Category Archives: scams

MONK / Monarchy Resources — pump and dump spam

Posted on by
2

Stay away from shares advertised in spam. Whoever is paying the spammer is trying to unload shares onto unsuspecting buyers, who stand to lose most or all of their money if they buy.

Sales Triple

Huge EXTREMELY important update! Get Ready for another New
Trade Idea Tomorrow.

Name: Monarchy Resources
Tick: MO_NK
Trade Date: Aug, 23
Long Term Target: .55
Last Trade: $.2

This Stock is our new baby!!! This Stock could have huge
potential!

BUY Alert

This Company is Getting Wild! Ready for the next level up!

Trade: M O NK
Priced at: $0.20
Company Name: MONARCHY RESOURCES
Trading Date: Aug, 23
Long Term Target: 0.60

This news is going to send it off the charts! It Is Still The Best
Play!

This Company could be the next 10x winner!

Potential Breakout Alert For Tomorrow! Upside Enormous!

Trading Date: Aug 22nd
Sym: MO N K
Short Term Target: .60
Name: Monarchy Resources
Per share price: 0.19

On Immediate Breakout Alert! NEW PICK TOMORROW!

There are dozens more of these spam messages. Buyer beware!

Pump and Dump spam: Building Turbines Inc, Imogo Technologies Inc

Posted on by
Reply

Here are recent examples of “pump and dump” stock spams.

Avoid stocks advertised via spam at all costs. Whoever is behind the spam campaign is trying to offload stocks they already own onto unsuspecting buyers. Once the spam campaign stops, prices of and demand for these stocks will collapse and whoever bought them will have to pretty much write off any money they spent on these stocks.

Imogo Technologies, Inc. (IMTC):

Imogo Technologies, Inc. (IM_TC) .14 Cent market value could make you a
millionaire. This hidden cloud computing business Might Be The Largest
Worry To Microsoft’s Windows Platform. The profits you can make is most
certainly astonishing!!! Act on this unique ticker in advance of when Wall
Street Pushes the ticker price significantly higher!

Building Turbines Inc.(BLDW):

US Company Signs Deal to Make Roof Wind Turbines for 90K Sq-Ft
Depot. BUILDING TURBINES INC (PINKSHEETS: B L_D_W) Focuses on
the Design and Manufacture of Patented Roof Top Wind Turbines.

Long Term Target: 0.95
Per share price: $.038
Trade Date: Mon, August 5th, 2013
Tick: B L_D_W
Company: Building Turbines Corp.

Environment Friendly Energy Business Set To Lift Off Next Week.

American Corporation Agrees Agreement to Construct Rooftop Wind Turbines for
90,000 Square Foot Stockroom. Building Turbines, Corp (PINKS: B_LDW) Works on
the Study and Manufacture of Patented Rooftop Wind Turbines.

Trading Date: Aug, 5th
5-Day Target: .60
Company Name: Building Turbines Corp.
Closed yesterday: 0.038
Sym: B_LDW

Renewable Power Business Equipped To Rise When Market Opens!!!

Texas Corporation Cuts Agreement to Construct Rooftop Wind
Turbines for 90 Thousand Sq-Ft Warehouse. BUILDING TURBINES CORP
(PINKS: B L D W) Focuses on the Design and Manufacture of
Copyrighted Rooftop Wind Turbines.

Target Price: 0.20
It is now: .038
Trade Date: Aug 5th
Ticker: B L D W
Company Name: BUILDING TURBINES INC.

Environment Friendly Power Company Equipped To Jump When Market
Opens!!!

2013-08-20 – Monarchy resources (MONK) Pump & Dump spam:

Important Info: The MON K is on the fire. MON K is on a 1st day of
promo and its showing a largest volume on today! Brokers named it a
choice of the summer. And you need to learn why… MONARCHY RESOURCES
is a latest star in financing in mining. The strategy is big. This may
honestly be a $1.15 stock super quick. The promo will follow for three
months and the stock price will explode monthly. Begin profiting
dollars with MON K. Get your $29’000 shares on Aug 20th below 0.43!

and

Earn fast $25’000 immediately! Hello, ready to earn $25’000 by next Friday?
You can make even more if you buy this premium stock on Monday. The stock
symbol is: M_O_N K. Its Monarchy Resources. It sells below 37 cents,
but it could settle $1’80 promptly! Purchase shares of M_O_N K on Aug, 19th
under 37 cents and double your investment! It would be dope to profit
$25’000 by Friday. And its very easy to get. On August 19th order 4’000
shares of M_O_N K and pocket over $25’000 by Friday.

Search engine registration spam

Posted on by
1

Some spammers try to scare domain registrants with bogus “notifications” such as the following:

Expiration Notice

Order #: 111769336
Order Date: Jun 29, 2013
Bill To: [My Name]
[My details from the WHOIS record of my domain]

PROCESS PAYMENT NOW

Domain Name
[MY.DOMAIN.NAME]

Registration
Jun 29, 2013 – Jun 29, 2014

Price
$75.00

Term
1 Year

Domain: [MY.DOMAIN.NAME]

To: [My Name]

Don’t miss out on this offer which includes search engine submission for [MY.DOMAIN.NAME] for 12 months. There is no obligation to pay for this order unless you complete your payment by Jul 14, 2013. Our services provide submission and search engine ranking for domain owners. This offer for submission services is not required to renew your domain registration.

Failure to complete your search engine registration by Jul 14, 2013 may result in the cancellation of this order (making it difficult for your customers to locate you using search engines on the web).

Process Payment For
[MY.DOMAIN.NAME]
UNSUBSCRIBE INSTRUCTIONS

You have received this message because you elected to receive special notifications and offers. If you no longer wish to receive our special notices, please unsubscribe here, or mail us a written request to the attention of: Customer Contact Manager, PO Box 4668 New York, NY 10163. Please allow up to four weeks for the complete unsubscribe process to take place. NOTE: If you have multiple accounts with us, you must opt out for each one individually in order to fully stop receiving these notifications. This message is CAN-SPAM compliant.

Please do not reply to this email, as we are not able to respond to messages sent to this address.

Needless to say I never asked for this message and harvesting registrant details from WHOIS records for spamming purposes is a violation of ICANN terms.

It is easy to confuse this spam email with a domain registration expiry notice from a registrar, which it isn’t. You can safely delete this and similar messages. Do not hand your credit card details to spammers!

Here are some of the domains used by the spammers who run this scam:

ordertracking136456.com
ordertracking476475.com
ordertracking686342.com
securetrans12113.com
securetrans78922.com
securetrans92175.com
trksecure247546.com
trksecure972456.com
auibcu.com

The domains are hosted on IP address 220.164.140.243 in China.

The “search engine registration” they’re selling is pointless and no such registration is needed. Google isn’t going to forget about my domain just because I’m not going to send these crooks $75 essentially just for spamming me. If either your domain already shows up in Google and other search results or Googlebot or other crawlers are crawling it or there are existing links to it from other websites then you’re already in business.

A “search engine registration” will not protect your domain from accidental expiry, which is what registrants should be concerned about. If your domain is important, please check its expiry date with the registrar via a WHOIS lookup. If your registrar (like mine) offers an auto-renewal service for domain registrations, enable auto-renewal and check that the credit card expiry date is sufficiently far into the future. Otherwise mark a date a few weeks before the expiry date in your calendar so you won’t forget.

RegClean Pro scareware scam

Posted on by
Reply

While looking for some information on how to get from Vienna airport to the city centre, the second link that came up looked like it might provide information on train connections, using domain schnellbahn-wien.at. However, when I clicked on it, the page that opened flashed a warning that my PC was about to crash. I immediately suspected a scam. The only link from there took me to a site (systweak.com) trying to sell me a scareware product called “RegClean Pro”. At no point did it show me the promised train information.

If I viewed the Google hit using the “Translate” function of Google, the promised travel information did come up, suggesting the server was feeding different contents to Google than it does to ordinary site visitors, which violates Google’s terms and conditions. I reported it as Google spam.

Beware of any malware warnings or registry problem warnings that pop up on random websites – these are all likely to be scams.

Beware of product quote phishing scams!

Posted on by
Reply

A new type of scam is become more common, in which criminals use requests for a quote to trick businesses into handing over passwords. They do this by providing a link to a site that supposedly holds details of the products they want a quote for, which requires a login using an e-mail address. Here is an example:

Date: Sat, 30 Mar 2013 15:04:07 +0100
Subject: Please send us your data sheets and your price list regarding this product.
From: “Agung .” <agung.suryagungfuniture@gmail.com>

Dear sir/madam,

We are interested in the purchase of your products and services. we want to make order from your company and we are urgently in need of these products. You are advised to log in into our site to view the photos and specifications of the exact products we need ASAP and kindly tell us the cost of the products and the FOB to Durban, Sea Port.

Copy and paste the link to your http://anhuifuhuangimportexport.yolasite.com

NOTE: You can only view this product page if you carefully log in with your exact email and password you are using to communicate with us, as our need products specifications and designs is exclusively for our Company and has been protected for our exclusive right to protect our business.

We earnestly await your swift response to enable us to make deposit payment so that you can start the production immediately.

Kind regards,
Director of Operation

You should never enter the password to your e-mail account (or other passwords such as for Facebook, Google, Amazon, eBay and PayPal accounts) on a site other than the proper website of the service. Furthermore, you should only enter the password on pages protected by SSL (padlock icon visible in the browser, URL starts with http://). Scam sites typically are not SSL-protected.

OTC Pump and Dump scams: PacWest Equities (PWEI)

Posted on by
8

Another stock is being spammed by pump & dump scammers. Never buy stocks advertised by spammers!

Example:

This Chart is an Absolute Bull! You`re Going to Get it First!!! This
Stock Closes Green for Third Straight Day!

Trading Date: March 29th
Company Name: PacWest Equities Inc.
Tick: P W_E I
It is now: .2326
Short Term Target: .65

This Company is our Low Float, Big Bounce Opportunity for Today. This
Stock is on High Alert for Today!

Example:

It Surges Ahead on Elevated Volume! This stock could be a possible Buyout
Candidate!

Trading Date: Fri, March 29th
Company: PacWest Equities Corp
Stock: PWE_I
Last Trade: $0.2326
Target: $0.75

This company is on the brink of a Big Breakout. More gains coming this week!

Example:

It is in the green and should keep moving up tomorrow! Special
Report (Read Inside)!!!

Trade Date: Mar 29th
Company Name: PacWest Equities Inc
Symbol to buy: PW_E I
Last Trade: $0.2326
Short Term Target: .50

High Alert Today! Stock Profile!!!

UPDATE: New OTC scam using shares of “Liberty Coal (LBTG)” on April 15, 2013:

Great news for L B T_G – Liberty Coal – that will deliver huge
returns!!!

Takeover offers are back on the table that will boost L B T_G
prices up to the $.20 – $.30 range. Right now L B T_G is
selling for a very low price, so the money to be made is
amazing! Even Management want to acquire L B T_G because of
their enormous coal find that can bear shale oil. Don’t
hesitate if you want to earn big on this take over before it
gets out to the rest of the public! Buy all the L B T_G you
can afford on Mon, Apr 15.

Another one:

Breaking intelligence for L_BTG – LIBERTY COAL ENERGY INC – that
will turn a quick profit.

Buyout plans are going ahead fast that will drive L_BTG shares up
to the $.20 – $.30 range. Right now L_BTG is selling for pennies,
so the money to be made is huge! Competitors want to buy out L_BTG
because of their seemingly unlimited coal reserves that can draw
out shale oil. Take action now to earn big on this buyout prior to
other investors. Buy all the L_BTG you can possibly get on Tuesday,
April 16, 2013!

Another one:

Why PetroChina should acknowledge in S CX N? ExxonMobil captures
$14 Bill after Arkansas Oil Spill. GP will implement S CX N
solution. Lawmakers to lift the current restrictions vs huge
Oil. As buyers we could benefit from Big Oil, while decrease
tomorrows hazard. Assist large Oil remained responsible by
owning S CX N on Monday Apr 29.

Another one:

Attention headlines for G T R L!!! Films will be treated akin
capital investment by Bureau. BEA is substituting counting federal
revenues. A film can be purchased time after time be could analyzed
as a financial vehicle it shall be valuated after so the stock
price shall grow. Show firm G T R L could be bought more then a 3
USD.

Name: Get Real USA
Stock Symbol: G T R L

This analyzing bill is not void yet, add now buy 7000 stocks of G T
R L on April, 29!!!

Another one:

Acquire a abrupt 50% with B Y S_D!!! Reasonable at barely 0.01!!! Only a
fraction of a cent! Bayside Petroleum Corp. (B Y S_D) guaranteed to burst.
Set your order right now!!!

OTC Pump & Dump scams: County Line Energy Inc (CYLC)

Posted on by
5

County Line Energy Inc (CYLC) is the next OTC stock being pushed by “pump & dump” stock scammers. Beware! Spammers advertise stock because they want to sell theirs, not because it’s a good idea to buy it (it is not).

Here is a spam sample:

This is our newest award winning pick, be sure to act fast! Exciting
New Trade with Increasing Sales.

Trade Date: Mon, March 18th
Name: COUNTY LINE ENERGY INC.
Stock Symbol: C_Y L C
Last Trade: $0.019
Target: $.15

It is our Day-Trade Bounce back Play. This Company is unique!!!

Other stocks spammed by the same scammers recently: Pengram Gold Corp. (PNGM), GOLD & GEM STONE MINING, INC (GGSM) and Microelectronics Technology (MELY).

See also:

OTC Pump & Dump scams: Pengram (PNGM)

Posted on by
2

Pump and dump scams are investment scams in which a scammer acquires stock (usually of little known OTC stocks), then drums up demand (often via spam emails) and offloads their stocks at inflated prices.

Steer clear of any stock promoted via spam: Their prices will collapse no later than when the spamming stops and people realize there are no other buyers. Such stocks can become near impossible to sell. In any case, a buyer will have lost most of their investment.

One such stock currently being promoted is Pengram Gold Corp. (PNGM). The spamming started around March 9, 2013 and trading volumes went up in the next couple of days.

Here is a spam sample:

Pre Announcement! Major Momentum is Brewing for This Beast.

Trade Date: Thu, Mar 14th, 2013
Company: Pengram Gold Corporation
Trade: P NG_M
Closed Price: .027
Long Term Target: $0.20

It Releases Breaking News! Our New Pick Under A Penny!!!

Right up to that day and from one week before, they had been spamming stocks of GOLD & GEM STONE MINING, INC (GGSM):

Morning Dip spells Big Opportunity. It Should Continue Upward
Trend!

Date: March, 4
Company Name: Gold and GemStone Mining, Inc
Tick: GG SM
Latest Pricing: .017
Short Term Target Price: 0.35

You Need To Read This Story. This week is going to be even
better than the last.

From Feb 17-21 it was stock of Microelectronics Technology (MELY):

This Stock Continues to Climb!!! We are on fire..

Trading Date: Tue, February 19th
Company: Microelectronics Technology
Ticker: M_ELY
Closed at: $0.0163
9-Day Target: 0.10

It continues soaring! Are you missing out? Building a strong
support for a push higher!

It only takes the scammers a couple of days to unload their existing stock, then they start promoting the next one.

Occasionally the US Security and Exchange Commission (SEC) will suspend stocks involved in such trading patterns, as it did in 2011, to protect potential buyers from being scammed.

Garcinia Cambogia weight loss spam from hacked Yahoo accounts

Posted on by
4

I’m seeing another round of weight loss spam that abuses third party Yahoo accounts for sending. It is similar to the earlier “Raspberry Ultra Drops” weight loss spam that also used compromised Yahoo accounts.

Here is one of the advertised domains, which is hosted on many different servers:

biggsetfatburningsecret.com. 1439 IN A 91.207.7.134
biggsetfatburningsecret.com. 1439 IN A 94.75.193.33
biggsetfatburningsecret.com. 1439 IN A 94.75.193.38
biggsetfatburningsecret.com. 1439 IN A 142.0.79.134
biggsetfatburningsecret.com. 1439 IN A 142.0.79.140
biggsetfatburningsecret.com. 1439 IN A 176.53.119.24
biggsetfatburningsecret.com. 1439 IN A 176.53.119.27
biggsetfatburningsecret.com. 1439 IN A 176.53.119.68
biggsetfatburningsecret.com. 1439 IN A 176.53.119.69
biggsetfatburningsecret.com. 1439 IN A 198.144.156.42
biggsetfatburningsecret.com. 1439 IN A 199.116.117.166
biggsetfatburningsecret.com. 1439 IN A 199.127.98.117

The domain is registered through Ukrainian registrar ukrnames.com using forged WHOIS contact details.

The buy link on that site redirects to authenticgreencoffee.com, a domain registered last July, with the owner hidden behind a WHOIS proxy.

Other domains hosted on the same servers, some of which are part of the “Work from home mom” scam series:

bestfoodsforburningfat1.com
biggsetfatburningsecret.com
biggsetweightlosssecret.com
bigjim-foods.com
blogprogramflatstomach.com
blogquickprogramdiet.com
burnfatinfewdays.com
dietsforburningfat.com
eatingplansforweightloss.com
getflatstomachtoday.com
getweightlossandburnfat.com
icbs-news.com
icm-news.com
ircnn-news.com
losingweightrapidly.com
mnc-news.com
myscecretweightlosssolution.com
neverseeweightlossagain.com
plantipsflatstomach.com
plantodayflatstomach.com
rapidweightloss-blog.com
realmenshealthblog.com
revolutionarydiet2013.com
revolutionarydietformula.com
revolutionarydietloss2013.com
revolutionarydietsolution2013.com
revolutionarydietsolutions.com
revolutionarydietweightloss.com
revolutionarydietweightloss2013.com
revolutionarydietweightlosssolution.com
revolutionarydietweightlosssolution2013.com
revolutionaryfatburning.com
revolutionaryfatburningformula.com
revolutionaryfatburningmethod.com
revolutionaryflatstomachsystem.com
revolutionarynaturaldiet.com
revolutionarynaturalweightlosssystem.com
revolutionaryweightloss1.com
revolutionaryweightloss2013.com
revolutionaryweightlossdietplan.com
revolutionaryweightlossdietsolution.com
revolutionaryweightlossdietsolutions.com
revolutionaryweightlossplan.com
revolutionaryweightlosssolution.com
secretultrafastdiet.com
solutionflatstomachsecretsnow.com
solutionflatstomachtoday.com
solutionwithweightonline.com
thebigjim.com
tipsflatstomachquick.com
tipsflatstomachsystem.com
tipsprogramflatstomach.com
todayblogflatstomach.com
todayflatstomachblog.com
todayflatstomachquick.com
todayquickflatstomach.com
ultrafastsecretsdiet.com
weightlossgreatnews.com
weightlossthatworkisnotmagicpill.com

The “work at home mom” scam series also used hacked Yahoo accounts for advertising websites that are made to look like network TV news sites, so these scams are probably related.

The spam senders are often abusing mail interfaces meant for mobile phones. The Yahoo message IDs of the spams contain some of these strings:

.androidMobile@web
.BPMail_high_noncarrier@web
.BPMail_high_carrier@web
.BPMail_low_noncarrier@web
.BPMail_low_carrier@web

Probably “.androidMobile” is for use by the Yahoo Mail for Android app, though the spam is not necessarily sent from Android phones. More likely it is just using the servers provided for Android, but accessing from a PC.

The “BPMail” IDs are an interesting one. I suspect the “_noncarrier” variants involve IP addresses not connected to one of the phone carriers that bundle Yahoo mail with their service, while the “_carrier” variants mean the IP address is part of the provider’s address pool, though it could be used by a PC accessing via a wireless broadband modem.

“High” and “low” could be an internally assigned spam rating, though that is mere speculation. However, “.BPMail_high_noncarrier” is the most common Google hit of these 4 that comes up when searching for information about this type of spam. When investigating a pool of spam samples, this was the order of declining frequency: “.BPMail_high_noncarrier” was by far the most frequent, followed by “.BPMail_high_carrier” and finally relatively small numbers of “.BPMail_low_noncarrier” and “.BPMail_low_carrier”.

The spam recipients (common numbers: 1, 3, 9 or 10) tend to include the last addresses the legitimate owner of the Yahoo account has emailed. So perhaps the spammers are harvesting email addresses from the “Sent” folder of the Yahoo account after gaining access to it.

I find it amazing that Yahoo has yet to find a away to close the vulnerability that allows this spam and fraud to continue, despite the months and years since it was first observed.

The “$5 wrinkle trick” (TruVisage, PurEssance) trial trap

Posted on by
25

On a lot of websites I visit I see ads like “Mom discovers $5 wrinkle trick — see her trick”. These ads lead to sites such as ch8health.com which advertise “free trials” of cosmetic products called TruVisage and PurEssance using deceptive advertising:

  • The trial is not free but costs $5.35, supposedly for shipping and handling.
  • Unless the trial is cancelled within 20 days, a further $74.95 is charged for the first bottle, which you may or may not have received by then.
  • After 30 days you will be billed another $80.30 ($74.95 + $5.35 shipping and handling). The same amount will be charged every 30 days after until canceled.
  • The website uses logos of newspapers and other media as if they had reviewed the product, which they haven’t. For example, when viewed from Japan it shows the logos of Japan Times, Yomiui Shimbun and Asahi Shimbun
  • The date at which the free trial is supposed to expire is always one day away – it is dynamically calculated based on your local time.
  • The date of all “user comments” are always one day old – they are also dynamically calculated based on your local time.

The deception used in these ads is very similar to the tricks used in the “Work at home mom” scam and the target population may be similar too.

UPDATE:

There is another variant of these ads. The ad text is something like “Woman is 53 but looks like 27” or “Mom Cut 20 Years in a Week Using This 1 Weird Trick” and takes you to a site called “consumers-lifestyles.net” where they advertise products called “BellaGenix” and “PuraSilk”. Shipping and handling is $4.95 but the first package is $99.95 and the subscription will cost you $89.95 every 30 days until cancelled. Beware!