Tag Archive: Florida

Estonian Spammer Forges CBS and The Guardian

Get Rich Quick Scam Forges Genuine News Agencies Web Pages

Gmail Spam

Gmail Spam

I recently received two emails from a friend’s old Hotmail account, but to two of my email addresses.

Email Spam

Email Spam

Probably, the account has been hacked as I could detect no spoofing in the emails’ headers.  These are the emails, with the email addresses blacked out.

Initial Email Investigations

The text is similar in that they try to entice a user using pretty poor English to click on the shortened URL links, which are active.

Here’s how the links work:
To my Email address;
cbsbusiness9

cbsbusiness9

I had http://cbsbusiness9.com/index2.php?/5260 which then goes to

http://cbsbusiness9.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

To my GMail address;
cbsnews-article

cbsnews-article

I had http://cbsnews-article.com/index2.php?/4032 which then goes to

http://cbsnews-article.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

The screenshots show the results using a neat Firefox plugin, Flagfox, which displays the source IP address and country on mouse-over.

The WHOIS’s of each domain are almost identical.  These are screenshots.

whois.domaintools.com screen capture 2012-12-12-17-12-26 whois.domaintools.com screen capture 2012-12-12-17-13-17 That Arthor Brown’s a one, eh?  Notice the Ukrainian, Russian and New York connections?   Who is/are  or what is:

TNew line ave 172 95
NY, 18274
UNITED STATES
+1.7343541732

Google Search on +1.7343541732

Google Search on +1.7343541732

Googling the phone number pulls out a heap of (not)surprises including an awful cesspit of scamminess that’s now starting to rival Pacific Webworks’ Google Treasure Chest and Jesse Willms’ Colon cleansing efforts!  (We saw these scams a few years back – check the links)

Just check out the fake news and dodgy sounding sites in the search results….  These are the first couple of pages of current search results:

  • Com-news8.net
  • Bcnews8.com
  • Dildobigg.com
  • Raspberry-Ketone24.com
  • BigGgEts.com
  • HurtGuys.com
  • GrowsPeniss.com
  • HugerAss.com
  • Com-news9.net
  • Com-nbcnews9.net
  • coloncleanse-extreme.com
  • nbc9news.com
  • nbc1news.com

Arthor Brown is in most of them with his Yahoo! email address as [email protected]   Please don’t confuse him with this Arthur Brown, but yes, handle all of these websites like Fire!

Forged Webpages of The Guardian Newspaper

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsbusiness9.com screen capture 2012-12-12-16-3-23

cbsbusiness9.com screen capture 2012-12-12-16-3-23

The Guardian, is an old and respected news organisation in the UK.  CBS is a long-established US media network.

They, and the purported author of both webpages, Sirena Bergman, must be pretty pissed off about the hijacking of their names.

Also to be annoyed, is Lloyds TSB Bank who apparently are “in association” with this get rich quick scheme for work at home moms!

Completely Forged News Articles!

Indeed they are.

  • The articles are dated “December, 11:41”, which is odd since there’s no day, just month and time!
  • Both articles are embedded in genuine Guardian web-pages, with all the links surrounding the article going to genuine Guardian web-pages or genuine advertiser websites!
  • The hook links in both forged webpages go to http://workinghome22.com/go.php

The forgery is done in the same manner as the well-known phishing scams done for banks and on-line finance and insurance.

Apart from the images sourced from The Guardian, the scammer’s images are sourced from:

  • ddmcdn.com which is HowStuffWorks.com!
  • localconsumeralerts.com
  • prosperadtracker.com
  • ophan.co.uk

So, Who Is workinghome22.com

Bad Gateway

Bad Gateway

The first link was dead, opening a bad gateway so the expected redirect didn’t work.  The tracking pointed back to Ireland!

Bad Gateway

Bad Gateway

The second link worked, but the sweetly named workingfromhome22.com wasn’t the destination.   No, the link immediate re-directed to http://onlineincnow.com/2/?aff_sub=72

Well, at least the affiliate number 72 is getting paid….

But hang on, who exactly is workingfromhome22.com?
workinghome22.com screen capture 2012-12-12-16-31-44

workinghome22.com screen capture 2012-12-12-16-31-44

Well, typing the URL directly takes me to workingfromhome22.com!  This is it!

Cunningly, you’ll note that it’s pulled out my home-town as Bournemouth (where I live) with that awful “mom” Americanism!  No-one in the UK addresses their mother as mom…  I mean, FFS?

The webpage links, containing the disreputably used graphics of Thomson, Reuters, CNBC and NBC Universal all point to http://workinghome22.com/go.php, which is of course in this domain.  So let’s click it, shall we?

Well, pctrck.com is trying to load, but not much else.

Reversing then trying to exit workinghome22.com produces a pop-up of dubious functionality!  Check the words – there’s no cancel button!

workinghoome22_Popup

workinghoome22_Popup

I did however manage to successfully close this page following that.  Whew!

Now Back to onlineincnow.com

OnlineIncNow Location

OnlineIncNow Location

The previously mentioned http://onlineincnow.com/2/?aff_sub=72 is located in the USA.

So What Is It Up To?

OnlineIncNow.com Whois Record

OnlineIncNow.com Whois Record

Good Question!   A WHOIS puts the registrant in China with the DNS servers in Russia!

As I mentioned earlier, the similarity of the scamminess of this thing is just like the Google Treasure Chest/ Google Money Tree / PWW scams of old.

The site is plastered with the logos of well known businesses to ad an air of authenticity to things (just as the original hook sites used The Guardian Newspaper and CBS in the same way) yet at the bottom of the page they disingenuously ad:

This site and the products and services offered on this site are not associated, affiliated, endorsed, or sponsored by NBCNEWS, ABC, USA Today, CNN or Fox News, nor have they been reviewed tested or certified by NBCNEWS, ABC, USA Today, CNN or Fox News.

onlineincnow.com T&C Screenshot

onlineincnow.com T&C Screenshot

Despite all this, it is of course bollox set to deceive.  In fact, it now appears that it’s the well known negative option scam, used by Pacific Webworks (PWW) and Jesse Willms to good effect until they were found out.

Let’s see how this pans out, shall we?…..

Check out the T&C page from the tiny link in the page footer – screenshot on the right.

  • They say that the applicable law is the State of Florida.
  • You will become a “member” and the key phrases are here:

You must register as a “Member” with Online Income Now to access certain functions of the website. You must provide current, complete and accurate information about yourself (the “Registration Data”) when registering as a Member. You agree that such information is truthful and complete. You agree to maintain and keep your Registration Data current and to update your Registration Data as soon as it changes. You are responsible for maintaining the security of your password. Online Income Now is not liable for any loss that you suffer through the use of your password by others. You agree to notify Online Income Now immediately of any unauthorized use of your account or other breach of security known to you. You also, by becoming a Member, agree to report violations of these Terms and Conditions by others to Online Income Now.

For a limited time only, the cost of this product is $97.00 ( usual price $299.95 ) and every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

MATERIALS PROVIDED TO Online Income Now OR POSTED AT ANY Online Income Now’s WEB SITE

Online Income Now does not claim ownership of the materials you provide to Online Income Now (including feedback and suggestions) or post, upload, input or submit to any Online Income Now Web Site or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Online Income Now, its affiliated companies and necessary sublicensees, permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.

You’ll see that “Online Income Now” will:

  • make you a “member” (of what?)
  • and you will be regularly billed, (why?)
  • and that for anything you post, upload etc (wah?  whadya mean?  Where is this uploading?),  “Online Income Now” will take no responsibility for what you do!

…………….which is curious as you don’t know what you’ll be doing and they have invited you to do it in the first place!!!

Now Lets Click The Link!  Follow that Opportunity!

onlineincnow.com screen capture 2012-12-12-17-46-50

2 Spots Left!

Amazingly (sarcasm alert) there are two “spots” left in my area!  This is the page… http://onlineincnow.com/2/index2.php

Michelle Johnson is the “guru” who will tell me everything!  So what do I do?  I have two options:

  • Back out
  • Sign up

Let’s Try Backing Out, Shall We?

CannotBackoutFromOnlineIncNow2

Cannot Backout From OnlineIncNow 2

CannotBackoutFromOnlineIncNow

Cannot Backout From OnlineIncNow

Well of course, they won’t let me.  It takes two goes to get out and the first one completely takes over the browser!  Bad.  This is B.A.D.

Ah, well.  Finally escaped.

Let’s Try Clicking to the Signup Page, Shall We?

secure.onlineincnow.com Data Entry Screen

secure.onlineincnow.com Data Entry Screen

I decide on my name, “Jobless Jake” and a random phone number…. The website is now https://secure.onlineincnow.com/2/cc_97.php

What I see is bad, really bad, and any attempt by this pack of jokers at saying they don’t run a negative option scam is now revealed on this sign-up page!

The scam is now revealed for what it is – a negative option scam!        Read it carefully…..  They expressly say;

By enrolling, you will be charged a one-time fee of $97.00

In teeny-tiny letters, note!

But remember, right back buried in the T&C’s they say;

every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

This is expressly against the FTC code and laws in most countries.  If any extra charges are to be levied for any service or goods, they should be expressly stated on the sign-up page where the customer first enters their financial details.

Gotcha! You Bastards!

Okay, I’ve Had Enough of This. I’m Off!

“Not so fast, young Jobless Jake”, say onlineincnow.com……!

CannotBackoutFromOnlineIncNow3

Cannot Backout From OnlineIncNow 3

They’ve an extra 20% off plus and extra bit of webpage-erese!  The screenshot says it all, though it wasn’t the end of it.  I had one more “Leave Page” option like the earlier one above.

Conclusion

Negative Options are banned by law in most countries.  If you get collared by one, you’ll have a job stopping the bastards taking money from your account for ages.  The only sure way to stop this once you’ve been sucked in is through….

  • Chargebacks.   Get your bank or card company to get a charge-back saying the terms of trade or purchase were hidden (as seen in my screenshot above).

So………………….

  • It’s a scam.
  • Stay away from it.


Enhanced by Zemanta

Related Posts:

How WordPress Spam Works

WordPress Comment Spam

The plague of all blogs is spam, mainly comment spam, by sheer numerical superiority.

Q.  Why Do They Do It?

A. As a minimum, they do it to open a back-door into your blog that allows the perpetrator to place reverse linkages to another website to increase that website’s visibility in search engine results (so called “Search Engine Optimisation” – SEO ).  This back-linkage they use to increase website search hits, which they can charge an ignorant website beginner big money for.

At the worst, the culprit would gain full access to the blog allowing free posting and deletions or even the complete removal of your website content.

Today’s Example

Today, I got a comment that made me check further as notionally, it looked okay-ish. These are the details (click image for full-size view of the comment as it appears in the WordPress admin section):

Comment Spam Example

Comment Spam Example

The Jacksonville lawyer is in Florida and has this website; http://www.divorceyes.com/index.html, and the actual comment is pretty kosher, although brief, saying;

Strangely you have made an awesome post and i appreciate your work and keep it up. Thanks for sharing this with us.

This is all very nice, but check out the IP address….

WHOIS 113.203.135.140

By checking the WHOIS for this, we see that the IP Address for this supposedly reputable Florida lawyer (Divorce Yes) is in Karachi, Pakistan!  Well are they?  My guess, given the cheap web costs in the USA, is that Divorce Yes is in the US and that they wouldn’t for an instant even consider anywhere else!

And so it is!  The actual WHOIS for Divorce Yes is in Florida!  (The actual WHOIS for the web-hosting, fortehosting.com is in Illinois).  The registrant’s name (Miller) also agrees with the Divorce Yes’s contact details here, but note; the email address in the comment, [email protected], is not the same as the email address on the contact page, which is [email protected]

Registrant:

jeff miller

1019 grand court

highland beach, Florida 33487

United States

Registered through: GoDaddy.com, Inc. https://uk.godaddy.com/)

Domain Name: DIVORCEYES.COM

Created on: 07-Jun-05

Expires on: 07-Jun-16

Last Updated on: 17-Feb-07

Administrative Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Technical Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Domain servers in listed order:

NS1.FORTEHOSTING.COM

NS2.FORTEHOSTING.COM

Conclusion

There isn’t a conclusion really.  This is just an example of the way that text harvesting is being used to make seemingly intelligent comments slip past the comment filters on a WordPress blog.

As many of these filters rely on an IP address, if the webmaster lets a dodgy IP address through just once then it’ll be marked as “good” by the filters which will then allow the spammer to post even more comments, all for the various nefarious reasons that I mentioned first.

This is why I use a plugin like WP-SpamFree, and using it I can block all incoming pings from a given IP address, in this case, 113.203.135.140!

For interest, I’ve edited out the back-link from the spam comment above and you can find it on this post, Pacific Webworks, Lawyers and Social Networking, here.

Alternative Conclusion

This isn’t a conclusion again, but my examination of alternative possibilities, but note the following:

  • The Divorce Yes website is made and SEO’d by http://enettechnologies.com/.
  • WordPress is used on the website.
  • Many WordPress plugins exist to “improve” the SEO of a website.  (I use some!)
    • Some do it by ensuring meta and other data is added if it’s missing.
    • Others have sprung up over the last few years that “intelligently” link to other websites….  they harvest websites for text and linkages for later use, much like email spammers scan websites for email addresses to spam.  [n.b.  I use PHPEnkoder from Michael Greenberg to hide email addresses on this site from email address harvesters.]

It could be, although I cannot prove or disprove it, but because some of this spam I receive is now pretty readable as with this one above, that plugins are being used for much of the hits I get.  This comment  could be such an example, or the law website name is being used textually as a smokescreen for the Pakistani spammer.  I see lots of adverts along these lines that couldn’t possibly rely on manual  human link placements for their effectiveness….

I’d be interested to hear from Miller Law or their website designer on this one.  It’s not the first time that I’ve had reputable businesses appear on my website like this and I’d like to know what it appears like at their end, if at all.  It does make me wonder if this very website is being used to cloak spam at other websites in the same manner.

This is why I’ve left all URL back-links to the parties in place so that they’ll see them in their logs.

Related Posts:

Comments are closed

Facebook, MSNBC, Jesse Willms’ Swipe Auctions and Doctored Photos

Introduction

Readers of these pages will need no introduction to Jesse Willms, self-proclaimed philanthropist and former purveyor of counterfeit software.

But in the interests of traceability into the continuing insidious nature of the on-line marketplace, here’s a run-through of how to get from Facebook or MSNBC to Jesse Willms’ SwipeAuction (formerly SwipeBids), including a few screen-dumps of the dubious methods employed.

p.s. I could equally well run through the links from any spam I get today to Fox News to BidCactus or whatever.  Okay?

(p.s. SwipeAuctions is no more, the SwipeBids domain expires soon and rumours are rife about a possible new auction site.  Watch this space.)

MSNBC to Willms

This MSNBC page that Joseph spotted http://www.msnbc.msn.com/id/39118941/ns/world_news-mideastn_africa/ had a different set of ads when I looked.  Indeed, just like this website the ads rotate.  What was interesting is that they still went back to Willms’s based websites via fake news websites.

First, there were three ads in the bottom right when I viewed the page.  Refreshing the page shoves out two or three.  They rotate daily, but tend to stay the same on a given day.  The three images are the websites I’ve been taken to…

Site 1

Site 2

Site 3

It’s important to note the similarity between Site 2 & Site 3.

Because they both use the image of the French TV newsreader Mélissa Theuriau!

In the first she’s “Karen Simpson” and in the second she’s “Julia Miller”.

These are affiliate websites of unknown ownership.   Take a look at the car “won” by the woman in the advert.

Fake Car Auction

Car…and woman!

To save you time, this is the car and woman full size.

Now take a close look (it doesn’t need to be very close actually!) at the woman and the car mirror.  Does it seem a bit odd?  Well it does to me!

Using the TinEye plugin for Firefox allow one to trawl the web for similar images.  In this case it comes up trumps!

Because the image is obviously a composite one.  This is the TinEye search:

http://www.tineye.com/search/83bfb2d5784c45b67b0e780943a4a032bf6c4814/

Original car – no woman!

It pulls out six instances of the image used elsewhere on the web.  The URL for this one is:

http://www.leasetrader.com:80/photos/actual144203/150×112/Honda-Civic-EX-Sedan.jpeg

Car Auction Conclusion

I love to play

I love to play

Well pretty obviously it says in the image above that the woman “Samantha Warren” from Florida “won” that Honda car in one of Jesse’s “auctions”. (remember these details – they’re important for later)

(p.s. Since being written, these car pictures have been seen on even more fake news websites, all of unknown ownership.)

SwipeAuctions now have pictures on the landing page right next to his bold claim about helping 112+ children worldwide, where people say they “love to play” on the website.  See the “Anita P” screenshot from today.

(note from editor and US FTC: you can play a game, like a lottery or any other game of chance; you cannot play an auction!  The bold claim of this and many other Bid Auction websites is that it’s part ‘entertainment’, which may be so, but it’s still gambling.)

Facebook to Willms

Facebook ads this morning

Three ads were showing on the right of my Facebook page.  If you’re on Facebook, then you’ll have seen similar.

The first one was for a tips-laden army-type audio-visual that ends up wanting money to stay slim.

But one showed a woman who’d just won an iPad for £26.75.  yep.  It was  SwipeAuctions.  (p.s. these ads later disappeared to be replaced by other bid auctions sites for a time, although they’re now currently almost unseen.)

Honda Car – a co-incidence?

Another Honda? From Florida?

Another Honda? From Florida?

A neat photo from the front page shows a guy, “Pbh201”, mysteriously and co-incidentally (surely) from Florida, again winning a car.   The model?  Well Honda, of course!

Unfortunately, and for now, TinEye has not pulled out any image duplications.  But on past form, who’s to say what might pop up?  (p.s. later information has appeared which shows this Honda ‘win’ from various ‘angles’ – more later.)

Judge?

I’ve edited this post from the original following threats from Jesse Willms legal representative.   Currently there is a legal case against CTV  for showing these videos on television.  Part of the remit is that CTV misrepresented Willms’ businesses and said that 60% were his when they weren’t.

Given that the affilaites’ websites are there to promote businesses and yet are on the whole anonymous, my opinion is that the TV show displayed information in the way that “the common man” would interpret these things.  If the common man is very easily confused, then that is a problem but ultimately the person that benefits from deceptive advertising must shoulder some of the responsibility for their contractors’ behaviour, should they not?

Judge for yourself.

Click to show

Click to show

Click to show

Click to show

Related Posts:

Website Referral Spam and Cyber Security Malware

Fear Uncertainty DoubtRemove Referrals Information from This Website because of Malware

Like many blogs, this website has displayed the last few hits (referrals) that it’s received as a kind of ‘live’ activity recorder and a small service back to the referring website.  However, I’ve had to pull this from my front page because over the last few days, hundreds of malware-laden websites have seemingly broadcasting pings to everyone else….

Anyone unlucky enough to click on these back-links to the ‘referrer’, is then presented with some fake anti-malware scan that’s almost impossible to get away from without resorting to Task Manager.

Analysis and Appearance

The referring link is usually from a sub-domain of an apparently ‘normal’ website (whatever ‘normal’ means, but I hope you know!).  Here’s an example that points to malware:

http://srpvxdd.franklinrealtyvacationrentals.com/page.php?n=overcome-compulsive-overeating

franklinrealtyvacationrentals.com is a normal-looking estate agent’s site in Florida.

This next one points to a blank page, has a similar php ?page= construct, but lacks a sub-domain:

http://sweetepeach.com/page.php?uuu=cube-memory-dane-elec

sweetepeach.com is a website under construction at ixWebHosting, my old host that I left because it was so slow.

And this one is another malware-laden website:

http://www.pbparts.com/error.php?404

pbparts.com appears to be a computer parts on-line store in Arizona.

And here are two web addresses from the same domain!:

http://rlzkiio.tummy2tummy.com/page.php?n=tiered-tulle-dress

http://ziqklvc.tummy2tummy.com/page.php?d=official-ffa-dress

tummy2tummy.com appears to be mother and baby website.

Examples

CyberSecurityWarning1

Cyber Security Warning1

CyberSecurityWarning2

Cyber Security Warning2

CyberSecurityWarning3

Cyber Security Warning3

Here are examples of the typical warning messages after hitting a duff link or two…  These are taken from Firefox 3 & IE8, all fully patched and up-to-date etc.

  • The website sometimes redirects, sometimes not, to the malware-coded location.
  • The message/dialog boxes have a variety of wording and button suggestions
  • Some websites are completely un-closable by normal means and the Task Manager is the only way to get out of a loop
  • There are a variety of files to download from the various websites.  The one in the video below is called “Inst_174s1.exe” – which I’ve seen 3 times now.  I’ve also seen another called “setup_build8_239.exe” which has a standard windows setup icon inside it to ensure it’s apparent legitimacy!

Standard Anti-Virus Failure

The video shows the fake scan and the various failed attempts at closure I made.  The current IP address of the user (myself) shows to add an air of realism to it, although this is easily shown on any webpage.

Fortunately, in this video, IE8, even though the browser privacy and window size & positioning was mucked around by the malware-site, was finally closable with the normal close button at the top right.  On other sites, the only way to get out of the loop in both IE8 and Firefox, was to use Task Manger to crash the process down.  This worked, fortunately.

I downloaded the files purposely on some occasions for analysis….

ESET’s NOD32 (my AV program) failed to detect both these files as bad!  I uploaded both for analysis to ESET and one has since been found to contain a trojan, a variant of Win32/Kryptik.AWY trojan!  This trojan has been in the signature database since 21/10/2009 when NOD32 was the only AntiVirus program to detect it!  So things aren’t that bad.  Presumably, if I’d have ran the programs NOD32 would’ve kicked in, but I haven’t tried that yet.  The setup file was only first detected as malware yesterday, and then only by a few vendors.  The analysis of it’s actions is particularly revealing as along with a shed-load of new registry keys, it also modifies the ‘hosts’ file!

NOD32 wasn’t alone in this scanning detection failure.  I tried the online scanners of Trend, McAfee and AVG on the two files and they all failed to detect anything!  Time constraints meant I didn’t try Kaspersky, Symantech et al, but I’m fairly certain that the same results would’ve happened.

Conclusion

Everything is not as it seems!  Be very careful what you click on!

Send any suspicious file to VirusTotal.com as it has quite a crack at finding out the truth about files from it’s methodology of using most of the Anti-virus vendors.

As for my website here, the recent referrer back-links are now gone as they made me look like a pointer to bad sites, and I’m not.  Whether it’s possible for this sub-domain behaviour to be blocked, probably depends on the website owners, as it’s not the browser’s fault.

What I have noticed, is:

  • A lot of these malware sites are hosted at my old crap host, ixWebhosting.com  (If I recall, a setting exists to block sub-domain creation)
  • A lot of host sites are in Arizona, Florida and Utah
  • A lot of malware sites can be traced back to China & eastern European states.

Make of that what you will.  If I spot any more ‘tendencies’ or ‘co-incidences’, I’ll add them to the list.

Related Posts:

Monavie, Gillmap, Idaho Falls, Google Treasure Chest and Oprah

Monavie, Gillmap, Idaho Falls, Google Treasure Chest and Oprah Winfrey

Introduction

Oprah Winfrey speaks at the Barack Obama rally at UCLA

Oprah Winfrey

Last June, a contributor to this website @Not Kevin made a telling entry here (http://strangelyperfect.tv/4308/google-revolution-different-name-same-scam/#comment-1589) that has direct prescient relevance to the court case in the USA that Oprah Winfrey has heaped onto a host of companies and individuals for using her name to promote their products. (see here and here for instance)

The original posting was part of my investigation into how the original Google Treasure Chest/Money Tree scam was morphing (and is still!), into various other scammy operations while continuing along the same murky path.  Paul at workathometruth.com shows that even though the scammers changed for a while after the Texas and Utah court cases started, they now seem to have reverted to type…

http://www.workathometruth.com/blog/2009/09/16/kevinsmoneytree-org-and-sandiego-tribune-news-com-review/

In my eyes, the stuff in his video is just as conning as it was a year ago and demonstrates the complete contempt that these people have for the law and the on-going charges against them!

Details of Oprah Case

A recent commenter (Matt Jezorek) said that their are six degrees of separation between these scams – but I begged to differ…  it’s about 2 IMHO!!!

Monavie Stuff

Monavie Stuff

Oprah, one of the world’s richest women, has taken umbrage at her name being used to promote all sorts of stuff; acai juice, teeth whiteners etc.  On August 18th this year (2009) she and her company filed charges against a host of these people.  Prominent among these was Monavie, the very same company that’s picking fault with Lazy Man!  (It’s been an observation of mine that criminals and borderline criminals shout loudest just before they cave in…).  The killer posting is here.

You can read the whole Oprah charge sheet here: http://www.marketwaveinc.com/oprah-vs-monavie.pdf

It’s quite a thing, with ~40 defendants named. To spread the word and put some load on my server, you can download it here, oprah-vs-monavie-etc.pdf, also!!  It’s a right riveting read I can tell you.

The point with @Not Kevin’s original research is that many addresses and company names listed as defendants to Oprah’s charges are in his original comment!!  So well done @Not Kevin!

Analysis

One that attracted my attention was Gillmap.  It’s such a daft name that it stands out!  Not Kevin and I have the County Durham address as:

Gillmap Limited
9 Broomhill
Stanley, DH9 8AZ
Durham

Oprah’s charge sheet (paragraph #15) shows the address as either:

Gillmap Limited aka Natures Perfection
600 SW Army Post Road,
Des Moines, Iowa 50321

or

Gillmap Limited aka Natures Perfection
4977 Fairview Avenue,
Boise, Idaho 83706

In Oprah’s paragraph #32 we find JDW Media from Idaho Falls which Not Kevin addressed perfectly.

There are also defendants from Henderson Nevada, Phoenix & Scottsdale Arizona, Florida, Ontario, Wilmington Delaware and elsewhere.  Many of these addresses and places have popped up in our research over the past half year.

Monavie comes in on paragraph #46 of Oprah’s charges.   In paragraph #51 we have some folks from honest Sandy, Utah.  Sandy in Utah is the hole that started my whole investigations running way back in April with, Google Treasure Chest – it’s a scam and a half! It turns out that Orem and Spanish Fork in Utah are also on Oprah’s list.  These towns along with Salt Lake City, Draper and Provo figure prominently in my research.

Robert G Allen

Robert G Allen

In paragraph #29 we see Rauscher Bekke aka ReVLife etc.  One of their addresses is

12399 Belcher Road South
Suite 140
Largo, FL 33773

..which appears as one of the spammers I wrote about with regard to chubby Robert Allen and the rest of the scum hanging round the Utah/Idaho border, here, http://strangelyperfect.tv/3533/robert-g-allen-grants-and-a-credit-card-slimeball/.  The other address appears in paragraph #18 as,

2375 East Camelback Rd.
5th Floor
Phoenix, AZ 85016  (different zip code though!)

Not Kevin also pulled out:

871 Coronado Center Drive,
Henderson, NV 89052

…”which appears in paragraph #17

Many individuals are named by Oprah.  However, her lawyers have had the same difficulty in unravelling the miasma of interlocking companies and sites involved.  In the court document they say they are currently after 500+ websites and their owners and will amend the document when they are traced.

That’s one seriously annoyed Oprah!

Conclusion

Don’t mess with Oprah.

A Flying Pig

A Flying Pig

That’s enough analysis.  I haven’t been through every address to see if we’ve picked them up previously.  But like I said at the beginning, I reckon there are only 2 degrees of separation between any of these scam-meisters.  I can’t wait until Oprah’s team hack through the other 500 sites…

Of course, the outcome of this court case and the others isn’t known yet.  All these companies could be like  goody-two-shoes and that we’ve all (including Oprah) got them totally wrong.

But I don’t think so.

Extra Information

On top of the Oprah case, the Texas case and the Utah case, last August also saw the Illinois AG file a similar case against acai snake oil purveyors.  See  http://www.illinoisattorneygeneral.gov/pressroom/2009_08/20090819.html Links to complaints forms are provided on that page, if you think you’ve been swindled.  This is the charge sheet(pdf).

Related Posts:

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me