brandywine
@comcast.net |  reply to gallowsroad
Re: [Credit Card Fraud] Rebatesoft
I too was just hit with a charge from rebatesoft ma with a
number of 888 218 4386 but now the amount is $5.60. I cancelled my card immediately, thanks to this posting. I called the phone number and it is just a recording. Thanks |
|
Nicki
@frontiernet.net
| I just got hit by rebatesoft as well. I noticed the charge when it was still pending and at that time it said "paypal." Once it went through though, it read "CHECK CRD PURCHASE 03/02 REBATESOFT 888-218-4395 MA" At first I left a message at the phone number and waited a couple days. Decided today to google it (why did I wait so long?) and found SO MUCH! I immediately called and cancelled my card and my bank suggested a set up a separate checking account solely for online purchases. A great idea! I did it. |
|
Whip
join:2009-01-23
Califon, NJ
| reply to gallowsroad
It appears MGD's advice was taken:
quote:
Registrant:
Andrew Koptyaev
Obvodnyi kanal street 69/62
Arkhangelsk, 163046
Russian Federation
Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: REBATESOFT.COM
Created on: 26-Feb-07
Expires on: 26-Feb-10
Last Updated on: 24-Feb-09
Administrative Contact:
Koptyaev, Andrew koptyaev@gmail.com
Obvodnyi kanal street 69/62
Arkhangelsk, 163046
Russian Federation
9212434434 Fax --
Technical Contact:
Koptyaev, Andrew koptyaev@gmail.com
Obvodnyi kanal street 69/62
Arkhangelsk, 163046
Russian Federation
9212434434 Fax --
Domain servers in listed order:
NS43.DOMAINCONTROL.COM
NS44.DOMAINCONTROL.COM
Not to be confused with the above as it seems to be proven that the .com site is not the fraud, there are some newer charges being performed by the .us ring.
»800notes.com/Phone.aspx/1-888-218-4395 |
|
Tried to rob me
@sbcglobal.net | reply to gallowsroad
RebateSoft hit my chase card yesterday for $5.60. Never heard of them it must be a scam. I closed the account before any addition charges show up. |
|
didnt get me
@rpi.edu | I got hit with the same $5.60 charge with "REBATESOFT 8882184395 MA" as the description. Called my bank and had the charge removed with no questions asked. There must be many other requests. |
|
garys_2k
join:2004-05-07
Farmington, MI
 ·Future Nine Corpor..
·Vonage
| said by didnt get me :
I got hit with the same $5.60 charge with "REBATESOFT 8882184395 MA" as the description. Called my bank and had the charge removed with no questions asked. There must be many other requests.
Call your bank back and tell them to cancel your card, its number is in criminal hands, and that you want to (demand it if they try to argue) file a fraudulent transaction report. This is NOT a "dispute," don't try to let them persuade you that it is or that canceling this one transaction is all that's needed. |
|
Chris76
@comcast.net
| reply to gallowsroad
I too also got a change from Rebatesoft labeled as "ATM REBATESOFT8882184395 MA" on 3-17-09 for $5.60 on my debit MasterCard. Canceled card and issued a fraud report though issuing bank which says they pass it on to the feds. Thanks for posting and getting this information in the open. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
3 edits | Whip  is correct, this Rebatesoft fraud entity has been going on for months now. There is no question that it is part of the Devbill organized crime syndicate. »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
Multiple victims have reported tandem charges from the other divisions, including this one from the US strawberry division:
quote:
cmcart - 30 Dec 2008
Same thing, Charge from Rebatesoft for $7.50 on the 24th. This is the phone number given to me by my CC. Had a another fraudulent charge a week earlier for $11.89 for a Croll Associates. Called the number and was told it was a template for a webpage they sell and was told i would be refunded.
»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
To second what garys_2k has posted, it is imperative that you report the charge as fraudulent, and cancel and replace the card. Once your card gets hit by these criminals, your card data has been compromised. They will continue to process fraudulent charges against it, regardless if you have the first charges reversed/ disputed. Your only recourse to stop the continuing fraud process is to have the card number cancelled and replaced.
There is at least one victim report that may indicate that the merchant account responsible for this was set up through PayPal.
quote:
I noticed a pending charge to my business Mastercard for $7.50 from PayPal.
That’s strange; I didn’t think I owed PayPal money for anything, and why
would they hit my charge card rather than my PayPal account, or maybe my
linked checking account? Maybe they were doing a routine card authorization
check...but those usually use $1, not $7.50.
When the charge settled, the payee's name changed to Rebatesoft. That’s even
stranger. Who? When I googled them I found multiple forums dealing with
credit card fraud. Maybe Rebatesoft is laundering stolen credit card numbers
prior to selling them. It's unclear whether Rebatesoft is the actual thief,
or a willing accomplice, or an unwilling tool.
Ref:»curiocityonline.blogspot.com/200···ers.html
That is not the first reference that I have ran across on this fraud that mentioned PayPal, however it is unusual. PayPal merchant accounts are not conducive for a fraud operation such as this. Unlike merchant accounts that originate at banks, PayPal usually holds a high reserve on the funds, and an extended hold period, in order to protect themselves from chargebacks.
If any recent Rebatesoft fraud victim can provide me with the ARN (Acquirer Reference Number, usually 23 digits) for the fraud transaction. I can forward it to a financial system security contact, who may be able to track down the acquirer bank where this fraudulent merchant account originated from, and have the account shut down. On credit card fraud charges the ARN should be listed on the line item of your statement, however on debit transactions you may have to call your bank and ask for the relevant ARN number.
Though the ARN is a transaction number and unrelated to your card number, nevertheless do not post it on the thread as it is a unique identifier. You can send it to me via Instant Message, but will need to sign up on the forum in order to do so, which is free.
MGD |
|
mosaic_soup
join:2009-03-24
| reply to gallowsroad
I just today received a pending charge on my debit card for $5.60 from Rebatesoft. Found this thread via internet search. Already canceled card and was given same phone number as above from customer service rep. This card was linked to my paypal account.
Thanks for your help. |
|
Dani75
@bellsouth.net | reply to gallowsroad
I too have been hit by REBATESOFT on 03/16 for $5.60. Has anyone been in touch with Paypal about this? The bank has cancelled my card and reimbursed me for the transaction, but I want to know if Paypal records have been compromised. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by Dani75 :
...... but I want to know if Paypal records have been compromised.
So far there is nothng to indicate that Paypal issued cards are being hit in any significant numbers by the fraud.
There is anecdotal evidence that may indicate that the fraudulent merchant account originating the charges may have been obtained via Paypal, a different issue. Though the responsible organized crime syndicate has for years used hijacked Paypal merchant accounts to run massive pre authorization ping charges as a method of pre validating the card data, they ae not known to set up PayPal merchant accounts for fraud processing due to the numerous restrictions.
The processing system has adapted to the pre authorization pinging tactic by flagging merchant accounts that submit repeated ping pre authorizations. In some case the accounts are automatically suspended based on ping volume, and the system will reject any authorizations after the trigger is hit.
One result of that change may have been the recent reports of thousands of consumers complaining of actual ping charges in ~ $0.10 to $0.15 range. Ideally criminals want to pre authorize, and not actually process the charge. A pre authorization rolls off within 24 to 48 hours and will not be seen by most consumers, unless the monitor their accounts online. The actual completed ping charges may have been the result of pre auths being blocked, and it was the only way the criminals could validate the numbers. Having the charge complete was dumb, because that process in itself was an alert to attentive consumers, unlike the usual pre auth that would disappear.
MGD
|
|
designwebs
join:2007-04-02
Franklin, OH | reply to gallowsroad
I got hit today. Did anyoen ever find out where this stuff was coming from? |
|
ptaware
join:2009-04-06
Salem, OR | reply to Tried to rob me
I got hit as well on my Chase card for $5.60. Cancelled my card and Chase removed the charge. Does anyone know how these scammers might have accessed our card numbers? |
|
ptaware
join:2009-04-06
Salem, OR
| reply to gallowsroad
I just contacted Chase about a similar charge on my account from REBATESOFT for $5.60. The contact number on the statement number listed is 888 216-4395 and is a recorded message that doesn't sound very professional. I left 3 messages and never received a response. Definitely fraudulant. Chase has reversed the charges and my card has been cancelled. Does anyone know how this company is getting our account numbers? Should I be concerned about my other credit cards |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by ptaware :.... Does anyone know how this company is getting our account numbers? Should I be concerned about my other credit cards No, not with any certainty. However, it is not just this "company". This is just one of 40 to 50 fraud sites operating at any given time that are controlled by an organized crime syndicate operating from Russia.
There is no reason to cancel cards that have not been hit with the fraudulent charge. There have been other victims who were hit on multiple cards. It is the first fraudulent small charge which serves as a notification that that card data has been compromised. Immediately cancelling and replacing the compromised card, and reporting the charge as fraudulent, which you have done, is the standard operating procedure when hit.
MGD |
|
Chupchakes
@verizon.net
| reply to gallowsroad
Be warned! Rebatesoft 888-218-4395 MA (number disconnected) charged my account $5.60 on 04-08-09. This charge predated $715.53 in fraudulent charges in TN and MO all within 45 mins of each other on 04-09-09.
$188.47 to Krogers in Clarksville TN
$186.28 to Walmart in Troy, MO
$179.28 to Krogers in Troy, MO
$160.90 to Krogers in Troy, MO
The last two charges at Krogers were in the same store exactly one minute apart. The Wal-mart trip was only 22 mins earlier than Krogers. So, I'm guessing that more than one person was working this.
Luckily for me, my bank (West Coast Bank) realized that I was in Dallas, TX at the exact same time, so they called me and put an end to it. I shudder to think how much they could have gotten out of my account if I had not gotten the call.
Here's the rub...Neither Wal-mart nor Kroger's has any plan of action for prosecuting. They just refer you to their loss mitigation departments. So when are these large companies going to start going after these criminals? Surely a person spending over $150 at a store has to pass at least one security camera along the way. Maybe stores should start putting cameras right on the check out counters to capture the face of anyone using stolen ID's. Receipts and camera's could work together to time stamp every individual that goes through the line. Until stores are willing to do that, this will only continue to get worse. |
|
Whip
join:2009-01-23
Califon, NJ
| reply to gallowsroad
After seeing the post from r2d21477 here:
»Ebook websites, fraud charges, Devbill/DigitalAge/Pluto
quote:
I just received fraudulent charge listed as Rebatesoft on CC dated 3/23/09. Phone number given to CC Co = 888-218-4395 - with only vmail access when called.
Obviously these guys are still continuing. Cancelling CC and watching all others. I had this CC listed on Pay Pal - but never stayed at a Marriott, though so the commercial link breech is still not clear.
The phone number 888-218-4395 comes up here in a search:
»www.apsense.com/content/1572-110578.html
quote:
Make 200 a day without breaking a sweat
Apr 11 2008
Join The Millionair's Club
Let our team help you build your business.
3 levels of entry, as low as $10.00 one time
This is a fun club with lots of support with my help you can retire in 6 Months making $200 Daily
Team Stats: 26 DAYS - 400+ Sign Ups.
Get A FREE Advertising Co-Op Position and
Let me teach you how to get 50,000
guaranteed visitors to your website
There has never been a program like this before.
Don't miss our call or you will hate yourself for it later.
Phone me for details and/or go to:
»viralurl.com/jme5701/Club
Look forward to talking with you soon
While you're here check out this free ebook it will make a great difference in your results for any affiliate or mlm program it's my gift to you just for clicking on my email go to:
»viralurl.com/jme5701/7lies
have a great and prosperous day
John M Ellis
888-218-4395
johnellis58@gmail.com
Some charges as recent as late March/early April:
»800notes.com/Phone.aspx/1-888-218-4395
»whocallsme.com/Phone-Number.aspx/8882184395
This number is listed earlier in this thread. |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Chupchakes
said by Chupchakes :
Be warned! Rebatesoft 888-218-4395 MA (number disconnected) charged my account $5.60 on 04-08-09. This charge predated $715.53 in fraudulent charges in TN and MO all within 45 mins of each other on 04-09-09.
......
..
Surely a person spending over $150 at a store has to pass at least one security camera along the way. Maybe stores should start putting cameras right on the check out counters to capture the face of anyone using stolen ID's. Receipts and camera's could work together to time stamp every individual that goes through the line. Until stores are willing to do that, this will only continue to get worse.
Thanks for posting,
They do have cameras focused on the checkouts, Walmart has them on all registers. It is those stores that will have to eat the loss from those fraudulent transactions, and they may be content to just write it off. Unfortunately in these cases, that same user probably has dozens of cloned cards and is operating with a group of individuals. They are missing an opportunity by failing to follow up. This is rarely one individual with one card.
MGD |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Whip
said by Whip : quote:
Make 200 a day without breaking a sweat
Apr 11 2008
Join The Millionair's Club
Let our team help you build your business.
3 levels of entry, as low as $10.00 one time
..
..
.
John M Ellis
888-218-4395
johnellis58@gmail.com
.. . Indeed, Rebatesoft is still at it. Looks like they are in for the long haul. Really need to track down the acquirer bank and nuke the merchant account. Though it is possible that they have already burned through at least one.
I suspect from a quick review that there may be no connection between the "Apr 11 2008" posting entity and rebatesoft. The time frame is different, rebatesoft.us was not registered until later on.
Most of these toll free numbers come from services such as ringcentral. They are cheap voip set ups, and can be set up from an online registration using anyone's credit card. That is what makes them ideal for cyber criminals. The numbers are rotated frequently as the service is month to month. One entity can have that number one month and it can be assigned to an unrelated entity the next month. Finding simultaneous use is the best way to begin an attempt to link them. While this does not automatically clear the April 08 use, it is however likely that rebatesoft did not obtain the number until on or after August 19th 2008, which is when the domain was registered.
MGD |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | reply to Whip
EDIT=Duplicate post |
|
