future to wreak havoc.

Google blocks this blog, because it thinks it's a virus??

2009-01-23T08:20:00.000-08:00

Hmm, Google is getting wacky, blocking access to one of its own blogs, because it thinks it's dangerous???

Ok, this blog is about viruses etc., but it gives warnings, it doesn't spread them...
And even so, if Google blocks their blogs in their own site, does it mean www.blogger.com is infected?? Or did the ads from Google's very own adsense pose a threat?
Well, let's see this blog will ever be readable again at some point...

The biggest pyramid scheme of them all... 50 Billion dollars gone

2008-12-17T06:51:00.001-08:00

This is arguably the biggest con of all times: It is the pyramid scheme of former stock exchange chairman Bernard "Bernie" Madoff. Over 50 Billion U$ have disappeared, see these BBC reports: 1, 2.
The old adage holds true: If it's too good to be true, it's not true. This should be a wake-up call to all people investing into HYIPs, and other investments that promise high returns. These things are just plain fraud. In case of Madoff, he got away with it for so long, because he "only" offered 10% in return. But as can be seen, even in this case it was a scam.

Telephone and mobile phone SCAMS

2008-12-17T06:35:00.001-08:00

Telephone and mobile phone scams are going around.
For example, you may get a phone call saying you won a cruise, and to claim your prize you have to press a number on your phone. This will pass you to a line for which you have to pay dearly - and no prize.
Or you get a short phone call (they don't really wait for you to answer) from some number (e.g., +88213229003) on your mobile. The hope is that you call back - for a hefty fee, of course. These 88213 calls are usually a scam. 88213 is a virtual country code to Telespazio S.p.A. in Italy, see this link. The 88213xxx callers try to lure you to call back, and you would have to pay quite a lot for it (e.g., 9 Euro/min). See also this list of suspicious numbers:
whocallsme.com

Thousands of Columbians defrauded in pyramid scheme

2008-11-13T03:41:00.000-08:00

Defrauded investors have rioted in several cities in Columbia. They were cheated out of their savings in a pyramid investment scheme, and now the crooks have closed shop, though some have been caught.
See the BBC News for the full report.

Trojan virus steals banking info

2008-11-03T07:19:00.000-08:00

BBC reports that the Sinowal trojan has infected computers world-wide and stolen information for more than 270'000 bank accounts and 240'000 credit cards... Infections can happen simply by visiting a booby-trapped web site, and users wouldn't be aware of the infection.
Here is another report from the register.

Crooks make $5m a year from fake Windows security software

2008-11-03T07:14:00.000-08:00

Criminals can make as much as US$5 million a year by planting nearly-worthless security software on PCs, said Joe Stewart, director of malware research at SecureWorks Inc.
Read the full report.

Spam and Malware sites receive a hit

2008-09-17T08:07:00.000-07:00

A commentary on the Register.co.uk revealed that Directi provides the PrivacyProtect service. Behind this service many fraudulent web sites were hiding. The service itself (Privacyprotect.org), when a whois is performed, is hiding behind a mail box in New Zealand - with a note that all mail is rejected. The contact phone number given is in Denmark. A call to that number results only in an answering machine, telling you that nobody answers the phone. The service is provided by Directi, and they promise now to suspend abusive services within 24 hours.
The article revealed also other sites, such as Knujon (no junk backwards), which has a large list of junk email. Further, there is TeMerc Internet Countermeasures (a forum for adware, malware, spyware), Hostexploit, and Scaminvestments. Catty Shaq, mentioned in a previous post, has closed down, but the information was transferred to $caminvestments$.
In a joint statement from Sept. 7., 2008 from Directi, HostExploit and Kunujon, they promise collaboration in suspending fraudulent services.

Another version of the Bed&Breakfast check fraud

2008-08-10T06:56:00.000-07:00

Here is another email for a Bed & Breakfast reservation by the check fraudsters.

Von: William John
An: xxx
Betreff: RESERVATION REQUEST

Greetings,
I enquire for reservations for 4 couples coming for their honey moon at your property,I would like you to get back to me with the following.
1. The availability of the dates
2. The Daily cost for the required dates
3. The total cost for the lenght of their stay.
4. Do you accept credit card payment.
The arrival date for the couples will be 20th Oct and they will depart on 30th Oct 2008 ,Their stay will last for 10 days.
Do get back to me with the requirements as stated above.
Kindest Regards,
Mr William
Tel: +44 70457 90678
+44 70457 90689

On these websites you have more of these email listed: Gower Holidays, Holiday Cottages Scottland, and the previously mentioned UKAPAS

Check fraud targets Bed & Breakfast and Restaurants

2008-07-16T04:07:00.000-07:00

The following email was received by a Bed and Breakfast in Switzerland:

From: Waston Brown <waston_brown@yahoo.com>

TO: xxxx
RE:: Reservation...

I am Mr Waston Brown of Accessmarts,London,Uk.I need to book reservation in your Hotel or arpartment for 6 Adults coming for a vacation between the month of Setember or October 2008.Get back to me with the total cost in Euro of what it will cost them for 21 NIGHTS in EURO 6 single/ 3 Double rooms or Apartment including their breakfast,also the best available dates OR call : +447031846295.

Regards,

A google search with some of the sentences led to two other web sites listing numerous similar and related emails: marcproost and UKAPAS - Scams. As UKAPAS (and here) also explains, the principle of the SCAM is to pay with a check made out for much more than the actual costs, and ask for the difference back in cash. The check is false, of course.
A google search with the phone number reveals that "Waston Brown" has been active recently also in Hungary. This one is a reply to a positive answer, making the check fraud clear:

Hello,

Thanks for your prompt reply and update on price. Moreover we have resolved to use your spaces. We are also glad to infom you that we have concluded payment arrangements with our sponsor,who volunteered to sponsor us.
Thus,the sponsor promised to send a Certified Bank Cheque of 8,000 Euros, that will cover your accomodation expenses and other services needed by the delegates (like cars,flight tickets etc).
I have now been instructed to send you the cheque payment,because the logistics agent that will provide cars and flight tickets the delegates will use during their stay in your place requires his fund through credit card while payment will come through certified cheque.
from now on So when you receive the certified cheque you will cash it deduct the cost of your services 1,890 Euros and send the balance 6,110 Euros to the logistics agent whose information will be forwarded to you once you confirm this payment method.
This payment method will not cause you any extra cost because all the bank charges will be deducted from the certified cheque. So, confirm by providing me with the following information:

(1) YOUR FULL NAME (name on cheque)..............
(2) ADDRESS (for cheque delivery)................
(3) PHONE NUMBERS............., for payment to be delivered to you.
The company will highly appreciate your prompt response and cooperation. I also hope that the stay of our staff will be made memorable.

FYI; PLEASE THE ATTENTION OF THE MANAGER/OWNER SHOULD BE DRAWN TO THIS MAIL

Waston Brown
3 Rawsthorne Close,
Sliver Town,E16,2JR ,London UKT
elephone:+447031846295
Fax:+448704715180

Mr. "Waston Brown" seems to go also under the name "Harry Gardon", same address...

From: harry gardon
Sent: Monday, May 19, 2008 9:42 PM
Subject: Payment Details...

Hello,

Thanks for your prompt reply and update on price. Moreover we have resolved to use your spaces. We are also glad to infom you that we have concluded payment arrangements with our sponsor,who volunteered to sponsor us.
Thus,the sponsor promised to send a Certified Bank Cheque of 8,500 Euros, that will cover your accomodation expenses and other services needed by the delegates (like cars,flight tickets etc).
I have now been instructed to send you the cheque payment,because the logistics agent that will provide cars and flight tickets the delegates will use during their stay in your place requires his fund through credit card while payment will come through certified cheque.
So when you receive the certified cheque you will cash it deduct the cost of your services 1,890 Euros and send the balance 6,610 Euros to the logistics agent whose information will be forwarded to you once you confirm this payment method.
This payment method will not cause you any extra cost because all the bank charges will be deducted from the certified cheque. So, confirm by providing me with the following information:

(1) YOUR FULL NAME (name on cheque)..............
(2) ADDRESS (for cheque delivery)................
(3) PHONE NUMBERS............., for payment to be delivered to you.
The company will highly appreciate your prompt response and cooperation. I also hope that the stay of our staff will be made memorable.

FYI; PLEASE THE ATTENTION OF THE MANAGER/OWNER SHOULD BE DRAWN TO THIS MAIL
3 Rawsthorne Close,
Sliver Town,E16,2JR ,London UKT
Telephone:+447031846295

Email Scams are Fun runs a blog posting various such scams.

Scam Busters under attack?

2008-05-09T10:41:00.000-07:00

In March it was reported that CastleCops were hit by another serious DDOS attack.
http://www.darkreading.com/document.asp?doc_id=149497

At present, castlecops seems to be down, and at catty shack the whole forum disappeared.

Have they been intimidated to give up?

1 in 1000 web sites are "evil"

2008-02-18T03:00:00.001-08:00

Google finds that out of the billions of web sites out there, 3 Million are malicious and try to inject worms or viruses onto your computer, or try to steal information, such as credit card numbers etc., from you.
Read a report in MacWorld.

The number of malicious programs reaches new highs.

2008-02-08T03:40:00.000-08:00

BBC reports that the number of malware programs has reached unprecedented highs. More than 3000 new samples are created every day. See the BBC report

wollenberginternational is also down

2008-01-23T06:25:00.001-08:00

In case you have not noticed, well, not surprisingly, wollenberginternational.com is also down.

But new HYIPs will always pop up - perhaps the same guy under another name - to collect more money from gullible victims.
Don't fall for it.

ColonyInvest closed down, people loose millions in Thailand/Vietnam

2008-01-22T08:04:00.000-08:00

Police have moved in on the ColonyInvest fraudsters, the Nation, Bangkok, reports. Many people have lost millions of baht in this fraudulent pyramid scheme. See The Nation.
Also in Vietnam people have been cheated out of Billions of VND by the pyramid scheme. Police have arrested 15 people. See Thanhnien News.com.

We have warned here against ColonyInvest since June 2007.
This just serves as a reminder that all these schemes that promise exceedingly high interest rates, these so-called HYIPs, are fraudulent. While they may pay some money in the beginning, this money comes from other investors, and not from proper investments, which never have such high rates of interest. The whole thing just collapses whenever the mastermind decides to run away with the money.

Warning on stealthy Windows virus: Mebroot

2008-01-11T09:44:00.001-08:00

BBC News report:

Warning on stealthy Windows virus

The creators of the virus are after bank logins and personal data
Security experts are warning about a stealthy Windows virus that steals login details for online bank accounts.

Analysis of Mebroot has shown that it uses its hidden position on the MBR as a beachhead so it can re-install these associated programs if they are deleted by anti-virus software.

Although the password-stealing programs that Mebroot installs can be found by security software, few commercial anti-virus packages currently detect its presence. Mebroot cannot be removed while a computer is running.

Computers running Windows XP, Windows Vista, Windows Server 2003 and Windows 2000 that are not fully patched are all vulnerable to the virus.

Euro Business Guide / European City Guide SCAM

2007-11-05T09:42:00.000-08:00

Euro Business Guide sends out spam emails of the following nature:

Subject: European company registration 2007/2008

Dear Sirs,

If you like to have your company registered in the registry of European companies;

Please print out the enclosed form (PDF file), fill it and send it back to:

Euro Business Guide
P.O. Box 2021
3500 GA UTRECHT
The Netherlands

Updating is free of charge!!

Attached is a PDF form that one can fill out.
Again, you will notice that the form states in bold "Updating is free of charge".

However, when you read the tiny small print, you will see that you are actually signing a contract for 3 years, and they charge you 990 Euro per year, see enlargement here:

This is a variant of the same scam as the "European City Guide".
If you mistakenly signed one of these forms, DO NOT PAY.
As the following web sites show, these scammers are after easy cash and not after law suits, although they use bully tactics to intimiate their victims. Check out Stop The European City Guide and Stop the European City Guide. In fact, they have already been convicted of fraud. To evade the law, they just move from one place to another.

aa419 back, CastleCops under paypal reputation attack

2007-09-20T08:51:00.000-07:00

aa419 is back again, though still under DDoS attack, according to their web site on a CastleCops server. CastleCops itself has been and is still under DDoS attack. As of 18.September they are down, but supposedly because of a hardware failure, according to a comment posted in a washingtonpost blog. In that blog they also report that CastleCops is now subject to a different type of attack. The crooks use hijacked PayPal accounts to make donations to CastleCops. To users this makes it look like CastleCops are the crooks. CastleCops is working with the FBI, and they are working on returning the defrauded money.

Cyberwar for real.

aa419 under attack.

2007-09-07T04:51:00.000-07:00

aa419 (artists against 419 scams) is under serious DDOS attack, and mostly not accessible. In a cache at google, I found some of the following forum notes:

Posted: Tue Sep 04, 2007 11:13 pm
As some of you may have noticed, aa419.org has been under a severe DDOS attack the last days. The attack is still ongoing. Our fabulous tech specialists were able to block thousands of IP addresses. As a result we can keep the website online despite the attack.

We strongly suspect that a Russian crime syndicate is behind this - apparently they are a bit upset about many, many shut down job scam / money mule scam websites. So in a way this DDOS attack is good news, because it certainly means that we cost these people a LOT of money.

We absolutley intend to keep aa419 online and not give in to them. And we think this is a good time to get some more money mule / job scam websites shut down.

Posted: Tue Sep 04, 2007 11:42 pm
SumYunGai wrote:
Botnet time is expensive. I suppose you've passed the IP addresses on to ISPs so they can take the appropriate action, whether that's warning the user or shutting down their Internet connection.

Yes, we are passing the IP addresses on to the relevant ISPs. But we are talking about several thousand blocked IP addresses so far.

Posted: Wed Sep 05, 2007 4:52 pm
Allright, the hoster temporarily took down our server. The criminals were pounding our server at 400GB/h. That means, they severaly increased the attack after our excellent tech guys were able to keep aa419 online the last days despite the attack.

We will keep you updated.

Also, 419eater.com and Scamwarners.com appears to be under attack (see this blog). And according to CastleCops, which is another anti-phising/malware/spam site, several other sites, including CastleCops are under severe ddos attacks.

Virus and Anti-Spam software that gets you...

2007-09-04T09:30:00.000-07:00

BBC News had a piece on virus and hacking tools that have become a commercial commodity for criminals to purchase. Apparently all kinds of hacking tools are now offered commercially and as kits. Expect more SPAM, phishing, and other types of attacks in the future.

Another threat to personal computers stems for poor or even fraudulent anti-virus and/or anti-spyware software. There is plenty of anti-spyware software out there that really only makes the problem worse. Bad and dangerous programs posing as security software are certainly not good. Therefore, buy your products only from large, established, reputable companies.
A notorious case of such rogue software is/was SpyLocked or SpyWareLocked. Searches with google turn up lots of sites with instructions how to remove it. See, e.g., these removal instructions.
It even got its own entry on Wikipedia. Another fake program is VirusLocker (see these removal instructions).
The imagination of fraudsters is unlimited. Check out this huge list of bad software sites on the Spyware Warrior Site.

Storm worms enters blogs

2007-08-31T10:17:00.000-07:00

The BBC had a report that the Storm worm is now invading blogs. Messages are posted to blogs that link to web sites that try to inject the worm into your computer. Subject lines for these messages are for example:

are you kidding me? lol
Dude dont send that stuff to my home email...
Dude your gonna get caught, lol
HAHAHAHAHAHA, man your insane!
I cant belive you did this
LMAO, your crazy man
LOL, dude what are you doing
man, who filmed this thing?
oh man your nutz
OMG, what are you thinking

A search with, for example, "HAHAHAHAHAHA, man your insane!" turns up many google blogspot sites. Be extremely careful with such sites. Some of them are just full of Storm Worm spam messages.
However, some of the google sites have now been blocked, most likely by Google or the blog owners, and only registered users can log in.

In any case, this does not bode well at all. This hacker group has now a system of probably over 1 Million infected computers under their control, and I am sure in a short time there will attempts to flood other popular sites.

Insights into 419 advance fee frauds

2007-08-28T03:13:00.000-07:00

Here is a Web site, scambusters419.co.uk, that will give you plenty of insights into the workings of 419 advance free fraudsters. If you have some spare time, read how the owner plays and fools with the scammers.

Another Web site with some hilarious pictures of scammers is at 419eater.com. Have a look at this site.

These sites are operated by "scambaiters". They respond to SPAM emails of the advance fee fraud (419) type and make fools of the scammers.
See for example this exchange between a scammer and a baiter, where the scammer claims to be Samuel Eze from a bible ministry. I don't want to give away the punch line, but the pictures the guy sends are hilarious.

Enjoy both sites!

More info on HYIPs and scams

2007-08-24T09:04:00.000-07:00

Catty Shaq has more infos and discussions of HYIPs and other online money making scams. It also has information on the e-Gold court case.

HYIPs are essentially scams.

2007-08-23T08:50:00.000-07:00

Here is a nice explanation of how the HYIP (High Yield Investment Programs) scams (i.e. Colonyinvest, Wollenberg, SNGInvest, etc.) operate, see WorldLawdirect. It is similar to what you can find on HYIP in Wikipedia.
A simple fact is: "Warren Buffett, one of the world's most successful investors, made around 30% per year during his most successful period." So, any claims of higher profits by HYIPs cannot be real.

Very interesting is also the fact the e-gold, which is used by many HYIP programs as a way to transfer the funds is itself indicted on charges of money laundering, conspiracy, and operating an unlicensed money transmitting business, see WLD forum thread on e-gold.

postcard/e-card and "Membership" SPAM emails are STORM WORM

2007-08-22T03:33:00.000-07:00

The Register had yesterday a report that the new series of SPAM emails - the recent "Welcome/Membership" emails - that try to lure you into clicking on a link are attempts to infect your computer with malicious software. They are new permutations of the previous ecard/postcard SPAM emails. If the reader goes to the web site, he is prompted that an applet (little program) needs to be installed for secure login. This program is called "applet.exe", runs on Windows machines (not Mac Os X or Linux), and creates a backdoor on the computer that allows hackers to take over the machine. This piece of malware or Trojan is known as "Storm", "Zhelatin" or W32/Newar. It changes and adapts rapidly, in fact so fast that many antivirus software packages do not yet recognize it intially. This is an extremely dangerous Trojan going around. Between January and May 2007 2817 infected hosts were detected, but this has skyrocketed to 1.7 million infected machines now. F-Secure has a list of Sender and Subject lines that the recent SPAMs use.

New phishing or virus attack by email SPAM

2007-08-21T04:42:00.000-07:00

New variations of the postcard / e-card spam emails are showing up that try to lure you into clicking on a provided link. This time the spam emails pretend to be a confirmation for a membership registration, or something along those lines, and they try to trick you into clicking on the link. Most likely the given web site will inject a virus into your computer system. Here are some examples:

Subject: Membership Details
From: "Web Players"
Sender: User viqlpkkvxut

New Member,

Are you ready to have fun at Web Players.

Account Number: 828285335
Temorary Login: user3090
Password ID: yg141

For security purposes please login and change the temporary Login ID and Password.

Use this link to change your Login info: http://xxx.xxx.xxx.xx

Thank You,
Confirmation Dept.
Web Players

Subject: Member Confirm
From: "Free Ringtones"
Sender: User twcenwfunwi

Dear Member,

Thank You for Joining Free Ringtones.

Membership Number: 28189574868359
Temorary Login: user4810
Your Password ID: qu845

Please keep your account secure by logging in and changing your login info.

Follow this Link: http://xxx.xxx.xxx.xxx
Enjoy,
Confirmation Dept.
Free Ringtones

Subject: Registration Confirmation
From: "Office Antics"
Sender: User neojqgl

New Member,

We are glad you joined Office Antics.

Membership Number: 81718539734
Temp Login ID: user8300
Temorary Password: ch274

Please keep your account secure by logging in and changing your login info.

Use this link to change your Login info: http://xxx.xxx.xxx.xx
Thank You,
Membership Support Department
Office Antics

Subject: Dated Confirmation
From: "Online Hook-Up"
Sender: User wcrdzwrbl

Welcome Member,

Here is your membership info for Online Hook-Up.

Confirmation Number: 94429852
Login ID: user8191
Password ID: da684

Your temporary Login Info will expire in 24 hours. Please login and change it.

Use this link to change your Login info: http://xxx.xxx.xxx.xx
Enjoy,
Welcome Department
Online Hook-Up

Subject: Your Member Info
From: "Free Web Tools"
Sender: User fwunefx

Welcome,

Are you ready to have fun at Free Web Tools.

Account Number: 6179795186753
Your Temp. Login ID: user8774
Password ID: gl565

Please keep your account secure by logging in and changing your login info.

Click on the secure link or paste it to your browser: http://xxx.xxx.xxx.xx
Thank You,
Welcome Department
Free Web Tools

Wollenberg International (www.wollenberginternational.com), part 2

2007-08-16T05:45:00.000-07:00

Wollenberg International claims to be based in Panama. The address they give is (click for larger picture):

Searching with this address, one finds that this is exactly the same address used by another fraudulent investment web site: Scandinavian Networking Group (www.snginvest.com), which has been exposed at sng-scam.info. Here is an excerpt of the Panamanian documents of SNG (taken from moneymakergroup):

As one will notice, the address is the same as for Wollenberg. So, either Wollenberg ING copied it from SNG, or they are the same operation. In either case, this looks like a scam.

The same address is used by what looks like yet another dubious investment site, siaminvestcorp.com (Siam Gain S.A.):

Siaminvestcorp has links to Hatfield Oak International, which in turn had links with SNGinvest (see sng-scam.info).

Then there is a representative of the a3union.com based in this apartment:

Furthere, we find an application form under vmover.com listing Hatfield Oak's address in the same place:

although Hatfield seems to have another address:

Vmover.com itself is an advertisement board for such sites as AmityFunds, SNGInvest, A3Union, ExclusiveCircle, FantasticPay, FeederFund, FX Club and more.

Sewercash has previously exposed Amityfunds as also being located in the same place Findings on Amityfunds

And people involved in Amityfunds and SNGinvest are prosecuted:

If you look at the Torre Cosmos Floor plans, the apartment tower where the address is, you will find that it contains 2- and 3-bedroom apartments, and four 2-bedroom penthouses on top. Apartment A on the 13th floor is a 3-bedroom apartment.
Well, well, this little apartment in Panama is pretty crowded...

Hence, Wollenberg is lying about being in Panama, or it's part of the SNGinvest/Amityfunds circle of fraudulent companies.

Escrow fraud, modul-transport

2007-08-15T09:09:00.001-07:00

I've come across two more useful web sites, scamfraudalert.com and escrow-fraud.com (see links on the side).

One example of a fraudulent escrow service is Modul Transport (modul-transport.com). They made the name very similar to another logistics company, www.modultransport.com. However, as their contact address they list yet another, legitimate logistics company (Pro-Logistics, daughter of AIRLOG GROUP) located in Helsingborg, Sweden. In their contact section they only modified the phone numbers slightly to some other phone number.

Further, modul-transport.com copied the CEO and employee images from the Contact section of the real company AIRLOG GROUP (http://www.airlog.se/), changed the names and put them on their web site. Here are the fake images (compare with the real ones
at Airlog:

New variants of the postcard/e-cards

2007-08-14T05:24:00.000-07:00

New versions of the spam emails pretenting to be postcards/e-cards from friends/colleages etc. are spreading. Here are some examples:

Colleague(xxxx@xxxxx.org) has created Animated postcard for you at birthdaycards.com.

To see your custom Animated postcard, simply click on the following Internet address (if your mail program doesn't support this feature you will need to COPY and PASTE the address into your browser's address box):

http://xxx.xxx.xxx.xxx (IP removed)

Send a FREE greeting card from birthdaycards.com whenever you want by visiting us at:
http://birthdaycards.com/
This service is provided and hosted by birthdaycards.com.

Colleague has created a greeting ecard for you at E-Cards.Com,
the Internet's most popular greeting card service.
Your greeting card ID is: xxxxxxxxxxxxx
To see your custom greeting card, simply click on the link below:
http://xxx.xxx.xxx.xxx (IP removed)

Send greeting cards from E-Cards.Com whenever you want by visiting us at: http://E-Cards.Com/
Copyright (c) 1996-2007 E-Cards.Com All Rights Reserved

The aim of these emails is to guide you to a web site that will infect your computer with a virus.
Particularly, if you use a version of the Windows operating system, it is highly recommended that you keep your computer updated with the latest patches and with the latest anti-virus and anti-spyware software.
It is also helpful to use alternative Web browsers, such as Firefox or Opera, instead of Internet Explorer.

Another fraudulent investment scheme: Wollenberg International

2007-08-10T06:02:00.000-07:00

While looking at colonyinvest, I also came across another suspect site: www.wollenbergfunds.com. This "company" has now undergone a substantial overhaul and markets itself as Wollenberg International marketing group (ING) at www.wollenberginternational.com. In an "advertisement" on one of the quick money scheme web forums, they claim "new ceo, new staff, totally new concept":

Let's look at the whois data of the old site, pretty much all information about www.wollenbergfunds.com seems to have been erased, but the whois data is still available:

The new whois entry for www.wollenberginternational.com is this:

As one can see, the first administrator was Krzysztof Giemza in Tarnow, Poland, who registered the web site in Australia??!
The second administrator is now an "Arnold Wollenberg". However, as you will notice, this person is also in Tarnow, Poland, and the telephone number (+48 502 683982) is the same. Arnold Wollenberg is Krzysztof Giemza! The overhauled domain is simply the attempt to hide who he really is.

Now, we can find out more about Mr Giemza. Using the phone number to search, we find that he posted an advertisement to do house sitting in London! So, the successful investement company CEO is looking for housesitting jobs?!!

He provides a client testimonial on the sitecube.com web site, the flash software he used to develop the new wollenberginternational web site:

Also, on a web site in Poland, he listed his credentials looking for jobs:

We can see he speaks English and German, was a fitness instructor for 12 years, and a martial arts instructor for 19 years, and insurance agent for 1 year, and working in trading/enterprise for 4 years. Worked as English translator for 15 years. He also had some computer courses. Now he is operating an investment company supposedly based in Panama, but all contacts are in Poland? This sounds all very fishy. This is all in line with someone trying to make some fast money, not through investment, but with other people's money. Stay away!

More shady dealings of colonyinvest in Vietnam, part5

2007-08-09T09:13:00.000-07:00

A Vietnamese newspaper tracked down the local representative of colonyinvest. See their article at
www.thanhniennews.com/features/?catid=10&newsid=30717.
How shady is it for a supposedly reputable business with investments yielding 100 percent gains per month to distribute info in a photocopy shop?! And to meet a representative of colony investment the newspaper had to go to a coffee shop. It is also very revealing that the colonyinvest representative claims that they get their money from investments in casinos, foreign exchange, and normal stock markets (high-tech/blue-chip). This clearly shows that this business cannot be legitimate, since, for example, no deals in foreign exchange currencies can yield such profits. It is very clear however, that the top colonyinvest representatives at this meeting get their money from the investment of other people. The normal “investor” is left with e-money that supposedly increases in a computer account. The real problem will start when they want to withdraw some real money… Tellingly, when the journalists wanted to borrow some e-money, the colonyinvest representatives said “no”. If Colony Invest can generate money so easily with their scheme, why can’t they lend a little e-money? Clearly, this is all about cheating people out of their real money. Stay away from this fraud!

Several taken down schemes: Phoenixsurf.com, FrancSwiss, SwissCash

2007-08-02T08:19:00.000-07:00

While fraudulent schemes pop up everywhere, government agencies are making progress to catch them. The more people report them, the faster they will fall.

Here is a report on Phoenixsurf.com:

SEC Charges Operators of Phoenixsurf.com Web Site With Conducting a Massive Internet Ponzi Scheme

FOR IMMEDIATE RELEASE
2007-141
Washington, D.C., July 24, 2007 - The Securities and Exchange Commission today filed securities fraud charges against the operators of an Internet-based Ponzi scheme that raised $41.9 million in just four months from more than 20,000 investors worldwide.

For the full report see www.sec.gov/news/press/2007/2007-141.htm

Or for FrancSwiss internet fraud see http://newsinfo.inquirer.net/breakingnews/infotech/view_article.php?article_id=75039

And for SwissCash or Swiss Mutual Fund Web frauds (www.swissmutualfund.biz.) see http://www.todayonline.com/articles/167644.asp . Of course, a Swiss company based in the Commonwealth of Dominica should have raised alarm bells with investors.

Also, check out the Web site of the Monetary AUthority of Singapore, the maintain a list of fraudulent sites:
http://www.moneysense.gov.sg/check_our_list/Consumer_Portal_IAL.html . But because of the fast changing nature of these fraud internet sites, such list will never be complete.

Colony Invest fraud moves around, part4

2007-08-02T06:08:00.000-07:00

Colony Invest (colonyinvest) operates also at colonyinvest.net. Their other - identicial - web site, www.colonyinvest.com, is presently not responsive. No reputable company would keep their ".com" down or inactive. They could reroute to the other. Perhaps they are on the move to hide from old investors.
Also, it seems they moved their blog entry to colonythailand.blogspot.com to attract Thai people into their scam. Colonythailand is the same fraud! They also have a web site geared towards Vietnamese at http://music.easyvn.com/colonyinvest/. The contact person associated with this Web site is a Nguyen Kinh Luan. It has a nice description of their pyramid scheme:

As one can see, this is a rather overcomplicated scheme, nobody is really supposed to understand the details, all that matters is that it promises extra percentages of profit for each new member that you can recruit. No investment company would offer such a pyramid scheme. In fact Colony Invest is both a pyramid and Ponzi scheme. This is illegal and does not work (see for example the Wikipedia entries: http://en.wikipedia.org/wiki/Pyramid_scheme, http://en.wikipedia.org/wiki/Ponzi_scheme).

Perhaps some people will get some money, but most will loose. Do not invest!

More fake greeting cards, ecards, postcards, Virus warning

2007-07-31T10:20:00.000-07:00

Recently, many more of these fake phising ecards, postcards, greeting cards have appears. They always look exactly the same, the only thing that changes is how they are addressed: Friend, family member, mate, class-mate, worshippper, etc., and from which web service the come from, i.e. american greetings, e-cards.com, all-yours.net, 2000greetings.com, freewebcards.com, vintagepostcards.com, 123greetings.com, riversong.com, postcards.com, greet2k.com, netfuncards.com, hallmark.com etc.
They sure made a nice little program to randiomize the senders and the greetings to try to fool you into clicking on their links.
DO NOT CLICK ON THE LINKS!

Here is a recent list of such emails in my junk box:

Phishing using Greeting cards/ecards, Virus warning

2007-07-05T08:35:00.000-07:00

Recently, I got e-greeting cards in my email, one apparently from a neighbor, one from a friend. However, I didn't expect any cards. A careful check of the IP addresses on which one was supposed to click showed that they are not the same as the one from the company from which the e-greeting was supposed to come.

Here are the two examples:

....
Subject: Celebrate Your Nation
....

Hi. Friend has sent you a greeting ecard.
See your card as often as you wish during the next 15 days.

SEEING YOUR CARD

If your email software creates links to Web pages, click on your card's direct www address below while you are connected to the Internet:

xxx.xx.xx.xxx (IP number removed for security reasons)

Or copy and paste it into your browser's "Location" box (where Internet addresses go).

PRIVACY
2000greetings.com honors your privacy. Our home page and Card Pick Up have links to our Privacy Policy.

TERMS OF USE
By accessing your card you agree we have no liability. If you don't know the person sending the card or don't wish to see the card, please disregard this Announcement.

We hope you enjoy your awesome card.

Wishing you the best,
Mail Delivery System,
2000greetings.com

...
Subject: You've received a greeting postcard from a neighbour!
Date: Mon, 2 Jul 2007 14:22:06 +0200
...

Good day.

Your neighbour has sent you a greeting postcard from Hallmark.Com.

Send free ecards from Hallmark.Com with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------

Click on the following Internet address or
copy & paste it into your browser's address box.

xxx.xx.xx.xxx (IP number removed for security reasons)

--------
OPTION 2
--------

Copy & paste the ecard number in the "View Your Card" box at xxxxx (removed)

Your ecard number is
xxxxx (removed)

Best wishes,
Mailer-Daemon,
Hallmark.Com

These emails are BOGUS, FAKE, neither of the IPs (deleted above) pointed to 2000greetings or hallmark.
I found further information on this type of fraud also at purportal.com/spam/1852/ and www.scambusters.org/ecards.html.
The sole purpose of these emails is to direct the reader to a fraudulent web site, with the purpose of infecting your computer with spyware or viruses, or otherwise obtaining information from you to exploit.

This threat is very, very insidious (dangerous), because a simple click to this bad web site can already cause problems if
your computer is not protected from the latest viruses or spyware!!

So, beware! Do not click on the links!!

Colonyinvest Fraud, part3

2007-06-11T08:32:00.000-07:00

Well, each time you look at that site, you just find more lies. The testimonials are all written in poor English, definitively not by a native English speaker. Further, this testimonial says they used this company for 6 months! What a lie. If you look in my first post, you will see that the Web site is up only since the middle of March 2007.

Forget these fraudsters...

Colonyinvest Fraud, part2

2007-06-07T09:03:00.001-07:00

Colonyinvest is even running their own blog here on blogspot (or at least used to). Does it surprise me that they only have one post, advertising their schemes? Of course not.

At least this gives us the opportunity to look at their claims.

So, for 1000$ investment, at 3% interest per day put into a separte account, you get 1000$ in 33 days. You are supposed to gain 3000$ to 4000$ (it's not quite clear how this strange scheme is counting) in the short time of 100 days. Impossible with the investment sources (stock market, commodities) they cite on their Web page.
They clearly want to cheat unsuspecting people from SouthEast Asia. They offer low investment limits (just 100$ gets you started), and they have a strange online keyboard for entering information. This only makes sense if one thinks about possible entry problems caused by keyboards and alphabets in different countries.
They want to lure as many people as possible in a short time, therefore the network and friend-to-friend bonuses. Clearly this is an illegal pyramid scheme.

www.colonyinvest.com could be shut down any moment, and the only one who profits is the Web operator who collected all the money. Perhaps he will pay out some interest to the first investors to generate a positive feedback, and keep the money coming in, but at some point, this Web site and the money will just disappear. Since this seems to have started in April, it could stop any day.
Again, just keep away from such sites.

Fake Universities

2007-06-07T08:34:00.000-07:00

Well, well. The Web is an endless source of fraud. BBC just had a news bit on "Corruption that is damaging education" (http://news.bbc.co.uk/2/hi/uk_news/education/6729537.stm). One part of this was Fake Universities on the Web (http://news.bbc.co.uk/2/hi/uk_news/education/3369567.stm). Some universities mentioned in the article are "Shepperton University", University of Dorchester", "GM University", "Greater Manchester University Ltd". A check of the still active Web site of "Shepperton University" reveals a page for International Students that says "All tuition and fees must be paid in U.S. currency and all checks drawn on U.S. banks." All other tuition fees are also in US$. Yeah, sure, for an English university in England, you need to pay in Pounds.
But another key way of detecting the fraud is the Web address: From BBC "The website addresses of the bogus institutions are a quick giveaway, because they cannot obtain the bona fide ".ac.uk" domain - though it has been known for some to use ".ac", the Ascension Islands domain." In other countries, like the US, academic institutions usually end in ".edu". In other countries it may be more difficult to get a list of real universities, as there is no system such as "ac.uk", or ".edu". Still, it should not be too difficult to find real institutions with proper Web sites that list addresses, faculty members, etc.

Scam Investment Schemes: ColonyInvest part1

2007-06-02T04:31:00.000-07:00

There are plenty of fraudulent investment schemes out there. If a scheme sounds too good to be true, well, indeed, it's probably not true. Artists against 419 (419 is also known as Nigerian fraud) has a database of fake Banks (http://db.aa419.org/). Alas, this list is not complete, new schemes pop up all the time.
Let's have a look at a recent scheme: www.colonyinvest.com.

Can this be real? They apparently advertise their business mainly on Asian webboards (e.g. Malaysia), and seem to rely on word to word propaganda to sign up people, apparently in a pyramid scheme.
So, let's examine the Web site. The "About Us" section:

They claim to be the online investment branch of a major Investment company "Colony Invest Management Inc. ".
Web searches do not reveal any company by that name. Further, they are supposed to be based in Rochester, NY, but a check in the list of supervised institutions at the "State of NY Banking Department" http://www.banking.state.ny.us/supinst.htm" does not reveal any such company.
Most revealing is that nowhere in the Web site is any real adress or phone number listed. Highly suspicious.
Look at the supposed list of directors, many of the places they supposedly worked at cannot be found on the internet:
Estine Development Group, London Tucks Development Agency, Smith Simpson College, Barbra Capital Partners, Clinton, Dubbier & Rice, Inc. There is a "Simpson College" without "Smith", but why should a "reputable" company make such a mistake... Anyway, this whole list is just made up to look impressive.

What about the links to the companies they invest in, the references? You will notice that these are just links to other Web Sites, and none of these other Web Site ever mention or link back to ColonyInvest.

So, where is the Web site registered? A search on http://www.whois.net/ brings us to the registrar godaddy.com (where you can register a web site for 10$ a year). The information there yields:

Wow, a single person in Fremont California (whatever happened to Rochester, NY?) is listed as administrator and technical expert, and he has a yahoo email address in China! How fishy is that?
A reverse lookup of the phone number at http://www.whitepages.com/ gives us the following information for the same phone number:

Ibi synergy (http://www.ibisynergy.com/) is an importer of condoms for NR Synergy in Malaysia. This seems to be a little legitimate business. You can make another lookup for this Web address and find another owner listed for this phone number. But clearly, this is very different from what ColonyInvest is supposed to be.

Finally, let's look at some of the fine print of ColonyInvest. In their FAQ:

To deposit money into an account of theirs, they charge 5%!. To withdraw money, they charge 10%. So, according to the example given, you deposit 1075$, and when you want to withdraw it later, you get 860$ back. So, together with fees, they take 20% of your money, what a rip-off. No reputable bank will do that. And nowhere do they promise you any garanteed profits... For each transaction in the market they charge you 50$. A search for "online banking" will give you many online banks that allow you stock market trading for less than 10$ per transaction.

So, in conclusion, just stay away...