Author

Topic: 22000 USD SCAM because of Phishing and Bank Transfer Chargeback (Read 30002 times)

newbie
Activity: 26
Merit: 4
I know this is an oldie, but I'm curious if you got your BTC back, if the scammers were caught?
in 2013 the most people assumed their transactions were more or less anonymous. Obviously as well your scammer. So I see still certain chances to find the scammer (especially in case you both are in jurisdictions like Germany/Netherlands.

Someone here mentioned address 1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM
My forensic tools tell me that the owner of this address is very likely as well the owner of 174 other addresses and that this person sent funds to his accounts at the following exchanges:
  • BTC-e.com
  • Bitstamp.net
  • MtGox.com
  • Bitpay.com

For MtGox and BTC-e it might be a bit too late but Bitstamp.net is still in business (based in Luxembourg and UK) and Bitpay.com as well (based in US).
So in case police closed this and you didn't get anything back the lost BTC amount at today rates (around $600k) would be worth giving it a new try.

If you want to direct message me I can give you more details, as well in case you need an analysis for other BTC addresses.
Good luck!
legendary
Activity: 1437
Merit: 1002
https://bitmynt.no
I've determined the locations of this scammer.

My more likely thought is that the scammer lives in the Netherlands, Amsterdam. The less likely thought is that he lives on the outskirts of some major cities in Germany.
More likely he is using a VPN service located in the Netherlands.  I've had a few users on the same VPN service, contacting me on IRC to buy bitcoins.  (Probably just one using different nicks.)  His payments to me seem to fail for some reason.  Perhaps the banks do better checks for payments to foreign accounts.
newbie
Activity: 22
Merit: 0
I wonder if all 1,275.67952655 BTC at the address ( https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM ) are stolen?

I think it could be indeed possible that we are uncovering a whole phishing ring!
legendary
Activity: 1134
Merit: 1118
I've determined the locations of this scammer.

My more likely thought is that the scammer lives in the Netherlands, Amsterdam. The less likely thought is that he lives on the outskirts of some major cities in Germany.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Just to be totally accurate here your total loss is:

28.527 BTC ( https://blockchain.info/tx/d707d1eb7e97a9132314d895f0f80116f70085e6c4e2b2be34d09fadb20da07c )

plus

86.7546 BTC ( https://blockchain.info/tx/b42c6075bdba2dc6f3f05e14fb9d454672e4931c5c3eff40ca6b59a6756f9735 )

= 115.2816 BTC (let's call it $70/BTC right now so at current prices a bit over $8000)

and the rest of the BTC are still in escrow, you will get them back, and you did not lose them, right?

I am sorry for your loss.  You can watch the address and see if you can pick up a hint of who the scumbag scammer is by where they spend the BTC but that is about it.

I wonder if all 1,275.67952655 BTC at the address ( https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM ) are stolen?
legendary
Activity: 1134
Merit: 1118
It seems very likely, looking at network propagation (which, while it's NEVER FULLY ACCURATE, can also be used to slightly help. Note that where the transaction is propagated can also be thrown off as it can be taken up by any node. However, usually it is a close-by node), that this person who was offering you "German Clients" also lives in Europe, and probably in Germany. So that's a start. It also seems likely that this person lives away from any major cities such as Frankfurt.
newbie
Activity: 22
Merit: 0
If I read correctly, he lost cash payments for 30 btc + 80 btc + 80 btc = ~190 btc


yes, this is true! its roughly 200 BTC that were traded for a price around 82 EUR, that makes an estimate of 22k USD.
newbie
Activity: 22
Merit: 0
How did you lose $22,000?  The amount of Bitcoin lost doesn't come close to that figure at current rates.  Did they pay you significantly higher than the current spot rate?  Are you counting the rest of your cash that was frozen in the account?

the 22k USD is the total amount of money that is charged back! You cant see the rest of the BTC in the transactions I provided since they are still in escrow. Anyway to be more precise since the price dropped during the whole fraud case the damage that I will have can be estimated roughly about this amount!
legendary
Activity: 1134
Merit: 1118
Transactions were relayed by IP 88.198.111.188

Omfg.

When will wanna-be scripties understand that the IP that relayed a transaction can have NO CONNECTION to the transaction at all?
Hence why i showed the route to that particular ISP, and suggested he contact them.

And what are they going to do about it? They have no connection to the transaction, they could be different countries, THEY CAN'T HELP HIM.
hero member
Activity: 742
Merit: 500
Transactions were relayed by IP 88.198.111.188

Omfg.

When will wanna-be scripties understand that the IP that relayed a transaction can have NO CONNECTION to the transaction at all?
Hence why i showed the route to that particular ISP, and suggested he contact them.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
The employee told me that I can be safe and that no chargebacks are possible after I see the money on my bank account.

I can clear this up for you.  What the employee meant was:

The employee told me that I can be safe and that no chargebacks are possible after I see the money on my bank account except in cases of fraud.

He just left that last part out.
legendary
Activity: 2646
Merit: 1137
All paid signature campaigns should be banned.
Looks like you didn't read thread properly, He said 30, then 80 then 80.
and escrow was released. He lost 22k because his bank account got freezed.
You are right I did not read this thread carefully enough.  Yes, he is out whatever BTC he released from escrow and should get back whatever BTC he has not released from escrow.  Carry on.
 
legendary
Activity: 1274
Merit: 1004
I agreed and received the amount for the first 30 BTC very quickly on even the same day! I released the escrow

The problem for me is now, that the bitcoins except for the first trade are already released

When you check this, you can immediately see that the two amounts of 28 BTC and 86 BTC lead both to this address: https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM

So exactly how much did you lose here?  30 BTC, 28 BTC, 86 BTC?

Since you did not release the other escrows you should get all that BTC back, right?

So it appears your total loss is less than $3,000 USD, right?  A lot or money but not $22,000.

Looks like you didn't read thread properly, He said 30, then 80 then 80.
and escrow was released. He lost 22k because his bank account got freezed.


legendary
Activity: 2026
Merit: 1034
Fill Your Barrel with Bitcoins!
If I read correctly, he lost cash payments for 30 btc + 80 btc + 80 btc = ~190 btc
legendary
Activity: 1134
Merit: 1118
Transactions were relayed by IP 88.198.111.188

Omfg.

When will wanna-be scripties understand that the IP that relayed a transaction can have NO CONNECTION to the transaction at all?
hero member
Activity: 756
Merit: 500
I think your bank should not just give false accusations against you but instead try to help you recover the money, try to talk to their senior management or at least the VP of the branch you are using.
hero member
Activity: 742
Merit: 500
Transactions were relayed by IP 88.198.111.188

https://www.google.com/search?q=1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM&rlz=1C1AVSI_enUS460US460&oq=1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM&aqs=chrome.0.57.688477j0&sourceid=chrome&ie=UTF-8#q=1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM&safe=off&rlz=1C1AVSI_enUS460US460&ei=81rZUZG9DYfy9gSS84CoDA&start=170&sa=N&filter=0&bav=on.2,or.r_cp.r_qf.&bvm=bv.48705608,d.eWU&fp=2d51c5bfc01f1cdf&biw=1920&bih=961

http://blockchain.info/ip-address/88.198.111.188

http://bgp.he.net/ip/88.198.111.188

You should try contacting the host/ISP

Quote
person:         Hetzner Online AG - Virtualisierung
address:        Hetzner Online AG - Virtualisierung
address:        Stuttgarter Str. 1
address:        91710 Gunzenhausen
address:        GERMANY
phone:          +499831610061
fax-no:         +499831610062

legendary
Activity: 1134
Merit: 1118
These addresses seem to have never touched PicoStocks.

https://picostocks.com/users/find/?query=1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM

However, we know the critical address is 1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM - we just need to find out who owns it.
legendary
Activity: 1134
Merit: 1118
thank you DiamondCardz for putting so much effort on this! As I said, If there is one specific detail telling us anything about his real identity I wont hesitate sending you 1 BTC!

Greetings,
jimmy2k

@jimmy2k - sorry about your loss. I have also lost about USD600++ this week to a scammer : https://bitcointalksearch.org/topic/m.2650185

Did the scammers email you ?
If yes, then there will be an originating IP address in those emails.


If you do have an email from the scammers, please give us access to the email or post their IP ASAP so we can look it up and attempt to dox the scammer.
legendary
Activity: 1134
Merit: 1118
thank you DiamondCardz for putting so much effort on this! As I said, If there is one specific detail telling us anything about his real identity I wont hesitate sending you 1 BTC!

Greetings,
jimmy2k

I'm awaiting a PM reply from the 4 people I PM'd. Will post if any info comes up, if no info comes up, then we need to go deeper. (no pun intended)
hero member
Activity: 672
Merit: 500
How did you lose $22,000?  The amount of Bitcoin lost doesn't come close to that figure at current rates.  Did they pay you significantly higher than the current spot rate?  Are you counting the rest of your cash that was frozen in the account?
full member
Activity: 231
Merit: 100
Did the scammers email you ?
If yes, then there will be an originating IP address in those emails.

Sometimes. It depends entirely on the server the email was sent from.
legendary
Activity: 2128
Merit: 1002
thank you DiamondCardz for putting so much effort on this! As I said, If there is one specific detail telling us anything about his real identity I wont hesitate sending you 1 BTC!

Greetings,
jimmy2k

@jimmy2k - sorry about your loss. I have also lost about USD600++ this week to a scammer : https://bitcointalksearch.org/topic/m.2650185

Did the scammers email you ?
If yes, then there will be an originating IP address in those emails.
newbie
Activity: 22
Merit: 0
thank you DiamondCardz for putting so much effort on this! As I said, If there is one specific detail telling us anything about his real identity I wont hesitate sending you 1 BTC!

Greetings,
jimmy2k
legendary
Activity: 1134
Merit: 1118
I've PM'd the following people:

Owner of BTC.sx
Owner of inputs.io
Owner of BTCJam
Owner of PicoStocks

...about the given addresses.

I'm trying to do what I can to help. Smiley
legendary
Activity: 1274
Merit: 1004
Don't accept Germany and some other countries online bank transfer,most banks their don't have 2factor authentication.
legendary
Activity: 1134
Merit: 1118
providing me any concrete information about the identity behind any of the BTC addresses given above!

Alright, I'll try my best to help.

We can see that today, a transaction from address https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM was sent.

The transaction hash of this being https://blockchain.info/tx/b862db08c3de4dd86ffdafa74cee00c2db6412ed76826f219928bc4d509e2929

There were 3 input addresses, so it's incredibly likely that these 3 input addresses are all owned by the same person. So we have:

https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM
https://blockchain.info/address/18AUfktKwRV1rKDLXvZJnHmF2uurreU6u2
https://blockchain.info/address/1EHPZVsQvHxb65o9CepWdPHEuVnWthSuGK

https://coinbase.com/network/addresses/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM
https://coinbase.com/network/addresses/18AUfktKwRV1rKDLXvZJnHmF2uurreU6u2
https://coinbase.com/network/addresses/1EHPZVsQvHxb65o9CepWdPHEuVnWthSuGK

We need to turn some stones. Find any services that have encountered these addresses. And more importantly, if they have any good contact info.

I will contact a few services and respond with their replies.

Hope I helped.
newbie
Activity: 22
Merit: 0
Hello Everyone,

I was scammed last week for a fiat amount of 22k USD! I sold BTC on a p2p exchange accepting german bank transfer and it  took not long time for getting the first offer of a smaller number of around 30 BTC. As I know that fraud is a big topic by trading on #bitcoin-otc I tried to get as much informations I could get from the buyer! He told me that he is buying BTC for his german clients from whom he provided the phone numbers so that I could talk to them to be sure, which I did immediately! After I felt more comfortable with the trade I agreed and received the amount for the first 30 BTC very quickly on even the same day! I released the escrow and was looking forward to the next deal with him! This time he wanted to buy around 80 BTC. After calling the number of his client I agreed to make the trade and the day after I received the amount on my bank account. This time to be even safer I phoned the bank to authorize the transfer to be safe because of potential chargebacks! The employee told me that I can be safe and that no chargebacks are possible after I see the money on my bank account. ( I even have a proof of this statement, because I recorded the phone call). After this I was even more comfortable and was ready for the next trade with around the same volume of 80 BTC. I asked him then to please provide me a proof of payment, so that I can be sure that I will receive the money on the next day! After that a really strange thing happened! He sent me the login data for his clients online banking account and told me I should just log in and check for a proof! This was completely suspicious to me and I immediately decided to go to the police the next day... Then everything changed...

Next morning I woke up and received directly a phone call from my bank that my account was frozen because I am accused of phishing! The buyer of the first trade accused me and claimed the money back, which was then charged back immediately without my agreement!

After that I immediately accused the internet user for phishing to save me for upcoming accusations because of the other two trades, which were from separate accounts each!

To make the story short... Yesterday my concerns were confirmed that every bank transaction was made from phished bank accounts and I now have to send the whole money back that I ever received from trading with this user... The problem for me is now, that the bitcoins except for the first trade are already released and it will be very difficult for me to get them back! The german police is taking care of this case and their cybercrime specialists are trying their best to get the BTC back. The officer himself said that they have had BTC crimes more and more often in the last times and knows therefore a bit about the technical details of btc and theory.

There are some informations we could already gather from the user like ip addresses and mail account, but I think maybe the most valuable information so far are are btc transactions of my the stolen BTC.
They are
https://blockchain.info/tx/d707d1eb7e97a9132314d895f0f80116f70085e6c4e2b2be34d09fadb20da07c
and
https://blockchain.info/tx/b42c6075bdba2dc6f3f05e14fb9d454672e4931c5c3eff40ca6b59a6756f9735

When you check this, you can immediately see that the two amounts of 28 BTC and 86 BTC lead both to this address: https://blockchain.info/address/1NrrEnKJ5tsgBgSQcPjLKXXo6Q9EGrh4zM

I thought about doing some network monitoring and analyse the graph afterwards like it has been done already on this blog article:
http://anonymity-in-bitcoin.blogspot.de/2011/07/bitcoin-is-not-anonymous.html

Maybe there can be some important information extracted from this kind of perspective. Also I thought about asking the exchanges for checking their btc address databases whether they have a registered user using this btc addy!

Since 22k of USD is much money for me I will do everything to get them back and I am willing to give 1 BTC to everyone providing me any concrete information about the identity behind any of the BTC addresses given above!

Thank you for reading this and eventually trying to help me in this case!

Note: I did not provide the nick name of the user because he was registered new on the p2p exchange and is not known here! I also did not provide the name of the p2p exchange to not harm them in any case! If you are interested in a proof of the accusation documents or any more concrete details, just let me know! I cant provide these informations in public because its sensible data! Thanks for understanding this!


Greetings,
jimmy2k
Jump to: