InterFraud
The
 Internet Fraud Advisory Group

A not for profit group based in Britain


Aiding and abetting the Internet fraud criminals.
 YahooMicrosoft and companies like eNom , Godaddy.com , Rapidswitch.com
and Domaincentral must share the blame.


 
See also Lottery winner fraud , Primer on Internet fraud ,
Fraudsters haunting dating/matchmaking websites , The fake job offer fraud,   The fake loan offer fraud,   The Bank Accounts and Western Union addresses.

A painful duty - Exposing the British (and Irish) connection. NEW: What happened to my money? All 419 fraud victims should read this. 

It is well known that Internet fraud criminals are heavy users of Yahoo mail services. Around one third of all fraud mail reported to us contains a Yahoo address to which the criminals seek a response. Yahoo also offers the criminals website hosting services. When we are alerted to such fraud websites we immediately ask Yahoo to close them down, but the company will often refuse. The criminals know that Yahoo will not investigate fraud site reports if we cannot supply fraud mail sent via Yahoo facilities, therefore the criminals will simply use another mail service to send out their junk mail - and keep references to the fraud websites in the body text of the mail. This simple device seems to fool one of the Web's largest companies. They will allow the criminals to carry on their evil work, with the result that innocent people around the world become victims. Yahoo just cannot be bothered to properly investigate fraud complaints and the consequences for vulnerable people can be dire.  

We ask Yahoo to close barrodainc.com.
Wed, 22 Oct 2008, "Hello from the Internet Fraud Advisory, You will see from the complaint below that barrodainc.com appears to be a domain set up for the purpose of Nigerian 419 fraud. Since you seem to host the domain (and presumably provide e-mail services) can you please let me know what action you can take to protect innocent web users." They refuse.

We ask again on 23 Dec 2008 as a result of another report to us.

Yahoo refuse again.
barrodainc.com, domain.tech@yahoo-inc.com,
Tue, 23 Dec 2008 - "I understand your frustration in receiving unsolicited email. While we investigate all reported violations against the Yahoo! Terms of Service (TOS), in this particular case the message you received was not sent through the Yahoo! Mail system. Yahoo! has no control over activities outside its service, and therefore we cannot take action."

The consequence - a victim loses money (ironically the victim was a Yahoo mail user).
Sun, 18 Jan 2009, "Dear John, Thank you for your advise on Google.com. I surf there to seek information on FRAUD that I paid and came up to your warning.
Too bad that I paid them. I am also informing UK Police with the information. I found also their address from your informations on Google.   Thanks a lot."

Another example.
tropicallenders.com, tropicallenders@yahoo.com, (Victim, American? lost 700 dollars).
Sun, 08 Feb 2009 - "Thank you for writing to Yahoo! Mail. I understand your frustration in receiving unsolicited email. While we investigate all reported violations against the Yahoo! Terms of Service (TOS), in this particular case the message you received was not sent through the Yahoo! Mail system. Yahoo! has no control over activities outside its service, and therefore we cannot take action." The criminals thus remain free to use a domain hosted by Yahoo.

Yet another.
dukesconsult.org, registrant: ms.dianecampbell@yahoo.com,
Mon, 09 Feb 2009 -  "I understand your frustration in receiving unsolicited email. While we investigate all reported violations against the Yahoo! Terms of Service (TOS), in this particular case the message you received was not sent through the Yahoo! Mail system. Yahoo! has no control over activities outside its service, and therefore we cannot take action." 

March 2009 - another. We asked Yahoo to close un1uk.org and forwarded fraud mail which contained the address  info@un1uk.org. Yahoo found themselves unable to take action - and presumably continue to host what we suspect to be a fake United Nations website. 

What about Yahoo mail accounts?

On receiving a fraud report from Europe, we asked Yahoo to close timbrophy67@yahoo.co.uk. They responded thus:


Re: Criminal abuse ... <timbrophy67@yahoo.co.uk> Fri, 13 Feb 2009

"In this particular case, we have taken appropriate action against the Yahoo! account in question that was reported for fraudulent activities, as per our Terms of Service (TOS)." ...

However, on Wed, 18  Feb 2009, timbrophy67@yahoo.co.uk was still mailing the victim's family, demanding more money:

"The fastest way to send and recieve money instantly worldwide is western union.If its sent to my personal assistance account it will take days before it is materialized besides he is in africa at the moment.And for me the financial crunch today affected me so i had to close my bank account and i have closed the account till further notice.As a matter of urgency,you can ask ****** to give you the money so you can help him send the money(500)pounds to my personal assistant in Nigeria with the information i gave ****** ... "

Yahoo refused to close the accounts below. The fraud criminals had used the simple device of sending the mail via a sacrificial account and giving instructions for replies to a Yahoo account in the body text of the mail.

Yahoo refused to close: danpeterman13@yahoo.com danielwilliams_bongo@yahoo.com unitednationexcu-benjose@yahoo.co.ukfcommittee@ymail.comcharity_amru@yahoo.comseanh231@yahoo.cnmusahim_55@yahoo.comann_muda11@yahoo.com.  solace_investment_ltd@yahoo.comjames_service3@yahoo.com bhc_consular101231@yahoo.cn.  <jcesq@yahoo.cn>.  <mercymohammed33@yahoo.co.uk>.  kennethadoga1@yahoo.cnjamessutton80@yahoo.com.  cibrahim19@yahoo.frjy.colem@yahoo.comjim_ovia_2010@yahoo.grhope.robert88@yahoo.comjulivinnelson@ymail.comccsscanada@yahoo.comnick44kurach@yahoo.comgriterga@yahoo.comlangwang92@yahoo.cnauthorized.agent@yahoo.comdavid.dada123@yahoo.frlucyrobert1@yahoo.cnnokiamobileaward@yahoo.cn. awusejoyce78@yahoo.frbasim_bin@yahoo.comwen.lee85@yahoo.comgipsonfinance@yahoo.com  brownegoka@yahoo.in. smithwilliams320@yahoo.cn tonybimpe100001@yahoo.co.jpbluewaterco@yahoo.co.uk. ritajohnson4i0@yahoo.co.jp morgenthaleru52@kimo.commercymohammed84@yahoo.comsmithwilliams007@yahoo.cn. <cherylhughesabuk04@yahoo.com.ph>. dhl_company@yahoo.com cherylhughesabuk04@yahoo.com.ph. marygomo023@yahoo.com. Suzannezita_2011robert@yahoo.co.jp. bonfincosta@ymail.com.  firstdirectbankwiretransferdept@ymail.compatsummer_wch@yahoo.co.uksupport@ascontacts.com. liverycourier@yahoo.co.uk. mariejames22@ymail.comfifi_egan@yahoo.comfifi_egan170@yahoo.com. susan_bill06@yahoo.comwillia10doan@yahoo.co.jplink.jimleon@yahoo.com.hkzhu1li@yahoo.com.cn. nelsondonald53@yahoo.co.uksheepon@yahoo.commktcheung008@yahoo.com.hkrachael_d101@yahoo.com.hk. leroy3k@yahoo.comcharlessoludo75@ymail.combarristerfrankanthony_associates@yahoo.co.uk. westernunionoffice15@ymail.com. ericlake10@yahoo.co.uk. solomonduka@yahoo.com. barristerazimmohammed_01@yahoo.com. agentolawalejames005@rocketmail.com. murphy_ikenna@yahoo.co.uk. charles_soludo_50_11@rocketmail.com. marriotthotellondon15@yahoo.co.uk. jeanneblis@yahoo.com. fbidept.office33@ymail.com. arnaudsankara04@yahoo.com. western.union68@rocketmail.com. smithwillaimng@yahoo.cn. ningshingintern.inc01@yahoo.com.hk. smithwilliams1@yahoo.cn. smithwillaimng@yahoo.cn. rev.peteradams31@yahoo.co.uk. challlym1@yahoo.com. manager_edward_annan@ymail.com. lotterycommiteechairman@yahoo.com . mr.andrew_williams@yahoo.co.uk. declarkgladys@rocketmail.com. garywalter2000-hsbc@yahoo.com. miltonduo@yahoo.com. hiltonsuiteshotel@yahoo.caclaire_anselme2@yahoo.fr. mdmark1960@yahoo.com.hk. william_musa01@yahoo.com. goldgroup@ymail.com. johngaga4@yahoo.com . mrdovijean@yahoo.pl. cbn_remittancefunds@yahoo.co.uk. wrightscot55@yahoo.com. albv2@yahoo.com. lottoclaimsoffice07@yahoo.co.uk. desmondaguecheta@yahoo.com. aiko.shibata@kimo.com. belsherobert@yahoo.com. georgee1111129@yahoo.com barrcharlesrussellesq@rocketmail.com. iihyuc@yahoo.com. mrsmarinaltvnk49@ymail.com. ceciliadavid88@yahoo.fr. ashrafcotu19@yahoo.com. martinrodgerchamberrs-chambrs@yahoo.co.uk. mutardseedfinance@yahoo.co.uk. barristerdarruzo@yahoo.fr. soresenholms09@yahoo.cn. edmonds_loan29@yahoo.com. sanchezfernando01@yahoo.es johnson.esther@rocketmail.com. agurmapeace@yahoo.com.

 

A problem with criminals using Yahoo Asia mail accounts. Often, reports to Yahoo about these are followed by messages like this:

" ----- The following addresses had permanent fatal errors -----
<hk-mail-abuse@cc.yahoo-inc.com>
(reason: 553 5.3.0 <hk-mail-abuse@cc.yahoo-inc.com>... User unknown)"

 

What about Microsoft?

Although Microsoft seem to be more responsive to requests for the closure of the fraud websites they host, just like Yahoo, they are easily fooled by criminals who use Hotmail and MSN mail accounts for their evil work. The scammers just need to insert a Hotmail / Live / MSN  address into the body text of a fraud mail, and use another mail service (often Earthlink, Eircom.net or optusnet.com.au for example) to send.

"We have found that the henry_gduru@live.com  account you reported is not currently in violation of the Hotmail Terms of Use (TOU). " This was the reaction to a complaint we made and which was accompanied by the following fraud mail:

Wed, 01 Apr 2009, Reply-To: <henry_gduru@live.com> From: "Henry Duru"<infor@freakmail.de>
I am Henry Duru,
one of they top staffs of the central bank of Nigeria CBN where all foreign funds are kept in a vault, after witnessing all manners of immorality and corruption going on in our banking sectors, I decided to make a deal with the woman in charge of the foreign department voucher to release the Bank Foreign Payment Confirmation Hard Disk with a promise to give her %7 percent after the owner of the funds must have claimed his/her funds...  I am presently here in South Africa with the confirmation disk waiting to hear from you for immediate release of your funds... You will be advice on what to provide once you respond to this mail...

THE QATAR.IO scandal - Microsoft tries to wriggle out from responsibility ....

This statement appears on the page which scammers use to sign up for a qatar.io e-mail account:

"qatar.io is an organization that provides e-mail addresses powered by Windows Live Hotmail. Although you are a Windows Live customer, qatar.io, as the domain owner, controls your e-mail address. qatar.io may decide to discontinue your e-mail service at any time and you will lose your e-mail address and the contents of your e-mail account. We have asked them to notify us before they discontinue your e-mail service. When they notify us, we will try to contact you so you can save your e-mails. We will also provide you instructions on how to choose a new e-mail address"

When we asked for a qatar.io scammer account to be closed (mr.terry@qatar.io, 17.7.2010) Microsoft replied as follows:

"Unfortunately, in order to process your request, Hotmail Support needs a valid MSN/Hotmail hosted account. "

 


"Unfortunately, in order to process your request, Hotmail Support needs a
valid MSN/Hotmail hosted account."

Microsoft refused to close: elitecourierdeliveryservice@hotmail.co.ukukl.2010@live.co.ukseanrep_nolan@live.nlralphgilbert56@live.co.ukmr.terry@qatar.iod.esprnc@live.comprmtn_dep@hotmail.esamyabbas@hotmail.frmrs-mary@live.comhughbrandon1@live.co.uk.  joshualarry606060@live.co.uk .  <faizahmd2341@live.co.uk>.  gilebertstone@windowslive.comsecure-update@live.com.   zajalloh@live.compjalloh@live.comjamesbew1@w.cn.  msngames-2010@w.cn. claims.validation.off@windowslive.comsimontaylor70@live.co.uktcanado@w.cn lukechamberlaw@live.co.uk.  mranthonyogbego10@live.fr customercare.wsterunion@live.fr . fedexservicecouriecomp198@live.fr . western-union002@live.frfedexcoplcbenin20@live.fr dr.p.griffin.uk.org@live.co.ukABUDU_IDRISA@hotmail.frbarrymorgan35@hotmail.com. ritajohn1@live.fr carlossparksloans@live.co.ukfedexdelivery4africa01@live.co.uk. edward-appa@live.co.uk.  grahammorgans@live.co.uk. customer_care1@live.fr . jfrawly4@hotmail.com williamsbrown.ukn14@live.comfedexcourierltd4@live.frw_union01@live.fr kennedybrownwilliams@live.compaulowusu1@live.com. mr.olivemoore@live.co.uk fedex_courier_c_benin120@live.fr . alhyayalukmun@live.fremmuneldiplomat@live.fr.   londonscottish_offers@live.co.uk . westeruniontransfer.dept37@live.frpam_douglas@live.camclaimsunit10@live.co.ukmr_perry_steven1@hotmail.com. cliare_2000@live.fr unitedpostalservices001@live.frmrwilliams2009@hotmail.com.   claimsdepartment001@hotmail.esmusa.abdulla2008@live.frrichardgreen12@msn.comwestern_union24@live.frdavid.barryesq69@hotmail.compam_douglas@live.camrspauline_12@hotmail.com.  adbafrica@live.fr . w.union-customercare@live.fr. westerunion_department1975@live.fr . cliffwest81@live.co.uk. western_union124@live.frmcfaddencole2@live.com.  department@live.co.za. engworking@live.co.za.  kellyjunior@live.fr . Michaellee001@live.com.   mathew_fidelityfirm@hotmail.comMrwest101@live.co.uk.  nortonfinance1@live.com.  loteria.confianza@hotmail.es. JordanBridges1945@live.comdeskofsilva@hotmail.comfedexparceldeliverycomapny@live.fr.  united_state_parcel_service200@live.fr .  teddykingsloaninvestment03@live.com ipswitchtransferbk_plc@live.com western.unioncustomercare@hotmail.com eventsmanager.bhopkins@live.co.uk . susan_martins01@live.comwestern-union035@live.frpastorjerryjohn@live.fr. ems-delivery1@live.co.uk . goodluck_2008@live.frfedexcourierrb@live.fr. fedexng_delivery@hotmail.comandrewfedex@live.com.au . andyhornbyandyyy@live.frparcelxx@live.com . francisnmadu@hotmail.com shamsuddeend_drusman@live.com . fedex_nig@live.co.ukmrsjaneanders@live.fr. euromin10@live.com atmcardverification_unit03@hotmail.com. ng_fedex@live.com. g_c_plobalexpress9025@live.frprofsccharles000@live.comcom.panyfedexx55@live.fr. mr.kelvin.jones@hotmail.com. westerrnunion02@live.fr mrjamesbriggs_ag@hotmail.comclandreleasedept@live.inwersternuninoofice@live.fr . dhr.kaspernorman@live.nl. davidelliss@live.co.uk. dhl_1985@live.fr. PARCELEXPRESSIBENIN@LIVE.FRwunionmoneytransfer3@live.frveronica_diata@live.fr. mr_richardrovers02@live.comatmdisburseunit@live.co.uk .  westeruniontransfercenter@live.fr verificationdept-claims@live.com. site.www.western_union.com@hotmail.fr. hamiltonpaul@live.co.uk. morris_obrian@hotmail.com. bmwgroup023@live.com. lady.lillysmith07@live.com . stella.orhpan.help@live.com. dhl_experss_courier@live.fratmcard_departmentservice77@live.fr . donatus_ben01@live.fr. scottstephen@windowslive.com.  natasha.ammed35@hotmail.com.  jessebrownatm@hotmail.com . alanwright1@live.co.uk . ositachinaka01@hotmail.com. ziadprivate@windowslive.comfedex_deliverycompan@live.frandyhornbyhonbyandy@live.frw-ester-unionoffic11@live.frchrisofor@live.frandrewwolley_ww@live.com. johnson_mike2008@live.fr. verification.depts@live.co.uk. westernmoney@live.frdirektbnkn_nl08@live.nlredstarcourrier.webnet@live.frjohnburr@live.cn.  mslive-intpro@live.co.ukmslive-xproloto@live.co.uk . windowsmicro-claimsunit@live.co.ukasign.uknlclaim.alexwelfred@windowslive.comjohnsonuba2009@live.fr.   mrstianageorgieva@live.com.  claiming-board@live.comaw-prom29@msn.comthomassmithart_gallery01@hotmail.co.ukand209licitors@live.nl.  claim.kellywright@live.com. enquiry22@live.co.uk . drj.tembe@live.com . sol_charles23@hotmail.commylivecoke@live.com. barrykuffi1@live.frinquiringpweb@live.co.uk. dptwin_update21@hotmail.com. johngreening404@live.co.ukwestern__union@live.frwesternubr@live.frinquiringpweb@live.co.uk . sgt.joeyjonesusarmy09@windowslive.comdioufmouka2008@hotmail.de www.western.union.transferxii@live.fr claimsdepartment2009@live.co.uk . martinkariba@live.co.za . w-ester_union@live.fr . plockett101@live.co.uk . westnewton@live.co.uk.  pastorhenryphilips04@live.fr . western.union05@hotmail.com . w_unionb15@live.fr . ww_ww.esternunion77@live.fr . adrian.mbruce1951@live.co.uk. imfmikebell@live.com . atm-inquiry09@live.co.uk. dhldeliveryservice1968@hotmail.frww.wumt_benin009@live.frfatima009@live.com. west-u-off-ben1@live.fr lantrust.security_sa@hotmail.esroseline.oba@live.com. ww.wumt_westernubeninplc003@live.fr. rev.ibe@live.co.uk. d.eliverycom.panyfedex@live.frmrs-sussanbunn@live.co.uk nokiaconnectingpeople@hotmail.co.uk. ma6smii@hotmail.com. glob0line_intl@live.co.za . a_tristan5@LIVE.CO.UK. judithssww0022@hotmail.com. robert.coleatlaw@hotmail.co.uk. dhl_customeremal@live.fr. chamberlainclare@live.co.uk. motherjanecole76@live.co.uk . lawchrisarranduk@hotmail.com. michael.coxon@live.co.uk . khasjb@live.com.my . western.union_money.transfer111@live.fr . pnely47@windowslive.com. atmcard.oceanicint@live.co.uk. abbaghali1@hotmail.com. airlandseaexpresscustomercare002@live.fr . frank.burrows@live.co.uk . piusbest2009@live.co.zauknldraws@live.co.uk . Khaled.Musaed@live.ca. rose_bayo10@hotmail.com. khasjb@live.com.my. micro.clm@live.co.uk. atmcardunit1@live.com.my sir.richardscholes@live.co.uk. western.union_money22@live.co.uk . western.union-mt@live.fr . moneygramcustomerservice@live.fr . mary.1952@live.fr. dannyshorechamber@live.co.ukjim_ovia85@hotmail.com. garyharrison09@live.co.ukdiamond.b@live.co.uk . davidrosie@hotmail.fr. mrs_kara39@msn.com . mr.john.jasper1@msn.com. diamond.b@live.co.uk. dallas.lee.williams.h.s.b.ck@live.co.uk lantrust.security_sa@hotmail.es. cliffordmomahh@hotmail.comm.tokpe@live.frorion-clothing@live.co.uk. mrs.sebastianblake@live.co.uk. mrjohn_ph1@live.fr. gregc@live.co.uk fredrickmbong@live.com . c1930@live.fr fedex.courierservicesnig03@live.co.uk . lawfirmuk1@live.co.uk. mtcn_activation@live.commtcn_activate@live.com. robertokutujp@live.com. feliciadan@live.co.za . mtcn_activation@live.com . drdougles.lucas@live.fr . pepsi.lott0.2009@live.com.sg. joseph_murphy008@hotmail.com. david.james77@hotmail.es. mtcn_activate@live.comjacob_solomon1@live.fr . jamalsha@live.fr. pmillersart7@live.com. msnclaimsdeptss@live.com. nokclaimsdept@live.co.ukfedbenin2009@live.com . webmasterinquiries-pbl@live.co.uk . libertygroup@hotmail.es. jamalsha@live.fr. customerrelationss@live.commslperryjohn161@live.co.uk . ukdraw3@hotmail.co.uk. sir.rolandbrains@msn.com. rolandsbrians12@live.co.uk. LTCOLMIKEPARKER@LIVE.COM westerntransferdeptbenin010@live.fr . mellisbryan2@live.com.   speedpostdiplomaticcourier@live.co.ukfoglrecruit@live.co.uknfo_union_ban@live.com. taramuldock@live.co.uk. jackmoris@live.com. acountdirect50505@hotmail.co.uk . markthambo7@hotmail.it. gregwalter01@hotmail.com . westerunion_moneytransfer01@live.fr . vannganber1@msn.com. changk225@hotmail.com. <duspatch.dhlexpress@live.co.uk> . researchmanagererics@live.co.uk . chubajohnson11@hotmail.fr bernardbarker2@live.co.zalo.hsvincent@live.com . chineduarinze@live.fr . liusantonio@officeliveusers.comrswims@live.fr. consulting.firm@live.co.ukjunhaun01@hotmail.com western_union_moneytransfer10@live.fr . fmbs1914@live.co.uk . westtern.uniontransfer33@live.fr. georgepoyser@live.co.za. johnengland1949@hotmail.com. chendi_okenga@live.fr. fdx.courier.benin_1@live.frlindajames@live.fr. missrinajacob@hotmail.fr . johnloaning-financiaservices@live.com. UK_claimsdpt0007@live.com. rare.adam@hotmail.com. bill.fletcher@live.com. machinggnam@hotmail.com. abdusshafi@live.fr. mrmudi_feez2009@hotmail.fr. mrmudi_feez2009@hotmail.fr mrsfarida.waziri@hotmail.co.uk. simontaylor77@live.co.uk . claims_eventmanger01@live.co.uk
 

What about Enom.com / Name-Services.com (apparently owned by a company called Demand Media Inc.)?

"eNom is the second largest domain name registrar worldwide, and the number one registrar for resellers, with the largest, most active distribution network in the domain industry. eNom is accredited by the Internet Corporation for Assigned Names and Numbers (ICANN)."

BUT - they also appear to register and host many fraud sites (like hsbcbank-info.com and onlinesuknationwbnet.com - reported march '09). They do not seem to like to receive requests to close those sites and it is usual to receive responses like this:

"The date of the message is: Wed, 18 Feb 2009 00:09:50 -0000
The subject of the message is: Criminal abuse ...   rev_davisharry@nnpclagos.com

The addresses to which the message has not yet been delivered are:

legal@name-services.com
info@name-services.com

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you."

followed by:
19 Feb 2009

"A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
legal@name-services.com
retry time not reached for any host after a long failure period
info@name-services.com
retry time not reached for any host after a long failure period"

On this day, we also found a request to close ifexdcs.com was bounced. 
 

19 Feb 2009. We mail name-services.com, asking them to close hsbc-londononline.com as used in a fraud mail report. This request was bounced.

19 March '09. Request to close swisslott.com produced " A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: info@name-services.com  retry timeout exceeded."  

21 March '09.  A request to close hsb-cuk.com (fake bank site) produced a similar response.

22March '09 (and 25 March). A request to close unlegalaffair.com .. followed by: "A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

legal@name-services.com
retry timeout exceeded
support@name-services.com
retry timeout exceeded
abuse@name-services.com
retry timeout exceeded

9 April - request to close hsb-cuk.com,  fake bank.
11 April - arto-studio.org , fake job site.

14 April - Mail from abuse@demandmedia.com (re swisslott.com) - "Please be advised this email box is not monitored, and you will not get a reply. If you have an abuse complaint, please go the Abuse Policy page and complete the form here: enom.com/help/abusepolicy.aspx ..."
Great - another company which can be considered as RFC ignorant! It takes longer to fill out a web form than to simply forward fraud mail to eNom and there is no doubt that this attitude discourages abuse reporting.

Now listing sites in date order  (but see older reports below these):

16 Oct '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close panexuk.com (lottery fraud).

 

 

...................................................................................................

16 April '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close gwccn09.org which is being used in a fake climate conference scam.
24 April '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close enviroconsults.com.
04 May  '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close worldbankgroups.org
07 May  '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close bordergezifarms.com

28 May  '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  usmarineunit.com
05 June '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  macdonfinancecompany.com
05 June '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close southafrica-gamingboard.org
12 June '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  fmbgroup.org

19 July '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  smartjobsonline.org
25 July '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  purpleclimiteduk.org
01 Aug '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  sapbza.com
04 Aug '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  microsft-online.net
29 Aug '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  trdsbn.co.uk
22 Oct '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  royal-albion-hotel.co.uk
24 Oct '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  hassanfirm.com
31 Oct '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  interjobsgroup.com
07 Nov '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  lawrelief.net
09 Nov '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  perpetuityincome.com
20 Nov '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  onlinentwestsuk.com
01 Dec '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  harringtonhallhotel.co.uk
18 Dec '09 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  centralbank-hq.org (fake Central Bank of Nigeria)
13 Jan '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  ifrance-nationwideich.org.
01 Feb '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  global-expr.com
18 Feb '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  ulsterbankplc.com
03 Mar '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  centralbankofnigeria-cbn-online.com
09 Mar '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  help-line-my.com (fake work at home scam)
15 Mar '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  johnmilesoffice.co.uk
18 Mar '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  motors-customers-support.com (eBay scam)
18 Mar '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  malaysiaprobate.org  (inheritance scam)
22 Mar '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  luischambers.com  (inheritance scam)
23 Mar '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  hyundai-claims.net  (lottery scam)
01 Apr '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  unitednation-eu.com  (lottery scam)
01 Apr '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  johnmilesoffice.co.uk (inheritance scam)
06 Apr '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  johnmilesoffice.co.uk (inheritance scam)
18 Apr '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  sfcentre-uk.com (fake loan scam)
30 Apr '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  ulsterbankuk.com (lottery scam)
03 May '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  samuelmasele.net (ABSA BANK scam)
05 May '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  lg-groups.com (Iraq scam)
11 May '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  efcconline-ng.com  (EFCC scam)
18 May '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  bankerstrustuk.com  (lottery scam)
18 May '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  cm-designs.org  (fake job scam)
22 May '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  atmswiftcard-nigeria.com  (inheritance scam)
01 Jun '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  ocbc-my.com  (Malaysia "bank" scam)
12 Jun '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  efcc-mail.org  (Robert S.Mueller FBI scam)
23 Jun '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  efcc-mail.org  (Robert S.Mueller FBI scam)
04 Jul '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  uk-nbgroup.com  (fake bank scam)
17 Jul '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  generalhospitalgermany.com  (fake cancer patient scam)
25 Jul '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  mcrosoftonline.com  (lottery scam)
26 Jul '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  multisecfinancialservicesuk.com (Nigeria scam)
06 Aug '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  worldbnk.com  (World Bank scam)
11 Aug '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  educationfoundationonline.com  (lottery scam)
16 Aug '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  bnp-paribas-uk.com  (fake bank scam)
16 Aug '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  rbs-uk-group.com  (fake bank scam)
28 Aug '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  nigeria-usembassy-gov.com  (Nigeria scam)
29 Aug '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  hewlettco.com  (fake job scam)
03 Sep '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  staffordshiregate-intl.com  (fake bank scam)
08 Sep '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  sectiondepartment.com  (fake bank scam)
15 Sep '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  10iappz.info (test & keep Apple iPad Vs. Amazon Kindle)
07 Oct '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  irishclaim.com (lottery scam)
08 Oct '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  citibankplcc.com (fake bank scam)
09 Oct '10 - Asked eNom - NAME-SERVICES.COM (via Web form!) to close  intercontinentalbankplcngr.com (fake bank scam)








What about Domaincentral.com of Victoria, Australia?

Domaincentral hosts fraud websites - but does not appear to like terminating them. The company has a Web abuse reporting page which does not work. We tried to use this to ask them to close uyav.org which figures in a fake conference scam, but it responded by saying "Error(s):
Website doesn't exist for uyav.org". This is strange since there is (31 Oct. '09) such a website - with the following contact details: DR. CAITLYN O'ODONELL, secretary@uyav.org, United Youth Alliance for Victory, 700 5th Avenue, New York, NY 10036.

31 Oct. '09 - Asked Domaincentral.com to close uyav.org - by mailing info@domaincentral.com.
03 Nov. '09 - Asked Domaincentral.com to close jobs-contact-malaysia.com  by mailing info@domaincentral.com.
18 Jul. 2010 - tried to use  Domaincentral.com web form to report  dhlexpresscourier.co.uk - did not work, so mailed domains@australianstyleip.com. 

and Bottle Domains, Australia?

freelottouk.org , reported to netops@primus.com.au 1 Dec. '09.

and MELBOURNE IT, LTD., Australia?

Melbourneit.com does not seem to be very concerned about the criminals abusing its services. There seems to be no way to make fraud reports. The website is useless in this regard and mail reports appear to be ignored. 

16 Feb. '10 - Asked Melbourneit.com  to close fraud domain oneworld-post.com .

The company accepted registration of alfordsecurityserviceuk.com, alfordsuspenseaccountactivation.com and akrolegalfirm.com, used in fraud mail in February 2010. 

4 July 2010 Asked Melbourne IT to close cmbenglishbk.com. (lottery fraud).



And Domaincontrol.com (part of Godaddy.com?)

We are seeing examples of suspicious domains hosted by domaincontrol.com.

25 Nov. '09 - mailed abuse@godaddy.com to ask them to investigate business-corp.info .
"Address rejected abuse@DOMAINCONTROL.COM".

02 Dec. '09 - mailed abuse@godaddy.com (and filled out godaddy.com web form) to ask them to close efccstaffmails.com.
07 Dec. '09 - filled out godaddy.com web form to ask them to close midotmarketingconsultants.com .
12 Dec. '09 - filled out godaddy.com web form to ask them to close
efccstaffmails.com (again).
21 Dec. '09 - filled out godaddy.com web form to ask them to close atmcardapprovalslip.com.
07 Jan. '10 - filled out godaddy.com web form to ask them to close commonwealthlaw2010.org.
07 Jan. '10 - filled out godaddy.com web form to ask them to close metropolitan-police-uk.com.
24 Feb. '10 - filled out godaddy.com web form to ask them to close help-line-jobs.com, but the form did not work! Mailed abuse@godaddy.com.
26 Feb. '10 - filled out godaddy.com web form to ask them to close filmdark.com, but the form did not work! Mailed abuse@godaddy.com. 

16 March '10 Godaddy web form for abuse reports still does not work. Time spent filling it out (to ask for closure of unitenationsdept.com ) was rewarded with this rather useless error message "We apologize for this inconvenience, but an error has been detected".

31 March '10 - filled out godaddy.com web form to ask them to close dhlglobalservices.com (inheritance scam).
01 April '10 - filled out godaddy.com web form to report abuse of yuurok.com  (inheritance scam). Godaddy web form for abuse reports did not work.

01 April '10 - mailed abuse@godaddy.com to compain about moffb.org (fake job offer).
02 April '10 - Webform working - reported moffb.org abuse (fake job offer).
04 May '10 - Webform working - reported unioncreditbk.net  abuse (fake bank).
07 May '10 - Webform working - reported unitednations-online-un.org  abuse (fake UN).
19 May '10 - Webform working - reported un-events.org (fake UN conference).
20 May '10 - Webform working - reported centsbillion.com 
02 Jun '10 - Webform working - reported eurolottos.org (lottery swindle)
04 Jun '10 - Webform working - reported efcc-usa.org (Robert S. Mueller FBI scam)
12 Jun '10 - Webform working - reported uknationallotteryonline.net (lottery scam - how could the dolts allow this to be registered!!)
16 Jun '10 - Webform working - reported homeoffice-gov.com (fake job scam - how could the dolts allow this to be registered!!)
17 Jun '10 - Webform working - reported aberdeenoilgas.com (fake job scam)
30 Jun '10 - Webform working - reported un-summits.org (fake conference scam)
25 Jul '10 - Webform working - reported bankofeng-land.com (how could the dolts allow this?)
10 Aug '10 - Webform working - reported bntb-uk.com (fake bank site)
14 Aug '10 - Webform working - reported eurolottos.org (lottery swindle)
16 Aug '10 - Webform working - reported knoxlottouk.com (lottery swindle)
17 Aug '10 - Webform working - reported eurolottos.org (lottery swindle)
19 Aug '10 - Webform working - reported postalserviceinc.org (United Nation scam)
23 Aug '10 - Webform working - reported andersonsgroup.com (financial scam)
22 Oct '10 - Webform working - reported hsbc-email.com (fake bank scam)

 

Rapidswitch.com (Mr Site)

On 12th June 2010 we complained to abuse@rapidswitch.com on the grounds that they appeared to host unitedkingdomnationallotto.co.uk . This was their response:

"**PLEASE NOTE WE CANNOT PROCESS ABUSE REPORTS SENT BY TELEPHONE/POSTAL
MAIL**  We have received an abuse report, but we will not process. We are not the abuse contact for the IP address you listed in your report ..."

The fraud mail we forwarded was not sent via unitedkingdomnationallotto.co.uk but asked for replies to drpaulsmith@unitedkingdomnationallotto.co.uk. Another service provider has allowed the criminals to flourish, fooled by a simple device.  

Rapidswitch.com had already allowed the registrant to declare himself a UK individual (and thereby keep his address secret) - despite the obviously commercial overtones of the domain name.

So Rapidswitch.com will not properly process abuse reports sent by telephone, postal mail or e-mail. Their response to our report was signed "RapidSwitch Abuse Team". If the company actually has an abuse team (?) it might consider sacking its leader. He is asleep on the job and bringing the company and its Mr. Site product into disrepute.

  


Terra.com

worldbankauditors@terra.com.ve .

 




to be continued ...


  InterFraud / IFA Group, UK.  Please, before forwarding suspicious mail, check that you have included FULL INTERNET HEADERS (see below). It is not always possible to respond to reports of fraud mail, but appropriate action is always taken.