Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
jwSpamSpy
Try it for free!

Google
 

Fraudulent Job offer: "ICG Commerce" (ICG)

The "ICG Commerce" job offer is part of a series of scams designed to trick third parties into assisting the criminal laundering of stolen money. It appears to be part of the same series of scams as the following scams:

  • "ECOS Services"
  • Xian Energy or Purexian scam???
  • http://www.checkbank.com
  • http://www.checkbank.biz
  • http://www.purexian.biz
  • Checkbank
  • Financial Consortium International, LLC
  • Purexian
  • Filenio Finance
  • Xian Energy SOT
  • Next Day Finance, LLC
  • http://www.ntt-body.com
  • http://www.ri-coza.com
  • http://www.worldremittances.com
  • http://www.nextdayfinancellc.biz
"ECOS Services" was being investigated by the Australian High Tech Crime Squad (www.ahtcc.gov.au) this month.

The fraudulent brand new websites "borrow" text from the three year old website of the following legitimate company:

Here is the spam email from "ICG Commerce":

Hi,
    Recently I've reviewed your CV and I'd like to propose you a good opportunity to join our great team.
    Our company - ICG Commerce was founded ten years ago to serve the European business entrepreneurs and establish a profitable base for corporations desirous to succeed in new ventures in the United States and vice versa.
    We are financially stable company with growing business worldwide. Due to expanding our business, we are glad to announce a number of vacancies of Regional Representative/General Assistant.
    All operations are home based and will require just a couple of hours of your time.
    Successful candidates must admit a high rank of responsibility as your duties will include money operations, transferring of valuable business documents and so on.
    The individuals hired into these positions will initially go through a brief training program that will give them exposure to all operations functions including routing, inventory control and special projects. Now we need regional representative in the most areas.
    To apply for this position and for more information click on this link: Contact ICG Commerce

Best regards,
Konrad Zemler
ICG Commerce.
Here are the message headers:
Received: from s010600115b08cb67.vn.shawcable.net ([24.80.77.135])
	by #####.###########.### with esmtp (Exim 4.43)
	id 1CVhrL-0008Du-7m
	for ######@########; Sun, 21 Nov 2004 03:53:51 +0100
Received: from unknown (HELO localhost) (127.0.0.1)
    by localhost.ysukly.com with SMTP; Sun, 21 Nov 2004 03:01:14 +0000
Received: from 134.8.1.105 (134.8.1.105[134.8.1.105])
       by S010600115b08cb67.vn.shawcable.net (IMP) with HTTP
       for <######@########>; 
Message-ID: <5094911101006074@S010600115b08cb67.vn.shawcable.net>
From: "Hilary" <ennbiskd@olesky.com>
To: "Charles" <######@########>
Subject: Regarding your RESUME.
Date: Sun, 21 Nov 2004 03:01:14 +0000
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.2
X-Originating-IP: 134.8.1.105
X-MailScanner-SpamCheck: spam, SpamAssassin (score=11.873,
	required 5, HTML_20_30 0.23, HTML_MESSAGE 0.00, 
	MIME_HTML_ONLY 0.18, NORMAL_HTTP_TO_IP 0.03, 
	RCVD_IN_BL_SPAMCOP_NET 1.22, RCVD_IN_DSBL 3.81, 
	RCVD_IN_SORBS_DUL 1.99, RCVD_IN_XBL 3.08,
	RCVD_NUMERIC_HELO 1.25, WEIRD_PORT 0.11)


Fraudulent website:
http://218.104.151.145:9121/contact.php

     inetnum:      218.104.151.128 - 218.104.151.255
     netname:      changsha-zhongnan-daxue
     country:      cn
     descr:        changsha city
     admin-c:      TC254-AP
     tech-c:       TC254-AP
     status:       ASSIGNED NON-PORTABLE
     changed:      daihy@china-netcom.com 20020826
     mnt-by:       MAINT-CN-ZM28
     source:       APNIC
     
     person:       TECH GROUP CNC
     address:      9/F, Building A, Corporate Square, No. 35 Financial Street,
     address:      Xicheng District, Beijing 100032, P.R.China
     country:      CN
     phone:        10-88093588
     fax-no:       10-88091442
     e-mail:       tech-group@china-netcom.com
     nic-hdl:      TC254-AP
     mnt-by:       MAINT-CN-ZM28
     changed:      zhaomq@china-netcom.com 20010917
     source:       APNIC


Anti-Spam Resources:
jwSpamSpy is our spam filter (free evaluation version available for download)
Anti-spam domain blacklist – list of domains that I refuse to receive mail from
Recent additions to domain blacklist (with whois details)
"419" scam sender/contact addresses ("Nigeria connection" address book)
DNS-based IP and domain name blacklists
IP address ranges
Dynamic IP addresses (700 KB!)
Name server / Registrar combinations
Free email providers
AOL dial-up address ranges and mail servers
How to trace senders of spam
Frequently asked questions (FAQ)
Lookup an IP address on blacklists (http://dnsbl.net.au/lookup/)

Clueless virus filters spam innocent third parties
Challenge and Response spam filters: A selfish idea for selfish times

ShareYourExperiences.com spammers
Smyrnagroup spammers (in German)
Kaplan College spam
Stock Price Manipulation Spam ("Pump & Dump")
What's the deal with "OEM software"?
'Phishing' for your wallet
Job spam for payment processors
Spam phone numbers ("diploma" spam, etc.)
"Joe job" information

Link exchange offer spam
Getting creative with spam
Link exchange spam: allcarpictures.com

Xenophobia, Spam and Viruses: The "German Spam" (Sober.H)
Sober.H – Racist German email spam spread by virus (in German)

"Joe job" against joewein.de
Porn spam: watchsound.com
Porn spam: hotsalza.com
Name servers used by spammers: joker.com
Rogue name servers: mediadreamland.com
Rogue name servers: airmaramba.biz
Rogue name servers: bonafidecash.com
Rogue name servers: maileasy.biz

Browser hijacking: heretofind.com

Computer Viruses