A happy DreamHost customer

Reporting fraud to DreamHost is a lot like banging your head off a brick wall. It doesn't seem to accomplish much and leaves you wishing you hadn't. But if they don't know there's a problem they can't fix it.

With that lets look at one such site that they seem happy enough to not only register, but also host and to provide privacy protection for: http://msccargouk.com

From a whois lookup:

"Domain Name: MSCCARGOUK.COM
Registry Domain ID: 1884729481_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.dreamhost.com
Registrar URL: www.dreamhost.com
Updated Date: 2015-01-07T06:46:10.00Z
Creation Date: 2014-11-11T18:54:00.00Z
Registrar Registration Expiration Date: 2015-11-11T18:54:00.00Z
Registrar: DREAMHOST
Registrar IANA ID: 431
Registrar Abuse Contact Email: domain-abuse@dreamhost.com
Registrar Abuse Contact Phone: +1.2132719359
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: PRIVATE REGISTRANT
Registrant Organization: A HAPPY DREAMHOST CUSTOMER

Name Server: NS1.DREAMHOST.COM
Name Server: NS2.DREAMHOST.COM
Name Server: NS3.DREAMHOST.COM"

http://msccargouk.com/index.php

The first thing to notice is the claim that it's secured by SSL, but the URL says otherwise. But maybe the login and register pages where you're expected to enter personal information will be secured.

http://msccargouk.com/account.php

Claims of SSL security here, but the URL can't lie!

http://msccargouk.com/register.php

Still no sign of that SSL security....

In fact there is no SSL security at all on this site, neither does clicking on the security seals bring up any of the information that a valid SSL seal would. They are simply images added to give prospective victims false reassurance.

So it's time to see if this company actually exists.

http://msccargouk.com/about_us.php

 

http://msccargouk.com/contact.php

The site claims to be a company in the UK so it's a quick check with Companies House to find out that it's not registered, despite claiming:

"The company has over 500 employees and annualized revenues exceeding £200 million."

A quick search also reveals that at the addresses claimed on site as being their physical location, there is no mention of this company.

http://msccargouk.com/services.php

On this page we see a claim that not only will they arrange transportation, they will also:

"act as a trusted middle-man for both the seller and buyer, offering them great security and fast movement for national and international transactions. Our fees are not cheap, but still, when dealing with your money or merchandise as we do the money is not important. If you will not be satisfied with our way of dealing with your belongings then we will refund you with any fee you have paid."

This site is clearly offering escrow services, which requires the company to be registered with the UK FCA in order to provide these services, and once again a simple check reveals this is not the case.

Just for fun lets look at some of the other claims made on the site.

"MSC Trans Cargo wins again! 

MSC Trans Cargo has been named International Moving Company of the Year at the 2010 EMMA Awards"

Well, we are lucky enough to have search engines, and no, this company didn't.
A legitimate, registered company won that award.

"MSC Trans Cargo Named Best Relocation Service Provider at the 2010 Re:locate Awards"

Again a simple search reveals the lie.

So we know that this company does not exist, cannot carry out the activities it claims it does, it's a fraudulent site.

Lets now turn our attention to DreamHost.

From DreamHost's Terms Of Service:

"DreamHost Web Hosting will exercise no control whatsoever over the content of the information passing through the network, provided that it adheres to all other conditions set forth in our Terms of Service and Acceptable Use Policy documents.

DreamHost Web Hosting reserves the right to police its network to verify compliance with all agreed upon Terms.

The Customer agrees to cooperate in any reasonable investigations into their adherence to all agreed upon Terms. Failure to cooperate is grounds for immediate disablement of all accounts/service plans."

From DreamHost's Acceptable Use Policy:

"Illegal Activity
Customer may only use DreamHost Web Hosting’s Server for lawful purpose. Transmission of any material in violation of any Country, Federal, State or Local regulation is prohibited. To this effect, child pornography is strictly prohibited as well as housing any copyrighted information (to which the customer does not hold the copyright or an appropriate license) on DreamHost Web Hosting’s Server. Also, using DreamHost’s servers or network to conspire to commit or support the commission of illegal activities is forbidden as well."

"Personal Information Harvesting
Collecting or using email addresses, screen names or other personal identifiers without the consent of the person identified (including, without limitation, phishing, Internet scamming, password robbery, spidering, and harvesting)."

It seems pretty obvious that this site is in violation of these policies. So informing DreamHost of this abuse of their services should quickly result in this fraudulent site being suspended. Instead the following reply was received:

"Hello!

This is an automated reply. Please carefully read the information below so that we may best address your complaint. To avoid this message in the future, you may use abuse-replies@dreamhost.com.

Due to the volume of complaints we receive daily we cannot guarantee a personal response to each message we receive. However, we will endeavor to reply to individual inquiries in cases where a personal response is requested or necessary. Otherwise, please rest assured that we will take necessary action to ensure our Terms of Service (as well as applicable US/state laws) are being respected.

###########################################
# Common concerns:
###########################################

- Spam / Unsolicited Bulk Email

DreamHost has a very strong policy against spam
(http://www.dreamhost.com/spam.html), and does not tolerate it in
conjunction with the services we provide. If you receive a spam message (email or newsgroup based) associated with one of our clients, please forward it to us with full and complete headers as well as the body of the message itself. Email headers can be trivially forged, and only with the proper tracking data can we ascertain their actual origin.

- Denial of Service / Server Exploits / Cracking

If you have reason to believe that one of our clients is attempting to
breach the security of one of your computers or is otherwise behaving in a manner detrimental to network resources, please send us complete and thorough logging information (ie. time/date, IP addresses or host names, etc), as well as any other background information that may be of use.

- Copyright Violation / Trademarks

We do not allow our customers to misuse intellectual property belonging to others. If you feel that someone has misappropriated your content, please let us know. We may require proof of ownership, so please forward any relevant documentation related to your rights to the content in question.

- Concerns About Site Content

Concerns over the specific content of a DreamHost hosted site should be referred to the site's operator. As a part of our commitment to free
speech and expression, DreamHost does not censor the content of its
hosted sites beyond the removal of illegal content and protecting the
security and integrity of shared network/server resources.

###########################################
# Potentially Useful Resources:
###########################################

DH Terms Of Service, Spam Policies & Resources:
- http://www.dreamhost.com/tos.html (Terms of Service)
- http://www.dreamhost.com/spam.html (Spam Policies)
- http://www.dreamhost.com/privacy.html (Privacy Policy)

Spam Resources:
- http://www.spamcop.net/ (Spam tracking/filtering)
- http://news.spamcop.net/cgi-bin/fom?file=19 (Revealing full headers)

Intellectual Property:
- http://www.templetons.com/brad/copymyths.html (10 copyright myths)

Other:
- http://www.ncmec.org/ (Stopping online child abuse)
- http://www.cert.org/ (CERT coordination center)
- http://www.symantec.com/avcenter/ (Symantec Virus info)

...

Thank you,

- DreamHost Abuse Team"

Yes, that's right:

"Concerns over the specific content of a DreamHost hosted site should be referred to the site's operator."

Fraudulent content should be reported to the scammer who set up the site!

At least in this case the scammer is protected by DreamHosts privacy protection service so this isn't even an option.

"As a part of our commitment to free speech and expression, DreamHost does not censor the content of its hosted sites beyond the removal of illegal content"

It really doesn't seem like this is the case, because I know DreamHost was made aware of this site in March, and yet it's still able to defraud the public two months later. Another site I was reporting to them took eleven months of playing whack a mole with DreamHost where it would be suspended and then come back to life before the site finally no longer resolved. I am also aware of other cases where it takes a lot of effort to get DreamHost to act on it's own TOS & AUP.

And let's not forget that DreamHost is also the Registrar of this domain and have responsibilities to investigate and act on abuse reports under its RAA with ICANN.

In short, what is the point of DreamHost having these Terms of Service and Acceptable Use Policies if they fail to uphold them?

It's no wonder that the criminal behind this site is labelled "A happy DreamHost customer."

Update: This site is now offline, having been placed into ClientHold by DreamHost.

Staminus and a fake company

Different companies respond in different ways to reports of abuse, but Staminus it turns out has a truly amazing way of responding.

"Mr Stevenson,

Thank you for your report.

As you may not be aware, the database for aa419.org is not reliable. It is editable by the public and there is no individual or entity that accepts legal or financial liability for the content of same.

Please be sure to let us know if you obtain any reliable information that you would like to have taken into consideration.

Best Regards,

Abuse Department
Staminus Communications"

The site in question is panwestafricasec.net

A Security, Logistics & Consultancy company, based in six countries, the UK, Ghana, Sierra Leone, DR Congo, Cameroon and Namibia. So you'd think it would be easy to ascertain that this company exists beyond it's website. Well, I tried.

First stop Companies House in the UK, as it's Headquarters are there.

No such company found. As the site doesn't list a Company Registration number, that can't be checked either, but if it's trading under another name it's possible that I may have missed it somehow. Anyway it's bound to be found at the contact address listed on site, under some name isn't it?

Well, would you believe that the contact address listed for this companies headquarters turns out to be the address for the DR Congo Embassy? A headquarters that's supposed to be responsible for over 10,900 staff and billions in trade is operating out of an Embassy in London? They can't afford their own building after being in business for over 150 years?

Or even afford a landline in the Embassy apparently, as they provide a mobile telephone number to call. They even provide a different, but dead, domain for you to email them on.

Domain Name:TPS-INC.ORG
Domain Status: clientTransferProhibited -- http://www.icann.org/epp#clientTransferProhibited
Domain Status: pendingDelete -- http://www.icann.org/epp#pendingDelete
Domain Status: serverHold -- http://www.icann.org/epp#serverHold

whose registrant used the email address 'info@standard-chart.com' to register that site.

Queried whois.internic.net with "dom standard-chart.com"...

No match for domain "STANDARD-CHART.COM".
>>> Last update of whois database: Thu, 23 Apr 2015 21:42:01 GMT <<<

Oh look, a suspicious looking email address that doesn't exist, a whois error which probably got tps-inc.org suspended.

But the problem was that I referenced the Artists Against 419 database, apparently.  Ok, but that's not the only reference I used.

"Dear Staminus,

The AA419 db may have a few false entries from time to time, because we are only human. The db itself is not editable by the public, there are only a few who can make entries into the database, although anyone can put forward a website for consideration for entry, dependant on evidence. In this case I also provided other links to other sources that you may consider more reliable such as Companies House in the UK for you to double check the accuracy of my claims. Please reread the entirety of my last email and check the other sources I provided then make a decision.

Kind regards Mr Stevenson"

What I received back was beyond all expectation.

"Mr Stevenson,

"The AA419 db may have a few false entries from time to time, because we are only human."

That is sufficient for us to not be able to use it as a legal resource for the purpose of making legal decisions which could result in our being sued and taken to court.

If a resource is not reliable, then it can not be used to make a decision.

I understand that it is a valuable tool for you. But you are not risking your home, car and future income. You are simply filing (virtually anonymous) complaints. There is no liability or accountability for your end.

As to the rest of your citations.

1) "Site claims to be a courier company in the UK, but is not registered with Companies Houses."

You have not proven it is not registered. You have proven it is not registered under that specific name. Will you put up a $1Million liability bond and guarantee that it is not registered under any other name or spelling?

Furthermore, the point is academic. Can you direct my attention to a clause in our TOS/AUP that requires a downstream customer to register their website with "Companies House" ?

2) "UK contact address listed on site is for the DRC Congo Embassy" So, did you contact the Embassy? Is there an applicable law against a website using their Embassy as a contact address? Again, which part of our TOS is being violated in this example?

3) "Site claims to be a courier company located in the UK, Sierra Leone, Namibia, Ghana, DRC Congo and Cameroon, yet the registrant lists an address in Nigeria."

Your point is what, exactly?

Which relevant law is being violated?

Which portion of our tos is being violated?

Having reviewed your report, as you requested, it appears that you have provided a list of trivia and circumstantial evidence.

Let's review:

You sent an untraceable email from email from a gmail account.

You referenced a database that you subsequently admitted is unreliable.

You sign your emails "Mr Stevenson" in atypical business format, and you fail to provide any additional contact information that would identify you as an actual person.

Using the same criteria you used, it is reasonable to conclude that your report is fraudulent.

Best Regards,

Abuse Department

Staminus Communications"

Yes, being able to provide evidence that your customer who gives you money may actually be up to no good, and trying to show you why, makes me the bad guy here. Certainly not your paying customer who is trying to defraud the public.

"Dear Staminus,

"That is sufficient for us to not be able to use it as a legal resource for the purpose of making legal decisions which could result in our being sued and taken to court.
If a resource is not reliable, then it can not be used to make a decision."

By your logic that would then render every database in the world useless. Human error always creeps in, mistakes are always made.

"But you are not risking your home, car and future income. You are simply filing (virtually anonymous) complaints. There is no liability or accountability for your end."

True. The only thing the Artists have is our reputation, and that many registrars and hosting companies are wiling to listen, work with us and act on our reports is a comment on our reputation. That you choose not to is unfortunate.

"You have not proven it is not registered. You have proven it is not registered under that specific name. Will you put up a $1Million liability bond and guarantee that it is not registered under any other name or spelling? "

Really? Another database that may also have errors? I'm surprised the British Government hasn't done away with it, let alone rely on it for official Company registration certification.

From http://www.panwestafricasec.net/index.php?_page=aboutus
"As the industry leader in risk management and secure logistics, PWASC has safeguarded valuables since 1859. With 150 years of experience, PWASC offers the utmost quality of service and sets the market standard."

For a 150 year old company that claims to be in the UK not to be registered with Company House under their trading name is downright suspicious don't you think?

"Furthermore, the point is academic. Can you direct my attention to a clause in our TOS/AUP that requires a downstream customer to register their website with "Companies House" ?"

No, I can't seem to find your TOS beyond DMCA requirements. Can you please provide a link for me? I would at least like to try.

But I can point to https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/418559/GP2_Life_of_a_Company_Part_1_v4_4-ver0.3.pdf

"GP2 March 2015 Version 4.4
Companies Act 2006
Page 4 of 56
Introduction
This guide tells you about the documents that a company must deliver every year to Companies House - even if the company is dormant – see chapter 9. If you don’t comply, there could be serious consequences. The Registrar might assume that the company is no longer carrying on business or in operation and take steps to strike it from the register. If the Registrar strikes a company off the register, it ceases to exist and its assets become Crown property. However where a company is in operation, the company's officers could be prosecuted because they are personally responsible for ensuring that they submit company information on time. Failing to do so is a criminal offence. In addition, there is an automatic civil penalty for submitting accounts late. The requirement to file annual documents applies to all companies, including small companies such as flat management companies"

As this company doesn't seem to have provided 150 years worth of returns to Companies House, they are breaking UK law. Is that against your TOS? Or perhaps that is why they claim they are operating out of a foreign embassy in the UK. If I did contact the DRC Congo embassy, do you think they'd be able to put me in contact with this company? Or think I was playing a prank? Do you know of any companies that have offices inside an embassy?

"Site claims to be a courier company located in the UK, Sierra Leone, Namibia, Ghana, DRC Congo and Cameroon, yet the registrant lists an address in Nigeria."

Your point is what, exactly?
Which relevant law is being violated?

Which portion of our tos is being violated?

My point being that a supposed 150 year old company with no branches in Nigeria is unlikely to have hired someone in Nigeria build their official website. Again I would actually like to read your TOS, but I couldn't find it on your website.

"You sent an untraceable email from email from a gmail account."

Yes. So what? Gmail is a popular email provider.

"You referenced a database that you subsequently admitted is unreliable."

All databases can be considered inherently unreliable due to human error.

You sign your emails "Mr Stevenson" in atypical business format, and you fail to provide any additional contact information that would identify you as an actual person.

Does it really matter who I am? I am not the one trying to defraud the public like your customer is trying to.

"Using the same criteria you used, it is reasonable to conclude that your report is fraudulent."

I am trying to provide you with evidence. I can only ask you to investigate because there are serious doubts this is a legitimate website. Would you employ their services?

Please understand that I am not a victim of this internet fraud. I am a concerned individual who is trying to keep innocent victims from falling prey to this fraud.  Whether you investigate this matter and take proper action or not is ultimately up to you (as it should be).  Just know that when victims are defrauded by a domain you have been made aware of, you are partially responsible by doing nothing to investigate other than writing unprofessional snide comments rather than look into the matter.

Regards Rob "

I'm patiently awaiting Staminus' next response.