A painful duty - Exposing the British (and Irish) connection. NEW: What happened to my money? All 419 fraud victims should read this.
It is well known that Internet fraud criminals are heavy users of Yahoo mail services. Around one third of all fraud mail reported to us contains a Yahoo address to which the criminals seek a response. Yahoo also offers the criminals website hosting services. When we are alerted to such fraud websites we immediately ask Yahoo to close them down, but the company will often refuse. The criminals know that Yahoo will not investigate fraud site reports if we cannot supply fraud mail sent via Yahoo facilities, therefore the criminals will simply use another mail service to send out their junk mail - and keep references to the fraud websites in the body text of the mail. This simple device seems to fool one of the Web's largest companies. They will allow the criminals to carry on their evil work, with the result that innocent people around the world become victims. Yahoo just cannot be bothered to properly investigate fraud complaints and the consequences for vulnerable people can be dire.
Yahoo to close barrodainc.com.
We ask again on 23 Dec 2008 as a result of another report to us.
consequence - a victim loses money (ironically the victim was a Yahoo mail
March 2009 - another. We asked Yahoo to close un1uk.org and forwarded fraud mail which contained the address firstname.lastname@example.org. Yahoo found themselves unable to take action - and presumably continue to host what we suspect to be a fake United Nations website.
What about Yahoo mail accounts?
On receiving a fraud report from Europe, we asked Yahoo to close email@example.com. They responded thus:
"In this particular case, we have taken appropriate action against the Yahoo! account in question that was reported for fraudulent activities, as per our Terms of Service (TOS)." ...
However, on Wed, 18 Feb 2009, firstname.lastname@example.org was still mailing the victim's family, demanding more money:
"The fastest way to send and
recieve money instantly worldwide is western union.If its sent to my personal
assistance account it will take days
before it is materialized besides he is in africa at the moment.And for me the
financial crunch today affected me so i had to close my bank account
and i have closed the account till further notice.As a matter of urgency,you
can ask ****** to give you the money so you can help him send
the money(£500)pounds to my personal assistant in Nigeria with the information
i gave ****** ... "
Yahoo refused to close:
email@example.com. <firstname.lastname@example.org>. <email@example.com>. firstname.lastname@example.org.
email@example.com. firstname.lastname@example.org. email@example.com. firstname.lastname@example.org.
email@example.com. firstname.lastname@example.org. email@example.com. firstname.lastname@example.org.
email@example.com. firstname.lastname@example.org. email@example.com.
A problem with criminals using Yahoo
Asia mail accounts. Often, reports to Yahoo about these are followed by
messages like this:
Although Microsoft seem to be more responsive to requests for the closure of the fraud websites they host, just like Yahoo, they are easily fooled by criminals who use Hotmail and MSN mail accounts for their evil work. The scammers just need to insert a Hotmail / Live / MSN address into the body text of a fraud mail, and use another mail service (often Earthlink, Eircom.net or optusnet.com.au for example) to send.
Wed, 01 Apr 2009, Reply-To: <firstname.lastname@example.org>
From: "Henry Duru"<email@example.com>
THE QATAR.IO scandal - Microsoft tries to wriggle out from responsibility ....
This statement appears on the page which scammers use to sign up for a qatar.io e-mail account:
"qatar.io is an organization that provides e-mail addresses powered by Windows Live Hotmail. Although you are a Windows Live customer, qatar.io, as the domain owner, controls your e-mail address. qatar.io may decide to discontinue your e-mail service at any time and you will lose your e-mail address and the contents of your e-mail account. We have asked them to notify us before they discontinue your e-mail service. When they notify us, we will try to contact you so you can save your e-mails. We will also provide you instructions on how to choose a new e-mail address"
When we asked for a qatar.io scammer account to be closed (firstname.lastname@example.org, 17.7.2010) Microsoft replied as follows:
"Unfortunately, in order to process your request, Hotmail Support needs a
valid MSN/Hotmail hosted account. "
Microsoft refused to close:
. <email@example.com>. firstname.lastname@example.org.
email@example.com. firstname.lastname@example.org. email@example.com.
firstname.lastname@example.org. email@example.com. firstname.lastname@example.org.
email@example.com . firstname.lastname@example.org.
email@example.com . firstname.lastname@example.org.
email@example.com. firstname.lastname@example.org. email@example.com.
firstname.lastname@example.org. email@example.com .
Mrwest101@live.co.uk. firstname.lastname@example.org. email@example.com.
firstname.lastname@example.org. email@example.com. firstname.lastname@example.org.
. email@example.com .
firstname.lastname@example.org. email@example.com. firstname.lastname@example.org.
email@example.com. firstname.lastname@example.org. email@example.com
firstname.lastname@example.org. email@example.com. firstname.lastname@example.org
. email@example.com .
firstname.lastname@example.org. email@example.com. firstname.lastname@example.org. email@example.com
firstname.lastname@example.org. email@example.com. firstname.lastname@example.org. email@example.com. firstname.lastname@example.org.
email@example.com . firstname.lastname@example.org. email@example.com.
firstname.lastname@example.org . email@example.com.
. firstname.lastname@example.org .
. email@example.com. firstname.lastname@example.org.
What about Enom.com / Name-Services.com (apparently owned by a company called Demand Media Inc.)?
"eNom is the second largest domain name registrar worldwide, and the number one registrar for resellers, with the largest, most active distribution network in the domain industry. eNom is accredited by the Internet Corporation for Assigned Names and Numbers (ICANN)."
BUT - they also appear to register and host many fraud sites (like hsbcbank-info.com and onlinesuknationwbnet.com - reported march '09). They do not seem to like to receive requests to close those sites and it is usual to receive responses like this:
"The date of the message is: Wed, 18
Feb 2009 00:09:50 -0000
"A message that you sent could not be
delivered to one or more of its
19 Feb 2009. We mail name-services.com, asking them to close hsbc-londononline.com as used in a fraud mail report. This request was bounced.
19 March '09. Request to close swisslott.com produced " A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: email@example.com retry timeout exceeded."
21 March '09. A request to
close hsb-cuk.com (fake bank site) produced a similar response.
14 April - Mail from
firstname.lastname@example.org (re swisslott.com) -
"Please be advised this email box is not monitored, and you will not get a
reply. If you have an abuse complaint, please go the Abuse Policy page and
complete the form here: enom.com/help/abusepolicy.aspx ..."
Now listing sites in date order (but see older reports below these):
16 Oct '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close panexuk.com (lottery fraud).
16 April '09 - Asked eNom -
NAME-SERVICES.COM (via Web form!) to close gwccn09.org
which is being used in a fake climate conference scam.
19 July '09 - Asked eNom - NAME-SERVICES.COM (via Web form!)
to close smartjobsonline.org
Domaincentral hosts fraud
websites - but does not appear to like terminating them. The company has a Web
abuse reporting page which does not work. We tried to use this to ask them to
close uyav.org which figures in a fake conference scam, but it responded by
31 Oct. '09 - Asked
Domaincentral.com to close uyav.org - by mailing
and Bottle Domains, Australia?
freelottouk.org , reported to email@example.com 1 Dec. '09.
and MELBOURNE IT, LTD., Australia?
Melbourneit.com does not seem to be very concerned about the criminals abusing its services. There seems to be no way to make fraud reports. The website is useless in this regard and mail reports appear to be ignored.
16 Feb. '10 - Asked Melbourneit.com to close fraud domain oneworld-post.com .
The company accepted registration of alfordsecurityserviceuk.com, alfordsuspenseaccountactivation.com and akrolegalfirm.com, used in fraud mail in February 2010.
4 July 2010 Asked Melbourne IT to close cmbenglishbk.com. (lottery fraud).
We are seeing examples of suspicious domains hosted by domaincontrol.com.
25 Nov. '09 - mailed
firstname.lastname@example.org to ask them to investigate
02 Dec. '09 - mailed
email@example.com (and filled out godaddy.com web form) to ask them to close
16 March '10 Godaddy web form for abuse reports still does not work. Time spent filling it out (to ask for closure of unitenationsdept.com ) was rewarded with this rather useless error message "We apologize for this inconvenience, but an error has been detected".
31 March '10 - filled out godaddy.com web form to ask them to close
dhlglobalservices.com (inheritance scam).
01 April '10 - mailed
firstname.lastname@example.org to compain about moffb.org
(fake job offer).
On 12th June 2010 we complained to email@example.com on the grounds that they appeared to host unitedkingdomnationallotto.co.uk . This was their response:
"**PLEASE NOTE WE CANNOT PROCESS ABUSE
REPORTS SENT BY TELEPHONE/POSTAL
The fraud mail we forwarded was not sent via unitedkingdomnationallotto.co.uk but asked for replies to firstname.lastname@example.org. Another service provider has allowed the criminals to flourish, fooled by a simple device.
Rapidswitch.com had already allowed the registrant to declare himself a UK individual (and thereby keep his address secret) - despite the obviously commercial overtones of the domain name.
So Rapidswitch.com will not properly process abuse reports sent by telephone, postal mail or e-mail. Their response to our report was signed "RapidSwitch Abuse Team". If the company actually has an abuse team (?) it might consider sacking its leader. He is asleep on the job and bringing the company and its Mr. Site product into disrepute.
InterFraud / IFA Group, UK. Please, before forwarding suspicious mail, check that you have included FULL INTERNET HEADERS (see below). It is not always possible to respond to reports of fraud mail, but appropriate action is always taken.