 Pages: « 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 » : All |
 Author |
 Pharmacy express (currently 13,009 views) |
| comdetroit |
| Posted on: Saturday, June 24th, 2006, 11:30pm |
 |
|
Gender:  Male Posts: 52 |
|
|
|
  |
Reply: 15 - 181 |
|
|
| dj |
| Posted on: Sunday, June 25th, 2006, 4:52am |
|
|
Guest User
|
Before finding this site and the disclaimer hidden away on the Better Business Bureau website I had written to the BBB and PharmacyChecker about the use of their logos.
BBB never responded but I have had a reply from PharmacyChecker saying that it hurts their business and "If you learn anything more about the company behind the spam and fraud please share it with us.". So I have passed on the details from the posts here about the image hosting to PharmacyChecker. I have also copied in BBB and "verified by Visa" in case they want to protect their reputation as well.
If anyone has tried filling out the order form (using duff information of course!) you will find that the screen does not have the padlock symbol that your credit card details will be encrypted. (Dont forget to remove the numbers at the end of the url which should help protect them knowing the email address they sent the mail to is active.) This is almost certainly a credit card number harvesting scam so I am surprised that Visa arent more interested.
|
|
 Logged |
|
|
 |
Reply: 16 - 181 |
|
|
| comdetroit |
| Posted on: Sunday, June 25th, 2006, 9:06am |
|
|
Gender: Male Posts: 52 |
| According to webhosting.info all of the sites, except for the coconut site belong to Ande Lambe of Lambe Solutions. When I called them, the person I talked to said the hosting business is handled by Ande's son. Lambe Solutions, I think, is a hosting and software company. Being that everyone's been contacted and nothing has been done (I am STILL getting spammed by these people), something smells bad. |
Everything Internet
http://www.comdetroit.com
Detroit Area
http://www.comdetroit.net |
|
|
|
| |
Reply: 17 - 181 |
|
|
| dj |
| Posted on: Monday, June 26th, 2006, 3:04am |
|
|
Guest User
|
I got a fairly bog standard off the shelf reply from verified by visa. -
"Thank you for contacting Visa and questioning the communication you received. Visa will never ask you to provide personal information such as your bank account number, an account password, credit card number, PIN number, mother's maiden name, or Social Security number by email.
To learn more about 'How to spot a phishing email', please visit: http://usa.visa.com/personal/security/protect_yourself/common_frauds/phishing.html?it=c|/personal/security/protect_yourself/index%2Ehtml|Phishing
Our security department investigates these matters and works with the proper authorities to terminate the activity.
Visa has many safeguards and detection systems in place, but prompt action by alert cardholders remains a very important method of stopping deceitful activities. Should you receive further communication that you deem questionable, please feel free to contact us immediately.
Please be reminded that U.S. cardholders are fully protected by Visa's Zero Liability policy. This means that cardholders pay nothing in the event of unauthorized card use.
We appreciate your bringing this matter to our attention.
Verified by Visa Webmaster"
You might have thought that they would have been a little more proactive and interested than this stock reply makes out. I think the credit card companies should take more responsibility for spam sites using their services as they give the spammers the ability to collect money from suckers who respond to the spams. |
|
| Logged |
|
|
|
Reply: 18 - 181 |
|
|
| dj |
| Posted on: Wednesday, June 28th, 2006, 4:04am |
|
|
Guest User
|
Anybody had any mails from MyCanadianPharmacy recently?
I was getting 6-12 a day before Monday.
I had six on Monday, all of which pointed to websites that could not be displayed.
Yesterday nothing!  |
|
| Logged |
|
|
|
Reply: 19 - 181 |
|
|
| absolutchele |
| Posted on: Wednesday, June 28th, 2006, 11:22pm |
|
|
Posts: 1
|
| I've been getting at least 3 e-mails from MyCanadianPharmacy a day, including today. |
|
|
|
|
Reply: 20 - 181 |
|
|
| Hamish |
| Posted on: Thursday, June 29th, 2006, 7:59am |
|
|
Posts: 2
|
Hi again!
Anyone get spam from a company using various https?? The company is called VIP Pharmacy. I checked out Google and came up with VIP Pharmacy and sent them all the spam I received relating to VIP Pharmacy. I got this reply from a Mike Norwood. Apparently, VIP Pharmacy is registered allright but he claims they're legit even though he states they're really a software company but not the same VIP. Here's his email to me. Maybe it'll ring a bell with someone. Hamish
Sir,
I am sorry you are getting these emails, but unfortunately can not do
anything to stop them, as they do not come from us. We do not sell or
market any drugs over the internet, we are a software company, and our
website is specifically used to market our pharmacy software. Our
company name is VIP Computer Systems, INC. We did register the web
address vip-pharmacy.com, but other than the spam showing the name VIP
Pharmacy at the bottom of their webpage, there is no connection at all
to our company. We have gotten occasional emails about this over the
past couple of months and it appears that the spam links to various
different web addresses registered to people in Eastern Europe or
sometimes Asia. The webpages have sometimes listed a partial address in
Port Richey, Florida, or a town in Utah on the contact us page, but it
appears the one you got does not even show that. Again I wish I could
help you with this, but again our only connection at all is that we
registered a similar web address to the name used on the spammers
websites.
Mike Norwood
VIP Computer Systems
919-644-1690 |
|
|
|
|
Reply: 21 - 181 |
|
|
| Dave |
| Posted on: Saturday, July 1st, 2006, 8:33am |
|
|
Guest User
|
Hi -Im in the uk and get many spam messages from "My Canadian Pharmacy"
usually from or via china telecom who I believe have just recently started
to accept abuse reports. Whether they do anything with them is another matter.
The latest effort is from http://plumageruby.info
The pictures for the following appear to be hosted in Germany
http://62.75.178.134:8080/p/images/veris.gif
Top rated by pharmacychecker listed at Better business bureau verified by visa verisign secure site CIPA certification
Return-Path: <celcoat@tiscali.co.uk>
Received: from He (218.14.199.152) by mk-cpfrontend.uk.tiscali.com (7.2.034.7)
id 440D1D720656CDC4 for David@tiscali.co.uk; Sat, 1 Jul 2006 11:18:55 +0100
Received: from [138.36.227.117] (port=2630 helo=138.36.227.117)
by tiscali.co.uk with esmtp
id krS9ig-eP5604-87
for David@tiscali.co.uk; Sat, 01 Jul 2006 04:37:56 -1000
Content-class: urn:content-classes:message
Subject: save yOur wallet use cheap qual1ty meds and pi1ls
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----_=_NextPart_001_01C69139.97634528";
Date: Sat, 01 Jul 2006 04:37:56 -1000
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <6325703.20060701043756@tiscali.co.uk>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: save yOur wallet use cheap qual1ty meds and pi1ls
Thread-Index: GSBn4BdBvQIRSuESzbt2R8GuzFWdez==
From: "Billie" <celcoat@tiscali.co.uk>
To: David@tiscali.co.uk
X-Return-Path: celcoat@tiscali.co.uk
X-MDaemon-Deliver-To: David@tiscali.co.uk
X-MDAV-Processed: tiscali.co.uk, Sat, 01 Jul 2006 04:37:56 -1000
X-Spam: Not detected
I will report to China telecom and abuse@server4you.desk if they can stop hosting the pictures. |
|
| Logged |
|
|
|
Reply: 22 - 181 |
|
|
| dj |
| Posted on: Sunday, July 2nd, 2006, 2:55am |
|
|
Guest User
|
I just checked your link http://plumageruby.info/p/ and the top image is http://66.93.90.164:8080/p/images/weship.gif. Perhaps they are moving the hosting of the pictures about?
http://www.arin.net/whois/ says that 66.93.90.164 is -
CustName: FutureLink Communications
Address: 25 Broadway
City: New York
StateProv: NY
PostalCode: 10004
Country: US
RegDate: 2006-05-23
Updated: 2006-05-23
NetRange: 66.93.90.160 - 66.93.90.191
CIDR: 66.93.90.160/27
NetName: SPEK-444634-0
NetHandle: NET-66-93-90-160-1
Parent: NET-66-92-0-0-1
NetType: Reassigned
Comment:
RegDate: 2006-05-23
Updated: 2006-05-23
RTechHandle: AS3414-ARIN
RTechName: Stollar, Andreas
RTechPhone: +1-206-728-9770
RTechEmail: abuse@speakeasy.net
OrgTechHandle: AS3414-ARIN
OrgTechName: Stollar, Andreas
OrgTechPhone: +1-206-728-9770
OrgTechEmail: abuse@speakeasy.net
Surely as this is a US address and this is obviously a credit card number harvesting site, someone can report this to the law enforcement agencies in the US?
I'd also suggest copying any complaint to the BBB, PharmacyChecker and Verified by Visa so that they can take action to get their logos removed by this hosting company. I send them copies of the mail and include analysis of where the images are hosted and by whom with contact details.
Addresses I have used for these three are -
verifiedbyvisa@visa.com; bbbmp@bbbmp.ca; gabriel.levitt@pharmacychecker.com
I could not find a suitable address for Verisign who you would think would be interested in this sort of thing.
I havent received a single one of these MyCanadianPharmacy mails in my main mailboxes for the last 5 days, since writing to all these companies about the use of their logos, and reporting all mails received from them to Spamcop for a couple of weeks.
62.75.178.134 as you say is in Germany -
inetnum: 62.75.178.0 - 62.75.178.255
netname: SERVER4YOU-1
descr: SERVER4YOU Dedicated Server Hosting
descr: http://www.server4you.de
country: DE
org: ORG-BSBS1-RIPE
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
rev-srv: ns1.plusserver.de
rev-srv: ns2.plusserver.de
status: ASSIGNED PA
remarks: Abuse-Contact: abuse@server4you.de
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
organisation: ORG-BSBS1-RIPE
org-name: B S B - Service GmbH
org-type: NON-REGISTRY
descr: Internet-Hoster
remarks: BSB Service GmbH is part of intergenia AG
address: Daimlerstr.9-11
address: 50354 Huerth
address: Germany
phone: +49 2233 612-0
fax-no: +49 2233 612-144
admin-c: OD376-RIPE
tech-c: IT1309-RIPE
mnt-ref: INTERGENIA-MNT
mnt-by: INTERGENIA-MNT
source: RIPE # Filtered
role: Intergenia Technik
address: intergenia AG
address: Daimlerstr. 9-11
address: 50354 Huerth
phone: +49 2233 612 0
fax-no: +49 2233 612 144
remarks: trouble: Information Contact info@plusserver.de
remarks: trouble: Abuse Contact abuse@plusserver.de
remarks: trouble: for more information http://www.plusserver.de
There is another abuse address listed.- abuse@plusserver.de
They are part of the larger RIPE organisation - abuse@ripe.net
Good Luck!!!
|
|
| Logged |
|
|
|
Reply: 23 - 181 |
|
|
| tman |
| Posted on: Sunday, July 2nd, 2006, 3:49pm |
|
|
Gender: Male Posts: 36 |
Quoted from dj (Guest) I just checked your link http://plumageruby.info/p/ and the top image is http://66.93.90.164:8080/p/images/weship.gif. Perhaps they are moving the hosting of the pictures about? Surely as this is a US address and this is obviously a credit card number harvesting site, someone can report this to the law enforcement agencies in the US? I'd also suggest copying any complaint to the BBB, PharmacyChecker and Verified by Visa so that they can take action to get their logos removed by this hosting company. I send them copies of the mail and include analysis of where the images are hosted and by whom with contact details. Addresses I have used for these three are - verifiedbyvisa@visa.com; bbbmp@bbbmp.ca; gabriel.levitt@pharmacychecker.com I could not find a suitable address for Verisign who you would think would be interested in this sort of thing. |
Earlier in this thread, there's a link to the BBB's report on these guys. According to them, they know they're using the logo illegaly, but can't find them. Probably same for VISA, Pharm Checker, etc.
As for the image hosting, I've seen lately that some spam, mainly the account phishing sites, are located on hacked servers. Often a compromised web server can be a great tool for spreading spam, as the results become "someone else's problem." Looking at the root IP address, that looks like a pretty legit operation to be purposely supporting spam. It's hard to tell if this is the case, but it's certainly probable (and happens). When you uncover one of these image hosts, try going to just the root URL. If it looks like a legit company, try sending a polite e-mail informing them of it, with a copy of the URL. If the page still remains after a few days, then maybe they are part of the spammers. Spammers don't just screw up e-mail, they also victimize legit businesses and web sites. Anything to avoid finding their real identity.
|
|
|
|
|
Reply: 24 - 181 |
|
|
| comdetroit |
| Posted on: Monday, July 3rd, 2006, 8:22am |
|
|
Gender: Male Posts: 52 |
Earlier I posted-
According to webhosting.info, there are 7 domains at this IP. All of them hosted by an Andy Lambe (Lambe Solutions). His websites are-
1 ANDYLAMBE.COM.
2 ATLANTICLIFEQUOTE.COM.
3 CCIPNG.COM.
4 LAMBEFINANCIAL.COM.
5 LAMBESOLUTIONS.COM.
6 PEICREDITBULLETIN.COM.
7 PEILIFEQUOTE.COM.
I received an email from Ande Lambe at Lambesolutions.com about MyCanadianPharmacy possibly hosting their images on their servers. This was in response to a phone call I had made to them.
He stated that he was going to check into it. I haven't received any spam from them lately. |
Everything Internet
http://www.comdetroit.com
Detroit Area
http://www.comdetroit.net |
|
|
|
| |
Reply: 25 - 181 |
|
|
| dj |
| Posted on: Tuesday, July 4th, 2006, 5:24am |
|
|
Guest User
|
I hadnt received any MyCanadianPharmacy mails since 26 June and even then the urls were already dead.
Then today I received 4 of them again! 
Sorry make that 7, another three just came in. >
Images all hosted at -
http://62.75.178.134:8080/p/images/weship.gif
|
|
| Logged |
|
|
|
Reply: 26 - 181 |
|
|
| dj |
| Posted on: Tuesday, July 4th, 2006, 5:52am |
|
|
Guest User
|
Earlier in this thread, there's a link to the BBB's report on these guys. According to them, they know they're using the logo illegaly, but can't find them. Probably same for VISA, Pharm Checker, etc.
|
I did find the BBB report (eventually). It is not exactly obvious when you go to their site. I'd like someone to tell me how to find it from their homepage!
My comment at these organisations is that they dont seem to do a lot to track down spammers misusing their logos and reputations.
Credit card companies (Visa etc) whine about credit card fraud.
Verisign provide secure credit card transmission which is compromised if their logo is misused.
BBB supposedly are a seal of approval for companies.
Only PharmacyChecker seemed at all concerned and gave me a personal reply, BBB did not respond at all and VerifiedbyVisa gave a template reply telling me how to spot phishing.
I suspect that if one or more of these organisations complained to the hosting companies officially then the image hosting would be removed a lot faster than if you or I complain.
I have mailed abuse@server4you.de and abuse@plusserver.de today reporting the image hosting on their server. - 62.75.178.134 It will be interesting to see how long the images remain there.
(End of whinge - I feel better now  )
|
|
| Logged |
|
|
|
Reply: 27 - 181 |
|
|
| dj |
| Posted on: Wednesday, July 5th, 2006, 4:37am |
|
|
Guest User
|
Eventually got 13 mails from MyCanadianPharmacy yesterday and have already had another 7 this morning already.
However trying to follow the links (after removing the string of numbers on the end) gives - The page cannot be displayed.
Hopefully this will mean that they will be off air for a couple of days.
Now on to the Luxury spams (fake replicas) and the spams without titles that offer me cheap credit if I "Naw email hier" (sic) |
|
| Logged |
|
|
|
Reply: 28 - 181 |
|
|
| comdetroit |
| Posted on: Thursday, July 6th, 2006, 9:20am |
|
|
Gender: Male Posts: 52 |
The reason the emails from MyCanadianPharmacy may have stopped momentarily and the reason for the websites not working for a day or so is because they had to move. I called and talked to an associate of Lambe Solutions/Lambe Financial. I actually received a response from Ande Lambe of Lambe solutions. Lambe solutions is where the images for MyCanadianPharmacy were hosted-
Here is Ande Lambe's response-
I am told they think we have narrowed this down to one of my sites which appears to have permitted “hackers” to access in spite of our best intentions to prevent this. I have contacted the company who designed this site and written the code. They are very surprised this could have occurred but they promise to work on it today to make sure we prevent any future occurrences.
Thanks for brining this to my attention.
Andy
Andy Lambe, CLU, CFP, CHFC, RHU
Andy Lambe & Associates Inc.
Partners In Planning
20 Great George St.
Charlottetown, PE
C1A 4J6
Ph. 902 368 8320
Fax 902 894 3159
Ande Lambe had booted them from his servers. His response actually very quick and I made sure to thank him! The images are now hosted at another IP. I am back to getting 5-10 spams a day from them again.
Here is the new IP address-
62.75.178.134 port 8080
According to
http://remote.12dt.com/rns/lookup.php
This IP belongs to-
Intergenia.de
Name: Hostmaster intergenia AG
Address: Daimlerstrasse 9-11
Pcode: 50354
City: Huerth
Country: DE
Phone: +49-2233-612-0
Fax: +49-2233-612-146
Email: domains@domains.intergenia.de
Changed: 2005-01-21T14:37:40+01:00
I have emailed them today.
|
Everything Internet
http://www.comdetroit.com
Detroit Area
http://www.comdetroit.net |
|
|
|
| |
Reply: 29 - 181 |
|
Pages: « 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 » : All |
Locked Board