Anatomy of A Spammer / Scammer / Fraudster

Posted on June 13, 2006 by CS

Here’s a run down on my spammer/scammer would-be client in the saga that started on Saturday, June 3rd, 2006 and ended (hopefully) on Sunday, June 11, 2006. Notice how the name walter keeps on appearing in various email addresses, and luxmail.com appears as email provider in the second of the order forms , the same as email appearing in the spam emails sent from the account opened by the first order. Also the name Martin as first name for the “client” and Martins as last name for the one signing the spam email. They kind of all tie in, after all. It seems crooks who play with different identities tend to stay on familiar grounds and won’t vary too many of the lies all at the same time for fear of getting tripped.

  1. June 3, 2006.
    New order comes in from:

    Martin Carvajal ( strow_001@yahoo.com )
    Telephone: +1-201 785-1816
    Address: 40 Barr Lane, Monroe, NY,10950
    DOB: 1953-September-17
    Domain: accessuawithya.org
    Description:
    RemoteAddr : 207.67.146.191
    RemoteHost : 207.67.146.191
    Country: USA (CA) 

Payment made at 2CO and logged as:

Name: Martin Carvajal
Email: acesswalter1960@cs.com
Address: 40 Barr Lane Monroe NY, 10950 United States
Phone: 201-785-1816

IP: 207.67.146.191 ( United States )
Location: Wilmington, DE 19808
Country: United States (US)
Area Code: 302

Spam sent from newly created account.
Account closed, sent email confiscated.
2CO transaction cancelled.  

  • June 7, 2006.
    New order comes in from: 

    • Michael Nelson ( walter1@luxmail.com )
    Telephone: 714-538-4451
    Address: 3933 e greenwood,orange, CA 92869 USA
    DOB: 1964-December-17
    Domain: adminsitess.biz
    Description: i want to use these medium to developed my site for my company in LOs angelis
    RemoteAddr : 207.67.146.32
    Country: USA (CA)

    No payment made

  • June 9, 2006
    New order comes in from:

    Kristin Carey ( acesswalter1960@cs.com )
    Telephone: +1-404-805- 5069
    Address: 360 Pharr Rd,#640 ,Atlanta ,GA,30305 USA
    DOB: 1960-November-25
    Domain:
    Description:
    RemoteAddr : 207.67.146.137
    Country: USA (CA)Payment made at 2CO and logged as: 
    Name: Lyon Security LLC
    Email: acesswalter1960@cs.com
    Address: 3838 nw 36th #100 Oklahoma OK, 73112 United States
    Phone: 405-605-8085

    • IP: 207.67.146.137 ( United States )
    Location: Wilmington, DE 19808
    Country: United States (US)
    Area Code: 302

    2CO transaction cancelled. Rejected as fraud.

  • June 11, 2006.
    New order comes in from:    Michael Kleba ( walter012435@aol.com )
    Telephone: 262-780-6129
    Address: 5000 S. Towne Dr.,,New Berlin,WI,53151 USA
    DOB: 1950-November-25
    Domain: acessadmin2.org
    Description: i like hosting my website here.
    RemoteAddr : 195.93.60.69
    RemoteHost : cache-frr-ac05.proxy.aol.com
    Country: UNITED STATES

    • Payment made at 2CO and logged as: 

    Name: Michael Kleba
    Email: walter012435@aol.com
    Address: 5000 S. Towne Dr New Berlin WI, 53151 United States
    Phone: 262-780-6129

    IP: 81.199.62.41 ( Satellite Provider )
    Location: ???
    Country: Satellite Provider (A2)
    Area Code: ???

    2CO transaction cancelled. Rejected as fraud.

  • Below is a sample of one of the emails this individual sent to hundreds of email addresses, from his newly created hosting account, until I closed it down.Please note that I have no knowledge whether the company Uawithya is in any way involved with this, however their name and website were used by the spammer/scammer for this scheme.

    • Dear Sir/Madam, 

    I am the Chief Executive Officer of Uawithya Machinery Co.,Ltd.UMCLT is the leading supplier of high quality Quarry Equipment in Thailand . Established since 1968 we have developed a skilled and dedicated team as well as a reliable network of 10 Service and Distribution Centers .

    Uawithya is,sole Distributor for renowned World Class Manufacturers such as Furukawa, Metso Minerals,Liebherr,Sandvik, Rammer,Pewag,Terex and Wasagchemie,Due to long association with our suppliers and our thorough understanding of the working condition in Thai Quarries; we are able to offer a comprehensive service support for all of our products.Uawithya is the owner of Chai Explosives; a full range Explosives Manufacturer located in Pak Chong,Thailand.

    It is upon this note that we are writing you this mail to seek your assistance in representing our company in your locality as our RECEIVING AGENT/REPRESENTATIVE.One who will act as a medium for our clients in those locality to be reaching us with their payments and so on.

    Note that as a receiving Agent of our company,You will be entitled to a 10% commission of any amount you receive from our customers on behalf of the company as payments for outstanding debts or goods that they are wanting to buy

    We seek your honest cooperation and assistance to establish a cordial relationship with our clients.To facilitate the conclusion of this transaction if accepted,do send me by this email address:… the following mailto:officeofbenjamin1@luxmail.com

    1) Your Full name…………..and present occupation…………
    2) Telephone number…………..and Fax…………..
    3) Contact address…………….
    4) Age…………….
    5) Marital status…………….     

    Thanks in anticipation.

    Regards,

    Mr.Benjamin Martins chief executive
    Uawithya Machinery Co. ,Ltd
    www.uawithya.com

    Posted in Stuff | Comments Off on Anatomy of A Spammer / Scammer / Fraudster

    Battling the Fraudsters

    Posted on June 12, 2006 by CS

    Can you see how furious I am? Like I’ve got nothing better to do than cancel fraudulent orders for webhosting services.

    Some idiot (or a clan of idiots), driven by who know what absurd notion, have decided to keep on ordering hosting from me, paying for it as well, despite my knowing without the shadow of a doubt that it’s one and the same fraudster doing it.

    The jerk almost fooled me the first time. But when he didn’t ask a single question as would be normal from a genuine client, that arouse my suspicions and I was well inspired to take a look at just what he was doing with his account. Oh, wow! What else, he was sending out tons of spam! The theme was a scam as well. Not just selling meds and stuff, no siree, more like a cross between a Nigeria Scam and the Enron Scam.

    I of course canceled his account and reported him. But did he stop? No. A couple of days later he ordered again. He didn’t get to pay though because I had added a checkbox “I have read and agree with he terms and conditions…”. Yeah, well this only stopped him for a couple of days, while he must have consulted his ouija board . Then he again ordered and paid and I canceled it and reported him again. And again tonight. I must say the fraud team at www.2checkout.com will be having a ball with this character. Keeps them well oiled.

    I’ve got a long list of names he’s used as aliases, IP addresses and email addresses all just a little different yet all having one thing or another in common so that there’s no doubt in my mind that it’s one and the same pathetic crook.

    My calling his bluff prematurely must have disturbed his plans . Oh, my! sent out all that spam and no place to from which to send follow up spam! Enough to make a stupid crook weep.

    I’m debating whether I should post here all the information I have on my stupid spammer. Oh, I guess I will, but right now I need a rest and don’t much feel like digging all that stuff up. Tomorrow I think I shall add this unsavoury data.

    Hey , pal, if you read this , you’re history. You’re not using my server for your crap. I f I had my way, you and your acolytes would be doing 20 to life in a quarry with your legs and hands in shackles.

    Posted in Stuff | Comments Off on Battling the Fraudsters