supermikenews

My views on software, programming, Linux, the Internet, government, taxation, working, and life.

Saturday, September 16, 2006

Blueprints of an Internet Phishing Attack


I'm going to show you how to find signs of an Internet scam that you could easily get caught up in, and then explain a real one going on right now.

Take a look at the following two links for a so-called "job opening" at a place called AVT Designs, supposedly based out of Spain. I received this job opening request through the email because of a resume I placed on an employment classifieds website.

The Job Opening Advertisement
http://www.avt-designs.com/acc_payable.htm

The Main Website Page
http://www.avt-designs.com/

To get to the short of this, anyone familiar with banking, such as good bank manager, can tell you this is a very common scam they see these days. I'll tell you the answer right away what this is, but then I'll also show you some signs you can follow to detect these kinds of sites.

The initial job plea was for someone to receive checks for them in the USA because they're based in Spain. You'll only do this for a few months until they start a USA office in a few months. You'll receive checks with real money that you can cash at the bank, and then take your cut and Western Union the rest. Sounds great, right? Not quite.

The scam works like this. This so-called company gets you to receive a so-called check from someone. You endorse and cash it. Sure enough, the real cash is in your hands. You take your whatever percent and then Western Union the rest. However, in so many days, the bank finds that the initial check bounced. They then see you endorsed it and call you for the cash. When you tell them what you did, they send the sheriff out to your house for the cash, which you don't have. You might think, but then that wouldn't be productive for the Spanish company because they couldn't reuse you over and over, but wait...they won't need to. Instead, they get thousands of people to do this and by then they shut down the operation and start another one with another number and another phony country. They get all the cash and you only got a measly 12% from the bank that the bank will want back. And what better place to lure people into such a scam then supposedly down-and-out suckers like me posting his resume on the web.

I'm telling you folks, the Internet can be dangerous out there and you have to watch who you trust and with whom you share personal information.

Here's some clues on the website to show you it's a scam:

  1. First, look at what they do. Supposedly they're in the Internet eCommerce and design business, but look at the poor quality of the graphics for their own homepage. The fonts are not anti-aliased properly and are blurry. The circle with the 3 balls on it almost breaks apart. You can almost not really make out "BEST THAT YOU WILL EVER GET". Notice also some broken links on the page that take you to nothing, and the pipe character that separates the menu items has a problem at the bottom of the homepage between "Contact us" and "Proposal". So this should give you a hint that this is done by amateurs who don't really do what they say they do. Also, there are grammar errors and even capitalization errors on the site.

  2. Supposedly the business is in Spain, but they do not give you one of these "English | Spanish" links you see on such sites.

  3. Not that this is a strong indicator, but notice that when you do a 'whois' search on the Internet for who purchased this domain 'avt-designs.com', you get a generic address and not the original purchaser -- they have cloaked themselves. Sometimes this is legitimate in order to minimize spam, but it's also a way for sham businesses to have phony fronts.

  4. This page (http://www.avt-designs.com/what_we_do.htm) was slapped together so fast that they call themselves "ATS Designs" instead of "AVT Designs". Seem like a careless mistake? Not so for a sham organization doing this scam over and over again -- they're so confused they forget to change their web pages as they edit them for the different versions and different phony companies.

  5. If you hit this page (http://www.avt-designs.com/request_proposal.asp) you just might actually end up seeing the server source by accident! And, inside, it reveals that mail on the site goes to marketing@pugmarksdesign.com which is, by a 'whois' search, owned by Pugmarks Design Studio out of Chandigarh, UT province in India to a name of Atul Gupta, also known as atul@atulgupta.com. So for a company out of Spain, why do you send your request for an appraisal of your website requirements to India instead of Spain? And why does the website owner do such a terrible job of not setting the web server up properly such that you can see the source code for the site? Still, I do not mean to say that Atul Gupta has anything to do with this Internet company at all -- in fact, Atul could be completely innocent and they merely tried to make a site for this criminal, leaving some stuff in, and the criminal edited it poorly and got it hosted in San Francisco through PlanetDomain.com.

  6. Look at the wording of the site. Would you want to work for an organization with the thug-like phrasing "Best that you'll ever get"? C'mon! And is this site an example of the best you'll ever get? No, not even close.

  7. Supposedly checks will arrive between $1000 and $2500 a piece. They'll be addressed to your USA address or postal office box that you had provided, but under a company name. So who the heck in the United States pays for an Internet website package and sends the funds by check? Not me. If they won't receive it by PayPal or Credit Card, they don't get my cash.

  8. It's been discussed already before. I did a cut of the first paragraph of the "plea" on the career posting, and pasted it into Google. A scam detector site has already investigated this and came back with a thorough analysis: http://www.scamorama.com/jobscam2.html. First paragraphs of pleas can always be typed into Google and more than likely it will come back with a scam link or nothing at all. If it comes back with a scam link, especially if there are other factors you already detected, then more than likely it's a real scam.

  9. The scam detector site scamorama.com indicated that the tell-tale signs were a request to Western Union money for them and that they do this repeat business of taking a legitimate site, changing the pages a little, and reusing it for a scam site. However, they're clumsy at it and there are tell-tale signs in the page to show this clumsiness. Today it's an internet design site, but in other days it could be a golfing equipment site, or antique site, or whatever.



Folks, watch yourself out there. You need to know who you're dealing with on the Internet.

6 Comments:

  • At Wed Sep 27, 07:32:00 AM MST , Anonymous Matt said...

    Thanks Super Mike. I too have a resume posted online and received this. Although not down on my luck, I was still intrigued. The first thing I do when I think it is too good to be true is go to Google type the company name and sucks behind it (avt-design sucks) and inevitably someone like you tells me it's a scam. That's how I found you! Thanks again. -Matt

     
  • At Wed Sep 27, 11:25:00 AM MST , Anonymous Anonymous said...

    Thanks, this was the third letter like this I got in the last three days. Thanks for saving me from this trap(crap!)

     
  • At Fri Sep 29, 07:42:00 AM MST , Anonymous Max said...

    I thought it was to good to be true I even emailed the dude a bunch a questions about it and sure enough no response and the site is down. Working with Overseas businesses you can always wire funds so this is a scam.

     
  • At Tue Oct 03, 09:14:00 AM MST , Blogger Jim said...

    Same thing.. I got several from them, did a search, and came up on your site.

     
  • At Tue Oct 10, 12:34:00 PM MST , Anonymous Anonymous said...

    I got caught in the same thing I went as fard as receiving 2 checks then came across you web site

     
  • At Wed Oct 18, 12:45:00 PM MST , Blogger angelicmom said...

    I received two checks actually post marked from Spain, took them to the bank had a hold put on them...e-mailed the dude now let's see what happens

     

Post a Comment

Subscribe to Post Comments [Atom]

<< Home