Czestnut Posted December 13, 2016 Share Posted December 13, 2016 I posted this on my personal FB page, but since my friend circle may not have hacker types like me, I thought I'd share here. It started December 9th, with an oddly named seller, selling an IPS191 for $500 USD new, that I wanted to upgrade to from my TG-T3. Hot price as it's about 3 bills lower than the next seller. " Something looked fishy about seller's name. Emailed seller. OK. Called Amazon, and they said they were OK. Ordered. Order got cancelled. Email from seller said something wrong with Amazon, asks for mailing address. Smells fishy. I have a feeling they'll ask for CC number over phone or email, or other means outside of the peace of mind Amazon's payment transaction process. " Seller profile: https://www.amazon.com/sp?_encoding=UTF8&asin&isAmazonFulfilled=0&isCBA&marketplaceID=ATVPDKIKX0DER&orderID=102-0854584-7282609&seller=A23LTITFB72MZ2&tab&vasStoreID " BLACK FRIDAY OFFERT!B_efore buyIng let me know at: mdkstore24#gmail .COM(Please change the # to AROUND) storefront Just launchedNo feedback yet" What's really odd is that I called Amazon regarding this seller on the phone, and they assured me he's legit, stating the rigorous process to validate good dealers on their platform. So I ordered it. Then it got CANCELLED Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 ..and I get an email Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 So I play along with it and send him my ship-to, which is my brother's in NC since I'll be spending my holidays there in a week. Then last night I get this email. Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 Amazon bank transfer????? LMAO! Madrid? ROTFL!So I check out if it was really sent from Amazon as well as hovered over the click here for assistance... and gives me a phishy domain.So next I do a WHOIS, and omg, the scammer just created the domain THE SAME DAY! This guy just spent money on a domain and email address for my $500. Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 So I decide to DOX him further. Did some more digging, and BINGO! Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 So now I have his name, phone number, and his address... yeah, he lives in a ghetto apartment building: https://www.google.ca/maps/place/Ringslebenstraße+78,+12353+Berlin,+Germany/@52.4178141,13.4456521,267m/data=!3m1!1e3!4m5!3m4!1s0x47a845b791020eed:0x99a6b196bfc573db!8m2!3d52.41802!4d13.44605 So looking up his name, along with his social media sites, also found another email address rimowals@web.de So, what should I do next? Call him? Anyone speak German and calls him " We're the police and come to the station and talk to us, you have 2 hours" or whatever? Link to comment Share on other sites More sharing options...
Mono Posted December 13, 2016 Share Posted December 13, 2016 How do you know the person registering the domain didn't just use this identity unauthorized? Link to comment Share on other sites More sharing options...
Donafello Posted December 13, 2016 Share Posted December 13, 2016 We deff need to call him. Im doing it now Link to comment Share on other sites More sharing options...
Keith Posted December 13, 2016 Share Posted December 13, 2016 I can assure you this is happening a lot on Amazon - and Amazon don't seem to give a toss. I wanted a good pair of binoculars for my holiday and one company had a "shop soiled" pair for half the usual price, unfortunately they quoted 7-15 days for delivery form Germany to U.K. The latter would be too long so I emailed to ask if I could pay to expedite, the company ignored me and the bins disappeared the next day. After waiting the requisite time for a reply, I complained to Amazon at the poor service of a brand new company and the next day the whole company had gone. Amazon failed to reply to my complaint. The day after a completely different company was selling the same bins on Amazon, same price, same write up - word for word, I then noticed the "please email us at this address before you raise your order on Amazon" blurb and the penny dropped that they were nothing more than crappy fishers trying to get your card details. I reported the new company to Amazon and the next day they disappeared, Amazon couldn't be bothered to reply to me though. The next day the bins appeared again but his time with a company with a good reputation, closer look though showed it was a company that got its reps for selling organic food products and all feedback stopped a year ago, except for two very pi$$ed of customers who had been scammed that very day, so this time the sh*ts had hijacked another companies I.D., I reported it again. Again they disappeared the next day and Amazon failed to respond to me. I eventually found a reputable dealer on Amazon, at nearly twice the bait price but by now I had so little time I had to pay through the nose for next day delivery, that transaction went well. By the way, when I tried to put negative feedback on these sh*t companies,Amazon refused to allow it. Bottom line is it took less than a day for crooks to get another listing on Amazon, and Amazon's thanks to me was to ignore me completely. I now buy as little as I can from them. Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 11 minutes ago, Mono said: How do you know the person registering the domain didn't just use this identity unauthorized? He registered the @marketplace-orders-amazon.com domain just minutes before I received his email from that domain. Link to comment Share on other sites More sharing options...
Mono Posted December 13, 2016 Share Posted December 13, 2016 2 minutes ago, Czestnut said: He registered the @marketplace-orders-amazon.com domain just minutes before I received his email. How does that show that it was not identity theft? I understand the person who mailed to you is very likely the same who opened the domain, but how do you know this person didn't steal an identity to do all this? Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 I just found another guy he tried to scam: https://www.scamwarners.com/forum/viewtopic.php?f=6&p=314326 4 minutes ago, Mono said: How does that show that it was not identity theft? I understand the person who mailed to you is very likely the same who opened the domain, but how do you know this person didn't steal an identity to do all this? Have you seen where he lives? Link to comment Share on other sites More sharing options...
Mono Posted December 13, 2016 Share Posted December 13, 2016 22 minutes ago, Czestnut said: Have you seen where he lives? yes. AFAIK most people in this world don't live in their own house. That's how you know he was not a victim of identity theft? Maybe @Donafello knows more by now. Link to comment Share on other sites More sharing options...
Donafello Posted December 13, 2016 Share Posted December 13, 2016 tried calling on skype and whatsapp. no answer. I can tell you this if he did, he was going to be in for treat. Link to comment Share on other sites More sharing options...
Tilmann Posted December 13, 2016 Share Posted December 13, 2016 21 minutes ago, Mono said: yes. AFAIK most people in this world don't live in their own house. That's how you know he was not a victim of identity theft? Maybe @Donafello knows more by now. A quick web research (never been there) on that residential address does not turn up anything alarming. Looks like a cheaper residential neighborhood on the outskirts of Berlin, but I could not find any indications for an above average crime rate or social tensions. What does not compute is the phone number. It's for a wireline connection, so it points to a particular geography. The area code +49 7424 ... is assigned to some small towns south of Stuttgart, some 700km in the south west of Berlin. There could be a legit explanation for this, but it looks odd. Link to comment Share on other sites More sharing options...
Mono Posted December 13, 2016 Share Posted December 13, 2016 18 minutes ago, Donafello said: tried calling on skype and whatsapp. no answer. I can tell you this if he did, he was going to be in for treat. Just for clarity: he didn't do anything illegal we know of, right? We suspect he would have tried to rip off 500 bugs, if it was him, and that's it, or did I miss something? Link to comment Share on other sites More sharing options...
Hunka Hunka Burning Love Posted December 13, 2016 Share Posted December 13, 2016 <bows in respect> I hereby pass on my Sherlock Holmes investigator hat to my fellow Canadian brethren, @Czestnut. <Casually activates TOR browser and turns on VPN mode> Link to comment Share on other sites More sharing options...
Donafello Posted December 13, 2016 Share Posted December 13, 2016 1 minute ago, Hunka Hunka Burning Love said: <bows in respect> I hereby pass on my Sherlock Holmes investigator hat to my fellow Canadian brethren, @Czestnut. Yeah if I ever need someone tracked down or a investigator i will be messaging @Czestnut Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 39 minutes ago, Tilmann said: What does not compute is the phone number. It's for a wireline connection, so it points to a particular geography. The area code +49 7424 ... is assigned to some small towns south of Stuttgart, some 700km in the south west of Berlin. There could be a legit explanation for this, but it looks odd. Hmmm... maybe I'll ask my boss to call him. His office is in Boblingen. 14 minutes ago, Hunka Hunka Burning Love said: <bows in respect> I hereby pass on my Sherlock Holmes investigator hat to my fellow Canadian brethren, @Czestnut. I've work in IT for 30 years now, 21 at HP Link to comment Share on other sites More sharing options...
Tilmann Posted December 13, 2016 Share Posted December 13, 2016 13 minutes ago, Czestnut said: Hmmm... maybe I'll ask my boss to call him. His office is in Boblingen. That's most likely a dead end road: I found the number listed for the FAX line of a seemingly unrelated company: LI-Germany, Inh. Vladimir Vukas Konrad-Adenauer-Straße 1 78549 Spaichingen Deutschland Telefon: 07424/703 49 90 Telefax: 07424/9582234 E-Mail: info@li-germany.de Umsatzsteuer-Ident.Nr.: DE 249972020 Source: https://www.li-germany.de/bestellvorgang/agb/, see also http://www.regional.de/location/100061500/Hotel-Restaurant-Kreuz-Spaichingen-Spaichingen/Tuttlingen Link to comment Share on other sites More sharing options...
Czestnut Posted December 13, 2016 Author Share Posted December 13, 2016 Well done Tilmann. I checked the email headers for an analysis of the originating IP address, and it does seem to come from the Berlin area. Link to comment Share on other sites More sharing options...
rayna903 Posted December 14, 2016 Share Posted December 14, 2016 oh, yes, there are many thing happened. we should be careful when we buy things on the website. this is our offical website on amazon: https://www.amazon.co.uk thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.