Introduction

While fishing around for some chords I came across azchords.com – as you do.  They’ve a shedload of Google ads and I accidentally hit the banner ad while trying to get rid of pesky popups (why do sites still do this now?)  I was taken to the website of someone called Kevin Hoeffer and an honestly dismal automatic sales pitch.  http://www.kevinlifeblog.com is the address.

kevinlifeblog.com

Kevin, of course is anonymous because his website uses WhoisGuard.  This “protects” the domain holder from spam, they say.  Well that’s one thing it does – another is that it make it hard to trace spivs. Anyway, he links to EarnFastCashwithGoogle.  This is the link:

http://affiliate.a4dtracker.com/rd/r.php?sid=168&pub=450202&c1=direct&c2=&c3=

You are then redirected to this page where you have to enter various address details:

https://www.securecartcenter.com/NzU5M3wxODIyfDI2NzQ4M3×2Mg==/rxfum4b9/g

I did so using the address of an electricity sub station. (yes, I know).  Once all the boxes are ticked and the funny little easily resettable timer is ignored (but noted as a clue to a very good social engineering type scam), you are taken to this website:

https://www.securecartcenter.com/NzU5M3wxODIyfDI2NzQ4M3×2Mg==/cvfum4b9/g

In here, the warnings should really be going off in your head by now! They ask for your credit card number, expiry date and CVV number!  And all to get $1 from you!

securecartcenter.com

securecartcenter.com has another hidden domain registration like WhoisGuard but this time with domainsbyproxy.com Surely I can find a real name behind all this?  And don’t call me Shirley. Well right down at the bottom of the credit card screen are some words, well out of normal view.  The whole thing is a signup for Google Treasure Chest who are in no way connected to Google, they hastily point out.  There’s an address in Cheyenne, a house on the corner with about 20 businesses registered there according to Google Maps.  SecureCartCentre isn’t one of them!

Source Code

In the source code for SecureCartCentre we find that images are served from bsadn.pantherssl.com Click that and you’ll get the folder structure for bloosky.com who serve advertising campaigns.  Fish through the folder structure and examine various files.  Google Treasure Chest is there.  Check out some css files and you’ll find that some are loaded from discovertotal.com , which has a contact of bloosky.com So far so good.  If they’d have stuck an htaccess file in there I wouldn’t have seen that, ho hum.

Instant Google Kit

Lots of stuff points to this.  http://googletreasurechest.com/index.php/home.html   It’s the homepage for this ferago.  Interestingly, down at the bottom all the links are to this site except for one, the signup link which goes to: http://www.redtomorrowfield.com/z/gtc2/?cy=10&pr=19&af=16&ad=19

redtomorrowfield.com

These are also shrouded from enquiry by DomainsByProxy.com  The site actually looks like the treasure chest one – weird.  The form at the bottom is similar to the previous address form but the email address is validated by ebizsuite.com, an eCommerce company.

So Where’s The Problem?

The problem lies in this selection of links below.  There are hundreds on the web.  No-one has anything good to say.

• Complaints Board
• Google investigation into GoogleTreasureChest
• Ripoff Report

At the bottom of the signup page, is the text:
By submitting this form I authorize Google Treasure Chest to immediately charge my credit card for instant access to the Instant Google kit. I hereby request that Google Treasure Chest activate my account and authorize them to advance funds as indicated. Monthly Service fees will commence seven days from the date of this purchase, and will be billed monthly thereafter. After the seven day trial you will be billed seventy one dollars and twenty one cents USD monthly for the continued access to the software. No refunds will be given for failure to use the requested and provided services. You may cancel at anytime by writing to 2510 Warren Ave Ste. 3363, Cheyenne, WY 82001 or calling 866.951.1406. Google Treasure Chest is not affiliated with, endorsed by or in any way associated with Google. Results vary. Individuals have been remunerated. All Content Copyright © 2005-2009, Google Treasure Chest. All Rights Reserved Worldwide.

That’s the problem you see.  It’s almost unreadable.  As everyone found out, instead of a dollar, they all had $71.21 taken away – monthly.

Conclusion

When I started this little investigation, I thought it was a straight phishing expedition to get credit card details.  Instead, it’s a curious grey fuzz of almost legal chicanery. Watch out!

Addendum Posted 7 April 2009

The original popup ad was for a ‘person’ called Kevin Hoeffer with his honestly dismal automatic sales pitch. Today I came across another who mysteriously, used to work for a pipe company! This is on this website http://www.joshmadecash.com The actual text goes like this (one paragraph only shown):

A year ago I was an account manager for a (drum roll) a pipe manufacturing company. Not exactly what I dreamed of when I was growing up. The job I had before that, I used to work in at a mortgage company. That job I did like. Initially I was one of the processors and then started working in the sales department. That was really exciting 5-6 years ago. I was trying to learn the ropes as a salesperson and then eventually I really did start to make some money. I was doing well 3-4 years ago. Then as you know the mortgage industry just took a huge down turn. Along with every other industry and jobs available.

Naturally I wondered how many sites there are with this former pipe company (drum roll) bit of spiel going on. Try this Google search on this string “A year ago I was an account manager for a (drum roll) a pipe manufacturing company. Not exactly what I dreamed of when I was growing up.” to see how many. Actually Google says over 100! (202 on 8 May 2009!!)(268 on 29 May 2009!!)

Addendum 10 April 2009

Useful Links

• wafflesatnoon.com dodgy site list #1
• wafflesatnoon.com dodgy site list #2
• US FTC fines Software CD scam company $3million!
• USA Better Business Bureau – send complaints here
• List of postings by ‘It’s Easy To Fix This’ – This person variously claims (in successive posts!) to ‘represent’ or ‘is affiliated with’ Google Money Tree.
  

  Pigs Might Fly!

  In these posts he claims to have checked the phone logs and to have enabled refunds for people. Some replies seem to be validated, so if you want your cash back, then this is the guy folks!

• Sorry. This isn’t a link. It’s a visual comment on the previous one! The previous one in the forum has 414 replies and has been viewed 122,523 times when I last checked. Those figures say it all, I think.
• Drill Down Through bsadn.pantherssl.com – Follow up post containing businesses located on the same image server and probably linked to the same people
• Google Kit, or Treasure Chest, the Plot Thickens? – Another follow up post containing more of the same plus some extra investigations…!
• Two posts and zillions of comments from “I’ve Tried That” here and here. There are another batch of phone numbers here, plus a comment from Sharon states that the numbers belong to Collection Agencies that are only too happy to cancel subscriptions because they get paid to do so!! The worst bit was the guy who paid out $3k for ‘training’….. (added 15/4/2009 – SP)

I’ll continue to post extra info here, instead of in the threads below in order to make it more accessible. I seem to be finding stuff out here on an hourly basis, and most of it is depressing as it reveals the vulnerability of the human condition. So please folks, always remember,

“If it looks too good to be true – it is”

Latest News: 27 April 2009

• Texas Sues ‘GoogleMoneyTree’ Promoter – Scam uses high-profile name to deceive consumers, state charges

From this article, we see that the ‘company’ behind Google Money Bollox is “Infusion Media Inc”. Try a Google search on the name here. For a company that’s been behind sooooo many different scammy websites, there are only 173 results. Nearly all relate to their dodgy dealings.

We also find that this guy, Philip Danielson, since Dec 2008, seems to have been handed the poisoned chalice that is some form of legal representation for Infusion Media Inc!!

More Related Links

• Comments about 8882089320 number:
• RipOff Report says they’re okay?
• Texas Insider
• Texas legal Summons, Restraining Order etc, served in Travis County (pdf download)
• Jonathon D Eborn’s house of restraint  INSERT_MAP
• Fake “work-at-home” schemes discovered – Austin News; full of links and sample PDF files about the charges!

Addendum 2 May 2009

• Please check this post Google Treasure Chest – Phone and Address List for a collated list of addresses and phone numbers mostly derived from the comments below.  For Google Treasure Chest/Kit/Money Maker type things, the later phone numbers have been found to be effective at getting refunds.
• I can’t vouch for any scam that’s Cyprus based – that’s a different kettle of fish.
• According to one commenter to this website, the charges in the Texas Court Summons brought by the Texas AG against some people have been dropped.  I must say that I’ve found no corroboratory evidence for this of either a name, company or actual reporting….  Jameson Johnson decided not to tell.  Maybe he can update us.  However, in light of comments made, I decided that the tone of some commentary was getting like a lynch mob and have edited accordingly.  This does not mean I’ve gone soft – I’ll still call a pig-in-a-poke what it is.

Amazon Related:

Quiet Life Tablets 100

Internet - The Cyberian Connection - A Beginner's Guide [VHS] [1994]

• SEO Tips for Blog Traffic Generation While it may be true to say content is king when it comes to blog publishing, the truth is that...
• Weakon 235: Stocks, Intermediate Prerequisite: Weakon 135 In my Weakon 135 class we introduced you to the concepts of stock.  We looked at what...

Related Posts by Tags

• Robert G Allen, Grants, and a Credit Card Slimeball (32)
• MyBookface, Google, Utah and Nevis Scamboys United (9)
• Dangerous EffectiveCleanse – and Scams Too! (44)