Welcome to China-Internet-Scams.com a new website established to exposed some specific Chinese scammers and fraudulent websites targeting westerners using the Internet! (see the bottom of webpage)

 

Our main objectives...

Our objectives are simple, to expose known Internet Scammers and Fraudulent website operators in China. And to assist Chinese authorities by providing as much information as possible to bring these person/s to justice if at all possible.

China does have strict laws against person/s using the Internet to commit fraud as well as engaging in Bank Fraud. Here's a translation of Section 287 of the PRC Criminal Code.

"Section 287: Whosoever uses a computer to engage in financial trickery, theft, corruption, misappropriate public funds, to steal state secrets or commit other crimes shall be punished according to the appropriate section of the Criminal Code."

The problem is being able to report these crimes to the appropriate police cyber-crimes internet units, as they don't seem to even exist and then providing as much accurate information a possible to assist them to track them down and prosecute the alleged offenders. These Internet Criminals are also committing Bank Fraud as well by requesting money to be sent via Bank of China and by using fake names and IDs.

 

Rules to protect yourself from these Chinese scammers...

#1. Never use Western Union Money Order to pay for goods from China! NEVER!! Western Union is the preferred method of payment for these scammers. They will request the MTCN from you and within 30-45mins of receipt of such your money is gone. You're sending them cash in effect. I repeat NEVER EVER use Western Union to pay for goods from China.

#2. Don't send a wire transfer to Bank of China. Most international legitimate trade is done on Letter of Credit basis, so if you're considering buying goods for $1000+ then insist on this method of payment, and if the potential supplier says "no we don't accept it", then don't buy from them.
Visit this website for more information on Letter of Credits..
http://www.crfonline.org/orc/cro/cro-9-1.html

#3. If it sounds too good to be true, then it is. They're trying to appeal to your desire to save money, as they say everybody loves a bargain but, being "penny wise" is "pound foolish" ie a penny saved is a pound lost!!

 

Examples of their methods...

Typically, these person/s use multiple methods to attract westerners and to convince them of their legitimacy. Here are some of examples...

1.) They send spam emails targeting gmail/yahoo/hotmail users, inviting people to visit their website/s like this....

Dear Madam/sir,

We are a wholesaler  which deal with all kinds of such electronic products as motorcycles, TV, Notebooks, Phones, Psp,  Projectors, GPS, DVD, DV, DC, MP3/4, musical instruments, toys, watches and so on. We can offer quality goods with reasonable  price.

We deliver our items by EMS to our customers around the world, When you have time, welcome to visit our website and contact us. Thanks.

If you have any question, please don't hesitate to let us know. We will glad to help you. Welcome to our website and enjoy your purchasing.

Our website: www.eshow123.com
Mail:show123on@hotmail.com
Mail:show123on@yahoo.cn
I hope to hear from you soon.

As you can see they always use hotmail and local yahoo accounts as their originating email accounts. Typically their originating IP in the email headers is spoofed and not their real IP address of course.

2.) They will post trade classifieds on legitimate websites like this one.


http://goldcoast.adoos.com.au/l/mot

When you visit their website you'll see it's related to their others (see below list of domains), same basic design and content,..

Dear friend:
i am sorry to take you precious time !
www.51elec-shop.com , we offer brand-name electronics at deep discounts and come with
manufacturer
warranties. Computers, Televisions, Cell Phones, MP3/MP4 Players, Digital Cameras,
Camcorders, Video Games Consoles, GPS and Motorcycles, most items are sold at wholesale
prices, you will find lots of great bargains here. And we have a sales promotion from now
on, buy more, save more and get more! When you have time, welcome to visit our website get
more information. Thanks!
Contact us through the following ways:
WEB: www.51elec-shop.com
MSN : elec-shop888@hotmail.com
E-mail : elec-shop888@hotmail.com

3.) They setup numerous online webstore and internet shops with attractive prices, but no point in ordering from their website even if you do they will contact you to buy through email. (see below for a list of known internet websites that are setup for internet fraud targeting westerners.

Here's an example of the same scammers on another website... they're just not focusing on electronics and motorcycles, but also shoes, bags and clothes as well.

Who we are: WTT Co.,Ltd.,which is located in one of China big largest shoes industry manufacturing base--Putian of China.Our main focus is dealing with high quality brand sportshoes ,bags and clothes. We have developed mutual trust and understanding with many customers in many countries all over the world such as USA, UK, ITALY, Argentina, Japan,Middle East.
Our Experience: We have many years of experience in dealing with all types of shipping:large or small.We have developed extensive contacts with many local or international freight organizations, so we are able to ship our goods safely and reliably to anywhere in the world.
Our History: For 10 years, WTT’s owners have paid close attention to customers' needs.WTT owners have a proud history of delivering exceptional results. In the process, a unique business culture has emerged that drives associates to perform their absolute best.

And visit this URL to see some posts from people that have fallen victim to these person/s
Click Here (see the comments at the end of the news story)

4.) They will attempt to gain your confidence by making false statements like this...

From: duanghouduanghou [mailto:buyshoping@hotmail.com]

Subject: RE: SONY HDRHC3E PAL HDV Camcorder


          For such a mistake I am sorry. Our website invasion by some lawless elements and they Changes the  price. Many of our customers bring about the wrong information, so we have a lot of work that they can not be normal. Our online store has been closed, To adjust. To bring you the mistake, we said very sorry. HDRHC3E our normal price is 608 euro, instead of 250 euro. I hope you can understand, to bring you the error, our company can give you some appropriate concessions , But not 250 euro. If you believe that we can, we can conduct long-term trade, our company will give you a lot of concessions, you are welcome. If you can not see the incident, we can only be conducted later, In any case you are welcome. You are our valued customers. If we can cooperate, we hope that the companies have the opportunity to invite you to come to China to attend the 2008 Olympic Games. We are the sponsor of the 2008 Olympic Games.
 
Give our regard to you !
Your friend:Julia

As you can see they will even claim to be sponsors of the Beijing 2008 Olympics, and ironically claim that "some lawless elements" have invaded their website/s. Again it is more trickery to solicit extra money from you.

In fact, it would seem that if such "lawless elements" aka hackers had attacked their websites through xss scripting and sql injections and thereby caused these scamming websites to be completely inoperable and/or which resulted in the content being erased, one could truly morally and ethically defend such people for doing a community service and positively contributing to humanity by alleviating the continuing suffering of innocent victims as a result of the deliberate and intentional actions of these chinese criminals who are committing fraud. It would potentially give hackers a good name.

5.) They will always insist on payment by a Western Union money order and/or wire transfer to an account at Bank of China based in Beijing. Again neither of these can be verified and they presumably use fake names and IDs to get the funds, in fact they are not in Beijing at all they're from ZhengZhou city in Henan Province. At times they will even ask for extra money claiming the goods can't be released by customs in China unless more money is sent.

Here's an example of the order request email form they will send you..

We currently accept payment of two methods :
1. Western Union
2. A bank transfer.
      PayPal and  visa can not be used temporary, because we are dealing with unruly elements site was changed after the transfer, the initiative of the trouble. About your orders ,You c an see information below, and then back to me:

In order to send products without mistake .Please check out the item and fill in  the (blank)carefully.Then send this letter to us.
 
The following is the details of
1.your purchase         :SONY HDRHC3
2 .Item number          :(2008053002 )
3. price                :() EUR
4 .Shipping & insurance :(0+10) EUR
5. total                :() EUR
6. Receiver name        :( )
7. country :            :(  )
8.Address               :(  )
9.Post Code             :( )
10.Tel Number           :( )

Western Union: www.westernunion.com
My first name is: Hai Tao
My last name is: Tang
City:Beijing
Country:China
Post code :100021
 
 
Bank of China account transfer :www.boc.cn/en
Bank name:Bank of China Beijing branch
-Address:NO.8,YaBaolu,Chao Yang District,Beijing,China
-A/C holder's name: HAI  TAO TANG
-A/C No.:6249-7902-0015-274
-Swift code: BKCH CN BJ 530
 
We will need the following information from you after you have sent the payment:
- Money Transfer Control Number (MTCN)
- Senders Name(first name and last name)
- Country you done the payment
- Total money
- Transfer currency
- Address
-
Best wishes to you !
 
Many thanks

As you can see the item number is just the date in reverse, and they claim unlike their website material that Paypal and VISA are temporarily unavailable.. again due to unruly elements. More sophistry to deceive and mislead through trickery with clear intention to commit internet fraud to steal your money, they will not send goods typically or if they do they'll send cheap jewelry or shoes, using DHL or EMS from a Hong Kong location after sending the item from somewhere else in China (most likely Zhangzhou) to Hong Kong for despatch. They will attempt to do this when they wish to persuade you to buy something else from them to bide some more time.

 

Known websites committing Internet Fraud...

Here's a list of known related websites that are committing Internet Fraud, don't be fooled by the website storefronts with all the logos, and some even have address and telephone contacts at the bottom.. none of them are real and the same asp/sql website is being used on all these websites, just with slightly different appearances and/or flash animations. Some of these websites have since been removed by the scammers, only to re-setup under new domains. Update: looks like many of the websites are being removed in a hurry now.. ;-)

Unfortunately there are just far too many websites to list here, take the time to visit a few of them.. you'll soon get a feel for the style and english they use in their websites. Then cut 'n paste sentences like these "Our main focus is dealing with high quality brand" and then google the web, you'll soon find numerous online webshops/storefronts selling bags, shows and jeans etc, like these..

  • welcometotrade.com
  • nikezoom.net
  • cntechsky.com
  • worldtoptrade.com
  • tradingtop.com
  • tradesunrise.com
  • wholesaletrainers.com
  • sellshoesb2b.com
  • love-biz.com
  • clothing-oscar.com
  • hulantrading.com
  • abaygogo.com

Then cut 'n paste sentences from their website like "We are a large wholesaler who mainly sell" and google the web, you'll soon find numerous online webshops/storefonts selling electroincs, laptops and motorcycles etc, like these..

  • buyelenow.com
  • ttlxl.com
  • fgxzq.com
  • dgtaste.com
  • kemashop.com
  • wtdzuy.com
  • shopcome.com
  • buyshoping.com
  • ele988.com
  • fvi8.com
  • 51elec-shop.com
  • shopingsale.com
  • ele-brand.com
  • sellerhot.com
  • emarket-trade.com
  • eshow123.com
  • upatd.com
  • elehot.com
  • bdaopy.com
  • top-un.com
  • trademallcn.com
  • wdzmcn.com

Don't bother using whois to try to find out who is behind these websites.. no point, they're not real people.. but wait here they're!!!

 

The real operators and IP's...

The operators of these scamming websites are the owners (see below), and/or people connected to them, of the domains TOTOC.COM & TOTOC.NET. In late 2006 they began development of these scamming websites and by early 2007 they were operational. However, due to doltish oversights the creators of the faudlent webstores left a copy of their initial development website completely unprotected, so it was available for complete download (probably still is btw). Once the structure of their website was determined it was then easy to download the databases of a non-development website ie. a live webstore front they were actively using to commit fraud. They simply would shut down one domain after a certain number of scams, cosmetically change the appearance, storefront name and then just reload the entire website and databases to another domain. All of the abovementioned domain names used this same development storefront as their base, indicating the scams were all originating from a single source.

Below are links to;

1.) Their original complete development website - Click Here

2.) The database files from an operational webstore, in this case the one from gdtaste.com. - Click Here

Here's an example of the normally hidden administrative asp file from their website for all these related fraudulent internet storefronts... as you can see this is the file that is used after they login successfully to manage all of the storefronts.

<HTML><HEAD><TITLE>网站管理面板</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.2800.1106" name=GENERATOR></HEAD>
<%
if session("admin_name")="" then
response.redirect("login.asp")
else
%>
<frameset rows="*" cols="190,*" framespacing="0" frameborder="NO" border="1">
<FRAME name=leftFrame src="admin_left.asp" noResize>
<FRAME name=mainFrame src="http://www.totoc.net/link/Clent_admin_body.asp">
</FRAMESET>
<noframes></noframes>
<%end if%>
</HTML>

As you can see it includes a remote call from their webserver! All their websites have this same remote code embedded in their admin.asp files for execution to manage all these scamming websites. Other files include DIV and inline linking references to totoc.com as well.

To confirm this in their initial development website the data.mdb access db file contains further references to "totoc", here's a copy of their recordsets from their initial development storefront.

 

So who are (were ;-) Totoc.net & Totoc.com?

Response for query: "totoc.com"

Domain name: totoc.com

Registrant Contact:
song yue
song yue sy1314@totoc.com
+8613910716474 fax: +8601065001114
chaoyangguandongdianbeijie1haoguoandashaa
beijing Beijing 100020
CN

Administrative Contact:
song yue song sy1314@totoc.com
+8613910716474 fax: +8601065001114
chaoyangguandongdianbeijie1haoguoandashaa
beijing Beijing 100020
CN

Technical Contact:
han qing lin Edmond_H@163.com
+8601065953214 fax: +8601065953214
chaoyangguandongdianbeijie1haoguoandashaa
beijing Beijing 100020
CN

Billing Contact:
song yue song sy1314@totoc.com
+8613910716474 fax: +8601065001114
chaoyangguandongdianbeijie1haoguoandashaa
beijing Beijing 100020
CN

DNS:
dns.bizcn.com
dns.cnmsn.net

Created: 2005-06-30
Expires: 2008-06-30

 

Response for query: "totoc.net"

Domain name: totoc.net

Registrant Contact:
song yue
song yue linyue1573@21cn.com
+8601065953214 fax: +8601065953214
chaoyangguandongdianbeijie1haoguoandashaa
beijing Beijing 100020
CN

Administrative Contact:
song yue linyue1573@21cn.com
+8601065953214 fax: +8601065953214
chaoyangguandongdianbeijie1haoguoandashaa
beijing Beijing 100020
CN

Technical Contact:
han qing lin Edmond_H@163.com
+8601065953214 fax: +8601065953214
chaoyangguandongdianbeijie1haoguoandashaa
beijing Beijing 100020
CN

Billing Contact:
song yue linyue1573@21cn.com
+8601065953214 fax: +8601065953214
chaoyangguandongdianbeijie1haoguoandashaa
beijing Beijing 100020
CN

DNS:
dns.bizcn.com
dns.cnmsn.net

Created: 2005-06-30
Expires: 2008-06-30

........ as you can see the domain was originally registered in 2005, and unlike all their other scamming websites they kept this one renewed for 3 years, until we exposed them of course. Originally, they were a Chinese ISP selling server-based hosting on IIS asp webservers (that was what was on Totoc.com before they removed it), it would also explain why these scammers have the programming skills to develop an asp webstore front like this from scratch and further support the fact they have the knowledge of how the internet works and how to avoid detection.

Their biggest mistake was to leave their unprotected development site online,
so it could all be connected back to them!

 

Finally, if you have been a victim of any of these abovementioned fraudulent webstores then we recommend you contact the local Chinese Embassy or Consulate in your own country to lodge a complaint and refer them to this website.

 



© 2008, China-Internet-Scams.com All Rights Reserved

 
Last Updated
22-06-2008