Spam 419/Nigeria Online fraud jwSpamSpy Contact
Email Spam Filter: |
|
|
Job offer spam: ppharm.com
- Job offer spam: Forwarding payments (Fraud)
- AICD.org job offer fraud
- Lionder.org job offer fraud
- Alpenantique.com job offer fraud
- "Plasma Project Inc" job offer fraud
- "Pro Screen AG" job offer fraud
- Forwarding Paypal payments via Western Union (Fraud)
- Fraudulent Job offer: "ICG Commerce" (ICG)
- Fraudulent Job offer: "Ameritrade Finance"
P-Pharm.com is a fake pharmaceutical company whose only purpose is to recruit job seekers to trick them into assisting in criminal fraud. It part of the same series of fraudulent job offers as alpenantique.com. The website is ripped off from a real pharmaceutical company in Israel.
With these fraudulent job offers, the "employee" may receive an illegal fund transfer from an account that was the target of a "phishing" attack. Or he may collect a payment from an unsuspecting eBay-buyer who will never receive the goods, while the "employee" already sends the money to virtually untraceable criminals in another country. The key to cracking this type of crime, other than warning the public, is to monitor these crimes while they are in progress, before the money has disappeared.
Here's the initial spam to lure in job seekers:
From: JoeLet's take a look at the company's website. As is common for bogus job offers, the domain for the company website is very recently registered (three weeks old):
To: Felix
Sent: Monday, December 06, 2004 8:37 PM
Subject: Job For French Citizens
Dear Sir/Madam,
P-Pharm is a Belgian company selling medical and consumer goods. We have reached big sales volume of pharmaceuticals in the US and now are trying to penetrate the European market. Quite soon we will open representative offices and pharmacies or authorized sales centers in the France and therefore we are currently looking for people who will assist us in establishing a new distribution network there. The fact that despite the French market is new for us we already have regular clients also speaks for itself.
WHY YOU?
The international money transfer tax for legal entities (companies) in Belgium is 25%, whereas for the individual it is only 7%. That.s why we need you! We need agents to receive payment for our products (by electronic money transfer) and to resend the money to us. This way we will save money because of tax decreasing.
HOW MUCH WILL YOU EARN?
7%-9% from each sale/resale operation! For instance: you receive 1000 USD to your bank account. You will withdraw the money and keep $70 (7% from $1000) for yourself! At the beginning your commission will equal 7%, though later it will increase up to 9%!
ADVANTAGES
You do not have to go out as you will work as an independent contractor right from your home office. Your job is absolutely legal. You can earn up to $3000-4000 depending on time you will spend for this job. You do not need any capital to start. The employees who make efforts and work hard have a strong possibility to become managers. Anyway our employees never leave us.
If you are interested in our offer, please feel free to ask for the general provisions of the Contract.
Our e-mail address: jobs@ppharm.com
Best regards,
Brian Kentler
P-Pharm
At the time of the first spam the domain was only three weeks old and the postal address is bogus. Why is this a German address for a supposedly Belgian company? "0611" is the German telephone area code for Frankfurt/Main, but the city is missing in the address. The website is hosted in China:Request: ppharm.com connected to whois.yesnic.com [211.50.14.131:43] ... ----------------------------------------------- Queried Domain Information as follows ----------------------------------------------- Domain Name : ppharm.com ::Registrant:: Name : PP Pharm Inc. Email : reg@ppharm.com Address : Wandersmann str., A66 Zipcode : 65205 Nation : DE Tel : +0611-718300 Fax : +0611-718300 ::Administrative Contact:: Name : PP Pharm Inc. Email : adm@ppharm.com Address : Wandersmann str., A66 Zipcode : 65205 Nation : DE Tel : +0611-718300 Fax : +0611-718300 ::Technical Contact:: Name : PP Pharm Inc. Email : tech@ppharm.com Address : Wandersmann str., A66 Zipcode : 65205 Nation : DE Tel : +0611-718300 Fax : +0611-718300 ::Name Servers:: dns.ppharm.com 218.241.65.143 secondary.ppharm.com 218.241.65.143 ::Dates & Status:: Created Date 2004-11-12 17:15:31 EST Updated Date 2004-11-12 17:15:31 EST Valid Date 2005-11-12 17:15:31 EST Status ACTIVE
Asking "whois.apnic.net" about "218.241.65.143":
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 218.241.65.0 - 218.241.65.255
netname: WIC
country: CN
descr: beijing wangju network co
descr: network
descr: haidian District, Beijing
admin-c: bq11-AP
tech-c: bq11-AP
status: ASSIGNED NON-PORTABLE
mnt-by: MAINT-CNNIC-AP
changed: bobby.bai@citynetchina.net 20030408
changed: hm-changed@apnic.net 20040927
source: APNIC
person: Bai Qiang
nic-hdl: BQ11-AP
e-mail: bo_01@sina.com
address: No.16,chao wai street,chao yang District,Beijing
phone: 10-85251176
fax-no: 10-85252221
country: CN
changed: bo_01@sina.com 20030407
mnt-by: MAINT-CNNIC-AP
source: APNIC
In late January the job offer was sent out in a version customized for Austrialia. We received a report by someone from Australia on 2005-01-29.
Then about four weeks later the gang targeted banks in Poland:
From: "Christy" To: "Connie" Sent: Saturday, 26 February, 2005 1:01 Subject: Job For Polish Citizens Dear Sir/Madam, P-Pharm is a Belgian company selling medical and consumer goods. We have reached big sales volume of pharmaceuticals in the US and now are trying to penetrate the Polish market. Quite soon we will open representative offices and pharmacies or authorized sales centers in the Poland and therefore we are currently looking for people who will assist us in establishing a new distribution network there. The fact that despite the Polish market is new for us we already have regular clients also speaks for itself. WHY YOU? The international money transfer tax for legal entities (companies) in Belgium is 25%, whereas for the individual it is only 7%. That.s why we need you! We need agents to receive payment for our products (by electronic money transfer) and to resend the money to us. This way we will save money because of tax decreasing. HOW MUCH WILL YOU EARN? 7%-9% from each sale/resale operation! For instance: you receive 1000 USD to your bank account. You will withdraw the money and keep $70 (7% from $1000) for yourself! At the beginning your commission will equal 7%, though later it will increase up to 9%! ADVANTAGES You do not have to go out as you will work as an independent contractor right from your home office. Your job is absolutely legal. You can earn up to $3000-4000 depending on time you will spend for this job. You do not need any capital to start. The employees who make efforts and work hard have a strong possibility to become managers. Anyway our employees never leave us. If you are interested in our offer, please feel free to ask for the general provisions of the Contract. Our e-mail address: job@p-pharm.com Best regards, Brian Kentler P-Pharm
Around the middle of March the website finally disappeared.
As in most of the other fraudulent job offers, the bogus website is based on a real website, of which it is a rip-off. Compare these passages:
|
|
|
COMPANY PROFILE |
COMPANY PROFILE |
If you have been recruited by "D-Pharm", contact us!
a-pharm.net (created: 2004-12-10)
Request: a-pharm.net from whois.yesnic.com:43 ----------------------------------------------- Queried Domain Information as follows ----------------------------------------------- Domain Name : a-pharm.net ::Registrant:: Name : A Pharm Inc. Email : reg@a-pharm.net Address : 1560 Woodrow Center Zipcode : 78638 Nation : US Tel : 8306394335 Fax : ::Administrative Contact:: Name : A Pharm Inc. Email : adm@a-pharm.net Address : 1560 Woodrow Center Zipcode : 78638 Nation : US Tel : 8306394335 Fax : ::Technical Contact:: Name : A Pharm Inc. Email : tech@a-pharm.net Address : 1560 Woodrow Center Zipcode : 78638 Nation : US Tel : 8306394335 Fax : ::Name Servers:: ::Dates & Status:: Created Date 2004-12-10 08:19:54 EST Updated Date 2004-12-10 08:19:54 EST Valid Date 2005-12-10 08:19:54 EST Status ACTIVE
Anti-Spam Resources:
jwSpamSpy is our spam filter (free evaluation version available for download)
Anti-spam domain blacklist – list of domains that I refuse to receive mail from
Recent additions to domain blacklist (with whois details)
"419" scam sender/contact addresses ("Nigeria connection" address book)
DNS-based IP and domain name blacklists
IP address ranges
Dynamic IP addresses (700 KB!)
Name server / Registrar combinations
Free email providers
AOL dial-up address ranges and mail servers
How to trace senders of spam
Frequently asked questions (FAQ)
Lookup an IP address on blacklists (http://dnsbl.net.au/lookup/)
Clueless virus filters spam innocent third parties
Challenge and Response spam filters: A selfish idea for selfish times
ShareYourExperiences.com spammers
Smyrnagroup spammers (in German)
Kaplan College spam
Stock Price Manipulation Spam ("Pump & Dump")
What's the deal with "OEM software"?
'Phishing' for your wallet
Job spam for payment processors
Spam phone numbers ("diploma" spam, etc.)
"Joe job" information
Link exchange offer spam
Getting creative with spam
Link exchange spam: allcarpictures.com
Xenophobia, Spam and Viruses: The "German Spam" (Sober.H)
Sober.H – Racist German email spam spread by virus (in German)
"Joe job" against joewein.de
Porn spam: watchsound.com
Porn spam: hotsalza.com
Name servers used by spammers: joker.com
Rogue name servers: mediadreamland.com
Rogue name servers: airmaramba.biz
Rogue name servers: bonafidecash.com
Rogue name servers: maileasy.biz