Tracing a "Lottery" scam
1. I receive an unsolicited email claiming I have been randomly selected to win $1.2m, and instructing me to contact "Maurice Williams", the Foreign Service Manager of "Global Pacific Security and Vault Services". 2. I email "Maurice" using the name of "Frank Nimrod". 3. "Maurice" replies, telling me that "Frank"'s winning claim has been verified as authentic - not bad for someone who doesn't exist - and that I need to open an account with the "Universal Credité Private Bank" which can be found online at http://www.ucpbnet.cc/. The site is .htaccess password protected, which doesn't seem very secure for an international bank. A WHOIS query on ucpnet.cc reveals the website to be registered in South Africa, although the primary registrant is a "Brian Denton" in the US. "Maurice" includes a "claims verification form" (Microsoft Word format) for me to fill out and send to the "bank". "Maurice" informs me that the services of "Global Pacific Security and Vault Services" may be inspected online at http://www.gpsvs.org/, which claims the company is an "International Shipping Service for the Diplomatic Corps". The text of their "policy" page is lifted virtually word-for-word from Fedex Identity's privacy policy. A WHOIS query on gpsvs.org shows it to be registered to a "Daniel Wilsons" in New Orleans. The GPSVS site lists an address with a postcode of CT17 9SF, which belongs to a hotel in Kent, England. UPDATE 11 May 2004: I just found GPSVS on the list of Nigerian lottery scams at crimes-of-persuasion.com. 4. I make up some "details" and send them to the "bank". 5. The "bank" replies, telling me I have an account, and that I can "login to our online portal by utilizing the following coordinates" [sic]: a user name of "ucpbnetcc" and password of "cisco0" (Cisco?!). (UPDATE 11 May 2004: this login combination no longer works.) Doing so reveals a slick but still detectably amateurish website for "Universal Credité". The email informs me that in order to open the account, I should deposit $3,000 into it - here we see the meat of the scam - which I should transfer by Western Union to this individual: Beneficiary, Client Service Officer: Mr. ROBERT STEPHEN 30 VANDER VILLE GUARDENS [sic] LONDON N2 8HU UNITED KINGDOM. I doubt he's a "client service officer", but he'd certainly be a beneficiary. The street name is fake, and doing a Google search for N2 8HU reveals it to be a mailbox address. The email also mentions a "Robert Mandela", my "assigned account officer", with a telephone number of +44 7746 177485. A call to this British mobile telephone number shows it to redirect to another country, with a different ringing tone - and Robert answers. I attempt to ask him why I need to deposit money to win money, but the line quality is extremely poor, and we get cut off. Convenient. The poor programming of the "Universal Credité" site reveals its actual location to be at https://secure9.mavweb.net/ucpbnet/. Mavweb.net is a commercial hosting service located in Tampa, Florida. -------- I did not follow the trail any further, but my results so far seem to show the criminal organisation perpetrating the fraud to be a sophisticated international network that has developed a complex arrangement of websites to perpetuate the deceptive image of trustworthiness that they hope their victims will believe.