gonzales@jobcentersusa.com

The Purpose of this post is to ALERT you that the job you are about to apply for scamalert4or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of individuals or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting wire transfers and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Good day!

We considered your resume to be very attractive and we thought the vacant position in our company could be interesting for you.

Our firm specializes in consultation services in the matter of bookkeeping and business administration.
We cooperate with different countries and currently we have many clients in the US.
Due to this fact, we need to increase the number of our destination representatives’ regular staff.

You will be responsible for shipping goods from multiple shops through our company to different places.
Part-time and full-time employment are both currently important.
We offer a flat wage from $1000 up to $3,500 per month.

If you are interested in our offer, mail to us your answer on gonzales@jobcentersusa.com, and we will send you an extensive information as soon as possible.

Attention! Accept applications only on this and next week.

Respectively submitted
Personnel department

strategicoutsourcejob@gmail.com

The Purpose of this post is to ALERT you that the job you are about to apply for scamalert4or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of individuals or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting wire transfers and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

On Saturday, May 31, 2014 10:18 AM, Mr. J Davidson wrote:

Good morning scamFRAUDalert,

Let me introduce my self, my name is Mr. J Davidson and I am a representative of Strategic Outsourcing Inc. We have a few openings for a position of FSA and hope to find a person who will be:
Confident PC user
Able to work 2-3 hours a day
Able to follow instruction with precise attention to details.

We are looking for a person with high level of responsibility. Our company guarantees:
Stable and competitive base salary
Ability to work on-line from the comfort of your home
Flexible working schedule!

Looking forward to your reply and hope to see you in our Team.

Best Regards,
Human Resources Manager
Mr. J Davidson

Financial Support Agent ~ sophie@greenolivs.com

The Purpose of this post is to ALERT you that the job you are about to apply for scamalert4or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of individuals or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting wire transfers and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Email header analysis report
All valid IP Addresses found in the header.
Ip Address 3rd Party Info Provider City Flag Country
* 65.55.111.72 Check 65.55.111.72 at Senderbase.org Check 65.55.111.72 at Reputationauthority.org Microsoft Hosting Redmond United States
14.05.15.07 Check 14.05.15.07 at Senderbase.org Check 14.05.15.07 at Reputationauthority.org n/a n/a
65.55.111.100 Check 65.55.111.100 at Senderbase.org Check 65.55.111.100 at Reputationauthority.org Microsoft Hosting Redmond United States

*Probable originating IP address

Delivered-To: scamFRAUDalert
Received: by 10.216.180.198 with SMTP id j48csp341352wem;
Thu, 15 May 2014 07:38:33 -0700 (PDT)
X-Received: by 10.68.200.10 with SMTP id jo10mr12686179pbc.143.1400164712722;
Thu, 15 May 2014 07:38:32 -0700 (PDT)
Return-Path: <gary.benton@outlook.com>
Received: from blu0-omc2-s25.blu0.hotmail.com (blu0-omc2-s25.blu0.hotmail.com. [65.55.111.100])
by mx.google.com with ESMTP id bc5si2765128pbb.461.2014.05.15.07.38.32
for ;
Thu, 15 May 2014 07:38:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of gary.benton@outlook.com designates 65.55.111.100 as permitted sender) client-ip=65.55.111.100;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of gary.benton@outlook.com designates 65.55.111.100 as permitted sender) smtp.mail=gary.benton@outlook.com
Received: from BLU185-W10 ([65.55.111.72]) by blu0-omc2-s25.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Financial Agent Position ~ support@olivesgreen.com

Thu, 15 May 2014 07:38:30 -0700
X-TMN: [Qq/dPNH62w/GGXwN2M6PswJQ0cAcf53f]
X-Originating-Email:gary.benton@outlook.com
Message-ID: <BLU185-W1045822EFBA89AB2A26F12E3360@phx.gbl>
Return-Path: gary.benton@outlook.com
Content-Type: multipart/alternative;
boundary=”_3cf84f14-b71c-4d7d-81ea-f19f2cad3ae4_”
From: Green Olives – support@olivesgreen.com
Sender: <gary.benton@outlook.com>
To: “scamFRAUDalert
Subject: Re: Hello
Date: Thu, 15 May 2014 10:38:30 -0400
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 15 May 2014 14:38:30.0651 (UTC) FILETIME=[574C4CB0:01CF704B]

Dear scamFRAUDalert
We are glad to see you are interested in hearing more. The only position we currently have available is the Financial Agent position, a job that you can do from home, no previous experience need, low working hours and you can work full or part time.
Your duties will be to receive and process the payments coming from our clients via bank wire transfer.
You will receive a salary of $4,200 / month plus commissions and you can work from home, you don`t have to relocate.

If you are interested in taking the job or receiving more information please reply with your phone number and one of our agents will call you right away.

Sincerely,
Green Olives , 6710 Capitol St, Houston, TX 77011
__________________________________

Green Olives

sophie@greenolivs.com

address lookup
canonical name http://www.greenolivs.com
aliases
addresses 209.202.252.21
Domain Whois record

Queried whois.internic.net with “dom greenolivs.com”…

Domain Name: GREENOLIVS.COM
Registrar: TUCOWS DOMAINS INC.
Whois Server: whois.tucows.com
Referral URL: http://domainhelp.opensrs.net
Name Server: NS1.GREENOLIVS.COM
Name Server: NS2.GREENOLIVS.COM
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 13-may-2014
Creation Date: 13-may-2014
Expiration Date: 13-may-2015

Last update of whois database: Tue, 20 May 2014 17:23:34 UTC
Queried whois.tucows.com with "greenolivs.com"…

Domain Name: GREENOLIVS.COM
Registry Domain ID: 1858573240_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2014-05-13 19:16:10
Creation Date: 2014-05-13 23:08:05

Registrar Registration Expiration Date: 2015-05-13 23:08:05
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email: domainabuse@tucows.com
Registrar Abuse Contact Phone: +1.4165350123
Reseller: Lycos, Inc.
Reseller: support@lycos.com
Reseller: 866-971-5039

Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited

Registry Registrant ID:
Registrant Name: daryl herndon
Registrant Organization: herndon
Registrant Street: 2900 14st nw suit 202
Registrant City: Washington
Registrant State/Province: DC
Registrant Postal Code: 20009
Registrant Country: US
Registrant Phone: +1.202-606-1683
Registrant Fax: +1.202-606-1683
Registrant Email: andrugrimshawsuc@aol.com

Registry Admin ID:
Admin Name: daryl herndon
Admin Organization: herndon
Admin Street: 2900 14st nw suit 202
Admin City: Washington
Admin State/Province: DC
Admin Postal Code: 20009
Admin Country: US
Admin Phone: +1.202-606-1683
Admin Phone Ext:
Admin Fax: +1.202-606-1683
Admin Fax Ext:
Admin Email: andrugrimshawsuc@aol.com

Registry Tech ID:
Tech Name: daryl herndon
Tech Organization: herndon
Tech Street: 2900 14st nw suit 202
Tech City: Washington
Tech State/Province: DC
Tech Postal Code: 20009
Tech Country: US
Tech Phone: +1.202-606-1683
Tech Fax: +1.2026061683
Tech Email: andrugrimshawsuc@aol.com

Name Server: NS1.GREENOLIVS.COM
Name Server: NS2.GREENOLIVS.COM

DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
Last update of WHOIS database: 2014-05-13 19:16:10

Registration Service Provider:
Network Whois record

Queried whois.arin.net with "n 209.202.252.21

NetRange: 209.202.192.0 – 209.202.255.255
CIDR: 209.202.192.0/18
OriginAS:
NetName: NETBLK-LYCOS-1
NetHandle: NET-209-202-192-0-1
Parent: NET-209-0-0-0-0
NetType: Direct Assignment
RegDate: 2000-05-22
Updated: 2012-02-24
Ref: http://whois.arin.net/rest/net/NET-209-202-192-0-1

OrgName: Lycos, Inc.
OrgId: LYCOSI-1
Address: 100 Fifth Avenue
City: Waltham
StateProv: MA
PostalCode: 02451
Country: US
RegDate: 2000-05-22
Updated: 2011-09-24
Ref: http://whois.arin.net/rest/org/LYCOSI-1

OrgTechHandle: NETWO1939-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-781-370-2700
OrgTechEmail: nic-tech@lycos-inc.com
OrgTechRef: http://whois.arin.net/rest/poc/NETWO1939-ARIN

OrgAbuseHandle: NETWO1939-ARIN
OrgAbuseName: Network Operations
OrgAbusePhone: +1-781-370-2700
OrgAbuseEmail: nic-tech@lycos-inc.com
OrgAbuseRef: http://whois.arin.net/rest/poc/NETWO1939-ARIN

RTechHandle: VY7-ARIN
RTechName: Yelsangikar, Vish
RTechPhone: +1-650-428-5111
RTechEmail: nic-tech@lycos-inc.com
RTechRef: http://whois.arin.net/rest/poc/VY7-ARIN

DNS records

DNS query for 21.252.202.209.in-addr.arpa failed: ConnectionReset
name class type data time to live
greenolivs.com IN SOA
server: ns1.greenolivs.com
email: hostmaster@greenolivs.com
serial: 1400606463
refresh: 16384
retry: 2048
expire: 1048576
minimum ttl: 2560
2560s (00:42:40)
greenolivs.com IN NS ns1.greenolivs.com 60s (00:01:00)
greenolivs.com IN NS ns2.greenolivs.com 60s (00:01:00)
greenolivs.com IN TXT PPdcfqym2YFe4sKOWloEm4tBFnQxOb6eYghH0BIWkllUQd581K2kpA== 60s (00:01:00)
greenolivs.com IN MX
preference: 10
exchange: mx.greenolivs.com.cust.b.hostedemail.com
60s (00:01:00)
greenolivs.com IN A 209.202.252.21 60s (00:01:00)
21.252.202.209.in-addr.arpa IN PTR bos1-redirect.domains.lycos.com 3600s (01:00:00)
21.252.202.209.in-addr.arpa IN PTR bos2-redirect.domains.lycos.com 3600s (01:00:00)
252.202.209.in-addr.arpa IN SOA
server: invisible.lycos.com
email: nic-tech@lycos-inc.com
serial: 2007103000
refresh: 1800
retry: 600
expire: 2419200
minimum ttl: 600
3600s (01:00:00)
252.202.209.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2014-05-30 16:02:38Z
signature inception: 2014-05-20 16:02:38Z
key tag: 29930
signer's name: 209.in-addr.arpa
signature:
(1024 bits)

1E3699371E597D474F6AB03202CF55A3
71CB3029860ED0CF7B2EF3DCA6308E12
6DFF42C4A0C15B6B657BE57FDF6B56A2
E55EEDB87491C98DD2FDB0FCC3288840
B9431DA8481E3B8C844706315C6D13FF
2473C901F0866EAD153AE8999B743588
7E06D1B8AC6B5301DFE06AD15A1E595E
627AFE0DB82907E802CD4200FA4BAB80

10800s (03:00:00)
252.202.209.in-addr.arpa IN NSEC
next domain name: 253.202.209.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
252.202.209.in-addr.arpa IN NS ns2.lycos.com 3600s (01:00:00)
252.202.209.in-addr.arpa IN NS ns1.lycos.com 3600s (01:00:00)

— end —

Sky-Edge IT Solutions Inc ~ sky-edgeitsolutions.cc

The Purpose of this post is to ALERT you that the job you are about to apply for scamalert4or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of individuals or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting wire transfers and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

The following A records are set to 185.9.159.59:

  1. Sky-Edge IT Solutions Inc
  2. sky-edgeitsolutions.cc
  3. bestway-solutions.com
  4. bestway-solutions.net
  5. capital-business-systems.biz
  6. capitalbusiness-systems.com
  7. fbf-services.net
  8. fbf-services.org
  9. finacial-futures.net
  10. finmarint-ltd.net
  11. global-techsolution.biz
  12. global-techsolution.net
  13. it-genies-limited.com
  14. it-genies.net
  15. itprofessionals-group.com
  16. leveauxgroupinc.biz
  17. mabcomuk.com
  18. personaltouch-us.com
  19. personaltouch-us.net
  20. premier-group-ltd.com
  21. premier-group-ltd.org
  22. transaction-innovations.net
  23. transaction-innovations.org
  24. us-capital-business.net

Sky-Edge IT Solutions Inc ~ sky-edgeitsolutions.cc

Address lookup
canonical name sky-edgeitsolutions.cc

aliases
addresses 185.9.159.59
Domain Whois record

Queried whois.nic.cc with “dom sky-edgeitsolutions.cc

Domain Name: SKY-EDGEITSOLUTIONS.CC
Domain ID: 108995950
Whois Server: whois.paknic.com
Referral URL: http://www.paknic.com
Updated Date: 2014-03-26T10:50:58Z
Creation Date: 2014-03-14T07:49:08Z
Registry Expiry Date: 2015-03-14T07:49:08Z
Sponsoring Registrar: PAKNIC (PRIVATE) LIMITED
Sponsoring Registrar IANA ID: 1367

Domain Status: ok
Name Server: NS1.EIRER.CC
Name Server: NS2.EIRER.NET
Name Server: NS3.EIMAR.NET

DNSSEC: Unsigned delegation

Last update of whois database: 2014-05-17T08:04:27Z
Queried whois.paknic.com with “sky-edgeitsolutions.cc

Domain name: SKY-EDGEITSOLUTIONS.CC

Created On: 3/14/2014 11:49:22 AM
Expires On: 3/14/2015 11:49:22 AM
Last Updated On: 3/14/2014 11:49:22 AM

Registrant:
Lamar Burke
Lamar Burke airey@sky-edgeitsolutions.cc
4916 Dane Street
Spokane Valley, WA 99206
US
1.5092280991 Fax: 1.5092280991

Administrative Contact:
Lamar Burke
Lamar Burke airey@sky-edgeitsolutions.cc
4916 Dane Street
Spokane Valley, WA 99206
US
1.5092280991 Fax: 1.5092280991

Billing Contact:
Lamar Burke
Lamar Burke airey@sky-edgeitsolutions.cc
4916 Dane Street
Spokane Valley, WA 99206
US
1.5092280991 Fax: 1.5092280991

Technical Contact:
Lamar Burke
Lamar Burke airey@sky-edgeitsolutions.cc
4916 Dane Street
Spokane Valley, WA 99206
US
1.5092280991 Fax: 1.5092280991

Domain servers in listed order:
ns1.eirer.cc
ns2.eirer.net
ns3.eimar.net

Network Whois record
Queried whois.ripe.net with “-B 185.9.159.59
Information related to ‘185.9.157.0 – 185.9.159.255
Abuse contact for ‘185.9.157.0 – 185.9.159.255’ is ‘info@salay.com.tr’

inetnum: 185.9.157.0 – 185.9.159.255
netname: GIRPORT-RIPE
descr: GIRPORT ITHALAT
country: TR
admin-c: HAKN811-RIPE
tech-c: HAKN811-RIPE
status: ASSIGNED PA
mnt-by: MNT-SALAY
mnt-lower: MNT-SALAY
mnt-routes: MNT-SALAY
changed: ripe@salay.com.tr 20121205
source: RIPE

person: Hakan Guney
remarks: Hakan181-GIRPORT
address: Ä°stanbul
e-mail: hakanguneyturk@gmail.com
phone: +905325256057
nic-hdl: HAKN811-RIPE
changed: ripe@salay.com.tr 20120621
source: RIPE
mnt-by: MNT-SALAY

% This query was served by the RIPE Database Query Service version 1.72 (DBC-WHOIS2)

DNS records
name class type data time to live
sky-edgeitsolutions.cc IN MX
preference: 10
exchange: mx.sky-edgeitsolutions.cc
120s (00:02:00)
sky-edgeitsolutions.cc IN NS ns2.eirer.net 120s (00:02:00)
sky-edgeitsolutions.cc IN NS ns1.eirer.cc 120s (00:02:00)
sky-edgeitsolutions.cc IN SOA
server: ns1.sky-edgeitsolutions.cc
email: hostmaster@sky-edgeitsolutions.cc
serial: 198
refresh: 300
retry: 120
expire: 86400
minimum ttl: 60
120s (00:02:00)
sky-edgeitsolutions.cc IN NS ns3.eimar.net 120s (00:02:00)
sky-edgeitsolutions.cc IN TXT v=spf1 a mx ip4:55.11.65.20/2 ip4:90.2.123.112/2 ip4:176.33.87.19/2 ip4:212.63.89.33/2 ?all 120s (00:02:00)
sky-edgeitsolutions.cc IN A 185.9.159.59 120s (00:02:00)
59.159.9.185.in-addr.arpa IN PTR 59.159.9.185.salay.com.tr 3600s (01:00:00)
159.9.185.in-addr.arpa IN SOA
server: dns.salay.com.tr
email: hostmaster@salay.com.tr
serial: 316
refresh: 900
retry: 600
expire: 86400
minimum ttl: 3600
3600s (01:00:00)
159.9.185.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 7200 (02:00:00)
signature expiration: 2014-06-15 11:02:52Z
signature inception: 2014-05-16 10:02:52Z
key tag: 6156
signer’s name: 185.in-addr.arpa
signature:
(1024 bits)

5C4B8EF5EAA5FA050A642193911F5262
4154410BCEDED08C0E5298F116654D28
2D4DE70414CC174303759AA53180CEF8
561B7C5E4DF6D22EB31BEC1255D338AA
A6F9598113DA5D1BA820E334914BCB34
9429656C6CA6662F8B2B37D23D32ED9E
11C0CFDE1FD9AF315C44B38A0BCEB67E
619BD53EDAF92F68E759CF712685F846

7199s (01:59:59)
159.9.185.in-addr.arpa IN NSEC
next domain name: 16.9.185.in-addr.arpa
record types: NS RRSIG NSEC
7199s (01:59:59)
159.9.185.in-addr.arpa IN NS rs2.salay.com.tr 3600s (01:00:00)
159.9.185.in-addr.arpa IN NS dns.salay.com.tr 3600s (01:00:00)
159.9.185.in-addr.arpa IN NS rs1.salay.com.tr 3600s (01:00:00)

— end —

Matt@topusa-jobs.com

The Purpose of this post is to ALERT you that the job you are about to apply for scamalert4or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of individuals or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting wire transfers and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

If you have excellent administrative skills, working knowledge of Microsoft Office, a keen eye for detail, well-versed in the use of social networking sites such as Twitter and Facebook,
are organized, present yourself well and are a team player with the ability to work independently, are reliable and punctual and can understand and execute instructions are determined to work hard and succeed – we need you.

We will accept applications this week only!

To proceed to the next step we should register you in HR system so we will need a small piece of your personal information.

Please fill in the fields:
Full name:
Email address:
State (we need USA sitizen only):
City of residence:

Please call or email us for details of the job: Matt@topusa-jobs.com

Sincerely,
HD Manager