ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
The Register of Known Spam Operations
Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov

Evidence Menu:

Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov Index

Country: Ukraine
So many Alex & Alexey spamming! Alex Blood tied to Pilot Holding & long ago, then Alex Polyakov posted he owned them. Massive botnet and child-porn spam ring, also pharma, mortgage, and more. May work with Kuvayev and Yambo.

Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov SBL Listings History
Current SBL Listings
Archived SBL Listings hosted scams & press story [] ( aka AKANOC Solutions Inc.) [] ( - also)


Proxy spammers caught at: @ 2005-07-10

Checking server []
Domain ID: D9008590-BIZ
Sponsoring Registrar IANA ID: 82
Domain Status: ok
Registrant ID: OLNIC19037332
Registrant Name: Michael Birman
Registrant Organization: Michael Birman
Registrant Address1: 124 12th Avenue South
Registrant City: Minneapolis
Registrant State/Province: MN
Registrant Postal Code: 55415
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.6305630798
Registrant Facsimile Number: +1.6305630798
Registrant Email:
Administrative Contact ID: OLNIC19037335
Administrative Contact Name: Michael Birman
Administrative Contact Organization: Michael Birman
Administrative Contact Address1: 124 12th Avenue South
Administrative Contact City: Minneapolis
Administrative Contact State/Province: MN
Administrative Contact Postal Code: 55415
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +1.6305630798
Administrative Contact Facsimile Number: +1.6305630798
Administrative Contact Email:
Billing Contact ID: OLNIC19037337
Billing Contact Name: Michael Birman
Billing Contact Organization: Michael Birman
Billing Contact Address1: 124 12th Avenue South
Billing Contact City: Minneapolis
Billing Contact State/Province: MN
Billing Contact Postal Code: 55415
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +1.6305630798
Billing Contact Facsimile Number: +1.6305630798
Billing Contact Email:
Technical Contact ID: OLNIC19037336
Technical Contact Name: Michael Birman
Technical Contact Organization: Michael Birman
Technical Contact Address1: 124 12th Avenue South
Technical Contact City: Minneapolis
Technical Contact State/Province: MN
Technical Contact Postal Code: 55415
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +1.6305630798
Technical Contact Facsimile Number: +1.6305630798
Technical Contact Email:
Name Server: NS2.SAFEDNS.BIZ
Name Server: NS1.SAFEDNS.BIZ
Last Updated by Registrar: ONLINENIC, INC. D/B/A CHINA-CHANNEL.COM
Domain Registration Date: Wed Feb 16 15:13:07 GMT 2005
Domain Expiration Date: Thu Feb 15 23:59:59 GMT 2007
Domain Last Updated Date: Tue Apr 12 15:21:11 GMT 2005


Checking server []
Domain Name: SAFEDNS.BIZ
Domain ID: D6376102-BIZ
Sponsoring Registrar: TUCOWS INC.
Sponsoring Registrar IANA ID: 69
Domain Status: ok
Registrant Name: BBA ltd
Registrant Organization: BBA ltd
Registrant Address1: 1000, Yamraj Bldg, Market Square, 1st Floor
Registrant City: Road Town
Registrant State/Province: Totola
Registrant Postal Code: 89101-6716
Registrant Country: Virgin Islands (British)
Registrant Country Code: VG
Registrant Phone Number: +1.2062035016
Registrant Facsimile Number: +1.3202102398
Registrant Email:
Administrative Contact ID: TUETDW5OKUVIQBG4
Administrative Contact Name: BBA ltd
Administrative Contact Organization: BBA ltd
Administrative Contact Address1: 1000, Yamraj Bldg, Market Square, 1st Floor
Administrative Contact City: Road Town
Administrative Contact State/Province: Totola
Administrative Contact Postal Code: 89101-6716
Administrative Contact Country: Virgin Islands (British)
Administrative Contact Country Code: VG
Administrative Contact Phone Number: +1.2062035016
Administrative Contact Facsimile Number: +1.3202102398
Administrative Contact Email:
Billing Contact Name: BBA ltd
Billing Contact Organization: BBA ltd
Billing Contact Address1: 1000, Yamraj Bldg, Market Square, 1st Floor
Billing Contact City: Road Town
Billing Contact State/Province: Totola
Billing Contact Postal Code: 89101-6716
Billing Contact Country: Virgin Islands (British)
Billing Contact Country Code: VG
Billing Contact Phone Number: +1.2062035016
Billing Contact Facsimile Number: +1.3202102398
Billing Contact Email:
Technical Contact Name: BBA ltd
Technical Contact Organization: BBA ltd
Technical Contact Address1: 1000, Yamraj Bldg, Market Square, 1st Floor
Technical Contact City: Road Town
Technical Contact State/Province: Totola
Technical Contact Postal Code: 89101-6716
Technical Contact Country: Virgin Islands (British)
Technical Contact Country Code: VG
Technical Contact Phone Number: +1.2062035016
Technical Contact Facsimile Number: +1.3202102398
Technical Contact Email:
Name Server: NS1.SAFEDNS.BIZ
Name Server: NS2.SAFEDNS.BIZ
Created by Registrar: TUCOWS INC.
Last Updated by Registrar: TUCOWS INC.
Domain Registration Date: Sat Feb 28 19:50:20 GMT 2004
Domain Expiration Date: Mon Feb 27 23:59:59 GMT 2006
Domain Last Updated Date: Tue Jun 14 02:01:57 GMT 2005 [] []

--- DNS lookup for "", please wait...
--- contacting nameserver: [] SOA
origin =
mail addr =
serial = 2005061401
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
minimum ttl = 86400 () NS NS A

--- DNS Lookup completed


Registrar: TUCOWS INC.
Whois Server:
Referral URL:
Status: ACTIVE
Updated Date: 04-feb-2005
Creation Date: 27-jan-2003
Expiration Date: 27-jan-2006

BBA ltd
1000, Yamraj Bldg, Market Square, 1st Floor
Road Town, Tortola, 89101-6716


Administrative Contact:
ltd, BBA
1000, Yamraj Bldg, Market Square, 1st Floor
Road Town, Tortola, 89101-6716
+1.2062035016 Fax: +1.3202102398

Technical Contact:
ltd, BBA
1000, Yamraj Bldg, Market Square, 1st Floor
Road Town, Tortola, 89101-6716
+1.2062035016 Fax: +1.3202102398

Registrar of Record: TUCOWS, INC.
Record last updated on 04-Jun-2005.
Record expires on 27-Jan-2006.
Record created on 27-Jan-2003.

Domain servers in listed order:

Domain status: ACTIVE


Cybercrooks lure citizens into international crime
By Byron Acohido and Jon Swartz, USA TODAY

GRASS VALLEY, Calif. -- To Karl, a 38-year-old former cabdriver hoping for a career in real estate sales, the help-wanted ad radiated hope.

The ad sought "correspondence managers" willing to receive parcels at home, then reship them overseas. The pay: $24 a package.

Karl applied at, a fraudulent Web site imitating a legitimate site.

How a reshipment gets done
USA TODAY examined a paper trail of e-mails, letters, credit card statements, packing receipts and mailing labels that Karl kept of his work as a mule and pieced together this account of an illegal reshipment:

April 18. Someone from a bogus Web site at the center of the scam,, tests a $1 charge on, a prize-giveaway Web page, using a Bank One Visa credit card number stolen from Brian Spoutz, a 48-year-old San Jose, Calif., software salesman. A Visa investigator notified him about the compromised card in May, Spoutz says.
April 20. uses Spoutz's Visa card to place an order at for a $2,607 digital camera and extra memory. It directs shipment of two separate parcels to a home in Gilroy, Calif.
April 22. FedEx attempts to deliver the parcels, but the reshipper in Gilroy has gotten cold feet and rejects the delivery. Using FedEx's online tracking, Michael Birman of notes the failed delivery, contacts FedEx and redirects delivery to Karl in Grass Valley, Calif. Birman then alerts Karl via e-mail to watch for the two parcels.
April 23. Birman goes to Using a hot credit card number, Birman purchases a $48 Global Express Mail shipping label addressed to Roman Radeckiy in Moscow, then downloads the new label as a JPEG image file. Birman attaches the JPEG file to an e-mail to Karl, instructing Karl to combine the two parcels into one box, affix the label and mail to Radeckiy.
April 24. FedEx delivers the parcels to Karl in Grass Valley.
April 27. Karl prints out the JPEG label. Karl repacks the camera and memory into one box, affixes the printed JPEG label and completes the reshipment.


"The operation was amazing," says Karl. "It was highly coordinated."

He quickly received an e-mail notifying him he had landed the job, followed by instructions on how to take receipt of digital cameras and laptop computers, affix new labels and "reship" the items overseas. Easy enough.

Within weeks, he had sent off six packages, including digital cameras and computer parts, to various addresses in Russia. Little did Karl know he had become an unwitting recruit in a growing scheme to assist online criminals, the latest wrinkle in digital fraud that costs businesses hundreds of millions of dollars a year.

Before long, Karl began to feel like Sydney Bristow from the TV show Alias, who wrangles her way through dealings with the Eastern European underworld. (Fearing possible retaliation, Karl asked that his real name not be used for this article.)

One day, a $4,358 electronic deposit appeared out of nowhere in Karl's online bank account, followed by e-mail instructions to keep a small amount as pay and wire the rest to Moscow. Then he began receiving account statements intended for online banking customers from across the USA. Someone had changed the billing addresses for stolen credit cards and bank account numbers to his residence in Grass Valley.

One of the letters was intended for 28-year-old Ryan Sesker of Des Moines, letting him know that his credit limit had been raised to $5,000 -- a request he never made. Around the same time, a USA TODAY investigation found, someone accessed Sesker's online banking account and extracted $4,300.

"I thought I could work a few hours a day and make a couple hundred bucks, not get sucked into something out of Alias," Karl said later, sipping a cup of steamed milk in a sleepy cafe.

What Karl had become, in fact, was a "mule."

Karl and other ordinary citizens are being widely recruited by international crime groups to serve as unwitting collaborators -- referred to as mules -- in Internet scams to convert stolen personal and financial data into tangible goods and cash. Cybercriminals order merchandise online with stolen credit cards and ship the goods overseas -- before either the credit card owner or the online merchant catches on. The goods then are typically sold on the black market.

Mules serve two main functions: They help keep goods flowing through a tightly run distribution system, and they insulate their employers from police detection.

To document what such a mule goes through, USA TODAY spent five months pursuing leads from law enforcement officials, tech security experts and Internet underground operatives. The probe uncovered fresh evidence detailing how organized crime groups, such as the one that enlisted Karl, operate quietly at the far end of the cybercrime pipeline. (International scam: An inside look at a Nigerian reshipping ring)

Savvy thieves often keep such rip-offs below $5,000 to avoid detection from bank monitors and the FBI. But cumulatively, the thefts reach into the hundreds of millions of dollars.

While e-mail phishers, hackers and insider thieves grab notoriety for stealing personal and financial data, these reshipping groups put the stolen IDs to use. Security consultant eFunds estimates that reshipping rings set up nearly 44,000 post office boxes and residential addresses in the USA as package-handling points in 2004, up from 5,000 in 2003. And they show no signs of slowing down.

The dark side of e-commerce

Consumer-level financial fraud has been around since thieves first thought to filch blank checks from mailboxes. The Internet has taken it to a new level, not yet fully understood by the general public. By many measures, 2005 is shaping up as a watershed year for e-commerce -- and cybercrime.

E-commerce has become so accessible and feature-rich that consumers take it for granted. Banks have made it easy to execute virtually any banking transaction online -- from changing a billing address to transferring large sums to another account. And the Web makes it simple to ship and track parcels. alone, celebrating its 10th anniversary, expects to approach revenue of $9 billion this year. And online transactions overall topped $132 billion in 2004, up 39% from 2003 and 154% from 2002, according to VeriSign, the top manager of Internet domain names.

No one really knows how much of the estimated $150 billion worth of online transactions this year will be fraudulent, but losses pegged to reshipping scams were estimated at $700 million in 2004, up from $500 million in 2003, according to eFunds.

The Internet was never envisioned as a secure transactions network, so criminals are exploiting its convenience features. Cybercrime has morphed into two broad areas of specialization:

--Hackers, insider thieves and phishing con artists focus on pilfering personal and financial data, such as names, addresses, birth dates, mothers' maiden names, driver's license numbers, credit card numbers, Social Security numbers, log-ons, passwords and personal identification numbers.

--The ID thieves, in turn, supply the stolen data to crime organizations. They use the names and account numbers to fleece online merchants and banks with the help of unwitting mules.

"Any of these job postings that get consumers to receive and forward packages and/or money are bogus," says Barry Mew, a U.S. postal inspector in California.

Consumers who report false charges typically are reimbursed by the banks. But some are drawn into messy identity-theft scams. Law enforcement can't keep up, for a variety of reasons.

The FBI has led sting operations to knock out reshipping gangs in Romania and Nigeria. But cabals such as the one that recruited Karl thrive in Eastern Europe, Brazil and, most recently, the Philippines. They remain mostly out of law enforcement's reach.

With e-commerce at record levels, the risk of you or someone you know getting defrauded online is rising.

"The fear is if we don't get on top of this and protect the consumer better, we'll see more account skimming and deeper kinds of identity thefts happen," says George Tubin, senior analyst at banking consultant TowerGroup. "The feeling is we're one big headline away from catastrophe."

Luring recruits

Karl is a case in point.

The 16-line classified advertisement that appeared April 5 in The Union in Grass Valley beckoned like a life preserver: "Look at this! WORK at Home! Correspondence manager vacancies. MAIL PACKAGES from home without leaving your current job. Easy! Ship parcels from our clients. Get Paid $24 per parcel! Info:"

To Karl, the prospect of getting paid to reship packages from home in his spare time seemed like a godsend. He had dabbled in online marketing and was studying to get his real estate license. Someday he hoped to start a small business with his father-in-law and a friend. This could tide him over.

TheUnion's records show the ad was ordered and paid for online, using a credit card with a Milford, Mich., billing address. Chauna Renaud, classified ads manager, says that no one from The Union spoke to the buyer, who paid $427.97, and that no victim has sought to refute the transaction.

Detective Bill Netherby of the Nevada County Sheriff's Office says the ad almost certainly was paid for with a stolen credit card number.

The scheme pushed by companies such as put a new twist to an old ruse.

Merchants have long been wary of shipping expensive goods overseas. But thieves know that once an online transaction is approved, shipments inside the USA receive scant scrutiny, especially during high-traffic times such as Christmas and other gift-giving holidays, says Julie Fergerson, vice president of eFunds and co-chair of the Merchant Risk Council, an industry group battling online fraud.

So they've taken to recruiting U.S.-based citizens, whose homes function as drop points.

There likely are dozens of such reshipping operations in existence, though no one has precise figures. In its investigation, USA TODAY -- with the help of law enforcement officials, postal inspectors and computer security experts -- identified 21, most with polished Web sites and slick online job-application programs. Reshipping groups appear to be using stolen credit cards to finance most of their operations.

USA TODAY's investigation also found that reshipping groups recruit mules on popular employment Web sites, such as Monster .com and, order goods from e-merchants large and small, and even pay for shipping via online services designed to streamline credit card transactions. FBI Supervisory Special Agent Dale Miskell, a cybercrime specialist, and other fraud inspectors confirmed USA TODAY's findings.

A reshipping group going by the name U.S. Mail Service last February, for instance, used a credit card to pay $97 for a three-month ad on Jobfinder CEO David Lizmi could not confirm that a stolen card number was used. But fraud inspectors say reshipping groups routinely pay for ads with stolen account numbers. Lizmi says he pulled the ad after receiving a complaint. U.S. Mail Service never contacted him for a refund, and no one has stepped forward to dispute the payment. Someone using the name Anna Davis and describing herself as a manager at U.S. Mail Service did not respond to questions from USA TODAY in e-mail messages. and CareerBuilder .com say they deploy teams to screen ads, investigate complaints and educate customers about scams. But reshippers are adept at skirting such defenses by changing names and Web sites every few months. "They are so good at sneaking things through," says Michele Pearl, vice president of compliance at

"Nothing can be done to prevent this type of ad from happening," contends Lizmi. "I would have to hire 20 people to contact every company individually and vouch for their ID."

Cheap and easy Web sites

Mule recruiters typically direct job applicants to well-crafted company Web sites. Web site domain names can be purchased for $6 a month; space on computer servers to collect data from job applicants, $15 a month. As long as the credit card payment gets approved, no questions are asked.

"Registering a domain name and putting up a Web site to perpetrate these schemes is easy and cheap," says Joe Stewart, an analyst at Lurhq, which provides computer security for businesses.

"Just fill in the information, use a credit card to pay, and you're up and running in less than half an hour," says Stewart., for instance, registered its domain name and launched its Web site last April, around the time the Grass Valley newspaper published the help-wanted ad.


Don't be a mule
Authorities advise taking these precautions to avoid being drawn into a reshipping scam:

Be wary of advertisements and Web sites pitching home-based jobs for mail managers or shipping clerks.
Insist on communicating with your prospective employer by phone or in person. Be wary of company officials who communicate exclusively via e-mail, particularly if the correspondence has poor grammar and spelling.
Never e-mail or fax your driver's license number, Social Security number or other sensitive information -- or anything with your signature -- until verifying an employer's legitimacy.
In online chat rooms, be wary of people who seek to quickly bond with you, then request your help with reshipping duties.
When in doubt, contact the Federal Trade Commission or Better Business Bureau for guidance.

Sources: FBI, U.S. Postal Service

The site almost certainly has been operating under other names. A similar package-reshipping recruiter,, for a time used the same Internet protocol address as "So they've moved on to a different name, but I bet it's the same people," Stewart says.

The name, in fact, imitates an existing Web site,, registered by a legitimate El Paso freight-forwarding company. The copycat Web site lists someone calling himself Michael Birman as the registrant, with a New York mailing address and phone number. The last two letters of Birman's listed e-mail address -- -- indicate has a Russian base.

Attempts to contact Birman and were unsuccessful. Most Web site registration data are "almost certainly bogus," says Stewart. "It would be stupid for them to use real information. There's no need to."

Hungry job applicants

Recruiters are being drawn to a U.S. job market teeming with unemployed and underemployed able-bodied citizens hungry to earn extra income, says Paul Krenn, a spokesman for the United States Postal Inspection Service.

"This crime is driven by desperate people looking for jobs," Krenn says. "Most of them don't ask questions."

Irene Rodriquez, 38, a longtime bulk-mail handler from San Jose, Calif., regularly surfed employment Web sites, such as and, partly owned by Gannett, USA TODAY's parent, looking for opportunities to earn extra income. Hoping to pay for her daughter's senior prom gown, Rodriquez last February responded to a U.S. Mail Service pitch she spotted on U.S. Mail offered $30 to $50 per reshipped package.

"When you see a job listed on a respected Web site, you think it's legitimate," says Rodriguez. "I thought this was a legal company."

About the same time, Lynn Malito, 46, a single mother of two, got laid off from her job as a dispatcher for a trucking company in Memphis. Malito says she responded to an online ad on to handle reshipping chores for CNetExpress -- whose name mimics online media company CNet. She considered a similar job offer she found on from something called TSR Corp.

Karl, Rodriquez and Malito all ended up working as reshipping mules, but they cut off their activities and reported their experiences to authorities after becoming suspicious about the work. "It petrified me," says Malito. "I thought I was going down, getting arrested, for my role in this."

Only the most egregious mules run the risk of going to jail. As a former federal cybercrimes prosecutor, Paul Luehr let go a number of mules he had tracked down, "because we could uncover little or no evidence of their criminal intent." Luehr, now general counsel at tech consultant Stroz Friedberg, says the naive reshippers "thought they had a regular job."

Often the easy tracking ends at the mule's U.S. residence. Once the item or cash moves overseas, diplomatic protocols and differing cultural priorities can quickly turn the trail cold, says Luehr.

U.S. and foreign authorities have tracked down and arrested reshipping group leaders in Nigeria, Ghana and Romania. But those were comparatively small-scale operations.

"It's like a high-end fencing operation," says John Pironti, a security consultant at Unisys who specializes in bank systems. "The idea is to move this stuff overseas and remove traceability even further."

Goods on the move

In Karl's case, he cooperated with police and won't be prosecuted. His cooperation came after a three-week period in April when Karl reshipped half a dozen parcels for He followed e-mail instructions from someone who identified himself as Michael Birman, the same name listed as the Web site's domain registrant.

Occasionally, Karl spoke by phone with Birman, who once boasted to Karl that he managed a network of 200 people.

Karl might have continued as a reshipper had Birman paid him $24 a parcel as promised. Instead, Birman tried to manipulate Karl into deeper activities. Things began to unravel in early May once Karl began to press Birman for a paycheck.

Birman responded by asking Karl if he had an online account at Chase Bank, Citibank or Washington Mutual into which could deposit his pay. Fraud inspectors say this indicates Birman already had fraudulent access to a portfolio of online accounts in those banks and was maneuvering to sweep Karl's account into the mix.

Karl balked at first, but after discussing the matter with his bank manager, he gave Birman the routing and account numbers for his checking account at the Nevada City branch of Bank of America. The bank manager, Paul Shelton, promised Karl that he would keep an eye on the account.

Frozen funds

A few days later, on May 5, an unusual deposit of $4,358 was made into Karl's checking account. The funds came from Chase. "It caught my eye because it was an electronic credit card transfer," Shelton says. "That's not something you see every day."

That night, Karl was contacted by someone identifying himself as George Selembo, financial supervisor for USA TODAY located another George Selembo, 55, this one a quality-control inspector in Greensburg, Pa., who had once been a victim of ID theft.

In 2003, a cyberthief electronically transferred $8,000 from Selembo's Citibank Visa credit card to an overseas account. An additional $2,500 was withdrawn from his First Commonwealth bank account. No one was ever arrested, though the money was insured. Selembo spent six months resolving the matter. "Now you're saying that someone may be posing as me?" Selembo said in a phone interview. "Wow!"

Via e-mail, the supervisor calling himself George Selembo instructed Karl to "please withdraw the whole amount" and send $4,011 via Western Union to Andrey Jaremchuk in St. Petersburg, Russia. Karl could keep the remainder as pay.

"It set off an alarm. Something was definitely wrong," Karl says. "I didn't take any of the money. I knew it was time to call the police."

Karl reported the matter to the Nevada County Sheriff. Shelton, his banker, froze the $4,358. That triggered an acrimonious e-mail from Selembo.

"What?!!?? Give me the bank's(sic) manager phone. How long do they plan to keep your money frozen???" Selembo said in an e-mail sent to Karl the night of Friday May 6.

On Monday afternoon, May 9, a male caller reached Shelton on the phone. The banker doesn't recall how the caller, who spoke with a heavy accent, identified himself. The caller claimed to have been cheated out of $4,300 by Karl and asked Shelton to return the funds. Shelton advised the caller to file a police report -- and never heard from him again.

The next day, Karl received a final e-mail from Selembo: "I tried calling you a LOT of times. Reached only voicemail. When will you be home?" Karl turned the e-mail over to authorities.

"They made it clear they wanted the money withdrawn," a nervous Karl recalls. "It began to freak me out. The tone of the messages was more threatening. I just wanted them to leave me alone."

The $4,358 remains frozen in Karl's Bank of America account pending a request from Chase, the bank that made the credit card transfer, for its return, says Shelton. "If they don't ask for it back, it's going to stay there forever," he says.

Chase declined interview requests. "Chase in addition to other banks and merchants are working with law enforcement and can't comment on this because of an ongoing investigation," said spokesman David Chamberlin.

Still useful wasn't done with Karl. In late April, he had begun receiving letters intended for online banking customers from all around the nation. The letters -- account statements, notices of credit limit increases and discrepancy warnings -- kept coming through June, long after Karl broke off communications with Birman and Selembo.

Karl was still useful: They could use his mailing address as a drop point for account statements linked to hot accounts. One of the first things reshippers usually do upon gaining access to an online account is change the billing address, says postal inspector Mew.

And often, the reshipper will change a billing address to a given mule's, then ship goods to that mule to make it seem as if the card holder is ordering goods for himself, says Luehr, the former prosecutor.

One letter Karl received shed light on how the $4,358 credit card transfer was executed. The letter, dated May 5, was a notice from Chase to Visa card holder Ryan Sesker of Des Moines. Chase notified Sesker that his request for a credit limit increase to $5,000 from $3,500 had been approved.

But Sesker never made such a request. In fact, he says, he rarely used his Chase Visa card. The last two transactions came in early 2004, when he made online purchases of a computer printer and a Valentine's Day gift. By March 2005, Sesker had paid the balance down to zero, so the account wasn't at the top of his mind.

Stolen ID pool

Sesker, who works as a banking loan officer, didn't know his account had been broken into until he was contacted by USA TODAY in late May. To determine whether an e-mail virus or Web-browser spyware had anything to do with the break-in, USA TODAY asked PlumChoice, an online computer repair service, to scan Sesker's Windows XP laptop computer.

Simply opening infected e-mail attachments or clicking on a contagious Web site can result in the automatic installation of malicious programs that help funnel personal data into the growing pool of stolen IDs for sale on the Internet.

"We didn't find any evidence of software or other types of malicious codes that was a cause of his losing the credit card," says Ted Werth, president of PlumChoice.

That meant the breach of Sesker's account most likely stemmed from his online purchases, says forensics expert Stewart. An insider thief may have extracted account information from the e-merchant's customer database and sold Sesker's data on the open market, where purchased it. Or a cyber-intruder could have cracked into the customer database over the Internet, perhaps using a technique that probes for weaknesses in e-merchants' shopping-cart programs.

"Shopping carts interact with customers' databases, so you can inject extra commands, like 'Tell me all about the last 50 transactions,' " says Stewart.

Upon notifying Chase of the break-in, Sesker learned someone had not only changed his billing address, but also the date of birth and mother's maiden name associated with his account. About a week after Chase approved the credit limit boost to $5,000, the bank next approved an electronic credit card transfer of $4,300 to a different account -- the same kind of transfer that moved $4,358 from a Chase credit card account into Karl's Bank of America checking account.

Chase declined to tell Sesker whom the funds were transferred to. The bank indicated he will not be held responsible and asked him if he would like a new Visa credit card number. Sesker declined.

Had he not noticed the breach for a couple of months, Sesker's credit might have become tainted, putting his career as a banking loan officer at risk; a clean credit history is a condition of employment for loan officers.

"They probably would have been sending delinquency notices and collection letters to the wrong address," says Sesker. "I would never have known until the collection agencies tried to track me down."

Acohido reported from Seattle; Swartz from Grass Valley, Calif.


Original ad:

Work At Home! Correspondence manager vacancies

Location / City : Beverly Hills
Ad Number: 345 Date Posted: 03/14/2005
Contact: Michael Birman
Web Site:

The job we offer is related to mail. It is an easy job which does not require leaving your main occupation. You will have to receive to
your home address parcels from our clients and ship them out (we offer $24 for each shipped
out box). Fill in the form and apply here: or

Location / City : Beverly Hills


Also see:

Past ads:

Date: Tue, 22 Feb 2005 21:19:04 +0300
Reply-To: Virginia Boswell <>
Sender: Archivio liste sicurezza <SECURITY-ARCHIVE@LIST.CINECA.IT>
From: Virginia Boswell <PattiePTS@AOL.COM>
Subject: Re: money
Content-Type: multipart/alternative;

Work At Home! Correspondence manager vacancies from "BusinessMailExpress Inc."

You might have noticed how the recent changes of all kinds influence your life. Constant growth of prices, low wages, employment problems-- If you aren--t satisfied with your present income or it doesn--t comply with your capabilities; If you constantly lack money; If you want to better your financial status or you are just looking for a part-time job, then this job is what you need. Consider the advantages of the work we offer: Extra income Minimal expenses and no expenditures at all (only I-net and e-mail) The easiness of work. - Possibility to combine this work with your occupations (you just need to check your e-mail several times a day) For this work you don--t need a special education possessing some special skills or knowledge possessing storehouse, office, special equipment.

The job we offer is related to mail. It is an easy job which doesn--t require leaving your main occupation. You will have to receive to your home address parcels from our clients and ship them out further following our manager--s instructions ($24 for each shipped out box). Receive and cash checks from our clients (Wire Transfer, PayPal transfer, money order and cashier--s or personal checks) and send money to our company--s representative by Western Union (your fee is 5% of the received sum).


1. US citizenship 2.Basic Internet knowledge and access to a computer with internet connection.(e-mail access) 3. USPS (EMS) post office, Western Union in your city 4.Possibility to visit a bank or cashing location any day of the week if needed. It is better if there are cashing locations which work 7 days a week nearby. 5.Adults only 6.Must be able to work without supervision. 7.10 to 15 hours per week for communication. 8.No experience necessary. 9.Residual Income

Apply online at and you will be sent a list of vacancies available at the present time. You work will be paid for without any delays. You may work with several orders at a time as well as work with each one separately.

Related URLs

Link to original USA Today article

The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is:

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy