Spam saga update: The crap they're selling

July 8, 2003

After about 21 hours of receiving bounces and failure notices as a result of spammers sending spam claiming to come from andrewraff.com, I have received 307 of these messages.

All of the bounced spam messages link to the web page http://d23.a1x.net/~admin12/1a2s.htm However, email uses a different prefix before the hostname, such as http://whcvxmj.com@d23.a1x.net or http://vnqcoep.com@d23.a1x.net. All contain a 5 digit "psid" variable at the end, such as "psid=17972" or "psid=33794." This web page advertises "Complete Webmaster Solution," a set of 25 web page templates, a purported "$2,425 value" and "AdBlaster Pro" software.

The web page is "@2002 NetBiz Inc. All Rights Reserved." I'm not sure what they mean by "@2002." Perhaps they mean ©2002? Ironically, even if I wanted to buy this crap, I couldn't, since I "am not authorized" to view their "Secure Order Form."

I'm concerned about this not just because of the hundreds of bounced emails I have received in the last day, but because of the possible damage done because of the spammer's theft of my domain name. If over 300 of these messages bounced back to me, how many of them went through to valid email addresses? How can I recover the value of the damage done to my name by this spammer? (Since this domain is eponymous, my personal reputation is connected to this domain.)

Posted by Andrew Raff at July 8, 2003 06:23 PM
Trackbacks
Trackback URL for this entry: http://www.andrewraff.com/mt/mt-tb.cgi/443
Comments

you need to contact your hosting provider asap, so if they get complaints, they'll know it wasn't you. also, does your server perhaps have an unsecured mail script? they could even be using your website to spam. check your server logs.

Posted by: Alice on July 8, 2003 07:07 PM

They're not actually using my site to send the spam. All the mails are getting sent through a menagerie of open SMTP servers. Instead, the spammers are claiming that the emails are being sent from my domain, using forged From: fields.

Posted by: Andrew on July 8, 2003 07:15 PM

My domain name has also been hijacked by this company...I've recieved nearly 800 bounced messages already. After some serious research, I have been unable to contact anyone who can "do anything" about it. If you do find a solution, I'd really appreciate knowing about it :)

Good luck, and may the "netbiz" people pray we never find them.

Posted by: Amos on July 10, 2003 04:53 PM

I'm glad I found someone else that has run into (rcvd) this email. Sorry Andrew (and Amos) that this company has been using your identity.

I actually have been trying to track them down with out luck, 'cuz I wanted to know more. I knew the offer sounded too good to be true, so I wanted more info, but never could get any answers - all emails just came back to me.

I suspect that Amos, all you have to do is contact the FBI and other agencies, for since they are taking credit card orders, they are probably just taking peoples money and not sending them anything. That's what I'm going to try to do - report them (and all that I've rcvd so far), 'cuz that's definite fraud.

I guess I missed the "@2002" for the copyright notice, Andrew! Thanks for pointing that out.

Good luck to us all :)

Cheers,
Paul

Posted by: Paul on July 10, 2003 06:50 PM

Send your complaints to:

http://www.ftc.gov/

Posted by: Paul on July 10, 2003 07:35 PM

Yes, they use my domain too as a forged reply to address. I notice a company with that name in California is up in court for using something I don't understand but I think is some crooked email scam.

Posted by: Tony Walker on August 14, 2003 12:31 PM

I found a permanent webpage which is exactly the same as the one they send out as an attachment in their spams. The domain is http://www.firstmondaymerchants.com/web_solution_frame.htm

Check it out to see if it's the same text graphics layout etc as the one they are sending out from you. The interesting thing about this page is that it has a paypal button on it so we should be able to find out their real email address

Posted by: Tony Walker on August 15, 2003 04:55 AM

I have also been targeted by Mr. Antonio Echavez, the owner of the California corporation, that among other actions has been sued by the FTC to shut down a scam medical billing operation.

This slim ball needs to be shut down. His address according to court records is 311 West Burbank Blvd., Suite 201, Burbank, California 91505 or 610 East Latham Avenue, Hemet, California 92543

Contact information on his website is listed as: Net Biz Inc.
4249 1/2 Moore St.
West Los Angeles,
CA. 90066
U.S.A.

Phone 310-712-2575
--Toll Free: 888-501-9703
Email: info@netbiz.net

I will be notifying the FTC about his latest scam and I hope all of the other victims will do the same.

Perhaps, someone in that area can pay him a personal visit and "explain" to him the consequences of his actions...

Posted by: APF on August 18, 2003 03:37 AM

Gabrielle Reilly recieved an email from someone claiming to be "Netbiz" today so I did a search and found your forum. Not sure if it is related to this same person but another scam (she has several websites and unfortunately although she would never take nude photos, people constantly take her pics and links and post them on all sorts of sites without permission). This is not an agency. Here is the email she recieved.

"Hello there,
we liked your pic at _____. We are an agency that would like to hire your. Could you send us more photos of you please?

Sincerelly,
NETBIZ"

It is becoming very difficult to determine validity of people contacting you via the internet, although this one is obvious. Gabrielle has also had her site hijacked several times.

Frustrating!


Posted by: Gwen on August 18, 2003 03:50 PM