Sponsored by..

Wednesday 20 May 2009

mig-design.com fraudulent job offer

A straightforward pitch for what is probably a money mule operation.

Subject: Looking for a job? More info here
From: "Shirley Schafer" boss@adabillur.com

Greetings,

If you are still looking for a well-paid part time job (2-4 hours a day) with possible full-time promotion opportunities at one of top-echelon Management Companies, please e-mail your resume/CV or a short description of your former activities.

Use ONLY corporative e-mail address below for all further correspondence:
office@mig-design.com

Necessary information concerning working and cooperation opportunities, financial benefits and advantages is sent by your request.

Yours faithfully,
Recruiting Office,
MIG Management and Design

Let's look at mig-design.com.. actually, don't - it's never a good idea to poke at spamvertised sites unless you know what you are doing. There's not much to see apart from a snazzy logo saying "MIG International Design Group".

The logo has clearly been professionally designed. But it also appears to have been stolen from this site although amusingly the spammers have corrected the obvious spelling error.

Let's check out the WHOIS details:

Name : Michell
Organization : Michell
Address : 56/2 Sun str.
City : Dallas
Province/State : beijing
Country :
Postal Code : 85230
Phone Number : 86--56343365
Fax : 86--56343365
Email : Michell.Gregory2009@yahoo.com


A quick Google search for that email address shows several hits.. indeed, it has been used before for the luxgroupnz.com scam.

The IP address of the site is 61.150.91.136 in China and usually in these circumstances it is safe to assume that ALL sites on the same server are suspect:

  • Bsi-investment.com
  • Bsibanksingapore.com
  • Ckinter.cn
  • Ckinter.ru
  • Freeadulttube.com.cn
  • Importfinanceinc.com
  • Intdgroup.com
  • Lloydsinsurer.com
  • Luxgroupww.com
  • Majordesigngroup.net
  • Medikmenty.com
  • Mens-health.com.cn
  • Mig-design.com
  • Mig-disign.com
  • Teentube.com.cn
  • Vsehorosho.info
  • W-trabajo.com
  • Wploy-empleo.com
  • Wtrabajo.com
In this case the email originates from 117.197.0.23 in India.

A flashy logo does not mean that it's a legitimate site. In this case the spammers have just ripped off someone else's identity. Avoid.

3 comments:

Boo said...

Thank you thank you thank you!!! Have already been scammed once this month IN PERSON! Thank you for putting this online in order to save me from being scammed in cyber space
Did sound a bit suspect
Please let me know if you want me to forward you my particular email
From a Henry Rowling
Thanks again

Unknown said...

I sended my Resume to this people, what could happen, i send them my ID no. and full name and labor history, but i´m worried
nap

ctgscott said...

Thank you for posting this. I am in charge of technology and related security at a national bank in the US (I'll decline to state which for reasons of reputation). Last week one of our large commercial customers had one of their login credentials 'compromised' and the next day 25 ACH transactions (similar to wire transfers) were executed to individuals that had been recruited under this scam. They then were to withdraw the cash, keep a small percent and send via Western Union the balance to names in the Ukraine. Most of the over $200k that went out, we will recover by 'recalling' the fraudulent transactions but some of the recipients moved very quickly. Unfortunately for them, their local banks know plenty about them and law enforcement will most likely be able to track them down quite easily. PLEASE come forward if you have been involved in a scam like this as it makes things much easier for all involved. A couple of basic thoughts: 1) the money in these scams is never clean, it is always stolen, and 2) the only way to get people to stop these scams is to make them unprofitable.