Summary
Money mule scam, following the pattern of the Lux Capital and Radius Investments scams. See links in the sidebar for more information about money mule scams, but the short story is that your "employers" transfer money from compromised bank accounts to yours, then get you to forward the money to them via Western Union. This is illegal, of course, which is why they lie about it. If you've been caught by this scam, stop sending any money anywhere immediately and either report the problem to your bank (the course of action recommended by the police in most places) or get competent local legal advice.
As with the two previous related scams, the scammers are ripping off the identity of a real company. In this case, they are impersonating the "Aegis Capital Group LLC" that uses the web address http://www.aegiscapitalgroup.com/. Please be sure that you are dealing with the genuine article, and not a crooked rip-off.
The Spam
The message is presented in a GIF image, accompanied by nonsense "filter buster" text coloured to be invisible against the background.
Representative image
Sender names encountered
Capitalisation and punctuation may vary.
- Aegis Capital Group
- Aegis Capital Group LLC
Domain names involved
The following links have been encountered in spam, listed in order of encounter.
- http://aegis.hk/?vacancy
- http://aegiscap.hk/?vacancy
The above is not necessarily an exhaustive list of involved domains -- merely the ones we know about. The list is updated as new domains come to our attention. Please post comments below if you are aware of other domains involved in this scam.
Website
No snapshot posted here because it's essentially just a copy of the genuine Aegis Capital Group LLC website with the addition of a "vacancy" page (to which they link in their spam). I also note in passing that the main index page has been replaced with a copy of the "company" page. The "vacancy" page has a couple of red herring jobs in addition to the money mule position.
Domain Information (for experts)
Limited WHOIS information about the involved domains is provided here, primarily for the purposes of trend analysis. Registrant details are included only to the extent that I believe they are relevant and not misleading fabrications.
aegis.hk
Query at around 2007-04-18 11:18 UTC
Domain Name: AEGIS.HK
Email: beaehrmann@hotmail.com
Domain Name Commencement Date: 10-03-2007
Expiry Date: 10-03-2008
Name of Registrar: HKDNR
Account Name: HK1834087T
Name Servers Information:
NS1.NOTE-XX.COM
NS2.NOTE-XX.COM
aegiscap.hk
Query at around 2007-04-18 11:19 UTC
Domain Name: AEGISCAP.HK
Email: eduardboehl@hotmail.com
Domain Name Commencement Date: 10-03-2007
Expiry Date: 10-03-2008
Name of Registrar: HKDNR
Account Name: HK1834093T
Name Servers Information:
NS1.NOTE-XX.COM
NS2.NOTE-XX.COM
17 comments:
Thanks much for this. Good work.
I get 10-15 smam-mails a day from these idiots (gmail at least dumps then straight into my spam bucket) but was curious if there was a "real" Aegis - Which there is -
Am also curious why they don't go after these morons for identity theft/fraud? At least, copyright infringement? I know a guy that used a VERSION of British Air's "banner" for his own site, (in th UK) and was closed down just for that in less than a day!
Just seems odd they don't do more....
FWIW on the real Aegis page, in small print under "legal" (or maybe it was "news" - they call out "a HK company offering fake jobs" - So they're obviously aware - (shrug)
Just know if were my name & company being dragged thru the mud - I'd be kicking and screaming - Pity - What's the world come to? :-(
Another one...
http://aegicaplc.cn
and yet another one:
http://joboffer-0426724.acapsite.hk/?vacancy
theres anouther one for england also, theve been emailing me.
Sad kinda cuz i was just getting ready to do it because everything cheacked out on the bbb and such.
hope no one falls for it, theyd lose a lot of money.
I get between 5 and 20 e-mails a day from these guys. I started getting them within hours of posting my resume to Career Builder.com Then again, I've gotten a lot of garbage after posting on Career Builder.
Never post any information on Career Builder.com they got me this way too!!
If you care to play with these smucks which I do once in awhile, I always stress my small bank always holds out of the area checks for 10 to 14 days.
And no! I wont advance funds against their checks, Im not in the business of advancing funds, either wait or I will pass.
My last check, $48,802.00 came from EdisonEsi in southern Calif mailed from someplace in Canada.
The explanation for that was that my contact was traveling on company business. I fired them back a response saying I had spoken with 3 ppl at Edison and no one knew of any Canadian operations.
Ive had no response from them since. The check looks nice on the wall.
My hat is off to anyone with a fake cheque on their wall as a talking point.
There´s abother one:
http://joboffer-99400.aegiscapl.hk/?vacancy
(now blocked)
From: Gleason.Clayton@168city.com
These guys are still going. They are not using image-based spam anymore, though, it seems. Also, they are using increasingly outlandish corruptions of their assumed name in their domain name registrations. I've recently seen "aegicapll.hk" and "aegiscapllc.cn", but I'm sure there are dozens more in my low-priority spamtraps.
The people behind this crap would have more luck if they slowed the bombardment of emailed job offers. Most of us, healthy self image notwithstanding, realize that noone is going to beg us 20 times daily, to accept any job.Their approach, not their technicals made me suspicious.
Address used as of 6:27 a.m. 6/1/07:
http://joboffer-776563578.aegicaplc.cn/?vacancy
Please don't bother posting "From" addresses for this particular spam: the spammers just take those addresses from the same list as the list of people they are spamming. If you want to post details from your spam, please post the link address they provide, since that tells us what domain names they are using.
Post a Comment