Search Again: OT: Credit Card Scam Help From: David Ross Date: Wednesday, May 17, 2000 Time: 2:40:17 am This is way off topic but I suspect the help I need is here. A consulting client of mine called to ask about a strange charge on their company card. Since I have charging privileges and account for 90% of the action they turn to me first with questions. Charge was for $29.95 from paycom.net. They had a web site so I called. They said they handle billing for about 10,000 web sites, mostly adult oriented. They agreed to reverse the charge immediately but indicated that we might hear from the web site operator after they do an IP trace of the session. No problem. They had an email address associated with the charge of xxxx@insurer.com. Turns out to be one of a collection of domains made available for free email accounts. Moving on. How did they get the card? Even bigger who else has it. Got online with the bank, signed up for web access to the account, and in 10 minutes was looking at current charges. 2 of the 3 were mine for software. Third was listed for "$26.26 ELFACOM - MOSCOW". Hmmmmmmm. <www.elfacom.com> appeared to be in Crilyk (sp?) but with lots of VISA and other card logos. I suspected it was a Russian version of paycom.net. Printed the page and started checking with friends for a Russian language reader. Here's where it gets strange. Within an hour of me checking the site it went away. Not entirely but I couldn't access it anymore. And I had just posted a request on the MM list and none of the helpers there could get to it either. Bablefish told me it couldn't translate because of a gateway error. What I'm wondering is if they noticed me accessing the site and shut it down to folks outside their area. This is where my knowledge of the internet gets real weak. I can trace route back to them but I can't get TO them. Is there someone who knows how to get o the site and see what it is all about? Here's a trace: Start: 5/17/00 3:18:02 AM Find route from: 192.168.11.102 to: elfacom.com. (216.110.36.188), Max 30 hops, 40 byte packets Host Names truncated to 50 bytes 1 192.168.11.1 (192.168.11.1 ): 3ms 3ms 3ms 2 adsl-77-240-1.rdu.bellsouth.net. (216.77.240.1 ): 13ms 14ms 13ms 3 209.214.165.78 (209.214.165.78 ): 13ms 3 209.214.165.77 (209.214.165.77 ): 13ms 3 209.214.165.78 (209.214.165.78 ): 13ms 4 ixc000f00.rdu.bellsouth.net. (205.152.32.249 ): 14ms 118ms 91ms 5 500.serial4-1-0.gw1.dca3.alter.net. (157.130.39.41 ): 21ms 36ms 23ms 6 110.atm4-0.xr1.tco1.alter.net. (146.188.161.62 ): 21ms 22ms 22ms 7 193.atm2-0.tr1.dca8.alter.net. (152.63.32.190 ): 23ms 22ms 23ms 8 115.atm7-0.tr1.dfw4.alter.net. (146.188.138.134): 56ms 56ms 116ms 9 199.at-1-0-0.xr1.dfw7.alter.net. (146.188.241.221): 57ms 56ms 58ms 10 191.atm8-0-0.gw3.dfw7.alter.net. (146.188.241.161): 57ms 58ms 57ms 11 rackspace-gw.customer.alter.net. (157.130.137.58 ): 66ms 431ms 221ms 12 vl131.aggr3.ksat.rackspace.com. (64.39.2.51 ): 191ms 164ms 428ms 13 * * * 14 * * * Thanks for the help. PS: Yes I do know about: http://www.labmed.umn.edu/%7Ejohn/ccfraud.html PPS: The account has been canceled.

Messages In This Thread: OT: Credit Card Scam Help by David Ross on May 17, 2000 at 2:40:17 am