Since our article of last February about a large-scale internet scam, we have pursued our investigations on the so-called Rebecca Dagg and her team. Several new fake web sites have appeared. Their content remains globally unchanged compared to the first examples we analysed. However, we have noted obvious technical progress. The sites have a better finish and they don't look as amateurish as they did. The list of scammed users is no longer directly accessible. The errors generated by a wrong tracking number are handled correctly. The scammers seem to learn from their mistakes and it is getting harder to recognise a fake site from its original (legitimate) model.
As a result, we have decided to list the sites, names and email addresses used by "Rebecca Dagg" and her team. This list is obviously not exhaustive and will evolve over time. We invite you to let us have any new information that could complete it.
List of classified ads sites
Ads from the scammers were found on the following sites:
- Kijiji [www.kijiji.ca]
- Conrad [www.conrad.ch]
- Anibis [www.anibis.ch]
- Gumtree [www.gumtree.com]
- Expatriates [www.expatriates.com]
- immoscout 24 [www.immoscout24.ch]
- Le bon coin [www.leboncoin.fr]
Parcel tracking sites used
The tracking sites used when the scenario involves sending a package are listed below. Some of them are now inactive:
It should be noted that most of these domain names are registered via an anonymous service. Companies such as CloudGroup or PublicDomainRegistry make it possible to delegate such registrations, which makes it almost impossible to get information about their owner. There is no way to find the scammers' real identity through that channel.
A constantly evolving business
Originally, scams mainly took place via classifieds involving electronic devices, such as photo equipment. The scammers now have a wider reach since they also publish rental ads (for Paris or Dubai) or propose used cars. In those cases, there are no parcels to follow-up on a tracking site but the dupes must make an advance payment to "reserve" the apartment.
Interestingly, new domain names get registered on a constant basis. Since November 2012, we note that new entries have been created almost weekly. The scammers have set up a continuous site registration process. In that way, they can rely on a pool of recent web sites and at the same time stay out of fake URL lists, since it takes some time for a site to be tagged as such.
Used contacts and email addresses
Rebecca Dagg is but one of the identities used by the scammers, among many others. The relationship between the names of these various contacts could be established because they all redirect their victims to the same fake parcel traking sites.
The following names have been listed in various classified ads :
- Rebecca Dagg
- Vicky Stokes
- Beccy dag
- Ann Clare Collings
- Tara Collings
- Hilton Kurth
- Juliet Dagg
- Genevieve Booysen
- Rita Booysen
- David Heath Wyatt
- Steven Lawler
- Anwar Mohammed Abdullah Elsayed
Rebecca Dagg remains, for the time being, the most used name, but we can expect that it will progressively disappear, since googling it now mainly brings up scam prevention sites. The other names are as yet not frequently identified as belonging to scammers.
In the same way, the email addresses listed below are mainly linked to Rebecca:
Classifieds sites and internet providers cannot easily detect fake entries since the scam only becomes apparent when the "seller" and the potential buyer start a correspondence. As a result, sites or providers can only react after a scam has started.
The only way to prevent such scams is to train the users to detect potential risks. Learning how to differentiate what is safe from what is not isn't easy. It implies a learning process. There is always the possibility for a victim to learn the hard way after having been ripped off. It is certainly effective, if not pleasant. But a preventive approach is preferable. The final aim is to get the users to ask themselves the right questions when asked to provide personal information on the web, and to think twice whenever they use a web browser.