2018/06/21

Alert: tender request for Z40 Grandlin Tactical Boots?

Have you received a tender request for Z40 Grandlin Tactical Boots from a government department?

If so - report it. It's a tender scam!

The claimed boots are found uniquely in South Africa at  http://www.capearmystore.co.za  - a Scam!

This company claims to be at an address where the real owner of the address raised the red flag after numerous parties who bought and paid for these boots, started arriving at their doors, only to hear they've been defrauded. Financial losses are huge in this scam. At least one business closed it's doors and removed their website. 

Let's look at the supposed boots on the website:

Actually these boots are known as "Helikon Mojave Desert Boots Coyote / MultiCam". A quick check shows this boot advertised all over internationally.


The ID Code for this boot is BU-DMO-LE-34 and can be found here: http://www.media.helikon-tex.com/i/mailing/Shipping2013-07-17/Shipping2013-07-17.html

If you have been scammed, please report these at your nearest police station. There is no reason to send you from one police station to another, they are obliged to accept the case. If it needs to be transferred, the police processes are in place to do so.




2016/03/07

Godaddy #PhishMustFall

 Update 2016-03-08


This phish is eventually down. Thanks to all. However a phish that stayed active for 15 days is a red flag that something is amiss with abuse handling procedures. Hopefully this will be a cause for some introspection at Godaddy


The dog has decided to join a must-fall cause and is asking you to support the cause, but with a twist.

You are being asked to report a phish to Godaddy via their form.


Why?

The industry average for a phish take-down is currently something between 48 to 72 hours, that's two to three days.

Of late South Africans have been subjected to ongoing phishing attacks. Many of you have probably seen a notice from some South African bank in your email you probably do not even deal with. The security community has been silently fighting these, reporting them, ensuring a cleanup is done.

However we have hit a snag - Godaddy!

Despite the industry average, Godaddy takes an unacceptable extraordinary long time to actually take down phishing sites.

The nkoliza.com example:

Domain nkoliza.com was registered 5 Feb 2016 and from day zero it was used for phishing. The domain was registered with invalid registration details. Further it was hosted at Godaddy as well. Godaddy was alerted to this abuse on the 5th of Feb as well. This phishing domain was only terminated on the 12th.
Refer:
http://www.phishtank.com/phish_detail.php?phish_id=3811754 
http://www.phishtank.com/phish_detail.php?phish_id=3813729

A week to take down a phishing website is simply not acceptable.  In this time the phisher is spamming users and defrauding victims. This might be your father, mother, aunt, son or whoever receiving this phishing link that may inadvertently believe it, then be phished. It's ScamPup's contention that nobody deserves to be defrauded.

http://crafi.com.mx phishing - up for 14 days so far

If you believe that a week response time for a phish take down is bad, it gets worse - and why your help is needed.

The website at http://crafi.com.mx is currently hosting a phishing website. Once again this website is hosted at Godaddy. To make matters worse, this website has been reported on the 22nd of Feb 2016 already!

Thus far the South African cyber community has been polite with abuse issues and Godaddy. Godaddy's response is that it will be attended to in due course. However it's been 14 days today that this phish has been up. This is simply not acceptable. If Godaddy feels so little for internet users as to expose them to this risk and abuse, we should let them know it's not acceptable.

The actual website appears to be a hacked Wordpress site belonging to a clinic in Mexico, apparently still under development.

The phish is at: hxxp://crafi.com.mx/copyfnb-nopey2016/copyfnb-fred/mainmenu2016/continue1.php
Refer: http://www.phishtank.com/phish_detail.php?phish_id=3850136

Forcing issues a bit reveals the badness:

You are requested to report this phish at https://supportcenter.godaddy.com/AbuseReport by clicking on the Phishing link, then selecting I wish to report a website that is posing as another website and supplying the details for the phishing page.

Let's send a message to Godaddy: we do not wish to be the targets of phishing, they should be more responsive to phishing incidents and we object to this situation having developed in the first place.

Thank you for your support.

#PhishMustFall


2016/02/05

CAPONE DISC: community service anti-fraud alert

Have you come here after searching for a CAPONE DISC?

Well, it does not exist. It's a scam!

Somebody is trying to defraud you!
This is what you're going to be offered:



But wait, note the part number 2 608 602 619? Note the vivid brown? Note the smudge mark on the grey inner left label? 
The image has been altered! In reality this is a Bosch disc!

This is a standard item in the Bosch product range, not some rare hard to find expensive item.
By using a unique name for a product, the party that contacted you is trying to defraud you.

Known Scam used details:

Capone Trading PTY LTD.
52 Eastman Road, Capetown, 7405
Telephone: (021) 801 2413
FAX: (086) 558 9559
E-mail: sales@caponetrading.com
caponetrading.com
And remember - CAPONE DISC does not exist!

This is a community service anti-fraud alert.

TRUCHEN PO-10 MOTOR PUMPS: community service anti-fraud alert

Have you come here after searching for TRUCHEN PO-10 MOTOR PUMPS?

Well, it does not exist. It's a scam!

Somebody is trying to defraud you!
This is what you're going to be offered:


But wait, note the oddly angled p0-10? The image has been altered! In reality this is a LUKAS hydraulic pump.


By using a unique name for a product, the party that contacted you is trying to defraud you and is the same party as the fictitious newclimatictrading.co.za (which does not exist either).

And remember - TRUCHEN PO-10 MOTOR PUMP does not exist!


This is a community service anti-fraud alert.

2016/02/04

GORITAS DISCS: community service anti-fraud alert

Have you come here after searching for GORITAS DISCS?

Well, it does not exist. It's a scam!

Somebody is trying to defraud you!
 
This is what you're going to be offered:

But wait, note the smudging marks around the name "GORITA DISC"? The image has been altered! In reality this is a cutting disc from China called WINONE..

 
By using a unique name for a product, the party that contacted you is trying to defraud you and is the same party as the fictitious newclimatictrading.co.za (which does not exist either).

And remember - GORITA DISC disc does not exist!


This is a community service anti-fraud alert.