Comment spam turns to fraud recruitment
Here’s a comment spam I received today, posted on to the post about me deleting my guestbook (a favorite among spammers).
Author : PorellPartners (IP: 193.253.255.51 ,
LNeuilly-152-21-137-51.w193-253.abo.wanadoo.fr) E-mail :
loginsim@cashette.com URI :
http://porellpartnersc.com/contacts/information.php Whois :
http://ws.arin.net/cgi-bin/whois.pl?queryinput=193.253.255.51 Comment:
PorellPartners Company, one of the fastest growing financial group in USA With over six years of specialized experience has openings for courier place. Company was established in 2000 year, currently is based in USA and provides mergers and acquisitions consultation and policy consulting for all clients across the entire range of wealth management and financial services businesses worldwide. We are seeking individuals who are interested in building a profitable and rewarding business with our help and support, while achieving a balanced lifestyle that offers both personal and professional growth. This job, if approached correctly is an opportunity for almost unlimited income potential, and very fast-growing career. And the Job itself is not that hard one may think, on a contrary it as easy as one-two-three, as we already have mentioned our company works with the clients worldwide, many of them deposited their money in our dividends and we are paying them every month, the point is that there are too many clients (more then 45,000) and our managers can not do all job that is why we are hiring the courier as indeed one of the main parts of the company work-chain, and the courier will have responsibility for receiving company funds and dividends and sending them to the company clients and will receive payments from every transfer they did . The PorellPartners is growing and we again need an open-minded people with the ambition to become successful and richer indeed.Requirements: The ideal candidate has prior experience and familiarity with financial services. You must have excellent organizational as well as customer service skills. Teamwork Skill is a “must”. Bachelor Degree is an advantage.
Best Regards: Chief Manager Jamie Stevens
Web-site: http://porellpartnersc.com/contacts/information.php
Sounds nice, eh?
But if you look just a little bit closer, it all falls apart.
First of all, this sounds a lot like a job ad for being a mule. In the past criminals would have folks in the US receive parcels at their home, then ship them abroad. Problem was, those parcels had been bought with stolen credit cards, or were the result of some other fraud.
I hadn’t heard of the Money Mule, but I’m guessing this is what this scheme is about.
Here’s the whois information. Notice how the domain was registered just a few days ago? That’s a sure sign it’s a fraud. A prestigious company would have had a long established website:
08/25/06 20:18:35 whois porellpartnersc.com
Registrant:
n/a admin@porellpartnersc.com +7.495000000
n/a
n/a
Moscow,RU,RU 112312
Record last updated at 2006-08-17 14:27:53
Record created on 2006/8/17
Record expired on 2007/8/17
Domain servers in listed order:
ns1.viphosting.biz ns2.viphosting.biz
And the IP address is: 81.177.37.61, which is on prestige-media.ru. Hardly a likely webhosting for a prestigious US company.
A quick search turns up a website that looks like the real website for them. Problem is, that one’s a fake too. It’s down, but the Google cache shows it’s identical to this new one.
08/25/06 20:25:06 whois porellpartnerscompany.com
Administrative Contact:
Petrovitsky, Stepan porellpartners@inbox.ru
Kanatnaya str., 19-31
Krasnoznamensk, Moscow region 142910
Russian Federation
79259988731
Created on: 10-Aug-06
Expires on: 10-Aug-07
Last Updated on: 10-Aug-06
Domain servers in listed order:
NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
I’ve seen the spammers before too. Often quite inventive spams. They quite often post comment spam that looks as though it’s meant for e-mail spam. The spam is quite often interaction intensive. Fraud of different sorts. Including Russian girls looking for guys. There’s more, but I won’t get into that just now.
August 25th, 2006 at 4:14 pm
Ann Elisabeth,
Why do you call this mule spam “phishing”?
Phishing is about impersonating a website (mostly on a hacked computer/server) and sending people fake requests of data verification to obtain this confidential info and use it for criminal activities. That’s not quite what your spam is about, is it?
Maybe it would be wiser to rename the article to avoid misunderstandings.
August 26th, 2006 at 4:29 am
You’re probably right, Visitor. A bit too late to change the URL, but I’ve changed the title.
August 26th, 2006 at 6:25 am
Wanadoo.fr, the eternal spam source
What do you think, Spamhuntress? Will we soon see Nigerian 419 scam as comment spam, too? At least this would be a lot more entertaining than the mere link collections to pr0n sites
Vasily
August 26th, 2006 at 6:33 am
To Vasily,
Heh, that’s old news. I saw my first 419 comment over a year ago. Don’t remember exactly how long ago. Got it at annelisabeth.com. From some widow after a pastor… The search term included the word pastor, which is easy to find on that site. You see, unfortunately, some Christians are easier to dupe than regular folks.
August 26th, 2006 at 8:05 am
Oh I see. Thanks to the spammer’s courtesy the message was pretty much on target, then
August 30th, 2006 at 1:27 pm
I kind of thought this was some kind of scam. All you have to do is read the text and a lot of the words and phrases don’t make sense. Not quite “good english”. Their website looks quite nice though.
Thanks for confirming my suspicions.
Henry
September 5th, 2006 at 6:57 am
Just received this one today for the first time (probably not the last). As long as the crooks can’t spell or speak English, it’s not too difficult to figure out who they are.