The Purpose of this post is to ALERT you that the job you are about to apply for or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of an individual or a business entity have been stolen along with fund from their bank accounts.
These job postings are an attempt to lure you into accepting and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.
Essentially You Become A Money or Repackage Mule
- Money Mule Explained
- Understanding The Cyber Theft Ring
- Protecting Yourself Against Money Mule
- KrebsOnSecurity – Cyberheist
- Washingtonpost.com by Brian Krebs
- Interview With A Money Mule
- Bobbear.co.UK ~ Historical Money Mule Sites
____________________
From Thu Sep 19 22:02:04 2013
X-Apparently-To: scamFRAUDalert via 98.138.212.248;
Thu, 19 Sep 2013 22:02:07 -0700
Return-Path: ceremonialsyev6@google.com
X-YahooFilteredBulk: 125.60.156.244
Received-SPF: softfail (transitioning domain of google.com does
not designate 125.60.156.244 as permitted sender)
X-YMailISG: bGXsuUAWLDvIla7Hfc5ifCh6YoOxeTEcFpcJqS0OCvGkEnbR
y8QeIy7X43QfJt1VKFSnmp3VEaWQrdUwihTfY289dS6PdMj6o2fnBcibkZfx
YwjfdKG.o4yATn1Hc0qv2rcWiockYdK37zlaOC3HT_oIi3u2qPHny8pC9XJH
.5ruvx6MdoMK5aqVwqgtHqbp4.R0Qmq6EaP93I1z6OTnlxoWcmeKYfVi5pxx
ydqqEjcKBZxIfK9AdKBbtr.yFMhrFqJNyhMMcOGLLb_Gl.1_3K_DwO1cCPc3
x.fuiE7dWoA4gKQVVP.2UCiYZpnpis6kPd1XeidAqs5k.nRJ3_l.bLx26k.M
Whjrvc.eeN8JoOAOS0cKtYXnfdliMKR_qe6BTmkX1UGf4BL8R985sTaSvktM
jaYZDgAqxZ8u7zw91Y2b6Rj86N2ZL7NqU.fhJj6Cu3LLm8J65wrMo_EFUXmL
PRvvx8QqLoe7urWTcnkxN9XMO8rs5m5CiUdM4WtB1swCnytO7D.7Mx2fHV.S
SydY9brIFuNkCtQ134Yg05SezG_F8hQaYt9MbC0m0uJbU_OL4t5jwiOC.vg6
curtAOiihR4jJzco2NVh32ZzepgQfcaFNW92Rm7cuJTXuMMNOu5P3w7QlyX0
ZFPAYGMzLOxzLimRFsvA9IBlYQEdtrfgMg93S1Odjoor3A7e7MmeUZ13D1Ee
7MoZET.SLEgencC7lqtHvnddxJyUu.a_OGh.yKuvV9S2xtkAGMi2_kCDsNXv
1ZR4VIYY_ROh3KDRsrx39fc3RAMl3sdpJB_FfMTsquTu1QoxjVYkC4TynwRg
NjtdS3ZoQPMMZOMsZEf6.05y_lL7.dytEOSjy301UcpFrbxnRDtNH3JYnvk3
_vN5mLB9MkUaBW4CYpmhDlN8sTPE8vnf14Z0ck1F5Ajx0kuo5Xe8vAOEMp9t
SGIKXjLRBfs5pINlhdrSiyq1yediD5jYHfdZgCvZkmTfESgZoTMLjrPT9z7Z
A08ifGE7ahe8GDmbyFjylhucuJB9JPkZ4aW5WtcgYbht59qcm0z50RyQi1DK
OoJx.XxrEZ_pDzlgQzwfcfeY.gxUmlFuBQbRVU4Xh8jQXk9GEO3ZK57kRYXb
VF1uUigFVw5DYknFTCsBRoYnN8Xs9mTCKYWr.9mqaHpv21i1USsia9LJzVZB
JkUYXPy8zjSKhRSQSLAddUxXjSa1GBCfhrtZ_wn1NLnmR_B9YV.fBU56EWLv
wAhtrZ03CxiX86JO.N6f9IFJ.68IsGa8_xJ8M54XTs96MgeQQGFsDjzghnU9
mxSJN8QHtumc7Gsnl0dCXVckw3zeTZUc9XaODllBygmohPOtF5jM2w–
X-Originating-IP: [125.60.156.244]
Authentication-Results: mta1263.sbc.mail.gq1.yahoo.com from=;
domainkeys=neutral (no sig);
from=sbcglobal.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO 125.60.156.244) (125.60.156.244)
by mta1263.sbc.mail.gq1.yahoo.com with SMTP;
Thu, 19 Sep 2013 22:02:06 -0700
Received: from [145.74.19.134] (helo=kswddzpys.ogdmncedj.tv)
by with esmtpa (Exim 4.69)
(envelope-from )
id 1MM5XY-5005mt-GT
for agr2@sbcglobal.net; Thu, 19 Sep 2013 21:02:04 -0800
Date: Thu, 19 Sep 2013 21:02:04 -0800
From: scamFRAUDalert, nickymcdowell@yahoo.com, pae.carvell@yahoo.com
britdiamond@yahoo.com
X-Mailer: The Bat! (v3.0.0.15) Professional
X-Priority: 3 (Normal)
Message-ID: <5292686005.H12L7UL5597289@qmrdhzfh.bavluqaueryx.tv>
To: scamFRAUDalert, nickymcdowell@yahoo.com, pae.carvell@yahoo.com
britdiamond@syahoo.com
Subject: We propose the opportunity for job seekers in US
MIME-Version: 1.0
Content-Type: text/plain;
charset=windows-1250
Content-Transfer-Encoding: 7bit
Content-Length: 1522
*Probable originating IP address
We are offering a shipping manager assistant position.
We are offering a distant job.
The job routine will take 2-3 hours per day and requires absolutely no investment.
You will work with big shops, suppliers, factories all around the States.
The communication line will flow between you and your personal manager, you will receive orders via email and phone,
and our trained manager will be with you while every step to help you to work out first orders and answer any questions which may appear.
The starting salary is about ~$2,800 USD per month + bonuses.
You will receive first salary in 30 days after you will successfully complete your first task.
When the first working month will be over you will have a right to receive salary every 2 weeks.
The bonuses are calculated on the very last working day of each month, and paying out during a first week of the next month.
We will accept applications this week only!
To proceed to the next step we should register you in HR system so we will need a small piece of your personal information.
Please fill in the fields:
Full name:
Your Contact phone number:
Your email address :
City of residence :
We need your personal information to create HR file only,
it will stay secure on the separate server till the moment it will be deleted (which take place every 2 days),
and only HR people will have access to it.
Please send your answer to my secured email Victoria@googleapps-offer.com
I will reply you personally as soon as possible.
Sincerely,
Victoria Aguirre
The WHOIS details for airfare-ticketscheap.com are fake and the domain was registered just yesterday:
LORIANN PERKINS
8125 MANITOBA ST.
PALYA DEL MAR, CA 90293
US
Phone: +1.7607224337
Phone: +1.760-722-4337
Email: mybigben56@yahoo.com
Domain servers in listed order:
NS1.EVENTLORE.NET 62.141.46.100
NS2.EVENTLORE.NET 8.75.42.21
62.141.46.100 resolves to 46100.vs.webtropia.com.
Announced By _NS2.EVENTLORE.NET_ 8.75.42.21
Origin AS Announcement Description
AS3356 8.0.0.0/8 Level 3 Communications, Inc.
AS3356 8.0.0.0/9 Level 3 Communications, Inc.
Address lookup
canonical name ns1.eventlore.net
aliases
addresses 74.117.222.18
Domain Whois record
Queried whois.internic.net with “dom eventlore.net”…
Domain Name: EVENTLORE.NET
Registrar: DNC HOLDINGS, INC.
Whois Server: whois.directnic.com
Referral URL: http://www.directnic.com
Name Server: NS0.DIRECTNIC.COM
Name Server: NS1.DIRECTNIC.COM
Name Server: NS1.EVENTLORE.NET
Name Server: NS2.EVENTLORE.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 18-sep-2013
Creation Date: 09-sep-2013
Expiration Date: 09-sep-2014
Last update of whois database: Fri, 20 Sep 2013 06:24:32 UTC
Queried whois.directnic.com with "eventlore.net"…
Registrant:
Sue Inc
4410 Sw 35th Terrace
Gainesville, FL 32608
US
352-376-2223
Domain Name: EVENTLORE.NET
Administrative Contact:
Inc, Sue mybigben56@yahoo.com
4410 Sw 35th Terrace
Gainesville, FL 32608
US
352-376-2223
Technical Contact:
Inc, Sue mybigben56@yahoo.com
4410 Sw 35th Terrace
Gainesville, FL 32608
US
3523762223
Record last updated 09-09-2013 07:31:23 AM
Record expires on 09-09-2014
Record created on 09-09-2013
Domain servers in listed order:
NS1.EVENTLORE.NET 62.141.46.100
NS2.EVENTLORE.NET 8.75.42.21
Network Whois record
Queried whois.arin.net with "n 74.117.222.18"…
NetRange: 74.117.216.0 – 74.117.223.255
CIDR: 74.117.216.0/21
OriginAS:
NetName: DIRECTNIC-AMERICAS
NetHandle: NET-74-117-216-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Assignment
RegDate: 2009-09-15
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-74-117-216-0-1
OrgName: DirectNIC, Ltd.
OrgId: DIREC-125
Address: PO Box 11207
City: Grand Cayman
StateProv: CAYMAN ISLANDS
PostalCode: KY1-1008
Country: KY
RegDate: 2009-08-24
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/DIREC-125
OrgAbuseHandle: DNLR-ARIN
OrgAbuseName: DirectNIC NOC L Role
OrgAbusePhone: +1-345-745-6022
OrgAbuseEmail: nocl@directnic.com
OrgAbuseRef: http://whois.arin.net/rest/poc/DNLR-ARIN
OrgTechHandle: DNLR-ARIN
OrgTechName: DirectNIC NOC L Role
OrgTechPhone: +1-345-745-6022
OrgTechEmail: nocl@directnic.com
OrgTechRef: http://whois.arin.net/rest/poc/DNLR-ARIN
DNS records
DNS query for ns1.eventlore.net failed: TimedOut
name class type data time to live
ns1.eventlore.net IN A 74.117.222.18 600s (00:10:00)
eventlore.net IN A 74.117.222.18 600s (00:10:00)
eventlore.net IN NS ns0.directnic.com 78524s (21:48:44)
eventlore.net IN NS ns1.directnic.com 78524s (21:48:44)
eventlore.net IN NS ns2.eventlore.net 78524s (21:48:44)
eventlore.net IN NS ns1.eventlore.net 78524s (21:48:44)
18.222.117.74.in-addr.arpa IN PTR dn-pw20.directnic.com 86400s (1.00:00:00)
222.117.74.in-addr.arpa IN SOA
server: ns10.directnic.com.222.117.74.in-addr.arpa
email: hostmaster@directnic.com.222.117.74.in-addr.arpa
serial: 2009090101
refresh: 28800
retry: 7200
expire: 604800
minimum ttl: 86400
43678s (12:07:58)
— end —
Address lookup
lookup failed googleapps-offer.com
Could not find an IP address for this domain name.
Domain Whois record
Queried whois.internic.net with “dom googleapps-offer.com”…
Domain Name: GOOGLEAPPS-OFFER.COM
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: NS1.EVENTLORE.NET
Name Server: NS2.EVENTLORE.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 18-sep-2013
Creation Date: 18-sep-2013
Expiration Date: 18-sep-2014
>>> Last update of whois database: Fri, 20 Sep 2013 06:20:01 UTC <<<
Queried whois.bizcn.com with "googleapps-offer.com"…
Domain name: googleapps-offer.com
Registrant Contact:
Blanche R. Chavez
Blanche Chavez info@googleapps-offer.com
337-998-1767 fax: 337-998-1323
2090 Hillside Drive
Lake Charles LA 70629
us
Administrative Contact:
Blanche Chavez info@googleapps-offer.com
337-998-1767 fax: 337-998-1323
2090 Hillside Drive
Lake Charles LA 70629
us
Technical Contact:
Blanche Chavez info@googleapps-offer.com
337-998-1767 fax: 337-998-1323
2090 Hillside Drive
Lake Charles LA 70629
us
Billing Contact:
Blanche Chavez info@googleapps-offer.com
337-998-1767 fax: 337-998-1323
2090 Hillside Drive
Lake Charles LA 70629
us
DNS:
ns1.eventlore.net
ns2.eventlore.net
Created: 2013-09-18
Expires: 2014-09-18
Network Whois record
Don't have an IP address for which to get a record
DNS records
DNS query for googleapps-offer.com failed: TimedOut
name class type data time to live
googleapps-offer.com IN MX
preference: 10
exchange: mx.googleapps-offer.com
900s (00:15:00)
googleapps-offer.com IN SOA
server: ns1.eventlore.net
email:
serial: 1379658002
refresh: 60
retry: 120
expire: 1048576
minimum ttl: 900
900s (00:15:00)
googleapps-offer.com IN NS ns1.eventlore.net 900s (00:15:00)
googleapps-offer.com IN NS ns2.eventlore.net 900s (00:15:00)
— end —