Google Treasure Chest – it’s a scam and a half!
While fishing around for some chords I came across azchords.com – as you do. They’ve a shedload of Google ads and I accidentally hit the banner ad while trying to get rid of pesky popups (why do sites still do this now?) I was taken to the website of someone called Kevin Hoeffer and an honestly dismal automatic sales pitch. https://www.kevinlifeblog.com is the address.
Kevin, of course is anonymous because his website uses WhoisGuard. This “protects” the domain holder from spam, they say. Well that’s one thing it does – another is that it make it hard to trace spivs. Anyway, he links to EarnFastCashwithGoogle. This is the link:
You are then redirected to this page where you have to enter various address details:
I did so using the address of an electricity sub station. (yes, I know). Once all the boxes are ticked and the funny little easily resettable timer is ignored (but noted as a clue to a very good social engineering type scam), you are taken to this website:
In here, the warnings should really be going off in your head by now! They ask for your credit card number, expiry date and CVV number! And all to get $1 from you!
securecartcenter.com has another hidden domain registration like WhoisGuard but this time with domainsbyproxy.com Surely I can find a real name behind all this? And don’t call me Shirley. Well right down at the bottom of the credit card screen are some words, well out of normal view. The whole thing is a signup for Google Treasure Chest who are in no way connected to Google, they hastily point out. There’s an address in Cheyenne, a house on the corner with about 20 businesses registered there according to Google Maps. SecureCartCentre isn’t one of them!
In the source code for SecureCartCentre we find that images are served from bloosky.com who serve advertising campaigns. Fish through the folder structure and examine various files. Google Treasure Chest is there. Check out some css files and you’ll find that some are loaded from discovertotal.com , which has a contact of bloosky.com So far so good. If they’d have stuck an htaccess file in there I wouldn’t have seen that, ho hum.Click that and you’ll get the folder structure for
Instant Google Kit
Lots of stuff points to this. http://googletreasurechest.com/index.php/home.html It’s the homepage for this ferago. Interestingly, down at the bottom all the links are to this site except for one, the signup link which goes to: http://web.archive.org/web/20090330184905/https://www.redtomorrowfield.com:80/z/gtc2/?cy=10&pr=19&af=16&ad=19
These are also shrouded from enquiry by DomainsByProxy.com The site actually looks like the treasure chest one – weird. The form at the bottom is similar to the previous address form but the email address is validated by ebizsuite.com, an eCommerce company.
So Where’s The Problem?
The problem lies in this selection of links below. There are hundreds on the web. No-one has anything good to say.
At the bottom of the signup page, is the text:
By submitting this form I authorize Google Treasure Chest to immediately charge my credit card for instant access to the Instant Google kit. I hereby request that Google Treasure Chest activate my account and authorize them to advance funds as indicated. Monthly Service fees will commence seven days from the date of this purchase, and will be billed monthly thereafter. After the seven day trial you will be billed seventy one dollars and twenty one cents USD monthly for the continued access to the software. No refunds will be given for failure to use the requested and provided services. You may cancel at anytime by writing to 2510 Warren Ave Ste. 3363, Cheyenne, WY 82001 or calling 866.951.1406. Google Treasure Chest is not affiliated with, endorsed by or in any way associated with Google. Results vary. Individuals have been remunerated. All Content Copyright © 2005-2009, Google Treasure Chest. All Rights Reserved Worldwide.
That’s the problem you see. It’s almost unreadable. As everyone found out, instead of a dollar, they all had $71.21 taken away – monthly.
When I started this little investigation, I thought it was a straight phishing expedition to get credit card details. Instead, it’s a curious grey fuzz of almost legal chicanery. Watch out!
Addendum Posted 7 April 2009
The original popup ad was for a ‘person’ called Kevin Hoeffer with his honestly dismal automatic sales pitch. Today I came across another who mysteriously, used to work for a pipe company! This is on this website http://web.archive.org/web/20110208043425/http://joshmadecash.com/ The actual text goes like this (one paragraph only shown):
A year ago I was an account manager for a (drum roll) a pipe manufacturing company. Not exactly what I dreamed of when I was growing up. The job I had before that, I used to work in at a mortgage company. That job I did like. Initially I was one of the processors and then started working in the sales department. That was really exciting 5-6 years ago. I was trying to learn the ropes as a salesperson and then eventually I really did start to make some money. I was doing well 3-4 years ago. Then as you know the mortgage industry just took a huge down turn. Along with every other industry and jobs available.
Naturally I wondered how many sites there are with this former pipe company (drum roll) bit of spiel going on. Try this Google search on this string “A year ago I was an account manager for a (drum roll) a pipe manufacturing company. Not exactly what I dreamed of when I was growing up.” to see how many. Actually Google says over 100! (202 on 8 May 2009!!)(268 on 29 May 2009!!)
Addendum 10 April 2009
- wafflesatnoon.com dodgy site list #1
- wafflesatnoon.com dodgy site list #2
- US FTC fines Software CD scam company $3million!
- USA Better Business Bureau – send complaints here
- List of postings by ‘It’s Easy To Fix This’ – This person variously claims (in successive posts!) to ‘represent’ or ‘is affiliated with’ Google Money Tree.In these posts he claims to have checked the phone logs and to have enabled refunds for people. Some replies seem to be validated, so if you want your cash back, then this is the guy folks!
Sorry. This isn’t a link. It’s a visual comment on the previous one! The previous one in the forum has 414 replies and has been viewed 122,523 times when I last checked. Those figures say it all, I think.
- Drill Down Through bsadn.pantherssl.com – Follow up post containing businesses located on the same image server and probably linked to the same people
- Google Kit, or Treasure Chest, the Plot Thickens? – Another follow up post containing more of the same plus some extra investigations…!
- Two posts and zillions of comments from “I’ve Tried That” here and here. There are another batch of phone numbers here, plus a comment from Sharon states that the numbers belong to Collection Agencies that are only too happy to cancel subscriptions because they get paid to do so!! The worst bit was the guy who paid out $3k for ‘training’….. (added 15/4/2009 – SP)
I’ll continue to post extra info here, instead of in the threads below in order to make it more accessible. I seem to be finding stuff out here on an hourly basis, and most of it is depressing as it reveals the vulnerability of the human condition. So please folks, always remember,
“If it looks too good to be true – it is”
Latest News: 27 April 2009
- Texas Sues ‘GoogleMoneyTree’ Promoter – Scam uses high-profile name to deceive consumers, state charges
From this article, we see that the ‘company’ behind Google Money Bollox is “Infusion Media Inc”. Try a Google search on the name here. For a company that’s been behind sooooo many different scammy websites, there are only 173 results. Nearly all relate to their dodgy dealings.
We also find that this guy, Philip Danielson, since Dec 2008, seems to have been handed the poisoned chalice that is some form of legal representation for Infusion Media Inc!!
More Related Links
- Comments about 8882089320 number:
- RipOff Report says they’re okay?
- Texas Insider
- Texas legal Summons, Restraining Order etc, served in Travis County (pdf download)
- Jonathon D Eborn’s house of restraint INSERT_MAP
- Fake “work-at-home” schemes discovered – Austin News; full of links and sample PDF files about the charges!
Addendum 2 May 2009
BBB Bloosky Bollox bsadn.pantherssl.com CASH CLAIMS Company Complaint Complaints Board Contact Copyright Court creative credit card CSS cyprus Different DIY dodgy Domain Download Dream Drill Down election Electric Email engine engineer EXACTLY expedition Extra filter Fish FORM FTC good GOOGLE Google Ads Google Kit Google Maps google search google treasure chest Government Happy Ho Hum htaccess HTML HTTP Human HUNDREDS industry Internet investigation Kettle Kevin Hoeffer LATEST Latest News legal lemon lynch mob Mad Malta money Money Tree Monthly Service name NEWS NORMAL NUMBERS OKAY ORDER Pacific Pacific Webworks pantherssl PDF PHP Plot Thickens poison POST PR privacy profile program Protect PWW RE REAL REGISTERED registration RELATED Related Links rights Rights Reserved ripoff scam securecartcenter SERVICE SERVICES SOFTWARE Source Code SP Spam SSL STE Success Technique Texas The Box Treasure Treasure Chest trial TSB TWENTY UPDATE USA USD Utah View Larger vulnerability war WARNINGS Weird whois YEARS