E-Cigarette Text Spam

Early this morning, I received this text message while I was asleep

Hey Duane, not sure if you or anyone you know still smokes.  But www.nosmoke44.com is giving away free e-cig trials. - Alan

At first, I actually wondered who "Alan" was and if it might have been a friend of mine passing the word to me, then Reality smacked me upside the head and I realized that it was just part of the scam. Extra points for getting the spelling of my name correctly, though.

First, I tried to Google the phone number the text supposedly came from, 405-361-0831, to see if there was some sort of history behind it and it turned-out to be a company in Oklahoma which I doubt is even aware that their number is being used by these people, so I didn't bother contacting them with a complaint. In fact, the spammers have been linked to using numerous other numbers and you can see the results of my Googling the URL of the link I was sent by going here.

So, I went to nosmoke44.com and was redirected (never a good sign) to http://8smoke.com/shortay.php?keyword=sho1csmoke8 which labels itself as an "advertorial" (a combination of an advertisement and an editorial) which talks about how great electronic cigarettes are supposed to be. For a more neutral standpoint on the relative merits of electronic cigarettes, you can view the Wikipedia article instead, along with their cited references at the bottom of the article. At the bottom of the page are a number of comments, supposedly posted by "happy customers", but any attempt to post a comment of your own - such as a complaint about being textspammed on your cellphone at 2:15am - will be rejected. By itself, this kind of behavior will show anyone how unreliable these people really are and how you should not do business with them.

The page also includes a link for you to purchase the product. Going there reveal even more of what kind of people they really are.

The actual product is called the "No Flame Electronic Cigarette" or "No Flame E-Cigarette" and is sold at http://www.noflameecig.com and the website includes all kinds of really cool pictures of happy customers who supposedly saved all kinds of money by switching to this product. However, not everyone who has done business with them is happy and satisfied, as you can see from this example which I am reposting here:

orderd a free trial $4.95 in july and they sent more stuff without me approving it.bright burn charged my account without my knowledge and my authorization.i am warning people do not order the free trail it is a gimmick. they keep sending it to you and charging your account without your authorization

The main website includes a Contact Us link at the bottom. Clicking on that reveals their contact information

If you have any questions feel free to contact us at 
1-877-647-3625 or info@noflameecig.com

No Flame E-Cigarette 
6538 Collins Avenue #95
Miami Beach, Florida 33141

Hours of Operation: Mon-Fri 24 hrs. Sat-Sun 9-6pm EST.
Please DO NOT send returns to the above address.

Doing a search for the address reveals that it is a UPS store in Miami Beach, which is a good way to keep themselves from getting served legal documents, like a Complaint Summons. However, the Better Business Bureau does have a file on these people and you can see it here. Notice how they received an F rating from the BBB. These same people were apparently once known as "Bright Safe Cig", but likely had to change their names because of similar underhanded practices.

The websites nosmoke44.com, 8smoke.com and noflameecig.com are all registered anonymously, which is usually a guarantee that none of the companies or websites involved are trustworthy, if you weren't already convinced.

A partial list of related websites being circulated by these textspammers includes:

• www.nosmoke22.com offline
• www.smoke00.com offline
• www.cig28.com offline
• www.smoke12.com offline
• www.nosmoke88.com redirects
• www.cigsmoke.com redirects
• www.smoke8.com redirects
• www.123cigfree.com redirects
• www.800cigs.com offline
• www.cigs44.com offline
• www.8smoke.com active

If you have been scammed or otherwise victimized by these scum, you can file a complaint with the Attorney General of Florida or the Federal Trade Commission.

I'm not sure how they got my number or anyone else's number, nor am I aware of how they are able to add your name to the text message.

How to Piss Them Off

Since the spammers were kind enough to give us their toll-free number, 1-877-647-3625, I suggest you use this to your advantage.

Go to a payphone and call them. If/when someone answers, give them a piece of your mind for as long as you can. It's a toll-free number, so it won't cost you anything to call them, but it will cost them money to receive the call and they'll have to pay for every single call that they get at that number. 

Do not call them from your home telephone, cellphone or workphone. Use a payphone, so they can't call you back or figure-out who's calling them.

Doing a database search to discover who owns the toll-free number, I discovered that the number had been purchased from a company called InContact.

I called them and it seemed like the operator was working out of a call center. She asked for my zip code, which I refused to give. I simply told the operator that my phone number is on the National Do Not Call list and that calling or texting me is a violation, subjecting them to the possibility of criminal prosecution, civil litigation or both. She asked for my phone number, supposedly to remove it from their call list. However, this would simply have confirmed mine as being a working number and usable to other spammers. I told her to simply run their call list against the national Do Not Call listing and remove any of those numbers from their callcenter. She again asked for my number and I repeated my statement. I will not make it easier for spammers to verify good numbers versus bad ones. If they want to avoid legal action, they must check their call list against the Do Not Call lists at the national and state levels.

To be blunt, the operator seemed to be perfectly aware that people on the Do Not Call list were being contacted.

The burden is not on me to tell them to remove my number. The legal burden is 100% on them to not call or text me in the first place.

In addition to not clearing their call list of number on the Do Not Call List before sending out their textspam, they deliberately hide the origin of their message by making it appear that the message came from somewhere other than its true point of origin. Innocent people and businesses can be accused of sending out these messages, when they had not done so. The spammers could have sent the messages out using their info@noflameecig.com address as the Sender, but simply chose not to do that. This shows a sense of cowardice from them, seeming to prefer that innocent people take the blame for something they did themselves.

So, I don't see anything wrong with calling them from a convenient payphone at any time of the day or night, any day of the week. I don't suggest being rude to the operator, because she's probably just some kid who needed a job. Just explain how you're on the Do Not Call list, if you are, and tell them to stop breaking the law by sending texts out. Don't give them your number, because that will just tell them your number is a valid one and they'll likely just sell the updated information to the next textspammer to come along.

Do not do any business with these people. If you give them your credit card information, they will make unauthorized charges to your account and send you products that you did not agree to buy, as you can see from complaints here, here and here.

How to REALLY Piss Them Off

Here is a picture of the product these people are selling

A full-size picture of it can be seen here. Go look at the full-size picture and you will see the name of the company that is the wholesaler for this product.

The wholesaler is a publicly-traded company called Vapor-Corp. They are a legitimate company that files regularly with the Securities and Exchange Commission.

I think Vapor Corp may be interested in the possibility of one of their retailers engaging in illegal activities. A company is known by the reputation of its products and Vapor Corp's name - not No Flame's - is emblazoned right there on the box. If a product is associated with unethical business practices and illegal activities, such as violating the National Do Not Call list, this could a case of shit rolling uphill with Vapor Corp being considered guilty by association. If you'd like to contact them yourself and tell them that their corporate reputation is being endangered by the actions of one of their retailers, you may contact them at this link.

No Flame might be able to ignore people calling them with complaints, but they couldn't ignore their wholesaler calling them and asking what the fuck they think they're doing.

How They May Have Gotten Your Name and Number

According to a comment posted below, it appears that the recipients' first names and phone numbers may have been obtained via their Facebook pages. Facebook is often  the target of spammers and scammers who attempt to obtained users' personal information. It seems that many peoples' information has found its way onto the black market and sold/or traded to these textspammers.

Another Update

Remember that email address No Flame says you can contact them with: info@noflameecig.com ? Well, it doesn't work! I know this because I tried to contact them via email at that address and it bounced-back on me.

So, the only way you can contact them is via their toll-free number and calling a toll-free number allows the receiver to know the phone number you are calling from, as well as a lot of other information.

Sneaky bastards.

Duane Browning

Falling Into A Trap

While reading through posts of people I follow on Twitter, I saw this

16 Friends Unfollowed me on Twitter, find out yours http://is.gd/tf0ll1 

shortly thereafter, I saw this

Find out how many People unfollowed you on Twitter http://is.gd/tf0ll1

I decided to have a look at this link myself, without risking my account's security and I discovered that this link goes to  itweetfollowers.info which is registered anonymously through WhoIsGuard, as is their server tweet-stats.info and they are both traceable to a US location, so this is not some foreign-based scam, but something domestic. A trace of their IP shows that they are based in Piscataway, NJ.

Here's a screenshot of itweetfollowers

The reason it's very scammy comes from the fact that I personally saw literally dozens of people through whose Twitter accounts the two above messages were posted. It is simply impossible for all of those people to have been unfollowed by exactly 16 of their "friends" (or actually "followers", in the case of Twitter). The odds against such a coincidence are beyond the most advanced mathematics.

I don't have that many followers on Twitter and I am under no delusion that all or even most of them even read my posts. However, too many people seem to get their underwear in a twist up their butts when they see the number of their Twitter followers decline, even slightly. This kind of insecurity is what leads to people falling for traps like ITweetFollowers as well as those scams where people are offered an app that will tell them who is looking at their Facebook or Myspace page, when the fact is that such apps do not exist and would be impossible to create in the first place. I will grant that some people are just a little bit curious regarding which of their former followers have given-up on them and may even wonder why they made the decision to do this. But, being concern about such minutiae is just a waste of time, when you stop and think about it.

In the end, we should understand that losing a Twitter follower or a Facebook friend is not the end of the world. So you lost a follower. Big fucking deal. Life is too short to worry about bullshit like this.


Duane Browning

Scammers Impersonating UK Company

Foods of Europe is a British food export company located in Bordon, which is near London. Lately, someone has begun placing orders in their name with companies in Germany and having them shipped to a storage facility, instead of to Foods of Europe's receiving facilities.

The scammers even set-up a fake website where they copied the legitimate website almost exactly and that website can be found here. It seems that the word has gotten around about how the website is not legitimate. I tried to visit the site and was greeted by this image

Legitimate website http://www.foodsofeurope.co.uk
Fake website http://www.foodofeurope.co.uk (note the missing "s" in the name)

While the registration information for the fake site lists the address of the real company in its registrant information, the site is registered in Berlin, Germany and its servers are also located there. The fake site is about a month old, having been created on September 17, 2012.

Despite orders being placed with German companies under fraudulent circumstances, the registering company refuses to take any action, unless told to do so by the German police. Actually, that would be the Berlin police, as there is no federal law enforcement agency for Germany. After the Nazi era, Germans are naturally hesitant to establish a national law enforcement agency due to fears it would become too powerful. These fears are well-founded, considering how powerful American federal law enforcement agencies became under the Patriot Act.

The scammers have done a pretty good job of getting all this set-up. Aside from the almost perfect copy they made of the real website, even their contact information is very close to the real company's.

Foods of Europe's telephone numbers and email address are:

Tel: +44 (0) 1420 488644
Fax: +44 (0) 1420 488744
Email: enquiries@foodsofeurope.co.uk

The scammers' given contact information is

Tel: +44 (0) 1424 541015
Fax: +44 (0) 1424 541028
Email: enquiries@foodofeurope.co.uk

Apparently, some German companies have already been defrauded of products they have shipped overseas to the scammers, thereby losing whatever payment they were owed. Foods of Europe, while not losing any money themselves, has been left to deal with the angry victims and has well-founded fears that their company's reputation is endangered.

I have to admit, this scam is pretty well-done. The scammers invested a lot of time and effort to build the website, so they've got some technical expertise above and beyond the typical fraudsters. How this will turnout is anybody's guess.

October 15, 2012 update: the scammers' website was taken down by the hosting company

Duane Browning

Scammer Impersonating Louisiana Bank Official

I received this email recently

From: Dr. / Mr. Veron William Rice office18454@gmail.com
Reply-To: Dr. / Mr. Veron William Rice drveron87@live.com
Sent: Thursday, October 4, 2012 5:35 AM
Subject: Compliment,
Compensation for your past efforts...See the attachment
(attachment sent as txt file)
Compliment,
How are you doing? Hope you have not forgotten me? I am Dr. / Mr. Veron William Rice, the man from United States of America who contacted you some time ago to assist me secure the release of some money accrued from the over invoicing of a Contract/inheritance, Next Of Kin and ATM that was awarded by the U.S government. Though you were not able to assists me conclude the transaction, I’m happy to inform you about my success in getting those funds transferred under the assistance and co-operation of a new partner from Brazil.
Presently I am in South Korea for investment projects with my own share of the total sum. Meanwhile, I didn't forget your past efforts and attempts to assist me in transferring those funds, I make sure you are not left out the benefit of the transaction hence I kept aside for you a mere US$5Million Dollars and the funds was made out to you in cash which I deposited with a bank in Louisiana. I and my new partner agreed to compensate you with that amount for all your past efforts and attempt to assist me in this matter. I appreciated your efforts at that time very much, so feel free to contact the bank and instruct them on how to send the US$5 Million across to you.
Keep me posted immediately you receive the Funds so that we can share the joy together after all the stress at that time. I had left instruction to the bank so as soon as you contact them, they will make the funds available to you,feel free to get in touch with them NOW VIA the below information
NOTE: You are to reconfirm to the bank your contact information and direct number# for proper communication.
Below is the contact details of the bank:
Contact Person: Walter E. Dorroh, Sr.
Contact Bank: Community Bank of Louisiana
Bank Phone Number:(318) 615-0694
Bank Address: 118 Jefferson Street Mansfield, Louisiana 71052
Bank Contact E-mail: foreignoperation-dept2@live.com
Regards,
Dr. / Mr. Veron William Rice

Naturally, the Community Bank of Louisiana knows absolutely nothing about any of this and they were quite shocked to findout that they were being used as a cover story for an Internet scam.

The email was IP-traced and revealed to have originated from Naperville, Illinois. I called the Mansfield location of the bank and informed them of the email. I subsequently informed the New Orleans office of the FBI because this scam involves a bank located in their jurisdiction and due to the email having been sent from another state. All crimes that cross state lines and/or involve banks fall within the FBI's jurisdiction.

I sent a reply to this email and received the following response

From: Walter E Dorroh Sr
To: (my cover identity)
Sent: Thursday, October 11, 2012 9:04 AM
Subject: Hello Mr. (my cover identity)...Welcome To Community Bank of Louisiana

Welcome To Community Bank of Louisiana
118 Jefferson Street Mansfield, Louisiana 71052
(318) 615-0694

Hello Mr. (my cover identity). 

Thank you for contacting us for your transfer, We have the sum of US$5million here in our bank from Dr. / Mr. Veron William Rice with an instruction to make the transfer of the above amount to you anytime you apply for the transfer.
Right now we are informing you that we are set for the transfer as soon as we hear from you with your bank account details for the transfer.
Get back to us with your full bank account details for the transfer then we will proceed with your transfer from there.
I wait your urgent response. 



Walter E. Dorroh, Sr.
Chairman Community Bank of Louisiana
118 Jefferson Street Mansfield, Louisiana 71052
(318) 615-0694
(888) 679-6246 Toll Free Number

 An IP trace indicates that the second email originated from Lagos, Nigeria. This isn't surprising. I am left wondering if the given phone number are legitimate or are part of the scam. Either way.

Mr Dorroh really is an official of this bank, but you obviously won;t be communicating with him by email.

Rest assured that both the bank and the FBI are aware of this scam. What they can do about it is anyone's guess.


Duane Browning

BestBuyWin Scam from China

Numerous people have reported receiving a text message stating that they'd won a free gift card from Best Buy and they are given a link to visit, enter their code and claim their prize.

The site is Bestbuywin.net and is registered anonymously through WhoisGuard. The site has dedicated servers based in the United States, but that doesn't tell us where this scam originates. Another weblink being circulated is bestbuyprizes.net and that site is registered in India but run by the same people, with servers based in the USA and United Kingdom. A better clue comes from a small text at the bottom of the pages where the link for Bestbuywin.com is given. That website is registered in China and the site is owned by Beijing Innovative Linkage Technology Ltd. The owners have no reason to hide their China address, since there is nothing that an America-based company like BestBuy could do to stop their spamming practices. This company is accused of disregarding US law and for dishonest business dealings.

Another rewardhubzone website being circulated via text spam is BestBuyRaffle.com and it is also registered anonymously, though its servers are located in the United States. The servers belong to mygt.org and another Best Buy-related scam website hosted on the same servers is bestbuycontest.com which looks exactly the same as BestBuyWin.net, bestbuyprizes.net and BestBuyRaffle.com so they're obviously created by the same people. It would make sense to have multiple domains, due to the possibility (however remote) that one or two may get shutdown and it's a good way to keep their sites from crashing due to too much traffic or a possible DDOS or DOS attack from pissed-off textspam recipients.

The email address given for the registered owner of BestBuyPrizes is also associated with these domains:

1.  bestbuycash.net

2.  bestbuyprizes.net

3.  cell-prizes.com

4.  cellprized.com

5.  hiddenautoprices.com

6.  luckycellprize.com

7.  obeytrack.com

8.  receivecellaward.com

9.  smsaprize.com

10.  txttheprize.com

11.  win2cell.com

12.  wincellaward.com

The email address given for the registered owner of BestBuyWin.com is associated with at least 25 other domains, including:

1.  1hrpayadvance.com
2.  1hrpayloan.com
3.  aoopodkc.com
4.  be-her-star.com
5.  dnsmeet.com
6.  doctorgreat.com
7.  dokkeryb.com
8.  gifthubdirect.com
9.  giftrewardsdirect.com
10.  gopayadvance.com
11.  hotgirlss.com
12.  http-security.com
13.  kusalozus.com
14.  loveedating.com
15.  myonline-security.com
16.  myweb-security.com
17.  plitimaster.com
18.  pojodaworld.com
19.  prizehubdirect.com
20.  promocenterdaily.net
21.  skotchiki.com
22.  super-crap-dns.com
23.  theweb-security.com
24.  wow-gameclan.com
25.  www-security24.com

Entering a code (actually, any four numbers will do) takes you to a Rewardhubzone.com webpage  and a WhoIs search reveals the website to have also been registered anonymously with WhoisGuard, but the servers are based in Hong Kong, China.

At the bottom of the Rewardhubzone webpage, a link is given for you to unsubscribe your email address from future mailings. A postal address is also given, supposedly for the purposes of contacting them by postal mail, but that address is often associated with other scams.

In short: this whole "offer" is a scam intended to confirm your cellphone number as being valid, to get your email address so they can send spam and to get whatever personal information about you that they can.

I forwarded the Bestbuywin.net address to the report center at Best Buy, but I don't think they can do anything about it, since the scam is based in China.

Duane Browning

Payday Loan Text Spam

I got this text today on my cellphone from Melissa@currentdata.info

Subject:Paying Attention Do you need to best way to pay your bills before pay check? go-t0<( http://lnx.lu/ZQf )>sdSuuvveyGT

 A WHOIS search of currentdata.info revealed that the site is registered anonymously through Domains By Proxy which, in my opinion, automatically makes this an unreliable company to do business with. After all, if they were a reputable company, they wouldn't have anything to hide, would they? And if they didn't already know that most people would delete any Payday Loan emails they sent out, they wouldn't force people to receive and read it by sending it out via text message on cellphones. Right?

 Well, a WHOIS search can reveal a bit more than who a website is registered to. It can also tell you the website's IP address and knowing the IP address can give you a better idea as to where the people who sent out a text message really are located, unless they've outsourced that job to a Third World country.

The IP address actually comes from the vicinity of Tempe, Arizona, USA and the servers are dedicated specifically to currentdata.info by Secure Servers, LLC.

The actual text of the message I received tells me that the person who composed it either isn't a native speaker of English or is just badly educated. It doesn't really matter which it is. The website was created in August 2012, so I can hazard a guess that these people are relatively new to textspamming and bought a list of contacts through the typical channels used by spammers. It probably seemed like a better way for them to go than to try to build-up a real reputation as the Go-To place for payday loans. There are so many similar companies out there - and a good number of them has a long list of complaints against them over how they do business and how they treat their customers - who would notice one more?

Due to the underhanded nature of how Current Data is advertising itself via textspamming people without their consent, I'd strongly advise any other recipients of their message to simply ignore them. My gut feeling is that they shouldn't be trusted.

Okay, I need to post this update: there have been a few people trying to comment on this post who have included links to their payday loan websites either in comments or in their profile link. I will not allow you people to spam my comments section. If you want to comment, fine. But, I will not allow anyone to advertise their business in my comments section, no matter what their business may be.


Duane Browning