Or "A day in the life of an online fraud investigator."
This is an actual case:
Coming across WWW.EURO-REAL-TRANS.COM the investigator recognizes the layout and scouring his memory he realizes that this is a common template used by Romanian scammers.
He searches for and finds the phone number listed on the site: 0044-701-426-4178, then Googles it to find what other fraudulent sites uses this number.
Finds two: www.express-europa-courier.net and www.euro-real-trans.com.
A similar search on the fax number: 0044-208-711-6177 showed that prior to this site the scammers also used www.express-euro-transport.com as their illegal vehicle.
He then drafts this email to the ISP/Web Host:
"You are hosting a fraud domain:
WWW.EURO-REAL-TRANS.COM -- It's a common template used by Romanian scammers. A simple Google search of the phone numbers listed on the site: 0044-701-426-4178 reveals the previous fraud domains you used:
www.express-europa-courier.net and www.euro-real-trans.com.
"Same for the fax number: 0044-208-711-6177; prior to this you have used:
www.express-euro-transport.com
"Here is the real owner of the phone number you have listed for the fraud shipping company and Laura Radice:
"Marty Wakefield (203) 294-1234 1 Shelby Drive, Wallingford, CT 06492
"The address you have listed for the domain is the district office for: http://www.housedems.ct.gov/Dargan/index.asp
Stephen D. Dargan
115th District
"At the Capitol:
Legislative Office Building, Room 3603
Hartford, CT 06106-1591
(860) 240-8585
1-800-842-8267
Stephen.Dargan@cga.ct.gov
"In the District:
215 Beach Street
West Haven, CT 06516
(203) 937-1985
(Now, as an aside, it does appear that State Rep. Stephen Dargan is quite familiar with the identity theft situation. Take a look at: http://www.housedems.ct.gov/Dargan/IDTheft07.pdf).
To continue the email to the web host:
"Here is the domain registration data you have for the Romanian scammer running the fake shipping and escrow site.
"Registrant:
Laura Radice
215 Beach Street
New Haven, Connecticut 06516
United States
"Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: EURO-REAL-TRANS.COM
Created on: 24-Nov-08
Expires on: 24-Nov-09
Last Updated on: 24-Nov-08
"Administrative Contact:
Radice, Laura borgnospam@aborg.com
215 Beach Street
New Haven, Connecticut 06516
United States
(203) 294-1234
"Technical Contact:
Radice, Laura borgnospam@aborg.com
215 Beach Street
New Haven, Connecticut 06516
United States
(203) 294-1234
"Domain servers in listed order:
NS1.ABORG.NET
NS2.ABORG.NET
"Please suspend this fraud account immediately."
This salvo would of course not have been possible without unearthing all the particulars (as above) about the site; but once the data is at hand, letting the ISP know they are hosting scammers goes a long way to shut at least that one site down.
Although, grimly the investigator recognizes that the web host is actually allowing the scammer to hide his or her contact email by putting it in the domain registration data (see above), and so, in effect, is aiding and abetting a criminal. If someone in real life helps to hide a criminal he can be, and usuall is, held liable as an accomplice. But this is the internet and web hosting companies can apparently do pretty much what they like in the way of drumming up business.
Now, even if this one scammer is shut down, this is only out of then ten he may have discovered and tracked down this day, and this, so far, is not a winning battle, for these scamming sites are not unlike roaches, for everyone you see, there are one hundred you don't.
The moral of this pragmatic slice of life: Stay vigilant, very vigilant.
Subscribe to this blog's feed
Leave a comment