Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Email Scammer: theglobalconsultantus.com from China
by Rudolf Faix Thursday, May 21, 2015 5:43 AM

Recently I got forwarded an email with an universal job offer. Such an universal job offer without any specifications and requirements for the offered job is every time suspect. Companies are searching people with special abilities. Only scammer are too lazy to inform themselves and write emails like the following one:

From: GLOBAL EDGE CONSULTANTS [mailto:wang@bmedi.cn]
Sent: Wednesday, May 20, 2015 5:43 PM
Subject: SUBMIT YOUR CV

GLOBAL EDGE CONSULTANTS
6200 Lake Otis Parkway
Suite 201
Anchorage, AK 99507
ALASKA, UNITED STATES OF AMERICA
Email: jobs@theglobalconsultantus.com

ATTN:
We are Job recruitment consultants for SHELL, EXXON MOBIL,CONOCOPHILLIPS OIL & GAS and CHEVRON,We are well known in United States Of America and across Europe,This is to notify you that your qualifications and experiences which you submitted at a job finding site were found suitable for the requirements of CONOCOPHILLIPS OIL & GAS US LIMITED. For verification and screening you are to submit your most recent resume through our e-mail: jobs@theglobalconsultantus.com

Best Regard,
Craig Gormus
Recruitment Manager

If we take a look at the sender domain we get the useless domain registry from China:

Domain Name: bmedi.cn
ROID: 20040810s10001s02671102-cn
Domain Status: ok
Registrant ID: hc557836351-cn
Registrant: 北京市市政工程设计研究总院
Sponsoring Registrar: 北京万网志成科技有限公司
Name Server: dns7.hichina.com
Name Server: dns8.hichina.com
Registration Time: 2004-08-10 17:58:55
Expiration Time: 2024-08-10 17:58:55
DNSSEC: unsigned

If we take a look at the date when the domain got registered and the expiration date, then it can be an Internet Service Provider from China.

More interesting is the domain of the provided answering address - theglobalconsultantus.com:

Domain Name: THEGLOBALCONSULTANTUS.COM
Registry Domain ID: 1901042750_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2015-04-07T02:32:43Z
Creation Date: 2015-02-05T20:30:32Z
Registrar Registration Expiration Date: 2016-02-05T20:30:32Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited
https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: 
Registrant Name: Tomorrow
Registrant Organization: TC Ltd
Registrant Street: NO.515, Shenfu Rd, XinZhuang   
Registrant City: Shanghai
Registrant State/Province: Shanghai
Registrant Postal Code: 201108
Registrant Country: CN
Registrant Phone: +86.2154424443
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: mukuji@mailpick.biz
Registry Admin ID: 
Admin Name: Tomorrow
Admin Organization: TC Ltd
Admin Street: NO.515, Shenfu Rd, XinZhuang  
Admin City: Shanghai
Admin State/Province: Shanghai
Admin Postal Code: 201108
Admin Country: CN
Admin Phone: +86.2154424443
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: mukuji@mailpick.biz
Registry Tech ID: 
Tech Name: Tomorrow
Tech Organization: TC Ltd
Tech Street: NO.515, Shenfu Rd, XinZhuang  
Tech City: Shanghai
Tech State/Province: Shanghai
Tech Postal Code: 201108
Tech Country: CN
Tech Phone: +86.2154424443
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: mukuji@mailpick.biz
Name Server: ns1.oworested.com
Name Server: ns2.oworested.com
Name Server: ns3.oworested.com
Name Server: ns4.oworested.com
DNSSEC:Unsigned
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1-2013775952
URL of the ICANN WHOIS Data Problem Reporting System: 
http://wdprs.internic.net/
>>>Last update of WHOIS database: 2015-05-20T16:18:14+0000Z<<<
For more information on Whois status codes, please visit https://icann.org/epp

Here we see that the domain got registered on February 2015 for a fake company with the name TC Ltd. from a person with the name Tomorrow in Shanghai. As the registration data are already a fake, who can believe in such a case to the offer, which even does not describe anything from a job?

Just for fun, let us take a look at the email headers:

Return-path: <wang@bmedi.cn>
Envelope-to: campaigns@deepbluem.com
Delivery-date: Wed, 20 May 2015 12:01:42 -0400
Received: from webmail.bmedi.cn ([211.103.187.179]:34475 helo=bmedi.cn)
                by wdc003.hawkhost.com with esmtp (Exim 4.85)
                (envelope-from <wang@bmedi.cn>)
                id 1Yv6RC-000LXl-8p
                for campaigns@deepbluem.com; Wed, 20 May 2015 12:01:42 -0400
Received: from User (unknown [77.106.163.203])
                by localhost.localdomain (Coremail) with SMTP id fwD__pAbbq7qkFxVQIr3AQ--.1815S3;
                Wed, 20 May 2015 21:50:32 +0800 (CST)
Reply-To: <jobs@theglobalconsultantus.com>
From: "GLOBAL EDGE CONSULTANTS"<wang@bmedi.cn>
Subject: SUBMIT YOUR CV
Date: Wed, 20 May 2015 16:42:40 +0100
MIME-Version: 1.0
Content-Type: text/plain;
                charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-CM-TRANSID:fwD__pAbbq7qkFxVQIr3AQ--.1815S3
X-Coremail-Antispam: 1UD129KBjvdXoWrKF4rKFy3WrW5uw18tr1UKFg_yoWxurg_WF
                sYvrsxtFW2vFZ7GrsxtF1qk3ZY9ayxZr1DCw1jqF1UAFZ5WF4Sgrsaqr4fur45X3WrWFnY
                gFZavrWrKF9agjkaLaAFLSUrUUUjtb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAU7a7-sFnT
                9fnUUIcSsGvfJTRUUUbzxYjsxI4VWDJwAYFVCjjxCrM7AC8VAFwI0_Wr0E3s1l1xkIjI8I
                6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AEw4v_JrI_Jryl84ACjcxK6xIIjxv20x
                vE14v26ryj6F1UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26rxl6s0DM28EF7xvwVC2z280
                aVAFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_GcCE3s1ln4kS14v26Fy26r
                43JwAqjxCEc2xF0cIa020Ex4CE44I27wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E2Ix0
                cI8IcVAFwI0_Wrv_ZF1lYx0Ex4A2jsIE14v26r4UJVWxJr1lF7xvr2IYc2Ij64vIr41lF7
                xvrVCFI7AF6II2Y40_Zr0_Gr1UM4IIrI8v6xkF7I0E4cxCY480cwAKzVAC0xCFj2AI6cx7
                MxkF7I0En4kS14v26F1UJr0E3s0q3wCY1x0264kExVAvwVAq07x20xyl42xK82IYc2Ij64
                vIr41l4IxYO2xFxVAFwI0_ZF0_GFyUMI8E67AF67kF1VAFwI0_Wrv_Gr1UMIIF0xvE2Ix0
                cI8IcVAFwI0_Ar0_tr1lIxAIcVC0I7IYx2IY6xkF7I0E14v26rxl6s0DMIIF0xvE42xK8V
                AvwI8IcIk0rVWUCVW8JwCI42IY6I8E87Iv67AKxVW8Jr0_Cr1UMIIF0xvEx4A2jsIEc7Cj
                xVAFwI0_GcCE3sUvcSsGvfC2KfnxnUUI43ZEXa7xR_UUUUUUUUU==
Message-Id: <555C9577.0AC3C9.03321@bmedi.cn>
X-CM-SenderInfo: pzdqwqxephvxgofq/
X-EsetId: 37303A296EDFC3676C766A

I have marked in the above quote the sender IP red. If we search the geolocation of the IP address then we get a result Norway, Oppland, Lillehammer and the ISP is Eidsiva Bredband As.

Such a "multinational company" Alaska, China, Norway, etc. cannot take the afford for an own website? That show that the scammer are simple too lazy, because a website takes at least a few minutes of work.

As the domain theglobalconsultantus.com got registered during February this year, we should not find some scam entries in Google. In any case we try it and get surprised:

Google search result for theglobalconsultantus.com

 

In such a short time, they got already 10 fraud entries. The same text only from different sender. That shows us again that the scammer are very lazy. They even don't like to use their brain.

 

Tags: , , , , , , , ,

Scammer Exposed

Windows 10 Software as a Service
by Rudolf Faix Tuesday, May 12, 2015 5:12 PM

Windows 10Microsoft is moving to an alternate sort of programming model with Windows 10. A designer evangelist noticed that Windows 10 future the "last form of Windows" amid the organization's Ignite gathering this week, and a subsequent affirmation from an authority Microsoft representative uncovered (by means of the Telegraph) that, in reality, redesigns to Windows after that discharge would take after an incremental way that would prompt progressing changes, rather than splashy, more intermittent numbered dispatches.

Seemingly, its a change that has been dynamically happening following the time when the simple and reasonable accessibility of Internet network went to the PC. Programming organizations have been discharging consistent overhauls for their applications, working frameworks and firmware through Internet association progressively after some time since it got to be functional to do as such. Be that as it may, Microsoft's choice to completely grasp this denote a huge change in the way it imagines, markets and offers its desktop OS.

Different organizations have as of now completely grasped this turn in the methods and nature of programming dispersion; Adobe, for example, is all on its Creative Cloud model, which sees supporters make good month to month expenses for access to desktop projects like Photoshop and Illustrator in return for continually having the most current form and highlights. Adobe makes this more alluring with a scope of supporting administrations, including its Creative Cloud adjusting record stockpiling.

Microsoft has, particularly under new CEO Satya Nadella, made the move to wind up considerably more of an administrations organization. Placing Windows into that heap of administrations would be a solid move toward upping the general worth recommendation of the entirety. Furthermore, moving to an all the more step by step iterative model would likely have advantages as far as designing asset distribution and keeping pace with the inexorably quick reception bends of new tech.

It'll be fascinating to perceive how the business model movements with this change: Microsoft has reported that Windows 10 will be a free redesign for qualified gadgets for the first year after 10's official dispatch, yet apparently on the off chance that its topping that despite everything it'll be looking to drive income from offers of the OS. Maybe it could get to be a piece of a bigger administrations package that develops what Office 365 as of now gives.

 

Tags: ,

Blog Rudolf Faix

Tech Support Scammer: Mani Miller on Facebook
by Rudolf Faix Friday, May 8, 2015 7:42 AM

Mani MillerThe following offer on Facebook from Mani Miller is a typical Windows Pop Up Scareware offer like it is described at SCAM: Windows pop up calls - the best way to end up in jail: At the end of the comments confirms Mani Miller by himself, that he is not serious. 

That he knows that he is selling illegal generated calls gets proven by the messages he sent to me using the Facebook chat at the same time.

This posting with the offer gets found at Facebook:

 
2 hrs · Edited · 
 

Contact number :- 8860676851 
These calls are available at 500 fix price
pop up smtym blue screen.,
microsoft security ,
Webpage detected virus.,
security threats,
security breaches,
computer compromised, blinking pop ups,
freez pop ups,
System slow,
Viruse detected,
Webpage redirecting,
Hacker found,
Calls rate are fix 500Rs for centre and resellers 
Call valume atleast 50

 
Like · Comment · 

 

At the same time I got on Facebook the following messages from Mani Miller:

  • Mani Miller

    Hello sir hope you doing good

     

    By the way don't you like to see me that and m doing my job here posting some adds

     

    Humble request to u please stopped it on my profile and posts

     

    Thank you

     

    Besr wishes to u

     
     
  • 4:42am
     
     
  • 4:58am
     
     
    Mani Miller

    Hi, I don't like the things you are posting. Would you please stop? Thanks.

 

I know that scammer don't like my postings. His message shows only that he knows that he is offering illegal generated calls and he does not like to stop offering them. At least he is friendly asking. Other scammer are more rude.

Another offer of illegal calls for MAC get's found at Mani Millers profile on Facebook:

 
2 hrs · 
 

Call are available windows Mac @500k minimum orders 100calls

 — at MD Infotech services Pvt Ltd.

As Mani Miller has given a recommendation for MD Infotech services Pvt Ltd. that they are working together in generating and selling the illegal calls.

The edit history of the posting is:

Edit History

Close
  • Mani Miller
    2 hours ago
    Rohit adhikari
    pop up smtym blue screen.,
    microsoft security ,
    Webpage detected virus.,
    security threats,
    security breaches,
    computer compromised, blinking pop ups,
    freez pop ups,
    System slow,
    Viruse detected,
    Webpage redirecting,
    Hacker found,
    Calls rate are fix 500Rs for centre and resellers 
    Call valume atleast 50
     
  • Mani Miller
    2 hours ago
    Contact number :- 8860676851 
    These calls are available at 500 fix price
    pop up smtym blue screen.,
    microsoft security ,
    Webpage detected virus.,
    security threats,
    security breaches,
    computer compromised, blinking pop ups,
    freez pop ups,
    System slow,
    Viruse detected,
    Webpage redirecting,
    Hacker found,
    Calls rate are fix 500Rs for centre and resellers 
    Call valume atleast 50

 

Facebook offer: Mani Miller - Contact nu...6851 These calls are....pdf (389.55 kb)

Facebook profile: Mani Miller Facebook Profile.pdf (3.13 mb)

Facebook page: MD Infotech services Pvt Ltd..pdf (1.22 mb)

 

Tags: , , , , , , , , , , , ,

Scammer Exposed

You have not won the "Microsoft Lottery"
by Rudolf Faix Monday, May 4, 2015 4:00 AM

MicrosoftMicrosoft customers are often targets of a scam that uses email messages to falsely promise money. Victims receive messages claiming "You have won the Microsoft Lottery!" There is no Microsoft Lottery. Delete the message.

If you have lost money to this scam, report it. You can also send the police report to Microsoft and we will use it to help law enforcement catch the criminals who send out these e-mail messages.

To help protect yourself from these e-mail hoaxes, you can use the same general guidance that you use to protect yourself from phishing scams.

 

Tags: , , , , ,

Fraud and Scam

Microsoft does not request credit card information to validate your copy of Windows
by Rudolf Faix Sunday, May 3, 2015 4:17 AM

Visa, MastercardMicrosoft requires that your copy of Windows is legitimate before you can obtain programs from the Microsoft Download Center or receive software updates from Microsoft Update. Microsoft's online process that performs this validation is called the Genuine Advantage Program. At no time during the validation process Microsoft is requesting your credit card information.

In fact, Microsoft does not collect information that can be used to identify you such as your name, email address, or other personal details.

To learn more, read the Genuine Microsoft software program privacy statement.

To learn more about the program in general, see Genuine Windows: frequently asked questions.

Source: https://www.microsoft.com/en-us/safety/online-privacy/avoid-phone-scams.aspx 
(you need to switch your country setting to US/English for following this link)

 

Tags: , ,

Fraud and Scam

Filter by APML

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.