| 6:13 pm on Mar 9, 2009 (gmt 0)|
Thanks for the heads up! We usually look at the IP address for any orders that have other red flags. But will now add IP checking to the initial red flag detection.
| 5:32 am on Mar 10, 2009 (gmt 0)|
Thank you for the heads up as well! No doubt a new way to scam us all! When are the credit card processors going to take some form of responsibility for all the fraud?
Trinorth you would be wise to implement the country block via CSF/LFD (if unix based server). That firewall setup has single handedly removed 99% of fraud from our servers originating in countries we do not want business obviously.
[edited by: MLHmptn at 5:40 am (utc) on Mar. 10, 2009]
| 12:37 pm on Mar 10, 2009 (gmt 0)|
IP checking on email is a good step, MLHmptn, we are taking your advice on country blocking. Thanks for the tip.
| 3:05 pm on Mar 10, 2009 (gmt 0)|
IP Checking is a must these days. I highly recommend using Maxmind for online payment verifications.... it checks ip, address as well as the email address.
Personally I have blocked almost all of africa from even viewing our site. We dont list an email address, but they have to contact us through a form which also snags their ip and checks it so that our sales people do not waste their time.
| 4:48 pm on Mar 10, 2009 (gmt 0)|
|These scammers are getting better all the time. |
Mostly they still just use the old Spanish prisoner scam from 100 years ago and advance fee deals that have been around forever. It would be interesting to see new, more clever variations. As tough times hit Europe, Asia and the West, we surely will!
Firms using inexperienced employees to fill orders should have supervisors sign off on large orders. Most people on this group have never come close to falling for these scams.
It isn't a brilliant scam when only one or two people in 10 million falls for it. These are more like bank burglaries where the crook finds the door open at night and the safe accidentally left unlocked (that does happen, by the way)
| 12:35 pm on Mar 11, 2009 (gmt 0)|
I have noticed that the typical scam emails "I want to order your products do you take credit cards" have become more focused, especially the ones from Australia. These now mention actual products on my site as well as products just in my niche.
| 1:26 pm on Mar 11, 2009 (gmt 0)|
With us it is still no mention of the actual products .. just "do you have a website" & "do you accept credit card for payment".
After playing along with a couple of these scams in the last 6 months, it turns out that they are not interested in stealing the products at all. They want you to forward the shipping payment to "their shipper" by Western Union and tack on the shipping charges on a stolen credit card. So they are cutting corners and trying to get right to the cash ASAP. They quickly give you the email address of "their shipper" who will have an address like billybobsshipping @ free email.com .
[edited by: Rugles at 1:27 pm (utc) on Mar. 11, 2009]
| 1:41 pm on Mar 11, 2009 (gmt 0)|
"I want buy your products.
I need large amount by air express.
Email and tell me what you sell"
About as sophisticated as pounding an old lady over the head with a sledge hammer and taking her coin purse!
Sadly, we're seeing the return of a far worse problem in our b/m business... bad checks. They had become almost extinct in the past decade. The financial loss isn't huge, but check fraud is very time consuming.
| 2:55 pm on Mar 11, 2009 (gmt 0)|
As unsophisticated as it seems, they must have enough success to keep it going.
| 3:15 pm on Mar 11, 2009 (gmt 0)|
The amount of work they are doing they could put into a real job. That's the part I don't get.
| 4:06 pm on Mar 11, 2009 (gmt 0)|
Have you ever seen a site that sells EXCLUSIVELY to Nigerians?
Just found a U.S. located site that sells bridal dresses for export to Nigeria. There's no phone or address shown although the domain is registered to a Nigerian name in Ohio. Would anyone buy expensive dresses for a wedding without even phoning the seller?
Very odd that all the dresses are the same retail price. Google shows almost no incoming links. They go into some detail about their secure shipping methods which use USPS into Nigeria.
To get pricing info or to buy, a shopper has to register his email address first.
Look up "omooba" in G. Seems scammy, or very inept at best.
| 7:30 pm on Mar 11, 2009 (gmt 0)|
RE: IP address checking: we do it also, but I don't rely on it too much. I'm pretty sure scammers will figure out proxies and ways to make this look legit pretty soon. Unfortunately, they're smart.
| 7:36 pm on Mar 11, 2009 (gmt 0)|
|fortunately, heard some extra clicks and dials of the phone forwarding system that the scammer used |
Just a FYI, I can get a telephone number in any of 180 countries and have it forwarded to a Nigerian phone without the clicks and dials you spotted. So don't rely on lack of clicks and dials as being an indicator that it's a local call.
The IP detection part is critical these days. I also use Maxmind which works very well (and it's cheap).
| 8:10 pm on Mar 11, 2009 (gmt 0)|
How can you IP check on emails.
I use maxmind, works great
| 8:41 pm on Mar 11, 2009 (gmt 0)|
Jsinger, are you suggesting that my fiance is not going to get her wedding dress that she paid for? ;-0
| 8:44 pm on Mar 11, 2009 (gmt 0)|
|How can you IP check on emails. |
It depends on the program you are using for your emails.
But you want to look at the Headers for the email. Then locate the Origonating IP address within the headers. Even if they are using Yahoo or Hotmail, it will still display the IP address they were using when they sent the email.
| 9:53 pm on Mar 11, 2009 (gmt 0)|
Rugles, what do you make of that site?
I may register with a disposable email address to see what pops into my inbox.
If I need to provide a Nigerian bio, I have lots of them in my trash file. Should I be the daughter of the late oil minister or the widow of the deposed leader of Ghana who was later done in by esophageal cancer?
| 2:31 pm on Mar 12, 2009 (gmt 0)|
I can not figure out the scam either. It seems to be targeted at Nigerian immigrants. But surely they are hipper to the scammers than anybody else.
If you have some time to kill, might be worth figuring out the scam. It might be the start of a new type of fraud.
| 8:00 am on Mar 13, 2009 (gmt 0)|
I see comments on one of my sites asking "How much would it cost me for 8 of these? let me know at etc." on pages where I've discussed a product but theres nothing for sale.
| 12:47 pm on Mar 14, 2009 (gmt 0)|
Hmm, may be the group is trying to make an eccomerce site that targets americans, but they screwed it up due to the language barrier?
| 9:03 pm on Mar 16, 2009 (gmt 0)|
|I can not figure out the scam either. It seems to be targeted at Nigerian immigrants. |
My best guess is that if this is a scam site, its intended target is merchant processors (online retailers, IPSPs, etc.)
Increasingly carder rings, (or buyers of stolen credit cards) will want to create a front business (i.e. a sham website) pretending to ship tangible goods (which don't exist) in order to fool inexperienced providers of merchant account services into giving them an account.
Then they run their stolen cards and hope that the money will be wired to them before the provider of the merchant account figures it out.
So in this case, perhaps this business website has been designed to explain why the IP addresses are from Nigeria for orders placed using US credit cards.
And yes, there are enough providers out there who either have such poor risk management, or just simply don't care, that they accept these kinds of 'businesses'.
Nice find jsinger.
| 9:30 pm on Mar 16, 2009 (gmt 0)|
|Just a FYI, I can get a telephone number in any of 180 countries and have it forwarded to a Nigerian phone without the clicks and dials you spotted. So don't rely on lack of clicks and dials as being an indicator that it's a local call. |
Google may have made it a bit easier for scammers to hide their location with Google Voice... I can see that service appealing to those with heavy travel schedules, the tech savvy, and scammers who wish to hide their location. Heck, maybe 7 scammers can get together and have one G Voice account forward to each of them.
Legit businesses vs. international scam artists, round 2!