Tag Archive: Graphics

Estonian Spammer Forges CBS and The Guardian

Get Rich Quick Scam Forges Genuine News Agencies Web Pages

Gmail Spam

Gmail Spam

I recently received two emails from a friend’s old Hotmail account, but to two of my email addresses.

Email Spam

Email Spam

Probably, the account has been hacked as I could detect no spoofing in the emails’ headers.  These are the emails, with the email addresses blacked out.

Initial Email Investigations

The text is similar in that they try to entice a user using pretty poor English to click on the shortened URL links, which are active.

Here’s how the links work:
To my Email address;
cbsbusiness9

cbsbusiness9

I had http://cbsbusiness9.com/index2.php?/5260 which then goes to

http://cbsbusiness9.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

To my GMail address;
cbsnews-article

cbsnews-article

I had http://cbsnews-article.com/index2.php?/4032 which then goes to

http://cbsnews-article.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

The screenshots show the results using a neat Firefox plugin, Flagfox, which displays the source IP address and country on mouse-over.

The WHOIS’s of each domain are almost identical.  These are screenshots.

whois.domaintools.com screen capture 2012-12-12-17-12-26 whois.domaintools.com screen capture 2012-12-12-17-13-17 That Arthor Brown’s a one, eh?  Notice the Ukrainian, Russian and New York connections?   Who is/are  or what is:

TNew line ave 172 95
NY, 18274
UNITED STATES
+1.7343541732

Google Search on +1.7343541732

Google Search on +1.7343541732

Googling the phone number pulls out a heap of (not)surprises including an awful cesspit of scamminess that’s now starting to rival Pacific Webworks’ Google Treasure Chest and Jesse Willms’ Colon cleansing efforts!  (We saw these scams a few years back – check the links)

Just check out the fake news and dodgy sounding sites in the search results….  These are the first couple of pages of current search results:

  • Com-news8.net
  • Bcnews8.com
  • Dildobigg.com
  • Raspberry-Ketone24.com
  • BigGgEts.com
  • HurtGuys.com
  • GrowsPeniss.com
  • HugerAss.com
  • Com-news9.net
  • Com-nbcnews9.net
  • coloncleanse-extreme.com
  • nbc9news.com
  • nbc1news.com

Arthor Brown is in most of them with his Yahoo! email address as [email protected]   Please don’t confuse him with this Arthur Brown, but yes, handle all of these websites like Fire!

Forged Webpages of The Guardian Newspaper

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsbusiness9.com screen capture 2012-12-12-16-3-23

cbsbusiness9.com screen capture 2012-12-12-16-3-23

The Guardian, is an old and respected news organisation in the UK.  CBS is a long-established US media network.

They, and the purported author of both webpages, Sirena Bergman, must be pretty pissed off about the hijacking of their names.

Also to be annoyed, is Lloyds TSB Bank who apparently are “in association” with this get rich quick scheme for work at home moms!

Completely Forged News Articles!

Indeed they are.

  • The articles are dated “December, 11:41”, which is odd since there’s no day, just month and time!
  • Both articles are embedded in genuine Guardian web-pages, with all the links surrounding the article going to genuine Guardian web-pages or genuine advertiser websites!
  • The hook links in both forged webpages go to http://workinghome22.com/go.php

The forgery is done in the same manner as the well-known phishing scams done for banks and on-line finance and insurance.

Apart from the images sourced from The Guardian, the scammer’s images are sourced from:

  • ddmcdn.com which is HowStuffWorks.com!
  • localconsumeralerts.com
  • prosperadtracker.com
  • ophan.co.uk

So, Who Is workinghome22.com

Bad Gateway

Bad Gateway

The first link was dead, opening a bad gateway so the expected redirect didn’t work.  The tracking pointed back to Ireland!

Bad Gateway

Bad Gateway

The second link worked, but the sweetly named workingfromhome22.com wasn’t the destination.   No, the link immediate re-directed to http://onlineincnow.com/2/?aff_sub=72

Well, at least the affiliate number 72 is getting paid….

But hang on, who exactly is workingfromhome22.com?
workinghome22.com screen capture 2012-12-12-16-31-44

workinghome22.com screen capture 2012-12-12-16-31-44

Well, typing the URL directly takes me to workingfromhome22.com!  This is it!

Cunningly, you’ll note that it’s pulled out my home-town as Bournemouth (where I live) with that awful “mom” Americanism!  No-one in the UK addresses their mother as mom…  I mean, FFS?

The webpage links, containing the disreputably used graphics of Thomson, Reuters, CNBC and NBC Universal all point to http://workinghome22.com/go.php, which is of course in this domain.  So let’s click it, shall we?

Well, pctrck.com is trying to load, but not much else.

Reversing then trying to exit workinghome22.com produces a pop-up of dubious functionality!  Check the words – there’s no cancel button!

workinghoome22_Popup

workinghoome22_Popup

I did however manage to successfully close this page following that.  Whew!

Now Back to onlineincnow.com

OnlineIncNow Location

OnlineIncNow Location

The previously mentioned http://onlineincnow.com/2/?aff_sub=72 is located in the USA.

So What Is It Up To?

OnlineIncNow.com Whois Record

OnlineIncNow.com Whois Record

Good Question!   A WHOIS puts the registrant in China with the DNS servers in Russia!

As I mentioned earlier, the similarity of the scamminess of this thing is just like the Google Treasure Chest/ Google Money Tree / PWW scams of old.

The site is plastered with the logos of well known businesses to ad an air of authenticity to things (just as the original hook sites used The Guardian Newspaper and CBS in the same way) yet at the bottom of the page they disingenuously ad:

This site and the products and services offered on this site are not associated, affiliated, endorsed, or sponsored by NBCNEWS, ABC, USA Today, CNN or Fox News, nor have they been reviewed tested or certified by NBCNEWS, ABC, USA Today, CNN or Fox News.

onlineincnow.com T&C Screenshot

onlineincnow.com T&C Screenshot

Despite all this, it is of course bollox set to deceive.  In fact, it now appears that it’s the well known negative option scam, used by Pacific Webworks (PWW) and Jesse Willms to good effect until they were found out.

Let’s see how this pans out, shall we?…..

Check out the T&C page from the tiny link in the page footer – screenshot on the right.

  • They say that the applicable law is the State of Florida.
  • You will become a “member” and the key phrases are here:

You must register as a “Member” with Online Income Now to access certain functions of the website. You must provide current, complete and accurate information about yourself (the “Registration Data”) when registering as a Member. You agree that such information is truthful and complete. You agree to maintain and keep your Registration Data current and to update your Registration Data as soon as it changes. You are responsible for maintaining the security of your password. Online Income Now is not liable for any loss that you suffer through the use of your password by others. You agree to notify Online Income Now immediately of any unauthorized use of your account or other breach of security known to you. You also, by becoming a Member, agree to report violations of these Terms and Conditions by others to Online Income Now.

For a limited time only, the cost of this product is $97.00 ( usual price $299.95 ) and every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

MATERIALS PROVIDED TO Online Income Now OR POSTED AT ANY Online Income Now’s WEB SITE

Online Income Now does not claim ownership of the materials you provide to Online Income Now (including feedback and suggestions) or post, upload, input or submit to any Online Income Now Web Site or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Online Income Now, its affiliated companies and necessary sublicensees, permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.

You’ll see that “Online Income Now” will:

  • make you a “member” (of what?)
  • and you will be regularly billed, (why?)
  • and that for anything you post, upload etc (wah?  whadya mean?  Where is this uploading?),  “Online Income Now” will take no responsibility for what you do!

…………….which is curious as you don’t know what you’ll be doing and they have invited you to do it in the first place!!!

Now Lets Click The Link!  Follow that Opportunity!

onlineincnow.com screen capture 2012-12-12-17-46-50

2 Spots Left!

Amazingly (sarcasm alert) there are two “spots” left in my area!  This is the page… http://onlineincnow.com/2/index2.php

Michelle Johnson is the “guru” who will tell me everything!  So what do I do?  I have two options:

  • Back out
  • Sign up

Let’s Try Backing Out, Shall We?

CannotBackoutFromOnlineIncNow2

Cannot Backout From OnlineIncNow 2

CannotBackoutFromOnlineIncNow

Cannot Backout From OnlineIncNow

Well of course, they won’t let me.  It takes two goes to get out and the first one completely takes over the browser!  Bad.  This is B.A.D.

Ah, well.  Finally escaped.

Let’s Try Clicking to the Signup Page, Shall We?

secure.onlineincnow.com Data Entry Screen

secure.onlineincnow.com Data Entry Screen

I decide on my name, “Jobless Jake” and a random phone number…. The website is now https://secure.onlineincnow.com/2/cc_97.php

What I see is bad, really bad, and any attempt by this pack of jokers at saying they don’t run a negative option scam is now revealed on this sign-up page!

The scam is now revealed for what it is – a negative option scam!        Read it carefully…..  They expressly say;

By enrolling, you will be charged a one-time fee of $97.00

In teeny-tiny letters, note!

But remember, right back buried in the T&C’s they say;

every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

This is expressly against the FTC code and laws in most countries.  If any extra charges are to be levied for any service or goods, they should be expressly stated on the sign-up page where the customer first enters their financial details.

Gotcha! You Bastards!

Okay, I’ve Had Enough of This. I’m Off!

“Not so fast, young Jobless Jake”, say onlineincnow.com……!

CannotBackoutFromOnlineIncNow3

Cannot Backout From OnlineIncNow 3

They’ve an extra 20% off plus and extra bit of webpage-erese!  The screenshot says it all, though it wasn’t the end of it.  I had one more “Leave Page” option like the earlier one above.

Conclusion

Negative Options are banned by law in most countries.  If you get collared by one, you’ll have a job stopping the bastards taking money from your account for ages.  The only sure way to stop this once you’ve been sucked in is through….

  • Chargebacks.   Get your bank or card company to get a charge-back saying the terms of trade or purchase were hidden (as seen in my screenshot above).

So………………….

  • It’s a scam.
  • Stay away from it.


Enhanced by Zemanta

Related Posts:

Jesse Willms Favourites

Latest News

Hi internet folks out there in YouTube land!

Many of you will have heard of me.  As you know, by running a nice steady stream of dodgy internet websites I’ve amassed a lot of money which I have to give away as I’m now a filanthropist pfhilanthwopist philandpissed fillypist fullypissed philantropist.

And while I’m doing it, I’d charitably like to tell you about the most amazing things I’ve found on the internet (or web as it may be known to you newbies).  These things are absolutely amazing and you really need one now!

Of course, in between charitable giving I like to talk about gadgets and girls, my two favourite topics apart from me and my charitable works – so first off:

The Gadgets you really must have!

(I’ll get around to Britney Spears later, f-nar, f-nar)

Ferrari

Ferrari

Ferrari 458 Italia

Broom

First off, check out the new Ferrari Broom?    This FANTASTIC piece of kit is the dream piece for at least three of my mates and is a complete bargain at any price!  It’s a clean sweep at any set of traffic lights!

Also comes in red!!   Amazing!!!

Graphics Cards

Broom GTX

nVidia

Don’t get left behind in the high-tech stakes!

The latest cards from nVidia are a must have for anyone wanting to stick at the top of the tech game.!  And the new Broom GTX has more b-b–r-r-r-ooom than anything else on the market, you can trust me on that one!

Mobile Brooms

The latest mobile phones from Broomsung are just the thing to have at a celebratory party following a charitable jog….

..err that’s enough broom for now (Ed)

…(article discontinued due to boring gibberish)..

[By the way, I'm not the Jesse Willms
that's famous for ripping people off. 
No way!  No sirree! 
I'm the other Jesse Willms.]

Reference Websites:

  • http://www.slivideocards.net/jesse-willms-favorite-graphics-card-asus-nvidia-geforce-engts-450-1gb-review-part-1.html
  • https://www.youtube.com/user/kbryant991
  • http://www.progressivereadingseries.org/inspiration-critical-success-of-jesse-willms
  • http://theurbanblogger.net/2010/10/learning-internet-marketing-with-the-expert/
  • http://www.concerningdivorce.com/breast-cancer-hospitalization-bill-2010-internet-entrepreneur-jesse-willms-partners-with-four-charities-donates-100000.html
  • http://www.drossinismuseum.com/news/encourage-yourself-to-make-charity-by-looking-at-jesse-willms-profile.html

..that’s enough, I’m vomiting profusely (Ed)

Related Posts:

Comments are closed

Jobs at Just Think Media

Interesting info on Jesse Willms and Just Think Media…

Now that my Google Alerts’ portfolio has expanded, I’ve seen two jobs advertised at Just Think Media. Somewhat appropriately, they are for a Web Designer and a Legal Assistant!!!

See:

These are the screen-shots below for when the adverts are eventually pulled:

Legal assistant job in Sherwood Park - Simply Hired Canada

Legal assistant job in Sherwood Park - Simply Hired Canada

Find Jobs - Web Graphics Designer Jobs in Edmonton, Alberta - Just Think Media

Find Jobs - Web Graphics Designer Jobs in Edmonton, Alberta - Just Think Media

Interestingly, and yet somehow not surprisingly, the second advert for a web designer (shown right), includes at the bottom, one of those scammy adverts for teeth whitener!!!

You can’t make it it up, can you?

Postscript

The teeth whitening ads take you to these websites below in turn.

  1. http://jennysteethwhitening.com/01/  This is a fake blog, a “flog” as they are called, which goes to two website links
  2. http://www.softteethclean.com/lp2/?aid=eads&sid=402055&hid=378851854#utm_source=eads&utm_medium=402055&utm_term=378851854&utm_content=Go+White   This finishes off with that Consett address again! – LB Envision Net Worldwide Ltd., DH8 0LH Blackhill.
  3. http://www.altawhite.com/   This last website here is notable for having an enormous list of medical exclusions and ingredients, yet mysteriously does not tell a potential purchaser who they are actually buying from….
A Flying Pig

A Flying Pig

It’s nice to see that a few million-dollar law suits haven’t kept the scammers down.  It gives us all something to talk about because I enjoy it so much…. NOT!

Related Posts:

Windows 7 Impressive First Experience

Windows 7 Ultimate Install

To say that I’m seriously impressed is an understatement!

Having an MSDN subscription confers certain benefits, but for most Microsoft stuff that I have to use, it’s usually an exercise in teeth-gritting somewhere from the banal to the infuriating as I plod on through.

My personal experience of Vista comes into the latter which is why I’ve never used it and have stuck with XP… like most professionals in the Windows camp have done.

Windows Experience 2.0

Win7 1st install showing it working on minimal system specifications

Win7 1st install showing it working on minimal system specifications

Having only 2 x 256MB memory sticks in my old main-board, and because of it’s on-board graphics there’s only 383MB spare for the operating system, I installed the thing onto a bit of spare hard-drive (an old Samsung 160GB IDE) and was amazingly surprised by the ease of the install…

  • XP is still there and appears on the new boot menu.
  • Networking worked out of the box and I flipped between the configurations with absolute ease.
  • All the drivers were installed straight from the Microsoft website:
    • ATI Radeon system and graphics
    • Realtek sound and network
  • Once drivers were updated, the monitor was detected and set up automatically.
  • The networked HP All-in-One printer installed in seconds…
  • The new taskbar/start-menu right-click pinning works like a charm.
  • IE8 is installed by default and Firefox can be installed and defaulted without any bother
  • I even like the new  way of classifying user files and the concept of “libraries” is intuitive and easy to use and understand.

Absolutely amazing – even the aero interface works!

Windows 7 system requirements

Windows 7 system requirements

For a bit extra speed, the aero has been turned off in the “Themes” area.  Also, I don’t actually like it that much, but that’s just me I guess. More importantly, my system is well below the Microsoft Minimum System Requirements – I only installed it for a laugh and to see what would happen!

You’ll see in the screen-dump above, (which contrasts markedly with the Microsoft Minimum recommendations), that windows rates the system as 2.0 – it recommends 3.0 for the Aero interface.  What I plan to do is stick 1GB of memory in the spare slots from my other PC, and then put new giblets in that one’s box.  I intend to make that one a 4-core 64-bit platform to play with this new Microsoft OS….  Reaper should work fantastically!

Windows Experience

It’s truly an order of magnitude better than Vista and 5x better than XP!

In actual fact, it’s more like the jump from 3.1 to Win98.  I have actually been smiling at how good it is! The effort Microsoft has put in seems to have been worth it – this same install that I’ve just done is supposed to work on netbooks with ARM processors!  In fact, the claim that file-copying is faster on a Win7 Arm laptop than WinXP is probably true – I just copied several gigs of user files from the old partition which went extremely quickly.

All this copying was done after installing Office 2007 Ultimate and ESET’s NOD32 antivirus software (which works much better than on WinXP, by the way).  Microsoft’s Defender is installed and runs by default – it’s a spyware catcher and doesn’t seem to slow stuff up.

However, to show how impressed I am, the copying was done while Windows/Microsoft Update downloaded ~300MB of updates!!!  Before the copying was finished, the long process (about 20mins) of installing the updates had begun…

This is some serious disc and processor activity, I can tell you – and all done on a single 64-bit processor running in 32-bit mode in 383 of system memory!  It never missed a beat or got confused once!

In fact, during the copying, it prompts for Videos/Pictures & Music, which were previously in the \My Documents\My Music\ etc path to go into their correct library!…..   It’s the little touches like this, plus the sensible ease of installing programs (goodbye to Vista mad-clickitty-click HELL) that has put oodles of polish onto an already robust and comforting experience.

Conclusion

  • I’m typing this as Win7 is de-fragmenting the old partition.
  • I’m doing it from within Firefox (running the Web-Developer, Screengrab and British Dictionary plugins)….

……so you’ll guess that I’m impressed by this serious bit of software kit.  With another Gig of Crucial Ballistix memory it should fly even more and be good for another three years!

Finally: Never in a million years could I have dreamed of praising Microsoft so much!!!

Related Posts:

More on Google Profits and Pacific Webworks

What a tangled web we weave...

Oh What a tangled web we weave…

Oh What a tangled web we weave…

Back on May 1st I checked out this particular morph of the Google Money Bollox Kit Chest Scheme Plan…  See here.  I just had to show it because of the naff spelling and wordage, plus the inconsistencies in the text and graphics, and company name changes.

Normal

Of course, I’ve now realised that this is all totally normal and is done on purpose to keep Propellor heads busy..  At the time, the penultimate link in the chain of signing up, was:

Propellor Head

So I thought I’d check if it still worked, it being a “secure” connection with session ID, and myself having been through several incarnations of Firefox as well as frequent cache and cookie clearances….

Copyright © 2009 Google Profits™

Well I was still laughing at the dinky trademark sign when I fired up (in)s3curehost dot com.  They obviously consider it something worth protecting!

Work from home with google

Work from home with google

You’ll not be surprised to know that s3curehost.com still exists (so much for security and session IDs?).  I’m actually surprised, in a small way, that they still keep pumping this stuff out. A Whois shows that  s3curehost.com is “IntelliPay, Inc.” a.k.a. “Pacific WebWorks, Inc.” who we’ve already looked at in Salt Lake City on the original Google Treasure Chest – It’s a Scam and a Half posting.

The “Google Profits” web-page has changed slightly, but the incompetent spelling and characteristic inconsistency is reassuringly still there!

It’s to good…  Earn $978 a day… Google Profits – eAuction, which one is it?

I left my “qualifying” to another day, so I haven’t found out if I’m ‘eligable’ yet.

Pacific Web Works

Pacific WebWorks, Inc.

Pacific WebWorks, Inc.

There are two things of note about this business, apart from the “Microsoft Certified Partner” logo. [added 26/10/2009: Matt at scamtimes.com has checked out the claim to be valid here in this comment below. However, it seems very easy to get this ‘logo’ certification.]

  1. The phone number at the contact page here: http://web.archive.org/web/20100507231016/http://www.pacificwebworks.com:80/contact_pweb.htm, which is:
    230 West 400 South 1st Floor
    Salt Lake City, UT 84101

    phone: 801-578-9020
    fax: 801-578-9019
  2. It’s business is an integrated solution for other internet based businesses – my description(SP).

At first glance it’s a normal business for this line of work.  Here’s what they say about themselves and their custom  software suite:

  • They have “assembled a staff of professional trainers, coaches and support specialists”
  • They have “built a state-of-the-art data center” which takes “care of everything, including hosting, manpower, and technical details”
  • They provide “Tools for creating, managing and maintaining a web site”.
  • They provide “Electronic business tools, including storefront hosting, shopping cart and Internet payment systems.”.
  • They provide “Internet Marketing tools, including automated customer database, survey, and e-mail marketing tools.”.
The Plot Thickens

The Plot Thickens

So far so good.  And the database – that must be where all the contacts are kept, securely, private?

Now check that telephone number again.  It was the 9020 that did it! Like primeval intelligence, it’s come back from the depths of my mind.

It’s listed as the main contact point for Google Treasure Chest, etc, many times.  See here and here for two of my posts.  Now check this google search for the phone number 801-578-9020.

There are 1780 results, nearly all are complaints about being ripped-off or scammed.

Another word for rip-off or scam is the legal term, theft.

Conclusion

Chain link

Like links in a chain

Pacific Webworks are still in business – in fact, business is booming and they are reported to be in the top 40 Utah companies!  (http://www.earthtimes.org/articles/show/pacific-webworks-receives-recognition,890942.shtml).  I’m not sure who this lot are doing the reporting, but I can guess the connections…(added 3/3/10: Link to Earth Times removed.  This ‘business’ contains several puffs for PWW.  Like most dodgy websites, it’s domain WHOIS is hidden, by Domains by Proxy, again! – SP)

What a tangled web we weave...

What a tangled web we weave…

This industrial resource, http://resources.bnet.com/topic/pacific+webworks+inc..html, shows that the company had sales >$9m last year for its 34 employees. This is very interesting!  The same source shows, on this page, that profits are doubling at the company this year.

This is good news for all the people ripped off by Eborn et al.

Because the company, having exactly the same phone number as the main protagonists in the Google Treasure Chest scams, now cannot fail to be connected by the FTC in their investigations and imminent court cases.

And from what I recall from the closure of the call centre, is that 200 employees lost their jobs.  This is the same call centre that had 801-578-9020 as the contact number!  It was people working at the call centre who said that 200 people worked there(see http://www.topix.net/forum/source/fox13now/T28A5BU37IS57DC8C/p3).

 

Weakest Link

So there isn’t just a partial business relationship between Pacific Webworks and one or more plaintiffs mentioned in the FTC charges, they are intimately connected.

Related Posts:

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me