www.TransferGate.com / TransferGate Group Scam
14th March 2005
PLEASE NOTE: if you have visited the transfergate.com
web site your machine is probably now infected with
spyware if you use Internet Explorer - read more.
Visiting spamvertised sites in Internet Explorer is
If you find this article useful, please consider
linking to us.
The following scam email is currently in circulation.
Please note that you should not visit the site listed
under any circumstances.
Estrella JOYCE [mailto:firstname.lastname@example.org]
13 March 2005 03:48
WHO WE ARE?
Group was founded in August 2001 by an international
team of experts in the sphere of finance and marketing
to solve currency exchange problem. Our cooperation
with large Internet companies includes rendering
their clients convenient payment services.
WHAT DO WE SUGGEST?
simple, and at the same time perspective and well
paid job! As TransferGate develops very rapidly,
we permanently need new people to occupy the position
of Processing Manager, able to receive and send
payments. This part-time job does not require any
special skills. You do not have to spend much time
to earn sufficient money to be added to your main
of the Processing Manager is to process payments
between our partners' clients and our company. Every
payment will be accompanied by detailed instruction.
The brief training course is enclosed.
responsibility and promptness in operations;
PC with Internet and e-mail access;
- We don't
work with persons under 21;
- One or several
HOW MUCH WILL YOU EARN?
earn 5-8% from each transaction! For example, you
received 5,000 GBP wire transfer to your bank account.
You should withdraw the money, take 5% (250 GBP)
for yourself and then send the remaining part to
our company authorized agent. As you see, all operations
are very easy.
HOW TO APPLY?
visit our website, read the job description thouroughly
and fill in the candidate pre-employment questionnaire.
VISIT OUR WEBSITE
visit our corporate website to get more information
about our company and the job offered. If you have
any questions, feel free to get in contact with
me using contact methods, described on the Contact
you for attention.
This email is either a money laundering scam or
wire fraud. If you actually participated in this
scheme, it is quite possible that you would face
criminal charges and a prison sentence, or at the very
least end up seriously out of pocket.
Let's look at the business proposition more carefully.
Essentially, the offer is that you receive a transfer
into your account (in this case by wire transfer, but
possibly also including other traceable electronic transfer
systems), then you withdraw cash from your account and
transfer the majority of it to an agent, "keeping"
It looks like money for nothing, right? Right
- that's the classic hallmark of a scam: it appears
that you can get rich quick for very little effort.
There's also some very clever social engineering
here - notice that the email asks if you are
trustworthy, not the sender. And by using carefully
measured, businesslike language it adds credibility
to the email.
However, what will actually be happening is one of two things:
The simplest way a scam like this will work is that
the bank transfer you receive will actually be bogus,
and though the money may appear to be in your account,
it may later be detected as fraud and the transaction
cancelled. Unfortunately, by this time you will have
already withdrawn cash from the account and forwarded
that on to somebody else who will no longer be traceable.
You will be liable for the debt, which may run into
many thousands of pounds.
An increasing common occurrence - the money being
transferred to you will be from criminal activities.
It may have been taken from a hacked bank account, or
possible some other criminal enterprise. By accepting
the transfer and then forwarding it, you will be criminally
liable for processing stolen goods or proceeds of a
criminal enterprise. The scam is carefully constructed
so that all the fingers will be pointing at you,
and you will have no evidence of who you actually passed
the cash to. In this case, you may well be looking at
a prison sentence.
The UK's Metropolitan Police offer general
advice on this type of fraud, but the simplest rule
is - "If it sounds too good to be true, then
it is!" - after all, if you believe what this
email tells you, then you can make hundreds or thousands
of pounds for very little effort. Unfortunately,real
life isn't quite like that.
As outlined above, the money trail ends at you
- because in this case you would then be making an untraceable
transfer. The aim of this scam is to put you
firmly in the frame. Your new business partners will
not care what happens to you after you get caught -
they'll simply find someone else.
This email was spam - completely unsolicited. You
should never respond to a spam email and never
even visit the site (this will be explained in more
detail below). The From: details do not match
the signature at the bottom of the email, and the sending
domain is incorrect. Also, the salutation is wrong ("Dear
Izaiah") in this case. You should not rely on scammers
making errors of this nature, however.
A Google search for "transfergate
group" shows no legitimate web site. Even if
there were a web site, it would not prove that such
a company exists. You will note that there are no contact
details in the email either - you would expect a telephone
number to call if this was a genuine offer.
The email claims that the group was set up in 2001,
but by using a WHOIS service (for example, whois.sc)
we can see that the domain was actually registered in
PARIS, ID 75019
PARIS, ID 75019
EV1 Servers email@example.com
of Record: TUCOWS, INC.
Record last updated
Record expires on 17-Jan-2006.
created on 17-Jan-2005.
servers in listed order:
Note that the Paris address is almost definitely
fake, and Everyones Internet and Tucows Inc are not
parties to the fraud. As you can see, the domain was
only registered on 17th January 2005 - any business
founded in 2001 would surely have had a web site long
before that. (Although our research shows us that the
domain had also been registered and expired in 2000
by an unrelated party.)
The server is actually located at 188.8.131.52
in China, along with several other sites, some of which
are clearly typosquatting or are spam-related.
Of course, this is not proof that any of the registered
owners of the other sites listed on this server are
in any way connected with this fraud.
Visiting the site in Internet Explorer will lead
to your PC being infected with unsolicited software
- most likely spyware and keyloggers designed to record
your online banking activity (note that if you responded
to the email, then you will almost definitely use some
online banking because of the nature of the offer).
The spyware is specific to Internet Explorer - if
you attempt to visit the site in any other browser (such
as Firefox, Opera or Mozilla), you will get the following
Please, use Internet Explorer 5.0
or higher to access this website..
If you actually do visit using Internet Explorer,
something very different happens - an encoded piece
your machine. At present, we do not know the exact nature
of this software, but it does appear that the exploit
is not detected by major anti-virus applications.
If you have visited this web site, it is most
likely that any banking accounts, including PayPal plus
any other password protected resources will have been
compromised. You should immediately contact your bank's
security department and advise them of this.
Because we do not know the nature of the spyware
installed on the system, we would recommend that the
only safe approach is to reformat your hard disk
and rebuild your system from scratch.
At your own risk, you may however try one
or all of the following scanners:
These are all good products, but it's quite likely
that no single product will be able to clean up your
machine. You should also run a full virus scan with
a reputable anti-virus package.
We strongly recommend never using Internet
Explorer as it is inherently insecure. We strongly recommend
You should not use your computer to make any financial
transactions or access secure systems until you are
100% certain that your PC is cleaned of spyware. If
in doubt, contact a qualified IT professional.
The mechanism here is particulary sneaky - by enticing
you to the infected web site, the scammers can potentially
access your banking systems, which they can then transfer
out using "mules" who sign up for the scheme.
it sounds too good to be true, then it is!"
you have been defrauded by these scammers you should
contact your local police.