Fake forum- Paid for Receiving Bank Transfers

This is a very nasty twist on the basic cheque mule scam. In this case, the scammers have set up several clones of a fake phpbb forum soliciting people to launder money "legally" by cashing cheques (although the forum claims that bank transfers are used, also illegal) and sending off 90% of the money via WU. Problem is, the cheques are fake and anyone cashing them will at minimum be in debt to their bank, and might even find themselves facing cheque kiting charges.

This is just a somewhat disguised version of the standard fake cheque scam, and one that has already cost people thousands of dollars. The main character is most likely the person using the nick "Supplier", who may or may not be the same person as "Admin", "Calicasher", and "Primo". I'm adding the text of the "come on" in order to help people find this warning:

OK! I'll get right to the point. I have large amount of funds on numerous bank accounts which needs to be laundered. I need your help to do that. You'll get 10% of each transaction coming into your bank account.

I can provide transaction of up to $5000.

You receive transfer into your bank account -> withdraw cash ->
take your 10% -> send the rest to me (by western union)

It's a good and legal way of making money.

Earning:
It's recommended not to transfer more than $5,000 to each account.
Let's say You have received $5000, to your account.
10% of $5,000 = $500 goes to your pocket.

Beginners for their first transfer will not receive more than $1000. After they've received $1000 and send 90% of that money to reviewed supplier, they'll be granted a status of reviewed receiver and will be trusted with transfers of $5000 at once.

Requirements: You need to have at least one account in one of the banks in Canada, Australia, New Zealand or the United States.

To start, register and send me an email to [email protected]

You can also view our forum for more information.
_________________
icq: 353204920

Here is a screen cap of the "forum" index:

These sites are numerous and botnet hosted, making them hard to kill. I will list some of the names and URLs that have been used for this scam:
CS Funds - www.cs-funds.com
LVS Money - www.lvs-money.com
CHI Profit - www.chi-profit.com
SK Income - www.sk-income.net
FTC Funds - www.ftc-funds.com
FCI Money - www.fcimoney.net
TPS Funds - www.tps-funds.com
RSM Capital - www.rsm-capital.com
FI Money - www.fi-money.net
TD Capital - www.td-capital.com

If you have been approached by these people, walk away. Do not attempt to deposit their cheques and do NOT under any circumstances send them money!

Very good post SF!

I received an email from these people today. I went to the message forum, and there are only a few post from those same few 3 or 4 people that you listed. I think they delete all the post from negative posters for a reason...

I thought it sounded like a scam, decided to do some research, and found this useful site.

did anyone reading this, get conned by them??

It always helps if you supply the URL for the website you mention. Otherwise how can we get them shut down?

Thanks anyway!

Just received an e-mail from these people. Thank God I googled it and found this website. I would like to know how they got my work e-mail address.

The following is the sender's e-mail address:

[email protected]

and this is the website address that was sent:

http://www.mkc-manager.com/

Mar:

They probably either just mass bombed e-mails or if you have posted it anywhere on the internet for any reason they find it by trolling. They send out thousands of e-mails a day on this kind of stuff.

Another thing they sometimes do is just sent out to lists, changing one character at a time. "John000 through John999 at yahoo" or some such thing. Somewhere in there they might hit a few real email addresses. Yours could have been hit that way, even if you've never used it for anything on the internet before.

But if you've EVER used it on the internet, then it's out there and can be found and used.

A few months ago i post several resumes on popular job search sites like monster jobs, when i did this i created a new online mail account and didn't use it for anything else, i firmy believe that one method they are using is going thru public available resumes to collect e-mail addys on such sites thus presenting the opportunity to people that are obviously in need of money with a quick fix for fast income with little to no work...........if you post on such sites make sure your resume is only viewable to registered buisnesses........how ever this is probably only one method that is being used to collect potential targets and obviously a very effective one. if you want to do something about (be very careful) and it playalong, don't reveal your bank account # until you have talked to local law inforcement or better yet federal branches of fraud investigation or INTERPOL (they have international authority), remember that all wiretransfers are tracked to some degree and thus there is a paper trail (most banks have cameras), they always request a western union money transfer for cash, this means that someone has to pick it up in person at some location, they may not get the ring leader, but it may put the fear of god into the those responsible when they realize that law inforcement is on to them, almost all the sites are registered to this address and info

ati-manager.com
Creation Date........ 2008-02-06 17:14:09
Registration Date.... 2008-02-06 17:14:09
Expiry Date.......... 2009-02-06 17:14:09
Organisation Name.... xiaowen
Organisation Address. No.12 chang'an road
Organisation Address.
Organisation Address. Beijing
Organisation Address. 100001
Organisation Address. BJ
Organisation Address. CN

Admin Name........... gr wen
Admin Address........ No.12 chang'an road
Admin Address........
Admin Address........ Beijing
Admin Address........ 100001
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... [email protected]
Admin Phone.......... +86.103093034
Admin Fax............ +86.103493934
happy hunting

Address lookup
canonical name ati-manager.com.
aliases
addresses 70.52.52.51
190.30.135.108
82.77.81.69
75.31.240.202
79.116.33.226
79.115.7.75
79.114.97.253
81.181.174.157
91.200.114.171
64.130.97.106
75.118.68.97
86.121.39.139
69.221.71.229
86.122.48.254

Botnet
possibly part of RBN's

Hi Evolve, welcome to Scamwarners!

i firmy believe that one method they are using is going thru public available resumes to collect e-mail addys on such sites thus presenting the opportunity to people that are obviously in need of money with a quick fix for fast income with little to no work...........if you post on such sites make sure your resume is only viewable to registered buisnesses........how ever this is probably only one method that is being used to collect potential targets and obviously a very effective one.

Quite correct. Monster.com and any other place where resumes are public are prime hunting grounds for this type of scum.

if you want to do something about (be very careful) and it playalong, don't reveal your bank account # until you have talked to local law inforcement or better yet federal branches of fraud investigation or INTERPOL (they have international authority)

Incorrect. When baiting scammers, you NEVER give them any of your personal information under any circumstances. That said, it is difficult enough to get any branch of LE involved even when there is a real victim who has lost money (due to many things, including jurisdictional issues), let alone getting LE to run a sting based on a bait. For more information on scambaiting and, more importantly, baiting safe, please see our sister site at www.419eater.com .

remember that all wiretransfers are tracked to some degree and thus there is a paper trail (most banks have cameras), they always request a western union money transfer for cash, this means that someone has to pick it up in person at some location, they may not get the ring leader, but it may put the fear of god into the those responsible when they realize that law inforcement is on to them

It won't. If wire transfers are used, it is done online with the money coming from a victims' hijacked bank account and going to a mule (that would be a vic who falls for the scam we are discussing). The vic will transfer the money via Western Union.

WU transfers can be picked up at pretty much any WU location (bank, local grocery store, postal annex) if the person has the MTCN, sender's name, and secret question/answer (or an a even vaguely realistic fake ID)- regardless of what receiver address is on the transfer form filled out by the vic. The above are further reasons why it is so hard to get LE involved in these cases. The whole point of the scam is to launder money from hijacked bank accounts, using victims of these cheque scams to break the electronic paper trail left by bank transfers, and these scammers are very good at what they do.

almost all the sites are registered to this address and info... snip

These details are fake, of course. As I stated in my OP, these sites are botnet hosted, making them hard to kill. The vlads running them pop up 5 more for every one we do get taken down, so business must be good.

Cant we just turn one bot on another bot. My ideas is to get the porn bot to post messages of hirny woman available on the forum and that will make most sane people stay away.

Could you clarify what you mean?

Could you clarify what you mean?

Sorry, I meant horny.

I use to belong to another forum until it became infiltrated by porn bots. This made me stay away from the forum, because every post was an ad for some sex site. So we get our own porn bot and direct it at that phishing site. One of the things I have done is I collected a list of porn bot scammers and accidentally (on purpose) responed to everyone on my catcher account. So I am hoping these people try to scam a porn bot.

That is up to the admins. I'm sure that they will see your request.

Hi laverdadx100
Ummm, I'm afraid you don't understand the situation here. This isn't bots spamming real message boards and such, this is a hundreds of thousands strong botnet hosting a series of fake websites.

Feel free to attempt to spam their incarnations with pr0n if you like, but it won't even slow down these sites.