Fake Shipping Company Fronts Slick International Internet Scam
David Roknich | 24.12.2009 17:24 | Analysis | Other Press | Technology
I was shocked to see the original removed from the wire: every details of this news has been verified and related to a reputable UK company that is being used as part of a spoof, therefore, I re-post and hope for a less anal-retentive editor. The spoofed version of the company does use all caps - I hope that doesn't flip your trigger. Original: "Spoofed shipping website FREIGHT DAY collects on Heir Hunters lottery fraud" should NOT be hidden. This is news that I was not able to find when I needed it, and the result of more than trivial research on my part.
Spoofed shipping website FREIGHT DAY collects on Heir Hunters lottery fraud
Cashing in on the fame of the UK "Heir Hunters" lottery is an old idea, but the latest attempt will fool your spam filter. In order to collect your prize, you're instructed to contact a company with a bogus shipping website - one that collects the UK "Value Added Tax" using the identity of a reputable company. It makes use of a complete spoof of a highly reputable UK shipping firm, copied except for the logo, phone numbers, and email. Like so many hack attempts and scams of the past few years, this is a gift of Global Net Access, in Georgia.
The creators of this one have designed it so that it has an identity that appears completely authentic, and it does fool the Yahoo! spam filter, which is overly strict in many instances. Read this and save yourself the time I spent tracking this down. I now have their full details, and I've already informed the freight company they are impersonating.
In October of this year, "The Register" reported a new trend in internet fraud: the creation of fake shipping companies.
"scammers launch shipping sites"
-
http://www.theregister.co.uk/2006/10/16/fake_scrows_on_the_rise/
Joe Wein continues his good work exposing similar schemes. He is legendary, in fact, for surviving the wrath of scammers he has exposed - he also warned about this basic approach several years ago:
"Beware of Fraud: fake escrow services"
- http://www.joewein.net/fraud/fraud-support-escrow.htm
For now, I will be brief. I'm posting the PDF of the prize announcement at indybay. If you respond to it, and are "verified", you'll be put in touch with a company that will ship you your check along with 5 hats and umbrellas - for a tidy fee. The non-existent freight company is "Freight Day Courier", and their website is identical to the website of a real courier service called "SamedayUK".
They have a reputable High Street address:
Express House,
101a High Street,
Newton-le-Willows.
WA12 9SL
The website of the fraud is here:
http://all.freightday.com/
and the real website is here:
http://www.samedayuk.com/
You'll notice that the spoofed website even has the same picture of the guy in the truck - they only changed what was needed for the purposes of their crooked game.
The even used a reputable company to provide them with a "spamproof" return email address.
It was this time of year in 2006 when I was on the phone with one of the techies at the webhost for "all.freightday.com/" after (this was 3 years before frieghtday.com was conceived) numerous attempts from their server to hack my home computer. His claim was that they do alot of "legitimate" hosting for eBay images, and I probably got their IP in my firewall as the result of my visits to eBay, which may have exposed me to various malware. All I have to say is beware when you visit the image galleries at eBay, unless your desktop in running Mac OSX or Linux. Most of the alleged malware detectors are just as bogus as the website above.
For now I will leave you with some of the details that helped me root out this fraud. I was very lucky that a google search turned up the real owner of the VAT number - it's similar to an employer ID number issued by the US, and is for the express purpose of collecting the "Value Added Tax". I did a google for "VAT No. 686081705" and found the genuine owner, with a real toll free phone number on their website, unlike the fraud. So it seems that their are illegally collecting payments for the Value Added Tax, as you will see from the information below.
Here's the email I received from "All Freight" after being "verfied" as a "winner":
-------------------------------------------------------------------------------------------(snip)
WELCOME TO FREIGHT DAY UNITED KINGDOM
Reference Number: 049837261791/UK
Tracking Number: 3092979300
Website: http://all.freightday.com/
At Freight Day United Kingdom we provide a full range of courier services, including international courier services, Europe overnight services and someday courier services.
Our international courier network provides delivery throughout the world on a someday, timed or standard service. What makes us different from the competition is that you can custom fit our service to what you need: When the need arises you can upgrade your delivery simply by notifying us by e-mail, fax or telephone call that you want to change your option of delivery and it will be automatically effected.
We have received the following items below from The Heir Hunters International Lottery:
1. Winning Check (210,000.00GBP) Two Hundred and Ten Thousand United Kingdom Pounds.
2. Heir Hunters International Lottery Branded T-Shirt (5)
3. Heir Hunters International Lottery Branded Umbrella (5)
4. Heir Hunters International Lottery Winning Certificate.
The options together with their associated conditions are presented below. Due to popular demand, we have introduced the overnight delivery service which is only open to clients within some parts in Europe. This practice was introduced by the UK National Lotto Commission to enhance speedy delivery.
You are to advice us on which delivery option we should apply to your parcel
Options: Receive your package via any of the channel below:
OVERNIGHT DELIVERY
Mailing...............................................£350.00
Insurance..........................................£258.00
Vat (5%).............................................£30.4
TOTAL...............................................£638.4
24 HOURS DELIVERY
Mailing...............................................£250.00
Insurance..........................................£258.00
Vat (5%).............................................£25.4
TOTAL...............................................£533.40
48 HOURS DELIVERY
Mailing..............................................£150.00
Insurance.........................................£258. 00
Vat (5%)............................................£20.4
TOTAL..............................................£428.4
72 HOURS DELIVERY
Mailing...............................................£100.00
Insurance...........................................£258.00
Vat (5%)............................................£17.00
TOTAL...............................................£375.9
Congratulations from us here at Freight Day. Thank you and have a nice day.
Regards,
Philip White,
Customer Service,
Freight Day United Kingdom.
(snip)---------------------------------------------------------------------------------------------------
The domain name, was registered on December 5, 2009, with an attempt at anonymity:
Domain Name: FREIGHTDAY.COM
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: NS1-APOLLO.NSWEBHOST.COM
Name Server: NS2-APOLLO.NSWEBHOST.COM
Status: clientTransferProhibited
Updated Date: 05-dec-2009
Creation Date: 05-dec-2009
Expiration Date: 05-dec-2010
And here's what I have so far regarding their network accomplices:
Network Whois record
Queried whois.arin.net with "207.210.125.209"...
OrgName: Global Net Access, LLC
OrgID: GNAL-2
Address: 1100 White St SW
City: Atlanta
StateProv: GA
PostalCode: 30310
Country: US
ReferralServer: rwhois://rwhois.gnax.net:4321
NetRange: 207.210.64.0 - 207.210.127.255
CIDR: 207.210.64.0/18
OriginAS: AS3595, AS16626
NetName: GNAXNET
NetHandle: NET-207-210-64-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.GNAX.NET
NameServer: DNS2.GNAX.NET
NameServer: NS1.GNAX.NET
NameServer: NS2.GNAX.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.gnax.net port 4321
Comment: ********************************************
RegDate: 2005-04-12
Updated: 2007-06-01
RAbuseHandle: ABUSE745-ARIN
RAbuseName: GNAX ABUSE
RAbusePhone: +1-404-230-9150
RAbuseEmail:
abuse@gnax.net
RNOCHandle: ENGIN7-ARIN
RNOCName: GNAX ENGINEERING
RNOCPhone: +1-404-230-9150
RNOCEmail: engineering@gnax.net
RTechHandle: ENGIN7-ARIN
RTechName: GNAX ENGINEERING
RTechPhone: +1-404-230-9150
RTechEmail: engineering@gnax.net
OrgAbuseHandle: ABUSE745-ARIN
OrgAbuseName: GNAX ABUSE
OrgAbusePhone: +1-404-230-9150
OrgAbuseEmail: abuse@gnax.net
OrgNOCHandle: ENGIN7-ARIN
OrgNOCName: GNAX ENGINEERING
OrgNOCPhone: +1-404-230-9150
OrgNOCEmail: engineering@gnax.net
OrgTechHandle: ENGIN7-ARIN
OrgTechName: GNAX ENGINEERING
OrgTechPhone: +1-404-230-9150
OrgTechEmail: engineering@gnax.net
# ARIN WHOIS database, last updated 2009-12-22 20:00
Let's hope they are tracked down and busted, as they well deserve.
This is only one of many scams and hacks brought to you by GLOBAL NET ACCESS. It is time for them to clean up their act, or pay the consequence of the criminal acts they have helped facilitate over the years.
David Roknich
Editor,
DOGSPOT
David Roknich
- e-mail: roknich@electromagnet.us
- Homepage: http://electromagnet.us/dogspot/
Cashing in on the fame of the UK "Heir Hunters" lottery is an old idea, but the latest attempt will fool your spam filter. In order to collect your prize, you're instructed to contact a company with a bogus shipping website - one that collects the UK "Value Added Tax" using the identity of a reputable company. It makes use of a complete spoof of a highly reputable UK shipping firm, copied except for the logo, phone numbers, and email. Like so many hack attempts and scams of the past few years, this is a gift of Global Net Access, in Georgia.
The creators of this one have designed it so that it has an identity that appears completely authentic, and it does fool the Yahoo! spam filter, which is overly strict in many instances. Read this and save yourself the time I spent tracking this down. I now have their full details, and I've already informed the freight company they are impersonating.
In October of this year, "The Register" reported a new trend in internet fraud: the creation of fake shipping companies.
"scammers launch shipping sites"
-
http://www.theregister.co.uk/2006/10/16/fake_scrows_on_the_rise/ Joe Wein continues his good work exposing similar schemes. He is legendary, in fact, for surviving the wrath of scammers he has exposed - he also warned about this basic approach several years ago:
"Beware of Fraud: fake escrow services"
-
http://www.joewein.net/fraud/fraud-support-escrow.htm For now, I will be brief. I'm posting the PDF of the prize announcement at indybay. If you respond to it, and are "verified", you'll be put in touch with a company that will ship you your check along with 5 hats and umbrellas - for a tidy fee. The non-existent freight company is "Freight Day Courier", and their website is identical to the website of a real courier service called "SamedayUK".
They have a reputable High Street address:
Express House,
101a High Street,
Newton-le-Willows.
WA12 9SL
The website of the fraud is here:
http://all.freightday.com/ and the real website is here:
http://www.samedayuk.com/ You'll notice that the spoofed website even has the same picture of the guy in the truck - they only changed what was needed for the purposes of their crooked game.
The even used a reputable company to provide them with a "spamproof" return email address.
It was this time of year in 2006 when I was on the phone with one of the techies at the webhost for "all.freightday.com/" after (this was 3 years before frieghtday.com was conceived) numerous attempts from their server to hack my home computer. His claim was that they do alot of "legitimate" hosting for eBay images, and I probably got their IP in my firewall as the result of my visits to eBay, which may have exposed me to various malware. All I have to say is beware when you visit the image galleries at eBay, unless your desktop in running Mac OSX or Linux. Most of the alleged malware detectors are just as bogus as the website above.
For now I will leave you with some of the details that helped me root out this fraud. I was very lucky that a google search turned up the real owner of the VAT number - it's similar to an employer ID number issued by the US, and is for the express purpose of collecting the "Value Added Tax". I did a google for "VAT No. 686081705" and found the genuine owner, with a real toll free phone number on their website, unlike the fraud. So it seems that their are illegally collecting payments for the Value Added Tax, as you will see from the information below.
Here's the email I received from "All Freight" after being "verfied" as a "winner":
-------------------------------------------------------------------------------------------(snip)
WELCOME TO FREIGHT DAY UNITED KINGDOM
Reference Number: 049837261791/UK
Tracking Number: 3092979300
Website:
http://all.freightday.com/ At Freight Day United Kingdom we provide a full range of courier services, including international courier services, Europe overnight services and someday courier services.
Our international courier network provides delivery throughout the world on a someday, timed or standard service. What makes us different from the competition is that you can custom fit our service to what you need: When the need arises you can upgrade your delivery simply by notifying us by e-mail, fax or telephone call that you want to change your option of delivery and it will be automatically effected.
We have received the following items below from The Heir Hunters International Lottery:
1. Winning Check (210,000.00GBP) Two Hundred and Ten Thousand United Kingdom Pounds.
2. Heir Hunters International Lottery Branded T-Shirt (5)
3. Heir Hunters International Lottery Branded Umbrella (5)
4. Heir Hunters International Lottery Winning Certificate.
The options together with their associated conditions are presented below. Due to popular demand, we have introduced the overnight delivery service which is only open to clients within some parts in Europe. This practice was introduced by the UK National Lotto Commission to enhance speedy delivery.
You are to advice us on which delivery option we should apply to your parcel
Options: Receive your package via any of the channel below:
OVERNIGHT DELIVERY
Mailing...............................................£350.00
Insurance..........................................£258.00
Vat (5%).............................................£30.4
TOTAL...............................................£638.4
24 HOURS DELIVERY
Mailing...............................................£250.00
Insurance..........................................£258.00
Vat (5%).............................................£25.4
TOTAL...............................................£533.40
48 HOURS DELIVERY
Mailing..............................................£150.00
Insurance.........................................£258. 00
Vat (5%)............................................£20.4
TOTAL..............................................£428.4
72 HOURS DELIVERY
Mailing...............................................£100.00
Insurance...........................................£258.00
Vat (5%)............................................£17.00
TOTAL...............................................£375.9
Congratulations from us here at Freight Day. Thank you and have a nice day.
Regards,
Philip White,
Customer Service,
Freight Day United Kingdom.
(snip)---------------------------------------------------------------------------------------------------
The domain name, was registered on December 5, 2009, with an attempt at anonymity:
Domain Name: FREIGHTDAY.COM
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL:
http://www.PublicDomainRegistry.com Name Server: NS1-APOLLO.NSWEBHOST.COM
Name Server: NS2-APOLLO.NSWEBHOST.COM
Status: clientTransferProhibited
Updated Date: 05-dec-2009
Creation Date: 05-dec-2009
Expiration Date: 05-dec-2010
And here's what I have so far regarding their network accomplices:
Network Whois record
Queried whois.arin.net with "207.210.125.209"...
OrgName: Global Net Access, LLC
OrgID: GNAL-2
Address: 1100 White St SW
City: Atlanta
StateProv: GA
PostalCode: 30310
Country: US
ReferralServer: rwhois://rwhois.gnax.net:4321
NetRange: 207.210.64.0 - 207.210.127.255
CIDR: 207.210.64.0/18
OriginAS: AS3595, AS16626
NetName: GNAXNET
NetHandle: NET-207-210-64-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: DNS1.GNAX.NET
NameServer: DNS2.GNAX.NET
NameServer: NS1.GNAX.NET
NameServer: NS2.GNAX.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.gnax.net port 4321
Comment: ********************************************
RegDate: 2005-04-12
Updated: 2007-06-01
RAbuseHandle: ABUSE745-ARIN
RAbuseName: GNAX ABUSE
RAbusePhone: +1-404-230-9150
RAbuseEmail:
abuse@gnax.net RNOCHandle: ENGIN7-ARIN
RNOCName: GNAX ENGINEERING
RNOCPhone: +1-404-230-9150
RNOCEmail:
engineering@gnax.net RTechHandle: ENGIN7-ARIN
RTechName: GNAX ENGINEERING
RTechPhone: +1-404-230-9150
RTechEmail:
engineering@gnax.net OrgAbuseHandle: ABUSE745-ARIN
OrgAbuseName: GNAX ABUSE
OrgAbusePhone: +1-404-230-9150
OrgAbuseEmail:
abuse@gnax.net OrgNOCHandle: ENGIN7-ARIN
OrgNOCName: GNAX ENGINEERING
OrgNOCPhone: +1-404-230-9150
OrgNOCEmail:
engineering@gnax.net OrgTechHandle: ENGIN7-ARIN
OrgTechName: GNAX ENGINEERING
OrgTechPhone: +1-404-230-9150
OrgTechEmail:
engineering@gnax.net # ARIN WHOIS database, last updated 2009-12-22 20:00
Let's hope they are tracked down and busted, as they well deserve.
This is only one of many scams and hacks brought to you by GLOBAL NET ACCESS. It is time for them to clean up their act, or pay the consequence of the criminal acts they have helped facilitate over the years.
David Roknich
Editor,
DOGSPOT
David Roknich
- e-mail:
roknich@electromagnet.us - Homepage:
http://electromagnet.us/dogspot/
David Roknich
e-mail:
roknich@electromagnet.us
Homepage:
http://electromagnet.us/dogspot/
Comments
Display the following comment