We received a fraudulent order for our most expensive package today.

first: selly
last: juiry
organization: Selly Corp
address: 654 queen street
address2:
city: Las Vegas
state: NM
zip: 97699
country: US
phone#: 302-215-1485
fax#: 302-215-1485
email: tracie@pakaw.net
domain name: traciekiyut
top level domain: org
purpose: Personal
Submitted by [128.242.227.61]

1. 128.242.227.61 seems to be a compromised NT server owned by verio.
2. pakaw.net is hosted on a compromised interland (or probably paid with a stolen credit card) server at 64.225.154.175
3. pakaw.net is registered to a tracie@cayang.org
4. cayang.org is hosted on a compromised (or probably paid with a stolen credit card) interland server at 216.219.253.226
5. cayang.org is registered to shoba@shoba.org.
6. shoba.org is hosted on a compromised (or probably paid with a stolen credit card) interland server at 216.219.254.60
7. shoba.org is registered to doni@mistis.com
8. mistis.com is being hosted by worldnic and forwarded to 207.87.8.117 which is forwarded to www.dc28.net at 216.71.172.69 which is hosted by olm.com (maybe they're actually paying for this one?)
9. mistis.com seems to be doni kristian's (probably fake last name of an indonesian admittedly unemployed IRC addict) personal site.
10. mistis.com is registered to doni@bajingan.net
11. bajingan.net is registered to a free email account.

So in case you didn't notice this IRC addict is having a big impact on the entire web hosting community.

Be warned.

And for a funny angle:

1. Las Vegas is in NV, not NM
2. There is no 654 queen street in Las Vegas.
3. The zip code 97699 is in Kansas.
4. If 302-215-1485 is a real number, it's in pennsylvania.

Originally posted by bitserve
1. Las Vegas is in NV, not NM
2. There is no 654 queen street in Las Vegas.
3. The zip code 97699 is in Kansas.
4. If 302-215-1485 is a real number, it's in pennsylvania.
This is sure sign of something amuck. Nice catch.

Lucky for merchants there is no such thing as an untraceable order. As you just proved ... these felons are not discreet (you traced him) and theyre not even careful with the info they give. Its terrible what they do to the industry.

Just a question...and one observation.

First doesn't your online ordering system verify orders? We have things setup with authorize.net to check addresses to zip codes, names to cards, etc.

Not a knock but I want to know how other hosts handle this?
And now for my astute observation.
Also 302 is in delaware :):)

There is a Las Vegas New Mexico, off I-25, well east of Santa Fe.

I do not know if the data provided is fraudulent, but it would seem improper to post possible personal data on a forum. What if folks started calling the number? What if some uninvolved nice old woman was the the recipient of such nonsense. Not good.

Just my opinion.

Take care,

Dennis

A zip code of 97XXX is not in Kansas. Kansas zip codes start with a 6 or 7.

Originally posted by bitserve
3. The zip code 97699 is in Kansas.
4. If 302-215-1485 is a real number, it's in pennsylvania.
97699 is not a valid zip, not sure to where it is suppoed to be.
302 is actually Delaware, unless I'm mistaken.

I checked with the USPO and their database show that the zip code number in question is not valid.

checked with the phone company 302 is the "Wilmington, Dover, Newark, Claymont and Wilmington Manor;(Entire state) Delaware"

Nice catch anyway.

-Sqposter / Michael

DOBrien,

I tried to contact this selly juiry to let him/her know that their card was stolen (well after asking them to verify the order). I couldn't find any valid contact information. The address is fake, and so is the phone number. Feel free to call the old lady at that phone number all you want. I tried. It couldn't be completed as dialed.

I was hoping that providing the name of the "card holder" would help fellow hosters if you got an order from someone using the same "card holder" information.

Dennis,

If we had been using online, instant cc processing trough something like autorize.net it might very well have gone through. Do you think the card has been reported as stolen yet? Our billing software has credit card processing built in. It didn't bill the card because I didn't override the AVS.

I'd also be interested in seeing thow uses online processing like that. Maybe you should start a poll. I'd wager that most don't, unless they have "instant setups".

Everyone else,

I used mapquest to find the zip code location. I didn't verify it through a second source. It definitely could be wrong. Damn them mapquest people! I wonder if all invalid zip codes show up in kansas. :)

I used fonefinder to locate the area code and prefix for the phone number. Again, I didn't verify it through a second source. It could be wrong. It actually said "Wilmington, PA". I've never had reason to doubt its results. It shows our number okay. Check it out at http://www.primeris.com/fonefind/

Realtime credit card verification is a must. It is safer for both the client and the hosting company.
I'd suggest you start using this method soon.

Have a great day :)

Regards
amar

Originally posted by bobcares
Realtime credit card verification is a must. It is safer for both the client and the hosting company.

This used to be true, but from my recent experience it really isn't anymore. I'd say about 75% of the fraudulent orders we've received in the last 8 to 10 months have cleared AVSwith no problems at all. They've had the correct person's name, their correct address, and in most cases their correct phone number.

The only way we knew they were fraudulent was by calling the customer and asking them if they signed up.

We now have a policy that if *anything* is even *remotely* suspicious, we call the person. It's still not 100% fool-proof, but it works pretty well.

Do not rely on address verification - criminals know you're going to be checking the address, and they are going to give you the correct addresses most of the time these days.

One of the single biggest red flags we've been able to utilize is the recording of the user's IP address on every single signup. If the IP address and the physical mailing address of the user don't seem to be in sync, then we'll always call the customer.

Jason

Originally posted by bitserve
Damn them mapquest people! I wonder if all invalid zip codes show up in kansas. :)

Yes, any invalid address actually tends to return a star in the middle of the country which happens to be Kansas. It should return a smaller area if it is valid.

from the names like tracie@cayang.org and doni@bajingan.net , I can tell that this person is from Indonesia. I had received 3 fraud order in past 2 weeks, all of them are originated from indonesia. they always order the most expensive and pay for yearly. Is there anything we can do to really prosecute this person ?

Originally posted by bobcares
Realtime credit card verification is a must. It is safer for both the client and the hosting company.
I'd suggest you start using this method soon.


amar,

I'll believe you if you can tell me how realtime credit card verification can possibly be safer than doing it later.

The exact same verification is being done with the exact same information. Only difference is, when doing it later, it can actually be audited by a real person and you also allow more time to allow for a card to be reported stolen.

I would rather that the customer didn't know that their order couldn't be completed because the card couldn't be verified. It prevents them from just completing an order with another card. Therefore, there is no real need to verify the card (do a preauthorization) before a human gets a chance to review the order.

If there is a billing issue, those red flags can be waved (not waived) when we get there.