The internet is a wonderful place to find hidden things for the internet sleuth. Hindsight is also perfect, once you know what you're looking for.
Enter the mining supplies scam.
This investigation started with a post on
http://www.reportacrime.co.za/ where a supplier reported being defrauded. The content of the post explains how the supplier was contacted by a Zimbabwean mine in an attempt at sourcing
Penrod and
Selik cutting disks. The supplier checked to see if he could source these disks from another supplier. He found such a source on the internet. The final installment of this fraud was the supplier paying for he disks and losing the R30,000.
The loss in this case is relatively small. Businesses have reported losing hundreds of thousands of rands in these scams.
So what is the mining supplies scam and how does it work?
A scammer sets up two web sites on different websites.
On is the fictitious company seeking the supplies, a mine. Typically the content on the website is stolen from other sources. Images are stolen from real mines and published as of belonging to that mine. Wording content is stolen from the profiles of other mines. This website is now published.
A second website is configured. This shows a supplier selling certain types of tools and hardware. However here is the con; certain images are taken, perhaps altered, given a different name and unique description. The fictitious supplier may also seed the classifieds pages and other online trading pages with these fictitious items, leading back to the fraudulent website.The trap is set.
The fictitious mine now contacts the target victim business. It's seeking a certain item. The mine is very specific in it's description of what the item should be and it can't be an equivalent.
The supplier, hoping for business, now sees if he can source the item. Indeed, he finds one supplier advertising the item, in no small part assisted by the uniqueness of the item's description. He gets pricing etc and sends a quote to the fictitious mine.
The mine naturally accepts the quote. Here comes the con. The supplier can supply, but upfront payment is required for this item. However this plays out, the business can either walk away from business, or pay the fees upfront. Real South African bank are presented into which payment must be done. Once the payment has been done, the scammers are quick to break off all contact. All attempts to recover the fund are invariably futile and ends up as another cyber fraud case at some police station.
Analyzing the
http://www.reportacrime.co.za/ complaint
Here we see the fictitious mine was PANASTELLA.COM. The domain registration should raise some suspicions.
Domain Name: PANASTELLA.COM
Registry Domain ID: 1913341319_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2015-03-25T13:59:24.00Z
Creation Date: 2015-03-25T20:59:00.00Z
Registrar Registration Expiration Date: 2016-03-25T20:59:00.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: DENNIS GOCHE
Registrant Organization:
Registrant Street: 28 MANDELA AVE
Registrant City: PRETOREA
Registrant State/Province: GAUTENG
Registrant Postal Code: 0027
Registrant Country: ZA
Registrant Phone: +27.787590661
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: GOCHEDENNIS@GMAIL.COM
The registrant claims to be in
Pretorea. Of course the correct spelling is
Pretoria. Postal code 0027 is for the Groenkloof area in Pretoria. While there is no Mandela Ave in Groenkloof, there is a Nelson Mandela Drive in Groenkloof. But 28 Nelson Mandela Drive, Pretoria 0027 simply does not exist. Nelson Mandela Drive is a distance of road between Fountains Circle to Monument Park in Pretoria. It's a dual lane main road with no business entrances for obvious reasons.
So obviously we can say this address is as bogus as the mine represented it hosts. The registrant name and email address will be looked at later. But let's review the website hosted on this domain.
Using various tools at out disposal, we quickly uncover a can of worms (more about this later as well). But of note the content has been plagiarized from all over.
The above has been plagiarized from http://integrated-report.com/drdgold/2012/our-business/our-strategy.
More to the point, the main website design has been stolen from Namakwa Diamonds.
This most certainly explains why Panastella has a diamond as a logo while it claims to be a gold mine.
(Namakwa Diamonds have been made aware of this and related issues but did not respond)
Let us look at the fictitious supplier. The domain name ACCURATESUPPLIES.CO.ZA is used.
Domain Name:
accuratesupplies.co.za
Registrant:
Dennis Goche
Email: gochedennis@gmail.com
Tel: +27.0787950661
Fax: None
Registrant's Address:
67 Jan Smat Av e
Johannesburg
gauteng
ZA
2198
The attentive reader will immediately spot that the registrant name Dennis Goche and associated email address gochedennis@gmail.com appears again linked to this domain registration as in PANASTELLA.COM. But the address is totally different.
Obviously Jan Smat Ave does not exist, it should be Jan Smuts Ave. Our first problem with this address should be that Postal Code 2198 is the Houghton/Berea area in Johannesburg at it's nearest point to Jan Smuts Ave. But the problem is that Jan Smuts Ave never has a postal code of 2198 as it does not go into these areas.It does nto take much searching to see that
The Four Seasons Hotel The Westcliff is located at 67 Jan Smuts Ave.
Looking at the actual website of hosted at http://www.accuratesupplies.co.za, a good place to always start avoiding the eye candy is the company profile:
A nice pretty website looking well designed. But it quickly crumbled once we looked past the aesthetic virtues. The company profile has been plagiarized from
http://www.sinodrills.com/About-Us_d1. The following text was taken and the real company name was replaced with the fictitious company name.
Obviously we'd need to ask why a company would need to plagiarize it's identity? But we already know the answer; to defraud.
In this scam the bait is
Penrod diamond disk and
Selik Disk. Searching for
Penrod diamond shows it to be unique in the supplies context and only available on http://www.accuratesupplies.co.za. The same with
Selik Disk. So this is the bait and anybody actually seeking this product in good faith, will be led to http://www.accuratesupplies.co.za.
How wide is the problem?
Very wide. Let's examine our fake mining website. We find similar clones:
http://www.chimanimanidiamonds.com/
http://www.dalnymine.com/
http://www.madziwamine.com/
http://www.makutigold.com/
http://www.mazowe.com
But let's not get caught up on one scam template. There are others:
http://jessiemine.com/
Looking at suppliers, we find similar patterns with unique baits, best described via this image search. Consider this image commonly used on scam supplier websites:
Scam variations
As always, don't get caught up on the details of the scam as described. Scams differ each time.
A common variation on the above scam play, is to impersonate a legitimate government department. Parties received forged requests for an item, much like described. A search shows this to only be available at one specific company, the scam website.
What can be done?
- This scam needs to be exposed regularly, creating awareness in the business community. South Africans have short memories.
- Businesses should properly research any requests and suppliers.
- When fraudulent supply attempts are detected, they should immediately be reported. Report to the South African Police Services.
- Report to anti-abuse websites. One such is http://www.aa419.org/. These folks also investigate scams
- Before paying any monies to a bank account via EFT, ensure the account holder name matches up with the details you have received. Banks do not verify names when doing EFTs and this loophole is commonly abused.
More references:
http://www.theforumsa.co.za/forums/showthread.php/15731-Mining-Equipment-Supplies-Scam
http://scambuster.co.za/scams/mining-supplies-scam.html
http://www.reportacrime.co.za/CrimeReport.aspx?ID=6832
http://www.iol.co.za/business/companies/wise-up-to-new-fraud-fashions-1546404
http://ewn.co.za/2015/03/07/New-scam-targets-Water-Sanitation-Dept
http://mybroadband.co.za/vb/showthread.php/554187-Scam-Magic-Cellphone-number
(Scammer sets up forwarding ... incorrectly.)
