Usually Gmail does a great job at keeping spam out of my Gmail inbox, but this morning I found an unsolicited email that looked like perhaps it was meant for someone else, supposedly for a loan application I had made:<\/p>\n
Hi,<\/p>\n
Welcome to Statforge Finance!!<\/p>\n
Thank you for applying loan with Statforge Finance.<\/p>\n
As per the telephonic conversation, please find attached the company brochure and list of required documents.<\/p>\n
Please find below the list of documents which you need to submit as a primary and secondary identification proof.<\/p>\n
1. Primary Identification Proof (Driver\u2019s License or Copy of the passport)
\n2. Address proof (Any utility bill under your name. Most recent is preferred)
\n3. Income Proof (Recent 3 Months of bank statement\/Pay stubs\/Tax Documents)<\/p>\nIn case of any further clarification please revert on this email or feel free to reach us back on our Toll Free number 1-855-892-0516.<\/p>\n
Please submit all the required documents on our email or fax us on 1-810-222-7376 in order to proceed further.<\/p>\n
We are happy to help you.<\/p>\n
Thanks & Regards,
\nCommunication Department,
\nStatforge Finance US LLC
\nContact No: 1-855-892-0516
\nFax No: 1-810-222-7376
\nEmail: info@statforgefinance.com
\nWebsite: https:\/\/www.statforgefinance.com\/<\/p><\/blockquote>\nI had never heard of this company, let alone contacted them for a loan (I don’t live in the US).<\/p>\n
Sometimes I receive mail meant for people with a similar address, so I wanted to check out if this was perhaps legitimate, but the more I looked the more I found that was odd about it.<\/p>\n
To start with, the email wasn’t addressed to anyone by name, nor was it signed by anyone by name. “Thank you for applying loan” is broken English. This matched up with a line in the email header that mentioned an IP address in India:<\/p>\n
x-originating-ip: [175.111.128.90]<\/p><\/blockquote>\n
I had a look at the website listed in the mail footer. The “About Us” page stated:<\/p>\n
Statforge Finance loans are best-received and utilized by our customers when they are able to easily understand the loan terms and determine whether the product is the correct fit for their needs.<\/p><\/blockquote>\n
Searching Google for that line, without the company name, also found the same wording on a couple of other websites, e.g.<\/p>\n
Ventura Financials loans are best-received and utilized by our customers when they are able to easily understand the loan terms and determine whether the product is the correct fit for their needs.<\/p><\/blockquote>\n
and<\/p>\n
LOANRAFT finance loans are best-received and utilized by our customers when they are able to easily understand the loan terms and determine whether the product is the correct fit for their needs.<\/p><\/blockquote>\n
Web contents ripped-off from other websites is never a good sign, but sometimes it’s not straightforward to tell whether a site is a legitimate original or a dodgy clone. So I looked at all three sites (there may be more).<\/p>\n
These were the contact details for “LOANRAFT”:<\/p>\n
Give us a call
\n855 955 9655
\nMail us
\ninfo@loanraftfinance.com
\nFAX
\n3023518834<\/p>\n855 955 9655
\nAddress: Delaware Avenue , Wilmington, DE 19801
\nEmail: info@loanraftfinance.com<\/p><\/blockquote>\nNotice the absence of a number on the street address. Like the other two companies it uses an 855 free dial phone number with a physical area code for the fax number. The domain is registered through GoDaddy, with the registrant hidden:<\/p>\n
Domain Name: loanraftfinance.com
\nRegistry Domain ID: 2283058202_DOMAIN_COM-VRSN
\nRegistrar WHOIS Server: whois.godaddy.com
\nRegistrar URL: http:\/\/www.godaddy.com
\nUpdated Date: 2019-07-09T16:51:23Z
\nCreation Date: 2018-07-06T22:55:47Z
\nRegistrar Registration Expiration Date: 2020-07-06T22:55:47Z
\nRegistrar: GoDaddy.com, LLC
\nRegistrar IANA ID: 146
\nRegistrar Abuse Contact Email: abuse@godaddy.com
\nRegistrar Abuse Contact Phone: +1.4806242505
\nDomain Status: clientTransferProhibited http:\/\/www.icann.org\/epp#clientTransferProhibited
\nDomain Status: clientUpdateProhibited http:\/\/www.icann.org\/epp#clientUpdateProhibited
\nDomain Status: clientRenewProhibited http:\/\/www.icann.org\/epp#clientRenewProhibited
\nDomain Status: clientDeleteProhibited http:\/\/www.icann.org\/epp#clientDeleteProhibited
\nRegistry Registrant ID: Not Available From Registry
\nRegistrant Name: Registration Private
\nRegistrant Organization: Domains By Proxy, LLC
\nRegistrant Street: DomainsByProxy.com<\/code><\/p><\/blockquote>\nContact details for Statforge Finance:<\/p>\n
info@statforgefinance.com
\nGreenfield Rd, Oak Park, MI 48237
\nStatforge Finance US LLC
\nContact No: 1-855-892-0516
\nFax No: 1-810-222-7376<\/p><\/blockquote>\nAgain no number on the street address, 855 free dial and a physical area code for the fax. However, the 810 area code does not include Oak Park, MI which instead uses 248 and 947.<\/p>\n
The domain is also registered via GoDaddy, only two months earlier and the registrant is also cloaked:<\/p>\n
Domain Name: statforgefinance.com
\nRegistry Domain ID: 2259908468_DOMAIN_COM-VRSN
\nRegistrar WHOIS Server: whois.godaddy.com
\nRegistrar URL: http:\/\/www.godaddy.com
\nUpdated Date: 2019-05-13T20:06:35Z
\nCreation Date: 2018-05-04T17:19:55Z
\nRegistrar Registration Expiration Date: 2020-05-04T17:19:55Z
\nRegistrar: GoDaddy.com, LLC
\nRegistrar IANA ID: 146
\nRegistrar Abuse Contact Email: abuse@godaddy.com
\nRegistrar Abuse Contact Phone: +1.4806242505
\nDomain Status: clientTransferProhibited http:\/\/www.icann.org\/epp#clientTransferProhibited
\nDomain Status: clientUpdateProhibited http:\/\/www.icann.org\/epp#clientUpdateProhibited
\nDomain Status: clientRenewProhibited http:\/\/www.icann.org\/epp#clientRenewProhibited
\nDomain Status: clientDeleteProhibited http:\/\/www.icann.org\/epp#clientDeleteProhibited
\nRegistry Registrant ID: Not Available From Registry
\nRegistrant Name: Registration Private
\nRegistrant Organization: Domains By Proxy, LLC<\/code><\/p><\/blockquote>\nAnd this is the third one in the set:<\/p>\n
Green Valley Parkway,
\nHenderson, NV 89074
\n+1 (855) 850 7390
\ninfo@venturafinancials.com
\nFax: 13033747343<\/p><\/blockquote>\nNo number on the street address, 855 free dial plus physical area code for the fax.<\/p>\n
It is also registered via GoDaddy, in the same month as loanraftfinance.com:<\/p>\n
Domain Name: venturafinancials.com
\nRegistry Domain ID: 2416866824_DOMAIN_COM-VRSN
\nRegistrar WHOIS Server: whois.godaddy.com
\nRegistrar URL: http:\/\/www.godaddy.com
\nUpdated Date: 2019-07-25T21:31:33Z
\nCreation Date: 2019-07-25T21:31:32Z
\nRegistrar Registration Expiration Date: 2020-07-25T21:31:32Z
\nRegistrar: GoDaddy.com, LLC
\nRegistrar IANA ID: 146
\nRegistrar Abuse Contact Email: abuse@godaddy.com
\nRegistrar Abuse Contact Phone: +1.4806242505
\nDomain Status: clientTransferProhibited http:\/\/www.icann.org\/epp#clientTransferProhibited
\nDomain Status: clientUpdateProhibited http:\/\/www.icann.org\/epp#clientUpdateProhibited
\nDomain Status: clientRenewProhibited http:\/\/www.icann.org\/epp#clientRenewProhibited
\nDomain Status: clientDeleteProhibited http:\/\/www.icann.org\/epp#clientDeleteProhibited
\nRegistry Registrant ID: Not Available From Registry
\nRegistrant Name: Registration Private
\nRegistrant Organization: Domains By Proxy, LLC<\/code><\/p><\/blockquote>\nLooking at who hosts email for the three different domains:<\/p>\n
loanraftfinance.com. 3600 IN MX 0 loanraftfinance-com.mail.protection.outlook.com.
\nventurafinancials.com. 3600 IN MX 0 venturafinancials-com.mail.protection.outlook.com.
\nstatforgefinance.com. 2858 IN MX 0 statforgefinance-com.mail.protection.outlook.com.<\/p><\/blockquote>\nThey are all using Microsoft’s Outlook mail infrastructure. This is also where my initial sample email was sent from.<\/p>\n
While I don’t know yet what exactly these people are up to, I would advise anyone who received a loan offer via spam to steer well clear of such offers.<\/p>\n","protected":false},"excerpt":{"rendered":"
Usually Gmail does a great job at keeping spam out of my Gmail inbox, but this morning I found an unsolicited email that looked like perhaps it was meant for someone else, supposedly for a loan application I had made: … Continue reading