Job scam quick guide: it's a scam if...

  • they want you to collect and forward money in any way (a "money mule" job). You'll wind up engaged in money laundering, personally defrauded via expertly forged cheques, money orders, etc, or defrauding someone else who pays for goods that never arrive.
  • they want you to receive packages and reship them somewhere else. The goods will have been obtained fraudulently, and they're just using you to make the shipping address appear local. You will be aiding fraud.
  • they want up-front payment (either to them or someone else) of any sort for anything before you can get the job. This is advance fee fraud: there is no job -- it's just a big con to extract money from you.
  • they want you to buy any kind of "membership" or "kit" in order to start. Forget it -- it's not a real job at all: they're trying to sell you something, and they're probably making a bunch of other false claims about it if they're pitching it as a "job".
  • it's a job offer, and it's spam. There are LOTS of these scams about, as you can see.

Wednesday, April 18, 2007

Aegis Capital Group (impostors)

Summary

Money mule scam, following the pattern of the Lux Capital and Radius Investments scams. See links in the sidebar for more information about money mule scams, but the short story is that your "employers" transfer money from compromised bank accounts to yours, then get you to forward the money to them via Western Union. This is illegal, of course, which is why they lie about it. If you've been caught by this scam, stop sending any money anywhere immediately and either report the problem to your bank (the course of action recommended by the police in most places) or get competent local legal advice.

As with the two previous related scams, the scammers are ripping off the identity of a real company. In this case, they are impersonating the "Aegis Capital Group LLC" that uses the web address http://www.aegiscapitalgroup.com/. Please be sure that you are dealing with the genuine article, and not a crooked rip-off.

The Spam

The message is presented in a GIF image, accompanied by nonsense "filter buster" text coloured to be invisible against the background.

Representative image

Sender names encountered

Capitalisation and punctuation may vary.

  • Aegis Capital Group
  • Aegis Capital Group LLC

Domain names involved

The following links have been encountered in spam, listed in order of encounter.

  1. http://aegis.hk/?vacancy
  2. http://aegiscap.hk/?vacancy

The above is not necessarily an exhaustive list of involved domains -- merely the ones we know about. The list is updated as new domains come to our attention. Please post comments below if you are aware of other domains involved in this scam.

Website

No snapshot posted here because it's essentially just a copy of the genuine Aegis Capital Group LLC website with the addition of a "vacancy" page (to which they link in their spam). I also note in passing that the main index page has been replaced with a copy of the "company" page. The "vacancy" page has a couple of red herring jobs in addition to the money mule position.

Domain Information (for experts)

Limited WHOIS information about the involved domains is provided here, primarily for the purposes of trend analysis. Registrant details are included only to the extent that I believe they are relevant and not misleading fabrications.

aegis.hk

Query at around 2007-04-18 11:18 UTC

Domain Name: AEGIS.HK
Email: beaehrmann@hotmail.com
Domain Name Commencement Date: 10-03-2007
Expiry Date: 10-03-2008
Name of Registrar: HKDNR
Account Name: HK1834087T
Name Servers Information:

NS1.NOTE-XX.COM
NS2.NOTE-XX.COM

aegiscap.hk

Query at around 2007-04-18 11:19 UTC

Domain Name: AEGISCAP.HK
Email: eduardboehl@hotmail.com
Domain Name Commencement Date: 10-03-2007
Expiry Date: 10-03-2008
Name of Registrar: HKDNR
Account Name: HK1834093T
Name Servers Information:

NS1.NOTE-XX.COM
NS2.NOTE-XX.COM

17 comments:

Nik said...

Thanks much for this. Good work.

Anonymous said...

I get 10-15 smam-mails a day from these idiots (gmail at least dumps then straight into my spam bucket) but was curious if there was a "real" Aegis - Which there is -

Am also curious why they don't go after these morons for identity theft/fraud? At least, copyright infringement? I know a guy that used a VERSION of British Air's "banner" for his own site, (in th UK) and was closed down just for that in less than a day!

Just seems odd they don't do more....

FWIW on the real Aegis page, in small print under "legal" (or maybe it was "news" - they call out "a HK company offering fake jobs" - So they're obviously aware - (shrug)

Just know if were my name & company being dragged thru the mud - I'd be kicking and screaming - Pity - What's the world come to? :-(

Anonymous said...

Another one...
http://aegicaplc.cn

Anonymous said...

and yet another one:
http://joboffer-0426724.acapsite.hk/?vacancy

Anonymous said...

theres anouther one for england also, theve been emailing me.
Sad kinda cuz i was just getting ready to do it because everything cheacked out on the bbb and such.
hope no one falls for it, theyd lose a lot of money.

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

I get between 5 and 20 e-mails a day from these guys. I started getting them within hours of posting my resume to Career Builder.com Then again, I've gotten a lot of garbage after posting on Career Builder.

Anonymous said...

Never post any information on Career Builder.com they got me this way too!!

Anonymous said...

If you care to play with these smucks which I do once in awhile, I always stress my small bank always holds out of the area checks for 10 to 14 days.
And no! I wont advance funds against their checks, Im not in the business of advancing funds, either wait or I will pass.

My last check, $48,802.00 came from EdisonEsi in southern Calif mailed from someplace in Canada.

The explanation for that was that my contact was traveling on company business. I fired them back a response saying I had spoken with 3 ppl at Edison and no one knew of any Canadian operations.

Ive had no response from them since. The check looks nice on the wall.

Spotter said...

My hat is off to anyone with a fake cheque on their wall as a talking point.

Anonymous said...

There´s abother one:
http://joboffer-99400.aegiscapl.hk/?vacancy
(now blocked)
From: Gleason.Clayton@168city.com

Spotter said...

These guys are still going. They are not using image-based spam anymore, though, it seems. Also, they are using increasingly outlandish corruptions of their assumed name in their domain name registrations. I've recently seen "aegicapll.hk" and "aegiscapllc.cn", but I'm sure there are dozens more in my low-priority spamtraps.

Anonymous said...

The people behind this crap would have more luck if they slowed the bombardment of emailed job offers. Most of us, healthy self image notwithstanding, realize that noone is going to beg us 20 times daily, to accept any job.Their approach, not their technicals made me suspicious.

Anonymous said...

Address used as of 6:27 a.m. 6/1/07:

http://joboffer-776563578.aegicaplc.cn/?vacancy

Anonymous said...
This comment has been removed by a blog administrator.
Spotter said...

Please don't bother posting "From" addresses for this particular spam: the spammers just take those addresses from the same list as the list of people they are spamming. If you want to post details from your spam, please post the link address they provide, since that tells us what domain names they are using.