Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Email Scammer: theglobalconsultantus.com from China
by Rudolf Faix Thursday, May 21, 2015 5:43 AM

Recently I got forwarded an email with an universal job offer. Such an universal job offer without any specifications and requirements for the offered job is every time suspect. Companies are searching people with special abilities. Only scammer are too lazy to inform themselves and write emails like the following one:

From: GLOBAL EDGE CONSULTANTS [mailto:wang@bmedi.cn]
Sent: Wednesday, May 20, 2015 5:43 PM
Subject: SUBMIT YOUR CV

GLOBAL EDGE CONSULTANTS
6200 Lake Otis Parkway
Suite 201
Anchorage, AK 99507
ALASKA, UNITED STATES OF AMERICA
Email: jobs@theglobalconsultantus.com

ATTN:
We are Job recruitment consultants for SHELL, EXXON MOBIL,CONOCOPHILLIPS OIL & GAS and CHEVRON,We are well known in United States Of America and across Europe,This is to notify you that your qualifications and experiences which you submitted at a job finding site were found suitable for the requirements of CONOCOPHILLIPS OIL & GAS US LIMITED. For verification and screening you are to submit your most recent resume through our e-mail: jobs@theglobalconsultantus.com

Best Regard,
Craig Gormus
Recruitment Manager

If we take a look at the sender domain we get the useless domain registry from China:

Domain Name: bmedi.cn
ROID: 20040810s10001s02671102-cn
Domain Status: ok
Registrant ID: hc557836351-cn
Registrant: 北京市市政工程设计研究总院
Sponsoring Registrar: 北京万网志成科技有限公司
Name Server: dns7.hichina.com
Name Server: dns8.hichina.com
Registration Time: 2004-08-10 17:58:55
Expiration Time: 2024-08-10 17:58:55
DNSSEC: unsigned

If we take a look at the date when the domain got registered and the expiration date, then it can be an Internet Service Provider from China.

More interesting is the domain of the provided answering address - theglobalconsultantus.com:

Domain Name: THEGLOBALCONSULTANTUS.COM
Registry Domain ID: 1901042750_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: www.publicdomainregistry.com
Updated Date: 2015-04-07T02:32:43Z
Creation Date: 2015-02-05T20:30:32Z
Registrar Registration Expiration Date: 2016-02-05T20:30:32Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited
https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: 
Registrant Name: Tomorrow
Registrant Organization: TC Ltd
Registrant Street: NO.515, Shenfu Rd, XinZhuang   
Registrant City: Shanghai
Registrant State/Province: Shanghai
Registrant Postal Code: 201108
Registrant Country: CN
Registrant Phone: +86.2154424443
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: mukuji@mailpick.biz
Registry Admin ID: 
Admin Name: Tomorrow
Admin Organization: TC Ltd
Admin Street: NO.515, Shenfu Rd, XinZhuang  
Admin City: Shanghai
Admin State/Province: Shanghai
Admin Postal Code: 201108
Admin Country: CN
Admin Phone: +86.2154424443
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: mukuji@mailpick.biz
Registry Tech ID: 
Tech Name: Tomorrow
Tech Organization: TC Ltd
Tech Street: NO.515, Shenfu Rd, XinZhuang  
Tech City: Shanghai
Tech State/Province: Shanghai
Tech Postal Code: 201108
Tech Country: CN
Tech Phone: +86.2154424443
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: mukuji@mailpick.biz
Name Server: ns1.oworested.com
Name Server: ns2.oworested.com
Name Server: ns3.oworested.com
Name Server: ns4.oworested.com
DNSSEC:Unsigned
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1-2013775952
URL of the ICANN WHOIS Data Problem Reporting System: 
http://wdprs.internic.net/
>>>Last update of WHOIS database: 2015-05-20T16:18:14+0000Z<<<
For more information on Whois status codes, please visit https://icann.org/epp

Here we see that the domain got registered on February 2015 for a fake company with the name TC Ltd. from a person with the name Tomorrow in Shanghai. As the registration data are already a fake, who can believe in such a case to the offer, which even does not describe anything from a job?

Just for fun, let us take a look at the email headers:

Return-path: <wang@bmedi.cn>
Envelope-to: campaigns@deepbluem.com
Delivery-date: Wed, 20 May 2015 12:01:42 -0400
Received: from webmail.bmedi.cn ([211.103.187.179]:34475 helo=bmedi.cn)
                by wdc003.hawkhost.com with esmtp (Exim 4.85)
                (envelope-from <wang@bmedi.cn>)
                id 1Yv6RC-000LXl-8p
                for campaigns@deepbluem.com; Wed, 20 May 2015 12:01:42 -0400
Received: from User (unknown [77.106.163.203])
                by localhost.localdomain (Coremail) with SMTP id fwD__pAbbq7qkFxVQIr3AQ--.1815S3;
                Wed, 20 May 2015 21:50:32 +0800 (CST)
Reply-To: <jobs@theglobalconsultantus.com>
From: "GLOBAL EDGE CONSULTANTS"<wang@bmedi.cn>
Subject: SUBMIT YOUR CV
Date: Wed, 20 May 2015 16:42:40 +0100
MIME-Version: 1.0
Content-Type: text/plain;
                charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-CM-TRANSID:fwD__pAbbq7qkFxVQIr3AQ--.1815S3
X-Coremail-Antispam: 1UD129KBjvdXoWrKF4rKFy3WrW5uw18tr1UKFg_yoWxurg_WF
                sYvrsxtFW2vFZ7GrsxtF1qk3ZY9ayxZr1DCw1jqF1UAFZ5WF4Sgrsaqr4fur45X3WrWFnY
                gFZavrWrKF9agjkaLaAFLSUrUUUjtb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAU7a7-sFnT
                9fnUUIcSsGvfJTRUUUbzxYjsxI4VWDJwAYFVCjjxCrM7AC8VAFwI0_Wr0E3s1l1xkIjI8I
                6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l1IIY67AEw4v_JrI_Jryl84ACjcxK6xIIjxv20x
                vE14v26ryj6F1UM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26rxl6s0DM28EF7xvwVC2z280
                aVAFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIEc7CjxVAFwI0_GcCE3s1ln4kS14v26Fy26r
                43JwAqjxCEc2xF0cIa020Ex4CE44I27wAqx4xG64xvF2IEw4CE5I8CrVC2j2WlYx0E2Ix0
                cI8IcVAFwI0_Wrv_ZF1lYx0Ex4A2jsIE14v26r4UJVWxJr1lF7xvr2IYc2Ij64vIr41lF7
                xvrVCFI7AF6II2Y40_Zr0_Gr1UM4IIrI8v6xkF7I0E4cxCY480cwAKzVAC0xCFj2AI6cx7
                MxkF7I0En4kS14v26F1UJr0E3s0q3wCY1x0264kExVAvwVAq07x20xyl42xK82IYc2Ij64
                vIr41l4IxYO2xFxVAFwI0_ZF0_GFyUMI8E67AF67kF1VAFwI0_Wrv_Gr1UMIIF0xvE2Ix0
                cI8IcVAFwI0_Ar0_tr1lIxAIcVC0I7IYx2IY6xkF7I0E14v26rxl6s0DMIIF0xvE42xK8V
                AvwI8IcIk0rVWUCVW8JwCI42IY6I8E87Iv67AKxVW8Jr0_Cr1UMIIF0xvEx4A2jsIEc7Cj
                xVAFwI0_GcCE3sUvcSsGvfC2KfnxnUUI43ZEXa7xR_UUUUUUUUU==
Message-Id: <555C9577.0AC3C9.03321@bmedi.cn>
X-CM-SenderInfo: pzdqwqxephvxgofq/
X-EsetId: 37303A296EDFC3676C766A

I have marked in the above quote the sender IP red. If we search the geolocation of the IP address then we get a result Norway, Oppland, Lillehammer and the ISP is Eidsiva Bredband As.

Such a "multinational company" Alaska, China, Norway, etc. cannot take the afford for an own website? That show that the scammer are simple too lazy, because a website takes at least a few minutes of work.

As the domain theglobalconsultantus.com got registered during February this year, we should not find some scam entries in Google. In any case we try it and get surprised:

Google search result for theglobalconsultantus.com

 

In such a short time, they got already 10 fraud entries. The same text only from different sender. That shows us again that the scammer are very lazy. They even don't like to use their brain.

 

Tags: , , , , , , , ,

Scammer Exposed

Filter by APML

Follow me

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.