Fraud: Forwarding Paypal payments via Western Union
If you receive and forward payments for other people, you are taking risks, particularly on the internet, where it's difficult to know who you are really dealing with. The supposedly Chinese or Belgian company offering you a job forwarding payments could very well turn out to be a gang from Nigeria or the former Soviet Union. Be careful!
Online fraud is a growth industry. The relative anonymity of online transactions and the problem of jurisdiction make it relatively easy for criminals to abuse the trust of others and get away with it.
One of the ways crimianls can avoid being caught is to use middle men for fraudulent transactions, who will become the first suspects when the fraud is detected. For example, if goods are purchased but not delivered or if money is transferred out of a bank account after cases of identity theft, the money often first passes through the hands of a person who has agreed to forward cash to a third party via Western Union.
Funds sent via PayPal or bank transfers are traceable, funds sent via Western Union are not. Criminals try to erase the money trail and the person who literally pays the bill will be the middleman. Beware and don't take any chances!
Here is a typical example of one spam looking for third parties to take the fall:
The IP address listed in the spam belongs to China Telecom, a company that hosts many spammers and that is often used for "phishing" fraud (identity theft):
inetnum: 18.104.22.168 - 22.214.171.124 netname: CHINATELECOM-HE descr: CHINANET hebei province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 country: CNThis type of scam involves criminal activity, such hacking into bank accounts. Access codes for online banking will be stolen via "phishing" or a keylogger. With these codes the criminals are able to transfer money to the account of their "employee". This theft remains traceable. If the employee wires the money to another country via Western Union before the owner of the account notices the theft then the stolen money becomes untraceable.
Let's look at the message header:
The email arrived from a server in South Korea:Received: from 126.96.36.199 (unknown [188.8.131.52]) by receivingmailserver (Postfix) with ESMTP id 495AE424047 for <someaddress>; Thu, 28 Oct 2004 01:50:43 +0200 (CEST) Received: from unknown (HELO localhost) (127.0.0.1) by localhost.ec.com with SMTP; Thu, 28 Oct 2004 00:17:19 +0000 Received: from 184.108.40.206 (220.127.116.11[18.104.22.168]) by 22.214.171.124 (IMP) with HTTP for <someaddress> Message-ID: <firstname.lastname@example.org>
inetnum: 126.96.36.199 - 188.8.131.52 netname: HANVITINB-INFRA-KR descr: Hanvitinb descr: 519-1,gojan-dong,ansan-city descr: KYONGGI descr: 425-020 country: KR admin-c: JA129-KR tech-c: JA130-KRChina and South Korea have a poor record for stopping internet abuse, which is why servers in these countries are frequently used for fraudulent activity.
Clueless virus filters spam innocent third parties