Sponsored by..

Thursday 11 September 2008

Dating scams

Dating scams are usually a variant of the advanced fee fraud - some pretty girl (probably some ugly bloke in reality) sends you some random photos and explains that they want to move to your country and move in with you.. but can they have some money first? The basic operation of these scams is described here. To make it look more credible, sometimes fake dating sites are set up to give the whole thing an air of legitimacy.

This current batch of fake sites is being advertised with an email similar to the following:

i need you

i am Nice Girl good looking girl who is looking to chat with you.
e-mail me back at UcWkS@lam2you.com

i will reply back with some really nice pictures.

The domain lam2you.com has a corresponding web site on 79.135.167.51 calling itself "Online sexiest dating site". As it happens, there are a whole bunch of other domains on the same server, also describing themselves as "Online sexiest dating site", all best avoided.

  • Amnocx.com
  • Anandaperumal.com
  • Bardline.com
  • Benrd.com
  • Bestdre.info
  • Cardrealc.com
  • Centralrd.com
  • Cowarddean.com
  • Direktmal.com
  • Dracingsite.info
  • Dracingworld.info
  • Draic.info
  • Dreguide.info
  • Drkin.info
  • Drmarksite.info
  • Drmarkworld.info
  • Drseusssite.info
  • Equipyard.com
  • Evram.info
  • Ezelive.info
  • Ezrdhome.com
  • Firstlam.com
  • Fordhx.com
  • Frcis.info
  • Freegbl.info
  • Freeksite.info
  • Freeldp.info
  • Friguide.info
  • Frutis-basket.info
  • Gardevin.com
  • Gbbed.info
  • Gbizc.info
  • Gbladx.info
  • Gblhome.info
  • Gblwizard.info
  • Gbowrxx.info
  • Glocentral.info
  • Gloplanet.info
  • Gobobrom.com
  • Gocarthq.com
  • Gocartutah.com
  • Goldpug.info
  • Gosfordw.com
  • Greatrom.com
  • Guyvr.info
  • Hardjam.com
  • Hote2youx.info
  • Hyperlam.com
  • Imalonline.com
  • Justgbl.info
  • Justrd.com
  • Justvre.info
  • Ldphome.info
  • Ldpwizard.info
  • Lesdv.com
  • Lesjr.com
  • Letsgocart.com
  • Lgbidxx.info
  • Maldirekt.com
  • Malkostenlos.com
  • Malplatz.com
  • Malprojekt.com
  • Malwelt.com
  • Malzentrale.com
  • Mediagocart.com
  • Medmallist.com
  • Meinmal.com
  • Menziesmalvern.com
  • Moonboardm.com
  • Morerd.com
  • Mygbl.info
  • Nitgbx.info
  • Nvromx.info
  • Officialgbl.info
  • Officialldp.info
  • Officialrd.com
  • Oldpee.info
  • Onlinegbl.info
  • Ovrom.info
  • Pacanimal.com
  • Phillymedicalmal.com
  • Qualitaetmal.com
  • Razales.com
  • Rd2you.com
  • Rdnation.com
  • Rdplanet.com
  • Saravanaperumal.com
  • Searchesrom.com
  • Shemalglobal.com
  • Supergbl.info
  • Superldp.info
  • Superrd.com
  • Superromics.com
  • Tomalonline.com
  • Topeguidex.info
  • Virtualgbl.info
  • Virtualglo.info
  • Virtualldp.info
  • Virtuellmal.com
  • Vrehome.info
  • Warmalonline.com
  • Wildpin.info
  • Wirelesamerica.com
  • Wizardrd.com
  • Worldpivot.info
  • Worldplayservices.info
  • Yourfr.info
  • Yourgbl.info
  • Yourldp.info
  • Capvr.info
  • Davidre.info
  • Virtualvre.info
  • Vreproject.info
  • Vrewizard.info
One thing of note is that the name servers used here are ns1.droreal.com and ns2.droreal.com which appears to be a domain name used to support other dating scam sites.

3 comments:

tomfin said...

Just got one of these... typically they say something like "Hello, I am new to the area and would love to meet to make new friends".

Presumably you set up a meeting, and awake several days later - missing either your wallet or a kidney.

Of course, email addresses are hardly localised in this manner, and the email comes from far afield :D This one was from "jackie@firstlam.com".

Happy Scam-Avoiding, folks!

IKillSpammerz said...

There are two vectors these sites are taking.

The first is the email addresses. They are randomized and don't actually lead to a real person. (Naturally.) The spammer is responsible for as many responses to the email address (which is disposable) which are then handed off to someone to respond to, usually from a totally different address (usually a Gmail account.)

This tactic has been used before on behalf of a site known as UALadys or UADreams. I have blogged about their activities previously:

http://ikillspammers.blogspot.com/2008/03/hello-i-am-bored-this-evening.html

They base affiliate payments on the thousands of responses, usually 5,000 or more, so this tends to be a very heavily-spammed property.

The second is the domain of the email address, which usually leads to one or more bogus dating websites. In this case the inevitable target is FindMatchOnline.com. You will notice that their affiliate signup features no mention whatsoever about spamming. It's also among the most illiterate sites I've read, indicating it's clearly not run by native-English-speakers.

Signing up will result in immediate receipt of several "flirts" or "messages" from alleged women on the site. Even if you have a completely blank profile, suddenly several "women" will be interested in you. It's all completely fake of course. This isn't the only such site which uses these tactics (flirt.com is considered to be legitimate but does precisely the same thing.) It's just that they also allow spammers to promote their sites.

Avoid these at all costs, most definitely. The goal is to siphon your money by any means possible.

SiL / IKS / concerned citizen

Unknown said...

You are correct in a way however there is very little difference between Admin and Super Admin and the user name and password that peter has is the mater username and pass i.e for the Webstats, FTP, MySQL etc hence access to the core files. However this does not mean that you did defiantly change the files, it could of been someone on my side. There were some software updates made to the website which made a compatibility issue between the CMS and Shopping Cart, this issue is very new and I just assumed since Peter mentioned that he wanted the website updated that someone on your side might of tried. It is not often that anyone I work with will work on one of my sites but not impossible.
Bottom line, there are to many issues on the website I need to do a clean install and rework the website.\
Regards,
Pablo