EMZ
@verizon.net
| reply to jswanson
Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot
Thank you for the information in this forum. I have just cancelled my credit card after seeing an item appeared in my Citiibank statement from PHOTOS PARADISE 214-7175031 TN for $8.88. The merchant category shows up as COMPUTERS, COMPUTER PERIPHERAL EQUIPMENT.
I found the following domain registration information which tracks with the culprits already listed in this forum:
Registrant:
HAITAO ZHANG
426 King's Road
Hong Kong, North Point --
Hong Kong
Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: PHOTOSPARADISE.COM
Created on: 12-Jan-08
Expires on: 13-Jan-09
Last Updated on: 12-Jan-08
Administrative Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
+852 8198 0611
Technical Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
+852 8198 0611
Domain servers in listed order:
NS07.DOMAINCONTROL.COM
NS08.DOMAINCONTROL.COM
Registry Status: clientDeleteProhibited
Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited |
|
acadiel
Keep trying - don't give up
Premium
join:2002-06-22
Bloomington, IL
 ·Comcast
 ·DSL EXTREME
| reply to jswanson
The Consumerist just picked this up.
»consumerist.com/385004/watch-out···comments
I wish they would have pointed here, because MGD has done quite a bit of work trying to find out who these scammers are.
--
acadiel's blog is here
|
|
kooooo
@rogers.com | reply to jswanson
Can someone explain to me how this scam makes money? Don't chargebacks cost a merchant $20-$30 per incident? Also, if your chargeback rates are too high, it's my understanding you lose your merchant account. |
|
pcdebb
RIP dadkins
Premium
join:2000-12-03
Tampa, FL
clubs: 
| said by kooooo :
Can someone explain to me how this scam makes money? Don't chargebacks cost a merchant $20-$30 per incident? Also, if your chargeback rates are too high, it's my understanding you lose your merchant account.
essentially for every chargeback (read: each transaction that is caught by the account holder) there is, there is 100 that will go undetected. and they are probably registered with a merchant (authorize.net for example) that dont care.
--
a time for change... | 1st & 10 | Ham is good |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| reply to kooooo
said by kooooo :
Can someone explain to me how this scam makes money? Don't chargebacks cost a merchant $20-$30 per incident? Also, if your chargeback rates are too high, it's my understanding you lose your merchant account.
At $50,000 per month, they don't care that much until the Charge Backs freeze/lock/close the account and that makes them open ten (10) more sites with ten (10) new Merchant Accounts. They have a separate group that does nothing but recruit mules to setup these sites.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to kooooo
said by kooooo :
Can someone explain to me how this scam makes money? .... To add to what pcdebb  and Doctor Olds posted.
The essence of the scheme is that a considerable percentage of the victims may not catch the charge. It can easily be overlooked when an account has multiple cards that are in frequent use. In some cases a person may think their spouse made the charge, and vice versa.
The amounts of the fraudulent charges vary between $3 and $15 and are below the threshold where many people will actively pursue it. Several victims have reported that when they finally caught on, they went back over prior statements, and found several months worth of charges that went unnoticed.
For those that catch and pursue it, there is always a phone number listed on the line item charge, and also listed on the contact info on the hidden website. When a victim calls, the criminals will issue an immediate credit for the charge, and thus avoid the high chargeback fee. In fact, the banks unwittingly assist the criminals sustain each fraudulent operation by telling the cardholder to contact the merchant directly, first. That is exactly what the syndicate wants to happen if the victim discovers the charge, and pursues it.
That is why it is crucial that a victim report the charge as "fraudulent", and insist that it is classified as such. Besides triggering the card to be replaced, it will also generate a chargeback. It is the increasing chargeback ratio that usually causes the merchant account to be cancelled... eventually. Some of these individual sites have been in operation for well over a year. I have seen some that went down in a few months, it all depends on the mix of victims. If the criminals could issue credits to all the victims who complained then the account may never trigger an alert.
I am aware of one specific instance where the criminals were notified about the growing ratio of chargebacks. They responded that their site was being abused by "criminals" trying to buy items with stolen card data. The account rep's response was that after reviewing their website, they should institute an account enrollment policy where purchasers are required to enroll before being able to complete a transaction. He said that would be a deterrent to keep fraudsters away. The criminals responded that this was an excellent suggestion, thanked him, and said that they would immediately adopt that new procedure.
Copies of the criminals handbook/operational manual published in the other thread, show that the merchant account application for each fake site lists an anticipated mpnthly billing revenue of between $40,000 to $50,000 per site. One recent interception had records showing ~ $180,000 successfully processed in less than 4 months, and included a $20,000 wire transfer in the process of heading out to Cyprus being recalled. There can be a lag time of 30 to 60 days for all charge backs to filter through. A rough estimate is that 35 to 40, or more, sites are fully active at any given time. It is an assembly line process, new sites are being created all the time.
Once an operation is up and running, it is only excessive chargebacks that can bring it down, that, or the duped cyber-mule catching on. Because of the trivial amount, many victims are told by the issuing bank to contact the vendor directly "it is probably a billing error, or a purchase that you do not recognize".
Remember the criminals have perfected this operation over many years. They know exactly where the weak points are in the system and how to capitalize on them. One example of that, was a sting operation where potential roadblocks were created during the set up process, in order to confirm known theories of the operation. One of the fake websites that was already set up awaiting the cyber-mules merchant account approval, had the domain registered in a different state with a victim's card, and listed in their name. The syndicate was told that the merchant account approval was on hold, because Authorize.net had questioned why the related website was registered to someone other than the LLC that was applying for the account. The criminals responded that this could not be a valid reason for the hold up, because they knew that authorize.net nor the bank, never checks to see who owns the domain for the website that the LLC that was applying for the merchant account for.
Also, the criminals have recently began to address the excessive charge back ratio by submitting fake documents to the banks in response to dispute notices. They provide a false log of a user id and password including an IP address that the victim supposedly used to set up the account with. There is at least one recent victim report of the bank reversing and reinstating the fraud charge, upon receipt of those false documents.
MGD
|
|
kooooo
@rogers.com | Amazing post. Thanks for taking the time. |
|
CW
@cbpu.com | reply to jswanson
My dad just got the photosmix.com charge and thanks to this post we're getting everything fixed.  |
|
Zenith
join:2008-03-12
Danville, IL
1 edit | reply to MGD
I copied your "how it works post" and pasted it into a word document. Hope you don't mind. Would you have a problem with my pasting it on other forums that may be discussing these type scams? |
|
Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium,VIP
join:2001-04-19
1970 442 W30
clubs:
| As long as you credit it being authored by MGD and include a link back to the post,,,,,,  I would guess he would not mind, but I am guessing and cannot speak for him.
--
What’s the point of owning a supercar if you can’t scare yourself stupid from time to time? |
|
Zenith
join:2008-03-12
Danville, IL
| said by Doctor Olds :As long as you credit it being authored by MGD and include a link back to the post,,,,,, I would guess he would not mind, but I am guessing and cannot speak for him. I would credit it to MGD for sure. MGD is doing a good thing and deserves all credit for the impact that's been made against the bad guys. |
|
pleekmo
Triptoe Through The Tulips
Premium
join:2001-09-14
Manchester, CT
clubs:
| said by Zenith :said by Doctor Olds :As long as you credit it being authored by MGD and include a link back to the post,,,,,, I would guess he would not mind, but I am guessing and cannot speak for him. I would credit it to MGD for sure. MGD is doing a good thing and deserves all credit for the impact that's been made against the bad guys. I copied and pasted the analysis into my blog but also noted that I'd cribbed it from here and gave links to this thread and another similar one here, as well. Though perhaps I should give a more explicit credit...
--
HCN: Because you deserve a rest!
Proud member of the Free Omelas Liberation Front. |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH | I took the liberty of starting a new topic, hoping that others will add text or links for each of the frauds listed and that it will be stickied.
"The FBI wants you to know:" |
|
kooooo
@rogers.com
| reply to jswanson
Don't know if it's relevant, but all of this reminds me of a scam I was reading about on the Paypal/ebay forums a few months ago. feebay removed the thread from their forum, but here's some background:
»voip-hype.com/voip-provider-beta···-a-scam/ |
|
JJBrannon
join:2008-03-10
Newark, DE
| reply to jswanson
I was hit with a photosmix.com in my last billing cycle which I caught last evening while reviewing my accounts.
The charge stood out like a nudist at a church service because this account -- my oldest credit card -- has only been used for about the last two years for a 4% balance transfer I was paying down.
But the reaction of the card issuer's security department was worse than the charge. They sought to terminate the account and issue a new number without any guarantee that this wouldn't adversely affect my credit history.
As a former credit investigator for a credit card bank myself, I thought it likely that this action would erase my longest credit record and my FICO rating.
JJB |
|
ddigital
@sbcglobal.net
| I've been hit by the same scam, only it appears that there is a new domain *and* a new company to add to the mix.
The domain name is mobileglobus.com. A whois entry doesn't turn up much as they have registered it via proxy:
================
Registrant:
Domains by Proxy, Inc.
Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: MOBILEGLOBUS.COM
Domain servers in listed order:
NS21.DOMAINCONTROL.COM
NS22.DOMAINCONTROL.COM
=================
The web site pattern matches the other scam image sites. The amount I was charged was $9.87.
The second charge was through a "P&P Services Inc". The link below (also mentioned earlier in this thread) makes reference to the same company:
»www.ripoffreport.com/reports/0/3···6667.htm
The charge in this case was less; it was $5.56. Anyone have any ideas how to investigate this "P&P Services Inc" any further? A basic Google search doesn't turn up much.
BTW, great job on tracking all of this! |
|
gant
@as43234.net
| I turned up the following:
Registrant:
Bill Hutchinson
3100 Monticello
Dallas, Texas 75205
United States
Registered through: GoDaddy.com, Inc.
(»www.godaddy.com)
Domain Name: MOBILEGLOBUS.COM
Created on: 28-Jan-08
Expires on: 28-Jan-09
Last Updated on: 20-May-08
Administrative Contact:
Hutchinson, Bill BillHutchinson@live.com
3100 Monticello
Dallas, Texas 75205
United States
(214) 443-4225
Technical Contact:
Hutchinson, Bill BillHutchinson@live.com
3100 Monticello
Dallas, Texas 75205
United States
(214) 443-4225
Domain servers in listed order:
NS21.DOMAINCONTROL.COM
NS22.DOMAINCONTROL.COM
Bill is one of Dunhill Partners:
»www.dunhillpartners.com/team.html
Houston BBB info links another name to "mobileglobus":
Mike Allison Communications, LLC
563 Bird Song
League City, TX 77573
(281) 332-9334
www.mobileglobus.com
www.mikeallisoncommunications.reliabilitymall.com
Mike Allison Consulting
563 Bird Song
League City, TX 77573
(281) 332-9334
www.mobileglobus.com
www.mikeallisoncommunications.reliabilitymall.com
Hope this helps!!
Discalimer: All the above are of course entirely coincidental |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable
2 edits | That just doesn't make sense. Bill Hutchinson is a heavy hitter - Romney's campaign committee, for instance.
did ddigital get the site name wrong? There is only a placeholder at mobileglobus.com.
Edit: Looking at cached pages in Google, it appears that it once was a fraud site.
The whois was updated today. I wonder if somebody put Hutchinson's name in there as a red herring??
Kip |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| GoDaddy has apparently taken down mobileglobus.com. In the 05/17 post above by "ddigital" the domain was privacy cloaked by GoDaddy's Domains by Proxy, Inc service. When GoDaddy pulls a site and/or revokes the domain, they remove the cloaking service. The registration posted above by "gant" is how the criminals registered the domain back on 01/28. Probably paid for with hijacked card data, and registered in the victim's name. They they used the same card to pay for the domain cloaking service to make it harder to track and shut down.
I spoke with Mike Allison several days ago, thanks to info provided by mae_aa419 Mike was running merchant accounts for three websites including mobileglobus.com. He also ran merchant accounts for several of the previous "globus" sites that are now shut down. Mike is completely duped and insisted that he is running a legit operation. When asked about the fraudulent charges on all the previous sites listed for him that are now defunct, he stated that someone hacked into them and stole their products using dozens of stolen credit cards.!! Mike stated that he was expanding his operation by hiring staff, because the business was doing so well and expanding.
Mr. Allison was adamant that he was running a legitimate business operation in partnership with Hermeselectro.com. He refused to name the other two websites that are currently in operation. Also, he refused to state where he wires the proceeds, other than to confirm it is a foreign country. He did acknowledge that they all use authorize.net as a payment gateway. Mike also stated that he was aware of several people that had purchased tangible products from the sites, and were very happy with them. I told him that this was not possible.
I sent Mike several links to show him the robust documentation of the fraud, and the crime syndicate behind it. I also gave him contact information for a Texas police officer that he should call, who would corroborate what I told him. Mike was going to digest this information and then get back with me, he has not. He also has not returned any of my subsequent calls.
At the time I contacted Mike, both mobileglobus.com and Mike's personal site: mikeallisoncommunications.reliabilitymall.com were active. Without followup contact it is impossible to know if he informed the criminals and they convinced him to go into hide mode. if so, they may have him wire funds abroad daily, to keep the account balance low.
Go here: »www.data.bbb.org/houston/search.html and enter "Mike Allison" in the search box.
MGD |
|
K Patterson
Premium,MVM
join:2006-03-12
Columbus, OH
·RoadRunner Cable
| Man, is he in for a surprise.
One alternative would be to let Bill Hutchinson know how he has been implicated in this fraud. My guess is that he may have some ways of getting thru to Mr. Allison. It looks like it was his card that was used.
Kip |
|
