Monthly Archives: October, 2009

Farida Waziri: EFCCs operation eagle claw – over 800 fraudulent e-mail addresses have been identified and shut down

WaziriAfter reading the article on thisdayonline, with heading as: EFCC Shuts 800 Scam email Addresses, (left screenshot), I was of the opinion that ThisDay got the news piece awfully wrong., as in why should the EFCC shutting down 800 scam emails become ‘major news’ when it takes fae-less than 5minutes to create an email address, as far as scammers are concerned.

I proceeded to the EFCC website to check for the same article. While it carries a different title: EFCC shuts down 800 scam websites, busts 18 syndicates, the EFCC big boss was quoted as saying:

Waziri2

According to Waziri, “We expect that Eagle Claw as conceived will be 100% operational within six months and at full capacity, it will take Nigeria out of the top 10 list of countries with the highest incidence of fraudulent e-mails. At the moment, Eagle Claw has delivered the following results:

Over 800 fraudulent e-mail addresses have been identified and shut down. The EFCC is fine tuning security modalities with Microsoft and upon full deployment, the capacity to take down fraudulent e-mails will increase to 5,000 monthly. Further it is projected that advisory mails to be sent to victims and potential victims will be about 230,000 monthly.

“There have been 18 arrests of high profile syndicates operating cyber crime organizations.”

the above quote in bold characters appeared on both articles. So while Thisdayonline could have taken their article title from Waziri’s quote, the EFCC itself says its websites, not email addresses.

I was just wondering if big boss Waziri knows the difference between emails and website addresses for her to make such an error in front of an international gathering.

Tags:
Advertisements

MTN Scam website: investigating http://www.independentoffer.com/

I would like to say Thank you to Anil for posting a comment on the post titled: MTN Scam site: investigating http://www.2009anniversary.com and informing us about a new MTN Scam website: http://www.independentoffer.com/.

Below is a screenshot:

Independentoffer

 

heres the URL screenshot:

Independentoffer1

 

Its the same MTN scam website template being used at the many MTN scam notices we have provided you. I think this calls for MTN Online presence managers to come up with more ways of out-smarting the many scammers who are having their field day impersonating MTN online. How about a dynamic front page for a start.

Here are some information about http://www.independentoffer.com/

IP address: 64.15.133.193

Independentoffer2

 

Scam webhost: iWeb Technologies, Canada. We featured iWeb Technologies, Canada previously in the www.glowinner.net scam website post. Can someone please inform iWeb Technologies, Canada that they are contributing to the bad image Nigeria already has, by offering their services to crooks like independendoffer dot com?

Independentoffer3

Independentoffer6

and is there a department in the EFCC with enough IT skilled people, who can assist in bringing fraudsters to the book?

Registration info: the domain name was recently registered, just October 6th, and the scammer is hoping in a one-year investment.

Independentoffer4

Independentoffer5

 

Lastly, I checked the website of  iWeb Technologies, Canada, and discovered they have a Nigerian office / representative in Nigeria – at least. This makes me say: NO WONDER.

Below is a screenshot of iWeb Technologies website. Note the circled portion at the upper right.

Independentoffer7

 

information sources:

Beware: Interswitch Nigeria Limited scam mail – http://greatdiscounts.asia/store

Yet another InterSwitch Nigeria scam mail:

interswitch_5oct2009

 

This: http://bittindown.has.it links to: http://greatdiscounts.asia/store/images/update.htm, with screenshot below:

interswitch_5oct2009_1

the header is:

X-KWF-FilterProgress: *
Return-path: <nobody@p22.ich-6.com>
Received: from p22.ich-6.com (p22.ich-6.com [209.62.43.114])
    by <mydomainname.com> (<mydomainname.com>)
    (MDaemon PRO v10.1.0)
    with ESMTP id md50000169120.msg
    for <me@t@<mydomainname.com>>; Sat, 03 Oct 2009 17:21:13 +0100
Authentication-Results: <mydomainname.com>
    spf=neutral smtp.mail=nobody@p22.ich-6.com;
    x-ip-ptr=pass dns.ptr=p22.ich-6.com (ip=209.62.43.114)
X-Spam-Level: **
X-Spam-Status: No, score=2.70 required=5.0
X-Spam-Report:
    *  0.0 HTML_MESSAGE BODY: HTML included in message
    *  1.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    *  1.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
X-Spam-Processed: <mydomainname.com>, Sat, 03 Oct 2009 17:21:13 +0100
    (processed during SMTP session)
X-MDPtrLookup-Result: pass dns.ptr=p22.ich-6.com (ip=209.62.43.114) (<mydomainname.com>)
X-MDDK-Result: neutral (<mydomainname.com>)
X-MDDKIM-Result: neutral (<mydomainname.com>)
X-Rcpt-To: me@t@<mydomainname.com>
X-MDRcpt-To: me@t@<mydomainname.com>
X-MDRemoteIP: 209.62.43.114
X-Return-Path: nobody@p22.ich-6.com
X-Envelope-From: nobody@p22.ich-6.com
X-MDaemon-Deliver-To: me@t@<mydomainname.com>
Received: from nobody by p22.ich-6.com with local (Exim 4.69)
    (envelope-from <nobody@p22.ich-6.com>)
    id 1Mu7M2-00044v-GI
    for me@t@<mydomainname.com>; Sat, 03 Oct 2009 11:21:06 -0500
To: me@t@<mydomainname.com>
Subject: Upgrade Your ATM Card Details
X-PHP-Script: greatdiscounts.asia/store/images/dvd1/Beta.php for 41.219.230.30
From: InterSwitch Nigeria Limited <online@interswitch.com>
Reply-To: ""
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1Mu7M2-00044v-GI@p22.ich-6.com>
Date: Sat, 03 Oct 2009 11:21:06 -0500
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname – p22.ich-6.com
X-AntiAbuse: Original Domain – <mydomainname.com>
X-AntiAbuse: Originator/Caller UID/GID – [99 99] / [47 12]
X-AntiAbuse: Sender Address Domain – p22.ich-6.com

Note all the highlighted portions above.

Info for Domain name: ich-6.com

Domain name: ich-6.com

Administrative Contact:
   Whois Privacy Protection Service, Inc.
   Whois Agent ()
   +1.4252740657
   Fax: +1.4256960234
   PMB 368, 14150 NE 20th St – F1
   C/O ich-6.com
   Bellevue, WA 98007
   US

Technical Contact:
   Whois Privacy Protection Service, Inc.
   Whois Agent ()
   +1.4252740657
   Fax: +1.4256960234
   PMB 368, 14150 NE 20th St – F1
   C/O ich-6.com
   Bellevue, WA 98007
   US

Registrant Contact:
   Whois Privacy Protection Service, Inc.
   Whois Agent ()
   Fax:
   PMB 368, 14150 NE 20th St – F1
   C/O ich-6.com
   Bellevue, WA 98007
   US

Status: Locked

Name Servers:
   NS1.ICH-6.COM
   NS2.ICH-6.COM
Creation date: 01 Mar 2005 00:14:39
Expiration date: 01 Mar 2010 00:14:00

source: click here

Info for Ip address: 209.62.43.114

IP Information for 209.62.43.114

IP Location:     United States Dallas Theplanet.com Internet Services Inc
Resolve Host:     p22.ich-6.com
IP Address:     209.62.43.114         
SSL Cert:    plesk SSL Certificate has expired.
Reverse IP:     405 other sites hosted on this server.
Blacklist Status:     Clear
OrgName:    ThePlanet.com Internet Services, Inc.
OrgID:      TPCM
Address:    315 Capitol
Address:    Suite 205
City:       Houston
StateProv:  TX
PostalCode: 77002
Country:    US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange:   209.62.0.0 – 209.62.127.255
CIDR:       209.62.0.0/17
OriginAS:   AS13749,  AS13884,  AS21844,  AS30315
OriginAS:   AS36420
NetName:    NETBLK-THEPLANET-BLK-EV1-16
NetHandle:  NET-209-62-0-0-1
Parent:     NET-209-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.EV1SERVERS.NET
NameServer: NS2.EV1SERVERS.NET
Comment:   
RegDate:    2007-03-19
Updated:    2008-02-28

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName:   The Planet Abuse
OrgAbusePhone:  +1-281-714-3560
OrgAbuseEmail: 

OrgNOCHandle: THEPL-ARIN
OrgNOCName:   The Planet NOC
OrgNOCPhone:  +1-281-714-3555
OrgNOCEmail: 

OrgTechHandle: TECHN33-ARIN
OrgTechName:   Technical Support
OrgTechPhone:  +1-214-782-7800
OrgTechEmail: 

== Additional Information From rwhois://rwhois.theplanet.com:4321 ==

network:Class-Name:network
network:ID:EVRY-BLK-16
network:Auth-Area:209.62.0.0/17
network:Network-Name:TPIS-BLK-209-62-43-0
network:IP-Network:209.62.43.112/29
network:IP-Network-Block:209.62.43.112 – 209.62.43.119
network:Organization-Name:NV Avid Corp.
network:Organization-City:Lachine
network:Organization-State:QU
network:Organization-Zip:H8S 2S2
network:Organization-Country:CAN
network:Description-Usage:customer
network:Server-Pri:ns1.ev1servers.net
network:Server-Sec:ns2.ev1servers.net
network:Tech-Contact;I:
network:Admin-Contact;I:
network:Created:20090622
network:Updated:20090623

source: click here

Info for IP address: 41.219.230.30 – a Starcomms Nigeria IP address:

IP Information for 41.219.230.30

IP Location:     Nigeria     Lagos     Assigned To Lagos Dial-pool Customers
Resolve Host:     dial-pool69.lg.starcomms.net
IP Address:     41.219.230.30            
Blacklist Status:     Clear
inetnum:        41.219.230.0 – 41.219.230.255
netname:        ORG-SA57-AFRINIC-20050513
descr:          Assigned to Lagos dial-pool customers
country:        NG
admin-c:        NS4-AFRINIC
tech-c:         CM9-AFRINIC
status:         Assigned PA
mnt-by:         STARCOMMS-MNT
mnt-lower:      STARCOMMS-MNT
source:         AFRINIC # Filtered
parent:         41.219.192.0 – 41.219.255.255

person:         NAVNEET SINGH
address:        Plot 1261, Bishop Kale Close, off Saka Tinubu
address:        Victoria Island, Lagos, Nigeria
phone:          +234-1-804-1234
fax-no:         +234-1-811-0301
e-mail:        
nic-hdl:        NS4-AFRINIC
source:         AFRINIC # Filtered

person:         Catalin Miclaus
address:        Plot 1261C, Bishop Kale Close, off Saka Tinubu
phone:          +234-1-8041234
fax-no:         +234-1-8110301
e-mail:        
nic-hdl:        CM9-AFRINIC
source:         AFRINIC # Filtered

source: click here