Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Email Scammer: from China
by Rudolf Faix Thursday, May 21, 2015 5:43 AM

Recently I got forwarded an email with an universal job offer. Such an universal job offer without any specifications and requirements for the offered job is every time suspect. Companies are searching people with special abilities. Only scammer are too lazy to inform themselves and write emails like the following one:

Sent: Wednesday, May 20, 2015 5:43 PM

6200 Lake Otis Parkway
Suite 201
Anchorage, AK 99507

We are Job recruitment consultants for SHELL, EXXON MOBIL,CONOCOPHILLIPS OIL & GAS and CHEVRON,We are well known in United States Of America and across Europe,This is to notify you that your qualifications and experiences which you submitted at a job finding site were found suitable for the requirements of CONOCOPHILLIPS OIL & GAS US LIMITED. For verification and screening you are to submit your most recent resume through our e-mail:

Best Regard,
Craig Gormus
Recruitment Manager

If we take a look at the sender domain we get the useless domain registry from China:

Domain Name:
ROID: 20040810s10001s02671102-cn
Domain Status: ok
Registrant ID: hc557836351-cn
Registrant: 北京市市政工程设计研究总院
Sponsoring Registrar: 北京万网志成科技有限公司
Name Server:
Name Server:
Registration Time: 2004-08-10 17:58:55
Expiration Time: 2024-08-10 17:58:55
DNSSEC: unsigned

If we take a look at the date when the domain got registered and the expiration date, then it can be an Internet Service Provider from China.

More interesting is the domain of the provided answering address -

Registry Domain ID: 1901042750_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2015-04-07T02:32:43Z
Creation Date: 2015-02-05T20:30:32Z
Registrar Registration Expiration Date: 2016-02-05T20:30:32Z
Registrar: PDR Ltd. d/b/a
Registrar IANA ID: 303
Domain Status: clientTransferProhibited
Registry Registrant ID: 
Registrant Name: Tomorrow
Registrant Organization: TC Ltd
Registrant Street: NO.515, Shenfu Rd, XinZhuang   
Registrant City: Shanghai
Registrant State/Province: Shanghai
Registrant Postal Code: 201108
Registrant Country: CN
Registrant Phone: +86.2154424443
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email:
Registry Admin ID: 
Admin Name: Tomorrow
Admin Organization: TC Ltd
Admin Street: NO.515, Shenfu Rd, XinZhuang  
Admin City: Shanghai
Admin State/Province: Shanghai
Admin Postal Code: 201108
Admin Country: CN
Admin Phone: +86.2154424443
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email:
Registry Tech ID: 
Tech Name: Tomorrow
Tech Organization: TC Ltd
Tech Street: NO.515, Shenfu Rd, XinZhuang  
Tech City: Shanghai
Tech State/Province: Shanghai
Tech Postal Code: 201108
Tech Country: CN
Tech Phone: +86.2154424443
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email:
Name Server:
Name Server:
Name Server:
Name Server:
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1-2013775952
URL of the ICANN WHOIS Data Problem Reporting System:
>>>Last update of WHOIS database: 2015-05-20T16:18:14+0000Z<<<
For more information on Whois status codes, please visit

Here we see that the domain got registered on February 2015 for a fake company with the name TC Ltd. from a person with the name Tomorrow in Shanghai. As the registration data are already a fake, who can believe in such a case to the offer, which even does not describe anything from a job?

Just for fun, let us take a look at the email headers:

Return-path: <>
Delivery-date: Wed, 20 May 2015 12:01:42 -0400
Received: from ([]:34475
                by with esmtp (Exim 4.85)
                (envelope-from <>)
                id 1Yv6RC-000LXl-8p
                for; Wed, 20 May 2015 12:01:42 -0400
Received: from User (unknown [])
                by localhost.localdomain (Coremail) with SMTP id fwD__pAbbq7qkFxVQIr3AQ--.1815S3;
                Wed, 20 May 2015 21:50:32 +0800 (CST)
Reply-To: <>
Date: Wed, 20 May 2015 16:42:40 +0100
MIME-Version: 1.0
Content-Type: text/plain;
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Coremail-Antispam: 1UD129KBjvdXoWrKF4rKFy3WrW5uw18tr1UKFg_yoWxurg_WF
Message-Id: <>
X-CM-SenderInfo: pzdqwqxephvxgofq/
X-EsetId: 37303A296EDFC3676C766A

I have marked in the above quote the sender IP red. If we search the geolocation of the IP address then we get a result Norway, Oppland, Lillehammer and the ISP is Eidsiva Bredband As.

Such a "multinational company" Alaska, China, Norway, etc. cannot take the afford for an own website? That show that the scammer are simple too lazy, because a website takes at least a few minutes of work.

As the domain got registered during February this year, we should not find some scam entries in Google. In any case we try it and get surprised:

Google search result for


In such a short time, they got already 10 fraud entries. The same text only from different sender. That shows us again that the scammer are very lazy. They even don't like to use their brain.


Tags: , , , , , , , ,

Scammer Exposed

Windows 10 Software as a Service
by Rudolf Faix Tuesday, May 12, 2015 5:12 PM

Windows 10Microsoft is moving to an alternate sort of programming model with Windows 10. A designer evangelist noticed that Windows 10 future the "last form of Windows" amid the organization's Ignite gathering this week, and a subsequent affirmation from an authority Microsoft representative uncovered (by means of the Telegraph) that, in reality, redesigns to Windows after that discharge would take after an incremental way that would prompt progressing changes, rather than splashy, more intermittent numbered dispatches.

Seemingly, its a change that has been dynamically happening following the time when the simple and reasonable accessibility of Internet network went to the PC. Programming organizations have been discharging consistent overhauls for their applications, working frameworks and firmware through Internet association progressively after some time since it got to be functional to do as such. Be that as it may, Microsoft's choice to completely grasp this denote a huge change in the way it imagines, markets and offers its desktop OS.

Different organizations have as of now completely grasped this turn in the methods and nature of programming dispersion; Adobe, for example, is all on its Creative Cloud model, which sees supporters make good month to month expenses for access to desktop projects like Photoshop and Illustrator in return for continually having the most current form and highlights. Adobe makes this more alluring with a scope of supporting administrations, including its Creative Cloud adjusting record stockpiling.

Microsoft has, particularly under new CEO Satya Nadella, made the move to wind up considerably more of an administrations organization. Placing Windows into that heap of administrations would be a solid move toward upping the general worth recommendation of the entirety. Furthermore, moving to an all the more step by step iterative model would likely have advantages as far as designing asset distribution and keeping pace with the inexorably quick reception bends of new tech.

It'll be fascinating to perceive how the business model movements with this change: Microsoft has reported that Windows 10 will be a free redesign for qualified gadgets for the first year after 10's official dispatch, yet apparently on the off chance that its topping that despite everything it'll be looking to drive income from offers of the OS. Maybe it could get to be a piece of a bigger administrations package that develops what Office 365 as of now gives.


Tags: ,

Blog Rudolf Faix

Tech Support Scammer: Mani Miller on Facebook
by Rudolf Faix Friday, May 8, 2015 7:42 AM

Mani MillerThe following offer on Facebook from Mani Miller is a typical Windows Pop Up Scareware offer like it is described at SCAM: Windows pop up calls - the best way to end up in jail: At the end of the comments confirms Mani Miller by himself, that he is not serious. 

That he knows that he is selling illegal generated calls gets proven by the messages he sent to me using the Facebook chat at the same time.

This posting with the offer gets found at Facebook:

2 hrs · Edited · 

Contact number :- 8860676851 
These calls are available at 500 fix price
pop up smtym blue screen.,
microsoft security ,
Webpage detected virus.,
security threats,
security breaches,
computer compromised, blinking pop ups,
freez pop ups,
System slow,
Viruse detected,
Webpage redirecting,
Hacker found,
Calls rate are fix 500Rs for centre and resellers 
Call valume atleast 50

Like · Comment · 


At the same time I got on Facebook the following messages from Mani Miller:

  • Mani Miller

    Hello sir hope you doing good


    By the way don't you like to see me that and m doing my job here posting some adds


    Humble request to u please stopped it on my profile and posts


    Thank you


    Besr wishes to u

  • 4:42am
  • 4:58am
    Mani Miller

    Hi, I don't like the things you are posting. Would you please stop? Thanks.


I know that scammer don't like my postings. His message shows only that he knows that he is offering illegal generated calls and he does not like to stop offering them. At least he is friendly asking. Other scammer are more rude.

Another offer of illegal calls for MAC get's found at Mani Millers profile on Facebook:

2 hrs · 

Call are available windows Mac @500k minimum orders 100calls

 — at MD Infotech services Pvt Ltd.

As Mani Miller has given a recommendation for MD Infotech services Pvt Ltd. that they are working together in generating and selling the illegal calls.

The edit history of the posting is:

Edit History

  • Mani Miller
    2 hours ago
    Rohit adhikari
    pop up smtym blue screen.,
    microsoft security ,
    Webpage detected virus.,
    security threats,
    security breaches,
    computer compromised, blinking pop ups,
    freez pop ups,
    System slow,
    Viruse detected,
    Webpage redirecting,
    Hacker found,
    Calls rate are fix 500Rs for centre and resellers 
    Call valume atleast 50
  • Mani Miller
    2 hours ago
    Contact number :- 8860676851 
    These calls are available at 500 fix price
    pop up smtym blue screen.,
    microsoft security ,
    Webpage detected virus.,
    security threats,
    security breaches,
    computer compromised, blinking pop ups,
    freez pop ups,
    System slow,
    Viruse detected,
    Webpage redirecting,
    Hacker found,
    Calls rate are fix 500Rs for centre and resellers 
    Call valume atleast 50


Facebook offer: Mani Miller - Contact nu...6851 These calls are....pdf (389.55 kb)

Facebook profile: Mani Miller Facebook Profile.pdf (3.13 mb)

Facebook page: MD Infotech services Pvt Ltd..pdf (1.22 mb)


Tags: , , , , , , , , , , , ,

Scammer Exposed

You have not won the "Microsoft Lottery"
by Rudolf Faix Monday, May 4, 2015 4:00 AM

MicrosoftMicrosoft customers are often targets of a scam that uses email messages to falsely promise money. Victims receive messages claiming "You have won the Microsoft Lottery!" There is no Microsoft Lottery. Delete the message.

If you have lost money to this scam, report it. You can also send the police report to Microsoft and we will use it to help law enforcement catch the criminals who send out these e-mail messages.

To help protect yourself from these e-mail hoaxes, you can use the same general guidance that you use to protect yourself from phishing scams.


Tags: , , , , ,

Fraud and Scam

Microsoft does not request credit card information to validate your copy of Windows
by Rudolf Faix Sunday, May 3, 2015 4:17 AM

Visa, MastercardMicrosoft requires that your copy of Windows is legitimate before you can obtain programs from the Microsoft Download Center or receive software updates from Microsoft Update. Microsoft's online process that performs this validation is called the Genuine Advantage Program. At no time during the validation process Microsoft is requesting your credit card information.

In fact, Microsoft does not collect information that can be used to identify you such as your name, email address, or other personal details.

To learn more, read the Genuine Microsoft software program privacy statement.

To learn more about the program in general, see Genuine Windows: frequently asked questions.

(you need to switch your country setting to US/English for following this link)


Tags: , ,

Fraud and Scam

Filter by APML


I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.


All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.