Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
jwSpamSpy
Try it for free!

Google
 

Fraud: Forwarding Paypal payments via Western Union

If you receive and forward payments for other people, you are taking risks, particularly on the internet, where it's difficult to know who you are really dealing with. The supposedly Chinese or Belgian company offering you a job forwarding payments could very well turn out to be a gang from Nigeria or the former Soviet Union. Be careful!

Online fraud is a growth industry. The relative anonymity of online transactions and the problem of jurisdiction make it relatively easy for criminals to abuse the trust of others and get away with it.

One of the ways crimianls can avoid being caught is to use middle men for fraudulent transactions, who will become the first suspects when the fraud is detected. For example, if goods are purchased but not delivered or if money is transferred out of a bank account after cases of identity theft, the money often first passes through the hands of a person who has agreed to forward cash to a third party via Western Union.

Funds sent via PayPal or bank transfers are traceable, funds sent via Western Union are not. Criminals try to erase the money trail and the person who literally pays the bill will be the middleman. Beware and don't take any chances!

Here is a typical example of one spam looking for third parties to take the fall:

Hello
We are looking for business-partners in world for cooperation in money exchange.
Our company is the leader in online money-exchange on the Russian market.
Nowadays Russian web-sponsors, as well as web-sponsors all over the world, feel the deficit in online-money (such as E-gold).
We are looking for partners with paypal account in diffrent countries for quick money-exchange from sponsors paypal accounts.
In order to become our partner you need: verifed paypal account, You must have cash funds or credit card to make westernunion transfer instantly, after u receive paypal funds.
We pay 10% and all paypal fees and westernunion fees.
For constantly work percent will rise.
If you intrested please fill this form
http://222.223.129.246

(Before filling form, install any of instantly messenger, if u do not fill this forms, we will do not answer on your filling)
Thank you.


The IP address listed in the spam belongs to China Telecom, a company that hosts many spammers and that is often used for "phishing" fraud (identity theft):

     inetnum:      222.222.0.0 - 222.223.255.255
     netname:      CHINATELECOM-HE
     descr:        CHINANET hebei province network
     descr:        China Telecom
     descr:        No.31,jingrong street
     descr:        Beijing 100032
     country:      CN
This type of scam involves criminal activity, such hacking into bank accounts. Access codes for online banking will be stolen via "phishing" or a keylogger. With these codes the criminals are able to transfer money to the account of their "employee". This theft remains traceable. If the employee wires the money to another country via Western Union before the owner of the account notices the theft then the stolen money becomes untraceable.

Let's look at the message header:

Received: from 61.109.43.187 (unknown [61.109.43.187])
	by receivingmailserver (Postfix) with ESMTP id 495AE424047
	for <someaddress>; Thu, 28 Oct 2004 01:50:43 +0200 (CEST)
Received: from unknown (HELO localhost) (127.0.0.1)
    by localhost.ec.com with SMTP; Thu, 28 Oct 2004 00:17:19 +0000
Received: from 145.25.70.43 (145.25.70.43[145.25.70.43])
       by 61.109.43.187 (IMP) with HTTP
       for <someaddress> 
Message-ID: <8602441098922639@61.109.43.187>
The email arrived from a server in South Korea:
     inetnum:      61.109.0.0 - 61.109.63.255
     netname:      HANVITINB-INFRA-KR
     descr: 	      Hanvitinb
     descr: 	      519-1,gojan-dong,ansan-city
     descr: 	      KYONGGI
     descr: 	      425-020
     country:      KR
     admin-c:      JA129-KR
     tech-c:       JA130-KR
China and South Korea have a poor record for stopping internet abuse, which is why servers in these countries are frequently used for fraudulent activity.


Clueless virus filters spam innocent third parties
Challenge and Response spam filters: A selfish idea for selfish times

ShareYourExperiences.com spammers
Smyrnagroup spammers (in German)
Kaplan College spam
Stock Price Manipulation Spam ("Pump & Dump")
What's the deal with "OEM software"?
'Phishing' for your wallet
Job spam for payment processors
Spam phone numbers ("diploma" spam, etc.)
"Joe job" information

Link exchange offer spam
Getting creative with spam
Link exchange spam: allcarpictures.com

Xenophobia, Spam and Viruses: The "German Spam" (Sober.H)
Sober.H – Racist German email spam spread by virus (in German)

"Joe job" against joewein.de
Porn spam: watchsound.com
Porn spam: hotsalza.com
Name servers used by spammers: joker.com
Rogue name servers: mediadreamland.com
Rogue name servers: airmaramba.biz
Rogue name servers: bonafidecash.com
Rogue name servers: maileasy.biz

Browser hijacking: heretofind.com

Computer Viruses