Recently UnEarthed Phishing Expedition

re: http://www.davwebsoftinc.com/

by Paul Laudanski and James D. Littell, Sr., Computer Cops
February 16, 2004

Un-named sources from a major U.S. Internet Services Protocol (ISP) company, have unearthed a nasty little Phishing expedition.

While appearing to be a completely legitimate e-business domain website they ask for........... and obtain personal information from the victims.

Perpatrator DavWebSoft Inc., funny ......no cookies. I wonder why?

Said by the vic:

It is the first time I’ve been had by fraud and thankfully it was only for $9.95.

Somehow, somewhere, someone used my credit information to try and sneak past a small charge on my bank statement. The charge of $9.95 came from DAVWEBSOFT. Searching the web for DavWebSoft (DaveWebSoftInc or DaveWebSoft Inc) turns up a very suspicious web site. It appears “professionally” designed, but on closer inspection, many links simply do not work and news items are stolen from other sources.

WebSite: DavSoft’s is a near exact duplicate of these web sites: SBC Web Solutions, Stewart’s Precision Web Design, Eadens Enterprises, Fleming Software LLC, Global WebLine LLC, Studio A Design, Prosoftware Inc., Luministic Technologies, Kazland Software Corp., Bailey Consulting Group LLC, International Web Design, GToolboxes Technology INC., Tanya Web Design, Andersoft Inc., Panaginip Salohin Corp., Web Pages Made Easy LLC, E Software Tech Inc., Webtemp Solutions, Inc., and Resourcepdc Inc. Each site lists different fake addresses and phone numbers. Try contacting the phone number listed on any of the pages and you’re dumped into anonymous voice mail. Much to my amazement all the sites appear identical, wow!

Besides stolen copy, links that aren’t links, and duplicate web sites, the most obviously fraudulent element is that each main page has a link to “Don’t Recognize a Charge?” which then asks for credit and other personal information. Gah! What sort of company prominently displays “Don’t Recognize a Charge?” on their main page?! None, except fraudsters.

All Comments are listed here.

Check out: http://www.globalwebline.com/

The charge came from there and he went to the 'don't recognize a charge' link:
Example........http://www.globalwebline.com/b_order.php.......yields this result.
Customer Service
Please fill in the following information about your order:
Last 6 digits of your credit card number:
Billing Zip:
Your Name:
Phone:
EMail:

And went to the third radial option only to get asked some serious personal information ...
ALL WITHOUT BEING IN AN ENCRYPTED SSL SESSION! Yes, we are yelling here and for good reason. Folks continue to ignore all the warnings.
Talk about transmitting private data over unsecured connections.

This link http://www.globalwebline.com/c_order.php yields this result,
without entering a single piece of data and just clicking continue.
Thank You for the assistance! We will contact you as soon as possible.

All of this example has been easily replicated at DavWebSoft Inc.

If you happen to be a victim of fraud, report it to the FTC and the IFCC.

Source Stareat.us 7/8th's scroll down...........

Direct Link Source