Computer Cops - Recently UnEarthed Phishing Expedition

	Donations

	If you found this site helpful, please donate to help keep it online Don't want to use PayPal? Try our physical address

	Prime Choice

	· Head Lines · Advisories (All) · Dnld of the Week! · CCSP News Ltrs · Find a Cure! · Ian T's (AR 20) · Marcia's (QA2) · Bill G's (CO9) · Paul's (AR 5) · Robin's (AR 1) · Ian T's Archive · Marcia's Archive · Bill G's Archive · Paul's Archive · Robin's Archive

	Security Central

	· Home · Wireless · Bookmarks · CLSID · Columbia · Community · Downloads · Encyclopedia · Feedback (send) · Forums · Gallery · Giveaways · HijackThis · Journal · Members List · My Downloads · PremChat · Premium · Private Messages · Proxomitron · Quizz · Recommend Us · RegChat · Reviews · Search (Topics) · Sections · Software · Statistics · Stories Archive · Submit News · Surveys · Top · Topics · Web Links · Your Account

	CCSP Toolkit

	· Email Virus Scan · UDP Port Scanner · TCP Port Scanner · Trojan TCP Scan · Reveal Your IP · Algorithms · Whois · nmap port scanner · IPs Banned [?]

Survey

How much can you give to keep Computer Cops online?

	$10 up to $25 per year?
	$25 up to $50 per year?
	$10 up to $25 per month?
	$25 up to $50 per month?
	More than $50 per year?
	More than $50 per month?
	One time only?
	Other (please comment)

Results
Polls

Votes: 562
Comments: 14

Translate

Phishing: News by the Bosses!: Recently UnEarthed Phishing Expedition

Recently UnEarthed Phishing Expedition

re: http://www.davwebsoftinc.com/

by Paul Laudanski and James D. Littell, Sr., ComputerCops Command
February 16, 2004

Un-named sources from a major U.S. Internet Services Protocol (ISP) company, have unearthed a nasty little Phishing expedition.

While appearing to be a completely legitimate e-business domain website they ask for........... and obtain personal information from the victims.

Perpatrator DavWebSoft Inc., funny ......no cookies. I wonder why?

Said by the vic:

It is the first time I’ve been had by fraud and thankfully it was only for $9.95.

Somehow, somewhere, someone used my credit information to try and sneak past a small charge on my bank statement. The charge of $9.95 came from DAVWEBSOFT. Searching the web for DavWebSoft (DaveWebSoftInc or DaveWebSoft Inc) turns up a very suspicious web site. It appears “professionally” designed, but on closer inspection, many links simply do not work and news items are stolen from other sources.

WebSite: DavSoft’s is a near exact duplicate of these web sites: SBC Web Solutions, Stewart’s Precision Web Design, Eadens Enterprises, Fleming Software LLC, Global WebLine LLC, Studio A Design, Prosoftware Inc., Luministic Technologies, Kazland Software Corp., Bailey Consulting Group LLC, International Web Design, GToolboxes Technology INC., Tanya Web Design, Andersoft Inc., Panaginip Salohin Corp., Web Pages Made Easy LLC, E Software Tech Inc., Webtemp Solutions, Inc., and Resourcepdc Inc. Each site lists different fake addresses and phone numbers. Try contacting the phone number listed on any of the pages and you’re dumped into anonymous voice mail. Much to my amazement all the sites appear identical, wow!

Besides stolen copy, links that aren’t links, and duplicate web sites, the most obviously fraudulent element is that each main page has a link to “Don’t Recognize a Charge?” which then asks for credit and other personal information. Gah! What sort of company prominently displays “Don’t Recognize a Charge?” on their main page?! None, except fraudsters.

All Comments are listed here.

Check out: http://www.globalwebline.com/

The charge came from there and he went to the 'don't recognize a charge' link:
Example........http://www.globalwebline.com/b_order.php.......yields this result.
Customer Service
Please fill in the following information about your order:
Last 6 digits of your credit card number:
Billing Zip:
Your Name:
Phone:
EMail:

And went to the third radial option only to get asked some serious personal information ...
ALL WITHOUT BEING IN AN ENCRYPTED SSL SESSION! Yes, we are yelling here and for good reason. Folks continue to ignore all the warnings.
Talk about transmitting private data over unsecured connections.

This link http://www.globalwebline.com/c_order.php yields this result,
without entering a single piece of data and just clicking continue.
Thank You for the assistance! We will contact you as soon as possible.

All of this example has been easily replicated at DavWebSoft Inc.

If you happen to be a victim of fraud, report it to the FTC and the IFCC.

Source Stareat.us 7/8th's scroll down...........

Direct Link Source

Posted on Monday, 16 February 2004 @ 11:52:51 EST by phoenix22

	Login

	Nickname Password · New User? · Click here to create a registered account.

	Related Links

	· TrackBack (0) · PHP HomePage · HotScripts · Google Search Engine · W3 Consortium · More about Phishing · News by phoenix22 Most read story about Phishing: Recently UnEarthed Phishing Expedition

	Article Rating

	Average Score: 4.27 Votes: 18 Please take a second and vote for this article:

	Options

	Printer Friendly Page Send to a Friend

"Login" | Login/Create an Account | 102 comments | _SEARCHDIS

Threshold

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 18 February 2004 @ 10:28:47 EST

We had the same thing come up on our Visa

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 18 February 2004 @ 17:36:56 EST

This just happened to me. How did this company obtain my credit card info?

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 24 February 2004 @ 22:53:47 EST

Add me to this list...fortunately I stopped it before the charge finished going through and then canceled my card. Very fishy how a company uses an automated answering machine that doesn't even identify the company or at least the type of business, either someone went to the anti-business school, or got a BS in social engineering.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 10 March 2004 @ 14:12:52 EST

ME TOO!! And I'm pissed. It's only $10, but it's MY $10

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by ([email protected]) on Tuesday, 16 March 2004 @ 00:27:24 EST
(User Info | Send a Message) http://www.broadbandreports.com

Thank You, Thank You, Thank You!

I just checked my Citibank Statement. 2/22 davwebsoft.com Woodbury MN $9.95.

I just tried the domain and the site seems gone now. So, Google. Guess what comes up?

I used to use this card a lot, but hardly ever do any more. Litterly three transactions this month. Two local gas stations and CWD Kids. I also believe that this card is on my PayPal account. :/ At first I thought it might have been for filing taxes through TaxCut, but then I looked and found that someplace else.

I called CitiBank and they promptly removed the charge. The sad thing is, if they know it is an issue and they are only going to fix it for those that call in. :( I'm not saying they know, but from the turn out here I'm guessing a lot of accounts got hit.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 22 March 2004 @ 18:36:45 EST

Add another victim to the list. I just got hit on my MBNA card for $9.95. Try going to the website and it says it is down for technical reasons. Yeah, right. I am goin to fill out an internet fraud form at the FBI site online. Suggest you all do the same.

I have no idea how they got my card number. I only use this card for online transactions and those are rare.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Saturday, 01 May 2004 @ 10:35:46 EDT

Hi...I also just got hit by the same company on my charge card for $9.95. I took ur advice and filed a complaint with the FBI. Thank You for recommending them. Mine was under Platypus Templates.com

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 10 May 2004 @ 13:49:59 EDT

same website that i saw i my account, www.platypustemplates.com. I filed a complaint with the FBI, and contacted my bank to reverse the charge.

Wish i knew how they got my CC info...

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 11 May 2004 @ 18:45:59 EDT

I also got hit from platypustemplates.com for 9.95 I put the guys phone below. on another reply see jesse bailey if you want to call hes in tustin california and that 501 area code on their website is arkansas. go figure.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 11 May 2004 @ 21:12:26 EDT

Platypus hit me too. I got a credit but from my cc company and then this month something called videogame masters hit me. The co. said they never approved the sale due to no shipping info but did charge me and will credit me. NOW I have cancelled the card. My card was a TJX Cap One any correlation to anyone elses??

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 01 April 2004 @ 10:39:31 EST

Two amounts taken from my Dutch bank account, Mastercard, once $ 97,07 and once $ 142,22 in March by Old Navy On-liner 614-5642000.

Only payments I make via Internet is to McAfee and Amazon.com.

Regards,
Will

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Friday, 16 April 2004 @ 17:29:42 EDT

My MasterCard was just hit for 9.95 from Eadens.net. You're right--when I went to their website it had a link for why am I being billed--very strange. Got an email from their alleged customer service promising a refund. I wouldn't count on it. I'm off to contact my credit card company.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 26 April 2004 @ 16:39:47 EDT

AAAAAAAAAAARRRRRRRGGGGGGGGHHHHHHHHH!

Did your response look like this?

Dear ,

My name is Katerina Sorina and I represent EADENS.net Customer Service.
We got an e-mail from you reporting a charge of $9.95 on your credit
card. Thank you for reporting about this situation promptly.

I guess I should explain everything to you.
Our company produces web design products, mostly website templates -
primary web pages with no content. The price of each template is $9.95 so that your
card was charged for the price of a template bought on our website.

In this regard I have a very important question for you:
Are you sure that nobody but you has access to your credit card
information(name and number)? You see, if your card was charged
and you didn't know about that somebody does have your card
information and can use it. Please check it.

We have already removed the charge you reported. The refund will be
stated in the account within three or four business days.

Nevertheless I strongly recommend you to call your bank and ask them
to issue another card for you. Because if your card was once charged
without your notification there's no guarantee that the person
having access to the CC information wouldn't use it again.
It is also possible that some banking error occurred and your card
was charged by mistake but still please call them and talk it over.

Best regards,
Katerina Sorina, EADENS.net Customer Service mailto:[email protected]

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 03 May 2004 @ 17:37:18 EDT

Dear Katerina,
Have you ever heard of grand larceny?

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Saturday, 15 May 2004 @ 15:53:28 EDT

Today I received a statement with a charge of $9.95 for PLATYPUS Templates and reported it to my CC company immediately! FRAUD!

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 19 February 2004 @ 00:34:05 EST

My site, the stareat.us site that reported on this fraud was recently flooded by random spam using my movable type comment system. I applied a captcha security application to prevent the spam-flooding and about two hours ago my site's main paged was hacked, being replaced with the words, ***** YOU ALL!

Funny. Clearly I've irked the criminal nerds behind this fraud.

Again, if you happen to be a victim of fraud, please report it to both the FBI and IFCC so that they are able to build an adequate case file for their criminal investigation and prosecution.

-Eric Rolph

The full text archive from http://stareat.us/eric/archive/000572.html (Score: 0)
by Anonymous on Thursday, 19 February 2004 @ 00:40:12 EST

February 04, 2004

DavWebSoft Inc.

It is the first time I've been had by fraud and thankfully it was only for $9.95.

Somehow, somewhere, someone used my credit information to try and sneak past a small charge on my bank statement. The charge of $9.95 came from DAVWEBSOFT. Searching the web for DavWebSoft (DaveWebSoftInc or DaveWebSoft Inc) turns up a very suspicious web site. It appears professionally designed, but on closer inspection, many links simply do not work and news items are stolen from other sources.

WebDavSoft's is a near exact duplicate of these web sites: SBC Web Solutions, Stewart's Precision Web Design, Eadens Enterprises, Fleming Software LLC, Global WebLine LLC, Studio A Design, Prosoftware Inc, Luministic Technologies, Kazland Software Corp, Bailey Consulting Group LLC, International Web Design, GToolboxes Technology INC., Tanya Web Design, Andersoft Inc, Panaginip Salohin Corp, Web Pages Made Easy LLC, E Software Tech Inc., Webtemp Solutions, Inc, and Resourcepdc Inc. Each site lists different fake addresses and phone numbers. Try contacting the phone number listed on any of the pages and you're dumped into anonymous voice mail.

Besides stolen copy, links that aren't links, and duplicate web sites, the most obviously fraudulent element is that each main page has a link to Don't Recognize a Charge? which then asks for credit and other personal information. Gah! What sort of company prominently displays Don't Recognize a Charge? on their main page?! None, except fraudsters.

If you happen to be a victim of fraud, report it to the FTC and the IFCC.

Update: Computer Cops picked up the story and elaborate more on why DavWebSoft and it's associate sites are fraudsters.

Posted by Eric Rolph at February 4, 2004 03:29 AM | TrackBack
Comments
You can call your credit card company and have them reverse the charge. You do not have to be a victim of this fraud.

Posted by: librarian at February 9, 2004 02:04 PM
I had the same. Mine was charge on Jan 13. Your story is mine. Thanks for taking the time to post the info. I have contacted FTC and will do IFCC too.

Thanks Again
-Phillip

Posted by: Phillip at February 9, 2004 02:11 PM
Mr Rolph,

We are sorry that your were the victim of credit card fraud by someone that used our website. I would like to say:

1. DavWebSoft, Inc. is a legitimate company with a legitimate product (website templates).
2. We understand your frustration with credit card fraud and are trying to increase our security measures to eliminate it.
3. The email and phone numbers on our website are real. They are run by our parent company (located in a foreign country).
4. The other duplicate websites you mentioned are also affiliate companies selling the same product (thus the same web design).
5. You mentioned the Don't recognize a charge link on the website. This may be unorthodox but it is not fraudulent.

Unfortunately an online company like ours which sells a product that is delivered by download is an easy target for potential credit card fraud. Once again we are doing our best to increase our security.

Posted by: Anthony at February 10, 2004 09:23 AM
Anthony, tell it to the FBI ? your story about DavWebSoft does nothing to convince me that you're running a legitimate business. I've forwarded your email address onto both the FBI and FTC for their investigation.

Unfortunately, a company like yours can all too easily engage in illicit activities and claim otherwise. The internet has many legitimate business which anyone could trust, yours is not one of them.

Posted by: Eric at February 10, 2004 10:00 AM
I had the fraudulant charge on my credit card January 9, and immediately called the credit card company: without hesitation, they deleted the charge from my account. Wish I knew how they got my credit card number.

Read the rest of this comment...

]

Re: The full text archive from http://stareat.us/eric/archive/000572.html (Score: 0)
by Anonymous on Thursday, 15 April 2004 @ 04:13:44 EDT

It happened to me also. They are now using the name EADENS.NET Check your statements closely. 9.95 seems to be thier calling card. Yes it is PAYPAL. Someone at Paypal is selling peoples credit card numbers to crooks.

]

Re: The full text archive from http://stareat.us/eric/archive/000572.html (Score: 0)
by Anonymous on Thursday, 15 April 2004 @ 04:15:38 EDT

]

Stareat.us Log File of Hack (Score: 0)
by Anonymous on Thursday, 19 February 2004 @ 04:41:16 EST

217.155.43.49 - - [18/Feb/2004:17:44:04 -0800] GET /scgi-bin/mt/mt.cgi?__mode=rebuild_confirm&blog_id=2 HTTP/1.0 200 2787 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:05 -0800] GET /scgi-bin/mt/styles.css HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=rebuild_confirm&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:06 -0800] GET /scgi-bin/mt/images/spacer.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=rebuild_confirm&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:06 -0800] GET /scgi-bin/mt/images/logo-small.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=rebuild_confirm&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:17 -0800] GET /scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 HTTP/1.0 200 12692 http://stareat.us/scgi-bin/mt/mt.cgi?__mode=menu&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:19 -0800] GET /scgi-bin/mt/images/mt-logo.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:19 -0800] GET /scgi-bin/mt/images/lang-en-us/topnav-menu.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:19 -0800] GET /scgi-bin/mt/images/bar-back.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:20 -0800] GET /scgi-bin/mt/images/lang-en-us/topnav-help.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:21 -0800] GET /scgi-bin/mt/images/lang-en-us/topnav-logout.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:21 -0800] GET /scgi-bin/mt/images/lang-en-us/topnav-view-site.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:21 -0800] GET /scgi-bin/mt/images/lang-en-us/topnav-go-button.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:21 -0800] GET /scgi-bin/mt/images/lang-en-us/nav-post-label.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:22 -0800] GET /scgi-bin/mt/images/lang-en-us/nav-new-entry.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:22 -0800] GET /scgi-bin/mt/images/lang-en-us/nav-entries.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:22 -0800] GET /scgi-bin/mt/images/lang-en-us/nav-upload.gif HTTP/1.0 304 - http://stareat.us/scgi-bin/mt/mt.cgi?__mode=start_import&blog_id=2 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)
217.155.43.49 - - [18/Feb/2004:17:44:22 -0800] GET /scgi-bin/mt/images/lang-en-us/nav-manage-label.gif HTTP/1.0

Read the rest of this comment...

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by Paul on Thursday, 19 February 2004 @ 08:49:05 EST
(User Info | Send a Message) http://COMPUTERCOPS.BIZ

Hi Eric, can you register at this site using your site's email address to confirm that this is indeed you? Also I quickly checked below, I presume 217.155.43.49 is the source for the hack?

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by ericrolph on Thursday, 19 February 2004 @ 14:29:02 EST
(User Info | Send a Message) http://stareat.us

Hi Paul, I'm registered. Yeah, 217.155.43.49. If you have a way to privately contact you, I have more information including log files and an extensive list of whois information regarding the other fraudulent web sites.

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by Paul on Thursday, 19 February 2004 @ 17:11:08 EST
(User Info | Send a Message) http://COMPUTERCOPS.BIZ

Feel free to email me directly Eric. Its 'paul' at this domain address.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Friday, 20 February 2004 @ 23:18:44 EST

I just found a charge for globalwebline on my Mastercard bill for the 9.95 mentioned earlier. Does anyone have a thought on where they are tapping into these credit card numbers?

Andy

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by phoenix22 on Tuesday, 24 February 2004 @ 19:22:58 EST
(User Info | Send a Message) http://computercops.biz

not as of yet....but if we receive an update I'll be sure to post the info.....jd

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Friday, 27 February 2004 @ 02:41:18 EST

They got me, too, in January. Very concerned about where they got my credit card number. I'd be interested in talking with other victims to see if we have some commonality, such as a common vendor that we use. I bet three of us could narrow it down pretty quickly if it turns out a vendor credit card database was hacked. If they got the number via keystroke recording then it would probably be impossible to track down this way.

I contacted Davwebsoft.com and they claim they'll refund it. I'm not holding my breath and will contact my credit card co. and the FBI.

--b

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Friday, 27 February 2004 @ 21:12:16 EST

well if you want vendors...the only places my card was used in the last two months, and it wasn't used in February at all, but that's when they tried to get me...

SCRAP STOP ROUND ROCK TX

BABYCUPBOARD.COM RIVERVIEW FL

FLOWERS.COM,INC. 800-468-1141 NY

OLD NAVY ON-LINE 614-5642000 OH

AMAZON.CO.UK GBR

EXCHANGE CATALOG/ONLIN DALLAS TX

The only places since the New Year...if they got it in January, then they waited a month.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Saturday, 28 February 2004 @ 11:14:12 EST

Hmm, no match with you. How about someone else? Here are mine for the four months prior to the DAVWEBSOFT charge:

BUY.COM WWW.BUY.COM. CA
PAYPAL *PORTABLECOM 402-935-7733 CA
GOTOMYPC SERVICES 888-259-3826 CA
PARK TICKETS 202-289-2670 DC
STAPLES #990 800-333-3330 CA
PC *PC CONNECTION 800-800-0011 NH
2CO.COM*2CHECKOUT.COM 2CHECKOUT.COM OH
INBOXER SPAM FILTER 978-264-9845 MA
CDW*DIRECT 800-800-4CDW IL
PAYPAL *PCREBUILDER 402-935-7733 CA
AT&T INTERNET 800-8638277 NJ
RCN*STARPOWERCOMMUNICA 800-RINGRCN NJ
plus my dentist

-b

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Sunday, 29 February 2004 @ 17:09:17 EST

The charge was made to my account on 2/24. I found it today. They used www.globalwebline.com On your list I see Paypal. I used Paypal the same day to pay for an Ebay purchase. Paypal is the only similarity to your list.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 01 March 2004 @ 13:22:06 EST

I just got the same charge from DAVWEBSOFT, posted to my account 1/30. The only charges made to the account in the past two months have been AOL and Paypal.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Friday, 05 March 2004 @ 12:50:29 EST

Same story as everyone else, except my charge was for 9.95 to a prosoftwareink.net. I'm trying to track down all my recent transactions, though we may have to go back quite some time to track commonalities. I do have PayPal, but haven't used it in along time. Furthermore, the card that was charged is not listed in my PayPal accounts. Wait, just checked, yes it is listed in my PayPal. So count me in as a potential PayPal connection. I have no other apparent commonalities except maybe pcconnection, by virtue of the fact I have in the past ordered from MacConnection, which I think is the same company and accounting system. I have not ordered anything from them recently, but I think the last time I did about 8 months ago I used the card in question.

I did a bunch of whois lookups too and most of the entries are locked and privatized, go figure. The prosoftwareink.net currently has an active status, is private and was registered on February 11, 2004. Now prosoftwareinc.net, with a 'c' instead of a 'k' which is also registered by RegisterFly.com reveals a status of registrar-lock, was registered on the third and lists a British contact:

Registrant Contact:

Tracey Coy ([email protected])

+1.2089798718

Fax: +1.2089798718

6 Harnall CloseShirley, Solihull B90 4QS

GB

The IP address of your attack apparently was 217.155.43.49, and looks like it is in Brit land too, as a windows ping -a 217.155.43.49 reports: 'Pinging dsl-217-155-43-49.zen.co.uk [217.155.43.49] with 32 bytes of data:'

There's also a Houston conection possibly. I tracked some of the dns nameservers to houston entities. prosoftwareincorp.com nameservers are at ns.jaguarpc.net. The domain jaguarpc.net is registered to a Houston company, jaguarpc.net is under registrar-lock. There is apparently a ProSoftware, Inc in Houston, see:

http://www.insuranceproonline.com/contact.htm

I do not know if they're connected.

That's about all I got for now as I've just discovered the billing and have just started looking into it. I hope it helps.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Friday, 05 March 2004 @ 23:05:12 EST

What bank issued your card?
Me and another have had Capital One charged.
see below

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by ericrolph on Sunday, 07 March 2004 @ 14:15:01 EST
(User Info | Send a Message) http://stareat.us

I am Eric Rolph, the original poster who commented about this fraud at my site stareat.us. I had a Visa Card issued to me by a Boston bank. I don't think there is a card-type connection.

It could be that the card information was stolen from a physical retail location. And I wouldn't assume that the information was stolen recently because the fraud was committed recently.

Despite the amount of evidence, it is disheartening to see that the FBI still haven't tracked down the culprit. In any case, do not hesitate to contacting the FBI in reporting the crime. I assume the FBI won't act until their are enough people reporting on the fraud.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 08 March 2004 @ 14:36:52 EST

I also had a charge from ProSoftwareInk.Net on my BankOne (formerly FirstUSA) Visa card for $9.95 on 3/5/04. The only commonality I have with the others is a PayPal account and this card is listed on that account. I have disputed the charge and cancelled the account. I hope they didn't get my checking account information from PayPal!

Did you hear anything from the FBI? Should I forward them this information as well?

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 11 March 2004 @ 19:07:22 EST

I too got a charge from prosoftwareink.net and the common link is that I had a paypal charge earlier the same month (Feb)

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Friday, 12 March 2004 @ 20:54:55 EST

Same charge hit my BankOne (formerly FirstUSA) visa card on 2/28 from ProsoftwareInk.net I don't use this account often and charged to about 5 different vendors over the holiday season, all on-line (see below). Note that this account was listed on my paypal account but I haven't used paypal in at least 2 years.

Shutterfly
Snapfish
Joes stone crabs
Roadrunner Sports
Amazon

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by crimewatch on Friday, 02 April 2004 @ 18:40:03 EST
(User Info | Send a Message) http://crimewatch.

A friend of mine discovered the same charge when he received a credit statement from an obscure bank, MBNA America out of Willmington, DE. He's not even sure he ever had such a card.

Feel free to email me if you have any updates.

The info we ran is the same as above:

Running PROSOFTWAREINK.COM via a whois inquiry yields your address for domain inquiry. An associate of ours received a credit card charge attributed to this domain name. He has cancelled the card and beginning an identity theft criminal complaint. What if anything can you tell us about this domain.

Entering PROSOFTWAREINK.NET (the name on the credit card charge) in a browser results in: This site is currently unavailable due to technical reasons. If you have any questions please email us [email protected]

Registrant Contact:
Tracey Coy ([email protected])
+1.2089798718 (This is the same phone number that appears on the credit card statement less the +1)
Fax: +1.2089798718
6 Harnall Close
Shirley, Solihull B90 4QS
GB

Domain Name: PROSOFTWAREINCORP.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS.JAGUARPC.NET
Name Server: NS2.JAGUARPC.NET

Dave Jenest
crimewatch.us

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 24 March 2004 @ 13:06:08 EST

I used paypal also. Looks like it is showing up more and more on this list. Strange though, I started to place that credit card on my Paypal account but stopped just short of finanlizing the transaction. Could they be tapping in to the sign-up procedure?

-KS

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 20 April 2004 @ 01:02:26 EDT

att internet and long distance was a bill i paid with that card in addition to amazon.com

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 24 March 2004 @ 13:02:10 EST

I also used Amazon.com but in the US.

-KS

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Sunday, 28 March 2004 @ 17:34:02 EST

I've used Amazon as well *without* paypal. It is the only company I've used recently and I received a charge for 9.95 on 3/8.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 20 April 2004 @ 01:00:04 EDT

well if it helps any my husband and i were just hit on a sunday bless the holy day why dont ya. The common place I recently shopped with that particular card was amazon.com!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
9.95 was what we were hit for but it is our 9.95

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 22 April 2004 @ 11:21:39 EDT

I got this charge recently and through looking at these emails paypal and amazon are involved. I cancelled my debit card after receiving an unauthorized charge for $393 (after a $9.95 charge from pansal.com, must be the new one they are using to steal from people) from Amazon. I went to Paypal and removed all my credit cards and my one bank account that was the one that was charged. Obviously I cancelled my debit cards and am getting new ones.
I emailed support@whatever the fraudulent comapny was and got a response saying they would credit my card and in that email I received someone's name, probably a fake name but I am going to report it everywhere I can.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Sunday, 02 May 2004 @ 05:55:57 EDT

I also found a charge from pansal.com on 4/28/04. The companies I have used my Wachovia check card with are Amazon, Paypal, Vacuum Cleaner Shop, Buy.com and Barnes And Noble. The card was only a month old. It starting to look like Amazon has had their database of credit cards hacked again. I reported the incident to the FBI, and sent a link to this board. Hopefully they will do something to stop this.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 04 May 2004 @ 08:05:54 EDT

I too received a mysterious and unauthorized charge of $9.95 from Pansal.com My bank canceled the card and reissued a new one for my protection stating the $9.95 can be a way of seeing if the card is good, then higher unauthorized charges could come through as well. I also reported this fraud to the FBI Internet Fraud Complaint Center.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 11 May 2004 @ 18:38:29 EDT

I also was done for 9.95 on April 26, 2004 under the name platypustemplates.com I actually talk the the the guy Jesse Bailey Email:[email protected] 14921 Minneola Court Tustin, CA 92780 US Phone: +1.71422731. located this info on the net, Anyways hes says he's ligit. But I wonder? Have you noticed that all these site have in common is Service Provided By: RegisterFly.com

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 01 March 2004 @ 16:53:31 EST

I got hit too. Good scam they have, if you had a very active account you may not even notice the 9.95 and times that by a few thousands and WOW.
It is my business card and only my computer supply vendors and my ISP have the number. It was only activity in 2004. I have list of all 2003 vendors if that can help. I reported to credit card (Capitol One) and most recent vendor. I am a little shocked, first fraud for me.

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 03 March 2004 @ 01:50:51 EST

I got charged as well by davwebsoft.com with charges on 2/9. Do you all have any spyware installed such as spybot or bs spyware? My only charges were to amazon.com, highlights.com, signals.com, team1hq.com, and juno.com. I have not paid and don't intend to. Have filed with IFCC so far. Don't know how they obtained my number either. I tried their site today-note said it was down due to technical difficulties.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 03 March 2004 @ 22:16:21 EST

after reading all these I can't find a common theme. I do use Adaware and as I mentioned previously this card is only registered with a very few vendors and none similar to anyone else. No paypal (other card is registered to them) No one but me mentioned what bank the card came from.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 03 March 2004 @ 22:45:00 EST

Mine was a Capital One card as well! Anyone else?

b-

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Sunday, 14 March 2004 @ 18:49:28 EST

My card is a Capital One MileOnes business VISA that had a $9.95 charge on 3/8/04 from prosoftwareink.net

--M

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 03 March 2004 @ 10:00:38 EST

I am in the UK and also have been charged $9.95 on the 26th Feb 2004 by DAVWEBSOFTINC.COM, WOODBURY, USA.

This account has only been registered with PAYPAL. It has never been used for any other internet transactions.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 04 March 2004 @ 18:18:02 EST

Im in the UK and have identified a $9.95 payment (£5.49) on my bank statement. It was taken 01st March by DAVWEBSOFT but I don't recall anything unusual. I only use secure websites - I think?

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 09 March 2004 @ 13:26:39 EST

There was a charge for 9.95 put on my Capital One card 1/18 from Prosoftwareink.net. I just discovered it 3/8. I tried calling the 208 number in California; left my telephone number for a return call and now this is bothering me - any danger here? Also e-mailed a note to Prosoftwareinc.com thinking they were the company asking about the charge- was this dumb too? Capital One has reversed the charge. Used card over supposedly secure sites for clothing from reputable companies.

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 10 March 2004 @ 23:33:12 EST

Mine was charged on 2/16 and went through on 2/18 DAVWEBSOFT.COM WOODBURY MN. My credit card people did not have a phone number for this outfit, but the name seemed to arouse suspition as did just the $9.95 charge. They gave me the dispute number to call, which I will. I used my MC over the holidays with Highlights.com, the only connection I see. Hope

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 11 March 2004 @ 15:29:30 EST

mine was charged by resourcepdc.com ... 9.95. it was also on 2/16 - my credit card company replaced my card immediately, and reversed the charge. the card was never linked to paypal, but i use it for plenty of online purchases.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 24 March 2004 @ 14:29:24 EST

On 2/26 we were charged $9.95 by Resourcepdc.com --the most recent of your listed phony corporate addresses. My husband has never been thrilled at the security risk of ordering online, but I have carefully ordered over the Internet for at least four years and never had a problem.(When the option was available I would phone in all but the few final digits of our VISA number.) Indeed, a Computercop sweep of addresses/VISA numbers currently found on lists used by thieves came up clean a year or two ago.I will not be able to order over the Internet with confidence again, and my husband is furious. VISA is issuing a new card and has closed the original account. Eventually these people will put themselves out of bus iness if we're all afraid to order -- and they will take a huge segment of the economy with them.
-s.

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Sunday, 04 April 2004 @ 18:07:03 EDT

Ditto for me too from prosoftwareink.net - it can only be Amazon or my dentist for me - paypal doesn't have that card. Following that was a charge to transfer payment for $1151.01 - still trying to figure that one out but at least the credit card company took it off.

]

They're still at it - eadens.net (Score: 0)
by Anonymous on Monday, 05 April 2004 @ 14:03:07 EDT

Mine showed up as $9.95 from Eadens.net - same phoney looking website that has been described in earlier posts. The phone number given is 501-635-2252. The credit card statement says this is in Kentucky, but a search of the area code and prefix indicates Little Rock, Arkansas.

I, too, naively called and left a message requesting a call-back. Too bad it wasn't until AFTER this that I discovered this web site and this thread of fraud postings. I'm very grateful that this is here.

I've used my (VISA) account for PayPal and Amazon and a few others, but these are the two similarities in this thread that jump out.

bast*rds.

]

Follow-up: a few more thoughts (Score: 0)
by Anonymous on Tuesday, 06 April 2004 @ 15:59:40 EDT

I think that the $9.95 credit card charge is much more of a red herring than an attempt to collect money directly. I understand it is a very simple matter to charge any legitimate credit card account a charge such as the apparently common $9.95, without the need for the card holder's name or the expiration date of the card (could be wrong - this is what I've heard from someone who accidently charged the wrong account once - if you know differently, please share). This puts the charge on the victim's statement, causing them to investigate. If the victim finds the charging company's web site, and they naively follow the link that says Why are you charging me or whatever, they are asked for their name, phone number, billing zip code, and email address. This doesn't seem too intrusive, so the victim lets the bait a little deeper into their throat. I am not about to provide these losers with any more info about me, but I can only imagine that the next step is for these maggots to set the hook with an email to the victim, using their name, and phishing a little more for critical credit card (or other) data.

If anyone knows for sure what happens next, please share it here.

]

Re: They're still at it - eadens.net (Score: 1)
by RickTexas on Thursday, 15 April 2004 @ 17:59:15 EDT
(User Info | Send a Message)

The exact same thing showed up on my credit card today. I read your post before doing anything, so I didn't call them or give them any information. I went straight to my credit card company to dispute the charge. I haven't heard back from them yet.

]

Re: They're still at it - eadens.net (Score: 0)
by Anonymous on Thursday, 22 April 2004 @ 01:38:34 EDT

Darn it!! I read about this when I saw it (9.95) on my debit card. I called the bank and had my card cancelled and they still managed to pull it off since they had already received authorization. It sat pending for a week and then disappeared and then suddenly reappeared. First it was Eadens Enterprises Inc and when it was finally charged became Eadens.net. I reported it to the credit card fraud department, but let's face it, they are still able to skirt around anything we try. The phone number attached to the charge it bogus. When I read one person say it had to be their dentist or Amazon, it became clear it has to be Amazon. Darn. I liked ordering from them, but not anymore.

]

Re: They're still at it - eadens.net (Score: 0)
by Anonymous on Thursday, 22 April 2004 @ 11:02:19 EDT

This happened to me as well. I got the 9.95 Pansal.com charge and didn't recognize it. I never went to any website or anything giving my information. Someone said it was paypal that got hacked and si I removed all my information from them. A charge from Amazon showed up on my debit card today so I cancelled my cards. You said something about Amazon, what have you heard about that? Why do you think it is them rather than hackers buying from them with our money?

]

Re: They're still at it - eadens.net (Score: 0)
by Anonymous on Wednesday, 28 April 2004 @ 23:39:03 EDT

Hey I got that exact same thing. I got a fee on my bank account for 9.95 on April 22, 2004 which I don't know anything about. What did you do about it? I contacted my bank and had them check it.

]

Red Herrings - like a Rockford Files show (Score: 0)
by Anonymous on Friday, 30 April 2004 @ 09:36:46 EDT

Do you remember the old Rockford Files TV show? There was a two-part episode called The Gearjammers. Rockford foiled a ring of thieves who hijacked a bunch of 18-wheelers. At one point, it finally becomes clear that the hijackers aren't after the cargo in the trailers, they're stealing the tractors. While the cops are trying to make a connection between cargos of work gloves and cantalopes, the thieves are preparing to use the tractor rigs to steal trailers loaded with sable furs.

The point is, there's no use comparing where everyone has been using their credit cards to find commonality - this has nothing to do with Amazon, or PayPal, or any other legitimate business. It has everything to do with these scumbags RANDOMLY charging $9.95 to various credit card numbers. They DON'T need your name, billing address, or other info to get the charges through. They're simply banking (no pun intended) on being able to charge a small amount to a lot of victims' accounts, and trusting that most victims won't notice or won't bother to fight the charge.

DON'T BE A VICTIM. Monitor your credit card accounts closely, and immediately report fraudulent charges to your bank, to the FTC (http://www.ftc.gov), and to the IFCC (http://www1.ifccfbi.gov/index.asp).

]

Re: They're still at it - eadens.net (Score: 0)
by Anonymous on Monday, 03 May 2004 @ 17:33:25 EDT

They got me last week, my bank refunded my money, pending an investigation. I have never ordered from Amazon, but I have used PayPal when using ebay. Can't something be done to catch these crooks?!!

]

Re: They're still at it - eadens.net (Score: 0)
by Anonymous on Tuesday, 04 May 2004 @ 11:48:14 EDT

It happened to me too. I don't know how they got the number, but when I e-mailed them with the complaint ~ they sent a reply stating that it would be taken off right away...but the e-mail was so suspect that I began searching the net...and here I am. SCAMMED BY THOSE F*&%#@S!!! You're right it's a bogus phone number ~ and definately a fraudulent web site.
I'm reporting it to:
https://www.ifccfbi.gov
Hope you'll ALL do the same!!!!!!!!!!!!

]

Re: They're still at it - eadens.net (Score: 0)
by Anonymous on Tuesday, 18 May 2004 @ 12:48:18 EDT

I had this happen, did an online identity fraud report with the FTC and cancelled my credit card. My credit card company told me they were going ot cancel the account immediately and also credited the amount back to me. I left my name and a cell phone number (thankfully nothing else) with Eadens.net website before I found this site and told them about the charge. They sent me that same template email and that they'd credit my account back. Well, I checked my account activity today and they actually DID credit back to my account (the old number) the day before it got cancelled. Is that weird or not? I called my credit card company and asked if Eadens.net would be able to access my account anymore for billing it and they said NO, since that account is closed.

I think that www.amazon.com was the site that allowed my credit card number to be used since they saved my cc number without my permission and knowledge in my supposedly password protected account. I had them delete my entire account there so any personal information can not be accessed.

My advice: Research those virtual credit card numbers or temporary cc numbers that you can get for online purchases. They deactivate after one use or a certain period of time, so your actual account number is protected. Also, call your cc company and ask them about how much you're covered for in the event of unathorized charges. Mine will only hold me liable for $50 at most (although they immediately credited me back the $9.95) and absolutely NOTHING after that. Which is a relief! I would not want to be testing that though. I'm just lucky that they did not charge more. I can't believe it was so easy for them to do that!

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 05 April 2004 @ 21:22:28 EDT

I have NEVER put in a creditcard number unless I see the little lock in the lower portion of the screen. I have used the card on ebay, paypal and amazon.com. Where to we go to contact the FTC and ifcc?

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by ladysilver on Monday, 19 April 2004 @ 11:10:32 EDT
(User Info | Send a Message)

I had a similar situation a couple of years back with some business cards I ordered. My credit card info was given to a third-party vendor without my permission and my credit card was charged over $50 for a service I never ordered, authorised, or used. I got my money back, but not until I complained to the state where the company was dba.

I went the whole route:

Better Business Bureau - useless. They sent a fax to the company. Big help there.

FTC - the FTC gathers info on fraud and reporting it to them is a good idea, but all they did was record my complaint. I wanted my money back, not just to report the bad guys. I got the impression from the person I spoke with that they are concerned with major fraud issues.

Attorney General - I finally contacted the attorney general's consumer fraud division for the state where the company that ripped me off was dba. That got results. After relentlessly pursuing this company for almost a year, I got a certified letter from the state of VA with a check from the company for the full amount in about a month after contacting the attorney general's office.

To complain to the FTC: http://www.ftc.gov/

If you are in the USA, do a Google search for the attorney general's consumer fraud division of the state where the company is located. If the website has a fraudulent (or no) address, do a WHOIS to find out who owns the site.

I think what these people do is hope the 10, 20, 50 they rippoff won't be worth the trouble of a long fight to get it back. IMO, even if it's only a dollar, they have no right to steal it & it's worth fighting for if only to shut them down.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 06 April 2004 @ 19:32:51 EDT

Just checked bank statement, $9.95 taken from Visa debit card. Very concerned... Will notify authorities

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 15 April 2004 @ 05:07:19 EDT

I was recently (March 31st) charged 9.95 on my Visa card with USAA Bank. The charge was from Pansal.com. The bank gave me a number supposedly in New Jersey. Same answering machine mesage to leave message or send fax. The website for Pansal gives the same phony This site is currently unavailable due to technical reasons. If you have any questions please email us at: [email protected]. I purchase from many companies online with no previous problems. I did register with PayPal but that has been at least 6 months or more ago. About a week before this charge appeared, I did give my credit card number over the phone to a support person with Hewlett Packard (HP printers) who was in India (many of their phone calls are handled in India...very common with many different companies including AOL). Has anyone given their card number over the phone to any of these phone jockeys in India?

I plan on sending info on this fraud to Clark Howard (American radio consumer advocate).

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 26 April 2004 @ 11:56:46 EDT

I had a similar experience with a $9.95 charge by Pansal.com to my ATM card. I detected the charge while balancing my checking acount. I suspect many people simply accept a small charge in the belief that they must have forgotten to write down some small expense. If Pansal.com steals $9.95 from 100,000 accounts, that's a million bucks with little risk. I have reported the fraud to the FBI on their internet fraud site.

I also plan to report to the California attorney general's consumer fraud unit.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Saturday, 08 May 2004 @ 13:47:23 EDT

Guess what, It happened to me too on May 3rd. I just had to cancel my Visa check card this morning. I shop online often, but mainly only go to the same 3 websites (drugstore.com, beauty.com, sephora.com). I pay my SprintPCS bill online and my monthly Gold's Gym membership fee is charged to this card number. I use my check card almost everywhere I shop. I'm sure that we all have one store in common. I'm from Massachusetts. I've recenlty used this Visa card at Marshall's, TJ Maxx, Stop & Shop (I think that's only in New England), JC Penney, Target, and Kitchen's Etc. Have any of you used your card at one of these stores lately? Please keep me updated ([email protected]).

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 26 April 2004 @ 18:36:32 EDT

I, also, was charged $9.95 on 19.04.2004. However,
I did not give my card number to anyone over the phone. Not sure of how these people got my card number.

]

Pansal (Score: 0)
by Anonymous on Tuesday, 27 April 2004 @ 18:52:02 EDT

I experienced the same problem. On April 12 my Visa Bank Card was charged $9.95. I called the number and got the same message and tried the same website...nothing.
In answer to your question...I have not given my credit card number to anyone over the phone. I use that card to make purchases online i.e. airline tickets, books, coffee, music. I used PayPal twice in the last year. I cannot make any connections.
Did you ever figure this out? I am working with my bank currently.

]

Pansal (Score: 0)
by Anonymous on Tuesday, 27 April 2004 @ 18:53:08 EDT

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Friday, 07 May 2004 @ 08:10:25 EDT

Have you gotten any further information? The same $9.95 was charged to my check card. email me at [email protected]

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 10 May 2004 @ 17:56:46 EDT

I posted the April 26 message concerning Pansal.com. Here is some additional information.

When I attempted to contact Pansal.com on the Internet, I was referred to Panaginipsalohin.com. I sent them an email and told them I had reported the case to the FBI's Internet fraud unit. I did receive a very non-credible response from a Kate Miller claiming to be the customer service representative. She said this was obviously a mistake wherein a customer seeking to purchase a web template must have typed in the wrong ATM number, resulting in a charge to me. This simply does not happen -- the name, card number, billing address, and expiration date must all match for a transaction to go through.

The charge was reversed, and Wells Fargo Bank dropped the inquiry once I received a credit. This is very disappointing as I believe the fraud is widespread based on what I have seen on Computer Cops.

I urge others to file a complaint with the FBI.

John Greenagel ([email protected])

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 11 May 2004 @ 14:35:32 EDT

Nice site this Computer Cops,
After getting my M/C bill and seeing PANSAL.COM charges 2x at $9.95 on 4/5/04 and then a Credit of $9.95 on 4/6/04 I did a little Dogpile web search and got here. My bet it's PayPal because that is the only thing I have in common with the others.
I have contacted my M/C company and refused this...they said they will credit my account.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 11 May 2004 @ 14:39:51 EDT

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 11 May 2004 @ 17:16:26 EDT

I was also charged $9.95 by pansal.com, and wrote to the email address they provided on their non-functioning web site. I got a reply from a Kate Miller:

-------------------------------------------------

Hello,

My name is Kate Miller and I represent PanSal.Com Customer Service. We got an e-mail from you reporting a charge of $9.95 on your credit card. Thank you for reporting about this situation promptly.

First I guess I should explain everything to you. Our company produces web templates - primary web pages with no content. The price of each template is $9.95 so that your card was charged for the price of a template bought on our website.

We searched our database and found that this transaction was not made under your name. May be somebody made a mistake and typed not his/her card number.Since the charge you report was not in your name we will surely remove it. The refund will be then stated in your account within three or four business days.

Since the products we sell are delivered online we can't know who used your credit card information. The only thing we can do to solve this problem is to make a refund to the person who doesn't recognize a charge.

Sincerely,

Kate Miller
PanSal.Com. Customer Service.

-------------------------------------------------

Shortly after, my credit card was reimbursed for the $9.95, but I still need to address any outstanding security issues. I also do NOT use unsecure sites, NEVER give any credit card info over the phone, and have no idea how they got my number.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 12 May 2004 @ 10:59:14 EDT

I received precisely the same bogus response from Kate Miller, except that she said she represents Panaginipsalohin.com, the URL to which you are referred if you try to reach Pansal.com.

I found this response totally lacking in credibility for a number of reasons. You can't order anything from Pansal.com because it's a non-functioning site. My experience has been that if you make any kind of mistake in typing in an ATM or credit card number -- a misspelled name, omitted middle initial, or erroneous expiration date -- the charge is rejected. The idea that a product ordered by John Doe could be charged to Richard Roe because of a typo is preposterous!

Don't let this matter drop just because they are crediting you for the fraudulent charge. Report these crooks to the authorities, including the FBI.

Good luck.

[email protected]

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 18 May 2004 @ 20:42:17 EDT

I just found the same charge from Pansal.com on my credit card bill. I haven't used PayPal in over a year. I'm with you. Keep going after this company. Don't let your credit card company just give you your money back. This could be bigger than anyone can imagine!

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by PansalDotComISaFraud on Tuesday, 01 June 2004 @ 22:54:50 EDT
(User Info | Send a Message)

My credit card was defrauded by this company. First there website has this info:

This site is currently unavailable due to technical reasons. If you have any questions please email us

This is no doubt to place another barrier between the people whose money were stolen from them and the thiefs.

There was an email address after that message and I got the same standard reply the rest of you got. I reported this crime to my credit card and to the FBI, as suggested here before, the cc company is reversing the charges hopefully by some small luck Pansal will also reverse the charges which would be some small consolation if it sticks.

What's wrong with this country when anyone can set up shop and start charging peoples cards, they should have been shut down yesterday.

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by PansalDotComISaFraud on Tuesday, 01 June 2004 @ 23:09:07 EDT
(User Info | Send a Message)

Is Paypal connected to Pansal.comISaFraud somehow?

I just found the same charge from Pansal.com on my credit card bill. I haven't used PayPal in over a year.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 13 May 2004 @ 13:52:17 EDT

Funny - the PanSal response is THE EXACT SAME as E-Zsoft.com who charged me $ 9.95 - this scam is bigger than anyone can probably imagine

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 22 April 2004 @ 10:42:29 EDT

I had the same $9.95 charge on my card statement from Eadens.net. I called the card company to dispute the charge and they said they would credit that amount as a courtesy since it cost more than that to dispute a charge. So that means these lowlifes GET AWAY WITH IT! What does it take for someone to go after these guys?

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Saturday, 24 April 2004 @ 07:50:00 EDT

I too have been scammed by EADENS.NET. Only difference here is that I NEVER purchase online.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 19 May 2004 @ 12:17:38 EDT

If you never purchase anything online, then do you do online banking or check your credit card online? what sites do you go to? What type of banks or credit card companies do you have? Mine is Wells Fargo and also Bank One or First Usa (they got bought out by Bank One).

Maybe it's a bank or credit card employee selling our information.

This is a terrible disaster. I am so paranoid now about every little charge I see and am wondering if it could get any worse. Has anyone here had further episodes of identity theft or other types of fraud happen even after closing their accounts?

The one thing about this site that bothers me is that link about Donating to Paypal to keep it active. I mean, many of us are saying that PayPal might be involved so why would we want to donate to PayPal? Doesn't seem smart. Did everyone get their credit reports and also put a fraud alert on their credit reports (to be reported to all three agencies)?

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 19 May 2004 @ 12:19:46 EDT

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Saturday, 24 April 2004 @ 11:47:35 EDT

Yep Ive been hit too, to the tune of approx $140, not impressed as i very rarely use my credit card (thats the only reason I noticed, the hit was nearly 2 weeks ago. Got to contact my bank and everything now

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Monday, 26 April 2004 @ 13:43:22 EDT

I think a new website name is also being used. I had a charge for $4.95 from WP-ACTIVE-NEWS.COM.

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Saturday, 08 May 2004 @ 23:02:56 EDT

I THINK THERE IS ANOTHER WEBSITE NAME IS BEING USED. I HAD A CHARGE FOR $4.95 FROM 2CHECKOUT. OH. i CANCELED MY VISA CARD ALREADY.... DID YOU GET YOUR CHARGE RETURNED? HOW DID YOU GET HELP WITH? MY BANK SAYS I CAN GET ONCE THE CHARGE IS PAID...DID YOU TRY THE SAME THING? THANK YOU!! PLEASE REPLY TO [email protected]

]

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Tuesday, 11 May 2004 @ 13:30:33 EDT

I too was slammed by the charge, in January I had a Paypal transaction, is anyone seeing a pattern here, someone at Paypal is leaking

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 12 May 2004 @ 17:48:59 EDT

Tuesday, May 11, 2004

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Wednesday, 12 May 2004 @ 17:56:40 EDT

Monday, May 10, 2004 my bank account was charged 9.95 by Pansalcorp.com

Re: Recently UnEarthed Phishing Expedition (Score: 0)
by Anonymous on Thursday, 13 May 2004 @ 13:12:45 EDT

Me too - E-Zsoft.com - same amount $9.95

]

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by peachy84 on Thursday, 27 May 2004 @ 14:22:54 EDT
(User Info | Send a Message)

PLEASE PLEASE PLEASE REPORT THIS TO THE FTC AND THE IFCC.

If you have been charged by any of these sites, please reprt it. the more reports received, the better the chances of these ppl getting caught. it takes very little time, about 5 mins to call the FTC, and maybe 10 mins to file an online report with the IFCC.
And watch your statements carefully, let your friends know to watch out as well.

Re: Recently UnEarthed Phishing Expedition (Score: 1)
by f8dy on Thursday, 03 June 2004 @ 21:17:43 EDT
(User Info | Send a Message) http://diveintomark.org/

The scammers have discovered this site. About six weeks ago, I mentioned Platypus Templates on my weblog and pointed to this article and discussion. Today I got this in my inbox from the scammers' customer service rep (yeah right). He identified himself as Oleg Borisov at [email protected] (yes, hotmail).

This is the complete text:

Dear Mark,

My name is Oleg Borisov and I represent Bailey Consulting Group customer service.
I would like to contact you because of the publication you have placed on your website www.diveintomark.org concerning our company.

First I guess I should explain everything to you.
Our company produces webdesign and templates - primary web pages with no content. We have been working successfully for more than two years and continue to develop our products and services.

Mark, I read attentively the information given on your website and we want you to remove the negative information about our company with no delay. It can affect the business we have and the business name severely. I have been in touch with the people from Computer Cops where a simular publication is placed. Is is very strange that somebody calls us scammers having not even contacting a customer service representative. We have nothing to do with any kind of scam and we are not asking for any kind of personal information.

We do have a link What is Bailey Consulting Group LLC billing me for? The use of this link is caused by a system breakdown we had in April when we lost transaction records for seven days and it did happen that some people were charged incorrectly. It resulted in chargebacks from our account and calls from a few irated individuals. In this situation we are suffering financial losses like chargebacks and have to prove having a legitimate business. We are a small company and all these negative results may be fatal for the good business name and the whole business.

Please feel free to get in touch with the at any time and I will be delighted to answer any of your possible questions. One more time: please remove the negative information concerning our company.

Best regards,,
Oleg Borisov.
Bailey Consulting Group LLC Customer Service.

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


	Home · Topics · Submit News · Top 10 This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 338 pages served in previous 5 minutes. Page Generation: 0.768 seconds.