Unauthorized charges
Complaint
Terry
Country: United States
Noticed a charge on my card from MYLIBERIA.COM 503-616-3843 for $6.97.
Immediately disputed the transaction with my bank and they promptly credited the amount back. I wrote to MYLIBERIA.COM and now waiting for their response. The phone number on record for this transaction is 503-616-3843.
Immediately disputed the transaction with my bank and they promptly credited the amount back. I wrote to MYLIBERIA.COM and now waiting for their response. The phone number on record for this transaction is 503-616-3843.
Comments
Registrant:
myPublishing
One Leicester Place
Leicester Square
London, London WC2H 7BP
uk
Registrar: DOTREGISTRAR
Domain Name: MYLIBERIA.COM
Created on: 25-OCT-03
Expires on: 25-OCT-08
Last Updated on: 22-OCT-07
Administrative, Technical Contact:
, myPublishing ar@brandcasting.com
One Leicester Place
Leicester Square
London, London WC2H 7BP
uk
+44 207 494 2020
+44 207 494 4040
Domain servers in listed order:
NS0.SERVE.CO.UK
NS0.SERVE.NET.UK
Complaints start in september 2007, and increase in rate to the present.
http://www.cjupin.com/2007/09/13/credit-card-scam-digismarketcom
That page had a link to this report, with details about a large "ebook" small charge fraud organization that has been going on for a couple years under many different websites/company names. Very good research.
http://www.dslreports.com/forum/r19620593-Ebo ... DigitalAgePluto
Report includes "mylibreria.com" and "embintelligence.com", as well as a number of other front sites. It also outlines how they set up "mules" in the U.S. to act as bank account fronts for the "merchant" transactions, shift the money to a second account to prevent reversal of disputed charges, then wire the money overseas.
Recommendation for victims:
"Again, it is vital that the victims report the charges as fraudulent, then cancel and replace their cards. You play in to the crime syndicates hands by allowing them to issue a credit for the charge. That is what they want to do once they know you have caught it, and will dispute the charge. Victims should also file a complaint online with the Internet Crime Complaint Center (IC3).
By issuing credits or reversals to the percentage of victims that discover and pursue the fraudulent charge, that will help maintain a chargeback ratio below the merchant processor's flag threshold. They have managed to sustain some individual accounts for well over a year by doing this.
In addition, they get to deflect attention away from their operation, by making it appear, however unbelievable, that a team of criminals are trying to scam the websites using hijacked card data to buy useless ebooks, webtemplates, or cellphone games. When in fact the syndicate is just harvesting cash by ploughing card data in batch entries through their scores of fake sites."
"Again, the goal is to run high volumes of cards against small amounts multiplied, times numerous simultaneous sites. If the victim catches it give them a fake email address that used it. Quickly give them a credit to prevent a $25 charge back fee, and to prevent triggering a high charge back alert with the merchant account. Tell the victim someone must have used the card on the site. Suggest it even may have been stolen to divert attention away from the operation. keep the cyber mule out of the loop, maximize the return and longevity for each operating domain.
Viewed at the lowest common denominator it is a handful of victims complaining about a trivial charge on their card from one little website. That is not going to trigger any bank investigation, is it spread among many. It also is way below the threshold to trigger any Federal snooping around. Even if a site goes down the rest of the hub are preserved, they do not appear related. If a division goes down, the other divisions still function. Everything hums unless someone grasps the big picture and identifies it as a multi million dollar operation. Add the costs of replacing the cards and we have an annual loss barking at $70 million. But who knows how big it really is.
Most certainly this structure was built around the fact that the syndicate has direct access to this card account data, and volumes of it. The operation is vertical, they are not buying data from carding forums.
While the location and method of the card access is a priority to discover, notable mention of the clear weakness in the merchant account vetting process must not be ignored. There are numerous symptoms indicating that these sites are not legit even before the charge back ratio grows to trigger levels. No traffic, no outbound mail, robots disallow. Card data detail entry reports that would show that the data is batched, and is not coming randomly from assorted IPs as a typical site would have. It is not that it cannot happen every now and then, but for a multi year criminal syndicate to operate well over 100+ domains with impunity, over and over, and not trigger any alert. Would it be so rewarding to criminals if Authorize.net and others did not front the money right away and instead held two months in reserve for new sites, that would enable the charges to cycle. Clearly some changes need to be made, much of this fraud has become acceptable and is tolerated as past of the given percentage that is wrote off annually."
" just ran some new searches after completing the above, and found a news article that I had previously missed. This July 07 notice from the Michigan Attorney General may be a partial reason for the ver 4.5 template sites phasing out and the full blast of ebook sightings. A cyber mule was arrested and charged:
quote:
--------------------------------------------------------------------------------
Office of the Attorney General:
Cox Charges Woman with ID Theft
Agency: Attorney General
July 19, 2007
LANSING -- Attorney General Mike Cox today announced that he has charged Krystal Owens of Detroit with three-counts of identity theft and one-count of conspiring to commit identity theft.
"Identity theft is a devastating crime to its victims," said Cox. "My office will continue to be vigilant in defending Michigan's citizens from having their identities stolen."
Since January 2007, the Michigan Attorney General's Office has received more than 130 complaints from consumers across the country indicating that K.A.T.O. Technology, LLC, also known as K.A.M.K. Technology, LLC, had charged $12.95 against their credit card without their permission. The Attorney General's investigation found that in the summer of 2006, the defendant Krystal Owens conspired with Tomas Lasinkas of POV Web Design Solutions to set up bogus corporations, banking accounts, and other arrangements thereby enabling Lasinkas to make unauthorized charges against consumers credit card accounts using the bogus company names K.A.T.O. Technology, LCC and K.A.M.K. Technology, LLC. From September 2006 to March 2006, Lasinkas made 75 to 100 unauthorized charges, at $12.95 each, on a daily basis, and Owens wired the illegal proceeds to Lasinkas' bank accounts in Bulgaria on a regular basis. Lasinkas and Owens accumulated approximately $200,000 by way of this fraudulent activity during a six month period.
A criminal charge is merely an accusation, and the defendant is presumed innocent until and unless proven guilty. The penalty for identity theft is up to 5 years in prison and/or a fine up to $10,000.
..."
It would appear this operation is still running.
http://www.faughnan.com/ccfraud.html
This appears to be an international criminal enterprise, using front people to handle multiple bank accounts and create the appearance of many different websites and companies to funnel fraudulent charges thru. Dispute fraudulent credit card charges thru your bank, in writing.
File complaints with FBI.
http://www.dslreports.com/forum/r19620593-Ebo ... DigitalAgePluto
Sort of like the NBC Dateline reports on id theft and U.S. based "mules" duped into forwarding merchandise overseas purchased with stolen credit card numbers, but just laundering the fraudulent credit card transactions without the complication of any real merchandise or purchase.
http://redtape.msnbc.com/2007/11/chris-jupin-nev.html
This also appears to be tied to "DEVBILL" and other "website design" CC fraud.
http://www.dslreports.com/forum/r19620593-Ebo ... DigitalAgePluto
http://www.sygyzy.com/2007/02/07/e-books-are-the-new-419/
http://www.cjupin.com/2007/09/13/credit-card-scam-digismarketcom/
Consumers on this thread started reporting the names of companies they used their accounts with prior to the appearance of the fraudulent charges. Highest on the list are: Equifax, Amazon, eBay, Half.com, Paypal, all heavily used Internet merchants who store account information for repeated consumer business.
http://www.cjupin.com/2007/09/13/credit-card-scam-digismarketcom/
The clear leading company reported as a possible source for account information used by the scammers is Equifax, despite their denials.
Despite reports of transactions with the other high frequency companies as well, notably missing are reports of transactions with either of the other 2 credit reporting agencies that also sell credit reports and monitoring services.
We don't know the levels of business that would determine the relative probabilities of expected reporting among Equifax, Amazon, eBay, Half.com, and Paypal, however we would expect that there would be at least comparable levels of business across the 3 credit reporting agencies: Equifax, Experian, and TransUnion.
If Equifax's presence on this list was only due to common patterns in types of on-line charges made by people who buy on-line ("baseline" probability of using credit reporting or monitoring services, consistent with the null hypothesis that Equifax is NOT the source of the leak), then there should have been reports of charges made to the other 2 credit reporting agencies, Experian and Transunion.
They are notably MISSING!
Either Experian and Transunion are abysmal failures at marketing their consumer credit report and monitoring services compared to Equifax,
OR
Equifax and its credit monitoring subsidiaries MUST BE the source of the data leak.
Lists of data breaches:
http://www.privacyrights.org/ar/ChronDataBreaches.htm#10
http://www.idtheftcenter.org/artman2/publish/ ... each_List.shtml
http://www.pogowasright.org/
Equifax employee using the stolen identity of a "Tonia Leach", hired by Equifax, then used information obtained thru her job at Equifax for further id theft. "Beginning in 2006", employed for "less than a year", but they hadn't caught up with her in May 2007.
They apparently have reason to believe she is using information obtained from Equifax for further id theft, beyond the id theft she used to get employed in the first place. Yet this appears to be presented as an individual "id theft", not as an Equifax "data breach"???
http://www.pogowasright.org/article.php?story=20070516164622632&query=Equifax
"Former Equifax Employee Accused Of Identity Theft
Wednesday, May 16 2007 @ 05:46 PM EDT
Contributed by: PrivacyNews
GWINNETT COUNTY, Ga. -- Authorities are looking for a woman who may have had access to the personal information of millions of people.
Tonia Leach said her identity was stolen by a woman who worked at a major U.S. credit reporting agency and investigators believe the identity thief is in the Gwinnett County area.
... Investigators want to find the woman because they are not sure how much personal information she had access to at Equifax. "She probably had access to other information and she’s apparently using it," said Mayes.
Equifax released a statement that said, "We can confirm that an individual posing as Ms. Leach was employed with Equifax for less than a year, beginning in early 2006. There were no indications with the identification information that she provided or through the work history or the credit report that this was a stolen identification."
http://www.cjupin.com/2007/09/13/credit-card-scam-digismarketcom/
"#237 Steve D. on 01.12.08 at 1:09 pm Below is the BS charge found on my amex. This is the second time I have recieved a charge of this nature. Like the first time i called amex and disputed it. i was nieve and did not research the first charge. I just made like an honest consumer and said “I don’t think I made this charge but if is did then I will be happy to pay it.” I called a week or so later and amex said they would just refund my the $6.95. I said great but are you not going to follow up? They said it was not worth it.
So here I am again with a second charge from a different company. Before I even called them I found this great board with others like me. So this called started off with “I am a victime of fraud. Take it off a look into it.”
...
Transaction Date: 01/06/2008
Transaction Description: VALLJRSX VALL-JRSX WEST SACRAMENTO CA
S1E34A6C4 DIRECT MKTG INTERNET
Charge: $9.59
Merchant Address: VALLJRSX
900 SIMON TERRACE
UNIT # 88
WEST SACRAMENTO CA 95605
USA
Merchant Type: INTERNET DOWNLOADS
Doing Business As: VALLJRSX"
...
"#241 VALL-JRSX on 01.12.08 at 11:41 pm HEY EVERYONE! The dude from VALL-JRSX got busted! I looked up his name from the ‘Ficticous name search’ in cali.. its VALENTIN SHIKHANTSOV.
http://yolo.courts.ca.gov/Calendars/DailyCale ... =37&Submit.y=11
January 9 2008 DPT9
Date Time Dept Name Case # Hearing Type Defense Atty Comments
1/9 830 DPT9 SHIKHANTSOV, VALENTIN CRM76592 CORR LTR - ARR DATE
1/9 830 DPT9 SHIKHANTSOV, VALENTIN CRM73265 AVP
#242 Kevin on 01.13.08 at 3:36 am oh yes, you are right- here’s the FBN entry for VALL-JRSX in Sacramento County-
http://www.efbn.saccounty.net/eFBNBusinessNameDetail.asp?FilingNum=200703682
"
Earlier arraignment in 2006, found via Google cached page:
http://209.85.173.104/search?q=cache:-tefQ6C- ... clnk&cd=7&gl=us
"Official Calendar
Superior Court of the State of California
County of Yolo
Department 8
September 20, 2006
...
60920 830 DPT8 SHIKHANTSOV, VALENTIN CRM64785 ARRAIGNMENT
..."
http://www.cassne.org/wanted.asp
Reply from Equifax:
http://cybercjh.com/blog/?p=21
"Equifax security has received your concern and we are currently investigating this matter. As you are aware, the charges are related to an overall online fraud scam related to the purchase of eBooks. Several blogs discuss the matter. Although many consumers have indicated a link to Equifax, we have not identified a common source for any of the complaints. Of the small number of consumers that have actually contacted Equifax, no unauthorized access of their accounts has been found. Equifax is continuing to investigate, however, and will do so until resolution. I will contact you personally, when this matter is resolved. Please do not hesitate to contact me with any concerns or questions.
Thanks,
Nicole Smith
EQUIFAX
Senior Director
Global Threat & Intelligence
..."
http://www.boingboing.net/cardfraud.html
Does a scam outfit with lots of diversified access to the payment system need stolen credit cards, if it can just generate a bunch of numbers and expiration dates, and throw it at the wall to see what sticks?
Although normal merchants check address and zip code to help check if a customer is legitimate, why bother when you aren't shipping a real product anyway?
Fraud pattern would then appear to match general merchant charge pattern. Lots of Amazon, eBay, etc, with no actual connection to what particular recent charge a consumer had made.
The first level of defense is the consumer and bank dispute processes. Use of multiple mules, and small charges, are already aimed at defeating this level. Spreading charges across many front merchants, with small charges below bank investigation thresholds, and a continued stream of new mules, already has shown it can keep the operation going a long time.
But the sources of the numbers are hard to track, too. What if they are just randomly generated, using diversity again to hide that that is all they are doing. How would you maximize avoidance of the CC system catching on and closing down your strategy?
If they are truly random, checked only to make sure they pass the checksum, then that pattern would start to show up in the pattern of fraudulent passed and rejected charges.
If they were from stolen numbers, the pattern would start to show up as fraudulent charged accounts having matching earlier charges from whatever source the theft has occurred from, something the CC system appears to be tuned into detecting.
MGD seems to have ruled out patterns tied to recent visible charges, although he is looking at patterns tied to payment processors.
What if there is no "source" to the numbers? How would you maximize the survival of the scam without revealing that the numbers are just generated, redirecting the focus of your opponent from trying to find a non-existent source to instead responding to a systemic security hole that requires system wide cracking down on fraudulent merchant accounts and tightening the vetting process?
Although that action would ultimately shut down the fraud regardless of the source of numbers, diversified submission of generated numbers might tilt the payment system's decision in that direction, a course of action not beneficial to the continued survival of the scheme. Is the scheme engaged in a counter-countermeasure, similar to the original front diversification, intended to evade that countermeasure?
Successful response to the defense countermeasures has already adapted the scammer's system toward diversity. Why is the defense apparently "blind" to the overall scope of the attack, even when parts of it appear to respond to components of the threat (i.e.: Michigan prosecution, Equifax internal investigation), without causing a more global response?
Deception 101 - Primer on Deception
http://www.fas.org/irp/eprint/deception.pdf