Be careful out there and check your bank statements. I just got burned. I looked at my bank statement today, and noticed a crazy electronic check from something called "m-billingsupport.com" on behalf of something called "reddot.com" for $24.95. The electronic check "copy", had my name and the correct account and routing number, but had a bogus address (had me living in some town in Nevada, which is about 2000 miles away).

Called the bank, and had to go down and sign some fraud claim/dispute form, and I closed out that account and opened a new one for good measure (no small hassle that will be to change a couple of direct debits).

The bank found a customer service number for this "m-billingsupport", and I called it. They said they were simply a third party billing company that bills on behalf of online clients and that "reddot.com" charge was for an "adult website service". They promptly agreed to refund the charge and clear my account number. (As I've closed the account, the refund might be a problem, but the bank said if they tried to post it, they would flag it before it was rejected outright and they would send it on to my new account. We'll see if that happens -- right now, closing the old account was more important than getting the $25 back).

Well, some Googling on "m-billingsupport" found out that they've been doing this all over the country for the past few months. Small charges to checking account numbers, with the correct name and account numbers, but with bogus addresses (or sometimes old addresses).

And it turns out that this m-billing (Market Billing, I believe) may not be just some 3rd party biller, but the actual fraudsters themselves, as some of the companies they bill for don't seem to exist, and existing companies have denied they've made the charges, or even used or even heard of this Market Billing outfit. And it's apparently located in Cyprus.

The prompt refund may be part of the scam -- keep the heat off from those who do notice the bogus charge, and allow them to act like the innocent 3rd party biller.

I read a lengthy thread about this on some fraud site -- they've been doing this for several months.

How scum like this get away with this, I don't know. Anyway, be careful and watch your bank statements like a hawk. How the devil they got my name and number, I don't know. And it scares me.

-Richard

That's terrible. I'm surprised they have been able to get away with it for so long. Makes one wonder. If it turns out to be a "private" operation, I'm sure they will get caught if they get too greedy.

__________________
_
Show me the money
_

Had a similar "3rd Party Billing" slipped onto my local telephone bill in the form of a non-existant 'Collect Call' through an unfamiliar carrier I'd supposedly accepted 2 months previously. Sure enough, a googling revealed their past record and they backed down quickly when called, and even suggested I call the phone company to note a refund was on its way, so they'll know why I deducted that amount from my payment, thus avoiding a "late charge" penalty.

__________________
*

Doesn't perpetration of any fraud qualify as being "too greedy"?

__________________
Bring back Firefly!

"It is quite clear that Occam's razor does not sharpen in your pyramid." (Nicolas)

"Still, a man hears what he wants to hear and disregards the rest." (Paul Simon)

From what I've read, this "Market Billing" scam has been going on since late October of 2007. The date mine was posted was mid Feb, and I just got the statement covering the month a couple days ago. So they've been going for close to 5 months.

As I mentioned, they had my correct name and account number, but used a bogus address (apparently from reading about other incidents, sometimes the street and even city and town names are non-existent, bogus names). How the heck that goes through without question worries me. The person at the bank just sort of gave me a blank, sheepish look when I asked her about that. Apparently, if the account number is good, and the amount isn't too high, it goes through easily. Hopefully, if it were for a $100 ($1000?!), it might raise a flag.

Sounds like a pretty good scam -- hit a thousands, even hundreds of thousands of bank accounts with penny ante charges. You could rack up a $million or two fairly quickly. Well, I don't if it's that big or not. But I'm a babe in the woods with this stuff.

This has me pretty upset and shook up, not to mention highly PO'd. What got me was this was my bank account. I could see credit cards, but this was my bank account. Then it hit me I'm living in the past or something, what's the difference? It's all just a matter of having the right numbers electronically. This is getting too easy. I was just thinking, every time you write a check, there's the number and name right there which passes through a lot of hands. All it takes is for some bad apple employee or hacker to get his hands on it.

I read something that some large check processing outfit, called "Certegy" or something had some data stolen or leaked a while back. That could be the source of this, or maybe hundreds of other possible sources. Remember the recent story about the supermarket chain that lost a bunch of credit card numbers, and we only learn about it a year later?

Again, this is just getting too easy. The system leaks like the proverbial sieve. I don't know what, but something is going to have to be done.

-Richard

Here's an MSNBC article about how easy this can be from back in
2005. "Demand drafts", they are called. Note they were proposing some new rules to tighten up on it. Don't know if those new rules passed or not, but if they did, well it didn't work so well.

http://www.msnbc.msn.com/id/7914159/

SIGH.

-Richard

Here's a solution for you. Get a senator's account info and mail it to m-billingsupport.com. After they charge the account and D.C. gets wind of the scam you can be certain that WMDs will be found in the vicinity of the m-billingsupport.com offices and the stealth bombers will move in and clean up the problem.

__________________
The only way of finding the limits of the possible is by going beyond them into the impossible.

Arthur C. Clarke

The Brain Science Podcast

I like your suggestion but it has one potential flaw - it depends on the Senator (or some staffer) paying enough attention to catch the false charge. Just to increase the odds, I'd do that to every member of Congress possible.

I think you both should reconsider posting such things, even in jest.

Well, well.

http://www.msnbc.msn.com/id/5077470/

This is a story from 2004 about a similiar scheme. The crooks set up a bogus outfit called "pharmacycards.com", purporting to be a drug discount card program, and then began hitting bank accounts with demand drafts for $139 a pop. Note they had a list of *90,000* bank accounts.

What caught my eye was the stolen money was routed to Nicosia, Cyprus, which is where this "m-billingsupport.com" is apparently located. This is probably the same bunch, and this time, they're taking smaller amounts out.


-Richard

Ive had m-billing on my pc, and so has a friend of mine. I just refused to pay it, but the bill popped up when you logged online and locked on the screen for five minutes. They finally cleared it when I ranted down the phone at them.
Was not a happy bunny, especially as it was for an adult site and crossed over to my children's account when they logged on. Scum is far too polite for these sort of companies.

__________________
I don't believe in mathematics. Albert Einstein

Biologically speaking, if something bites you it's more likely to be female. Desmond Morris.

Quantum analysis is scientific dithering

Professor Frink: My observations n'hey, n'hey, show the universe could be a torus Weh, uh, or toriod it may like the typewriters and bananas and the monkeys with big teeth the biting the screaming Mm-hai!

Homer: mmmmm... doughnuts!

Scamsters are not the only ones.

Golds Gym got in a bit of trouble for continuing auto-billing on members accounts after cancellation or end of contract.

One learns to ALWAYS check all bills and statements. Even seeming legit companies are not always legit.

Update: I got a note from the bank today crediting my account for the $24.95 as they had determined to their sastification the charge was indeed fradulent. The "m-billingsupport" had promised a refund, but I have no idea if they tried or not. The bank simply credited my new account number themselves. I suppose they could make it up if they did try to refund the old account, but no matter to me.

Now, checking a long thread about this m-billingsupport bunch, they're still at it, with posts a few hours old from yet more victims having small amounts withdrawn.

Now, my bank is obviously aware this bunch is committing fraud, and just from the number of posts on that fraud report site, a lot of other banks are aware of it as well, as well as the feds (I filed an online fraud report myself with i3c.gov), and they've been aware of it for a few months.

So, why the heck hasn't this bunch been shut down? I was reading an account of some similiar fraud case and noted that the relevant federal agencies have *to sue* the fraudsters. Sue? Why the heck not *arrest*, go in with a SWAT team and break down some doors and knock some furniture around and slap some people against the walls. This seems well into criminal territory, not some mere civil crap.


-Richard

Read your first post Publius. You mention this company is based in Cyprus. Not exactly in the juristicion of a US law enforcement agency. If the local govt isnt willing to do the work to shut down their end, this kinda scam is not going to stop. Just look at Nigeria.

I kinda wonder if there isnt a bit of tech lag here. Basically the change in tech is forcing a change in society (how banking works specifically) but the change hasnt quite been made yet.

You're right about it being an offshore operation, but I was thinking surely they have to have something and someone here in the country they could go after.

About the banking system. From what (little and non-expert by a long shot) I gather, the trouble is these 3rd party players that are allowed into the system. The banks themselves are highly regulated and held to high security standards, but they're letting in these 3rd parties to "interface" with the system that aren't so regulated and secure.

-Richard

The problem is that these third party players being able to interface with the system is a fundamental necessity of online international trade.

That part is actually the banks having adjusted to the realities of the modern world.
The problem is that international laws and law enforcement hasn't been adjusted to those same realities yet, so you get for instance juristriction restrictions on what crimes who can pursue where, so you get into a situation where your own police can't do anything because it hasn't juristiction and the ones who have can't do anything because it's not one of their citicens that got hurt.
Or what's a criminal matter in one country is a civil matter in another.

__________________
And the "driving on the freeway on a scooter" analogy still holds true because the pilots are sitting in 7 to 30 ton aircraft o' doom and you are running around them in your very own Meatbody, Mark I. Beep, beep.
Trying to make sense of computers, The Error Log.

Slightly off topic, I had an e-mail scam for my paypal account the other day. Was saying they wanted verification of my authenticity or they'd shut the account down as fraudulant - had to laugh!
Contacted paypal and forwarded the e-mail to their fraud department.
Anyway, e-mails aside, I've just been watching a program on the telly about internet fraud, and the biggest problem seems to be people being very nieve about their passwords.

The commonest passwords are "password", "123456", and, for some unknown reason, "liverpool".
It does seem that some people are really lax about their own security on the 'net, and are giving scam companies an open invitation to hack their accounts.

Just like to say I'm not finger pointing at Publius here (hahaha), as that was obviously the bank's fault - well, I hope it was
But it does show how modern technology like the internet is a double edged sword to say the least, and should be treated as such.

__________________
I don't believe in mathematics. Albert Einstein

Biologically speaking, if something bites you it's more likely to be female. Desmond Morris.

Quantum analysis is scientific dithering

Professor Frink: My observations n'hey, n'hey, show the universe could be a torus Weh, uh, or toriod it may like the typewriters and bananas and the monkeys with big teeth the biting the screaming Mm-hai!

Homer: mmmmm... doughnuts!

How does anyone know what the most common passwords are?

Did they take a survey?

I might have to remember that little trick...

Part of a security audit of a system can include finding users with weak passwords, this is typically done by checking against lists of common words and their simplest combinations, which is a very fast operation when you have admin access to the system.
You then tell every user whose password was found to change it to something safer.

I expect a survey was taken, but amongst security experts whose job it is to do such audits and therefore have access to the information.

I'd expect swordfish to come in high on the list as well

__________________
And the "driving on the freeway on a scooter" analogy still holds true because the pilots are sitting in 7 to 30 ton aircraft o' doom and you are running around them in your very own Meatbody, Mark I. Beep, beep.
Trying to make sense of computers, The Error Log.