joewein.de LLC
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
 jwSpamSpy
Try it for free!

Google

 

419 Scam – "ONXY SECURITIES AND FINANCE S.A / MARTINS ALBERTO"

"EUROMILLONES SPANISH SWEEPSTAKES LOTTERY / ONXY SECURITIES AND FINANCE S.A / MARTINS ALBERTO" are a fake lottery company and a fake securities company operating in Spain.

This scam is linked to the "CITY TRUST E-MAIL LOTTERY INTERNATIONAL N.V / Mr Rick Van morgan" and "FAMOUS CULTURE LOTTERY / Joe West / Rita Hamilton" scams.

jwSpamSpy
Are you sick of spam too? Do you want it stopped now?
Try jwSpamSpy, the spamfilter we use to track the spammers!
Free 30-day trial version available now!

Fake postal address: 

ONXY SECURITIES AND FINANCE S.A
C/MALAGA 4,28014 MADRID,
MADRID, SPAIN
TELL: 0034-618-157-904
FAX: 0034-628-336-372

Example of fake winning notification email:

CONGRATULATIONS!!!!


FROM:THE DESK OF THE VICE PRESIDENT.
PROMOTIONS/PRIZE AWARD DEPT.
MADRID,ESPAÑA.

BATCH NO: PTP/8573421009//7765
REF. NO: PTP/79065-07855//7765

WINNING NOTIFICATION / FINAL
NOTICE...CONGRATULATIONS!!!!

This is to inform you of the release of  EUROMILLONES SPANISH
SWEEPSTAKES LOTTERY/INTERNATIONAL PROGRAM  held
on the 24TH of NOVEMBER, 2004. Due to the mix up of
number,the results were released on the 26th of
NOVEMBER 2004. Your email attached to ticket number
20/39/45/75/ with serial number 6954398765 drew the
lucky numbers of 30-56-73-46-23 which consequently won
the lottery in the 1st category.

You have therefore been approved for a lump sum payout
Of (1,000,000.00) One million euros only in cash.

Due to mix up of some numbers and names, we ask that
You keep your winning information confidential until
your claims has been processed and your money remitted
to you. This is part of our security protocol to avoid
double claiming and unwarranted abuse of this program
by some participants.

All participants were selected through a computer
ballot system drawn from only Microsoft users from
over 20,000.00 companies and 3,000,000 individual
email addresses and names from all over the world. To
begin your lottery claim, please contact our agent
below that have been appointed for the processing of
your claim with the email address below, to begin the
processing of your claim:

CONTACT NAME:   MARTINS ALBERTO 
AGENT:ONXY FINANCE AND SECURITY S.A
CITY/ COUNTRY:  MADRID,SPAIN
FREE SERVICE NUMBER:  0034 618-157-904
EMAIL: onxyfinance2@netscape.net 
            
Note that all winning must be claimed not later than
24th of December 2004. After this date all unclaimed
funds will be included in the next stake. Please note
in order to avoid unnecessary delays and Complications
please remember to quote your reference number and
batch numbers in all correspondence. Furthermore,
should there be any change of address do inform our
agent as soon as possible.

Congratulations once more from our members of staff
and thank you for being part of our promotional
program.

Note: Anybody under the age of 18 is automatically
disqualified.

Yours Sincerely,
MRS.Z. PEREZ

This email was sent from Spain: 12.red-83-38-214.pooles.rima-tde.net [83.38.214.12] on Wed, 08 Dec 2004 12:43:35 +0100 

     inetnum:      83.37.0.0 - 83.39.255.255
     netname:      RIMA
     descr:        TELEFONICA DE ESPANA
     descr:        Provider Local Registry
     country:      ES
     admin-c:      AFG2-RIPE
     admin-c:      JB986-RIPE
     tech-c:       FLT14-RIPE
     tech-c:       FSB3-RIPE
     status:       ASSIGNED PA
     notify:       adminis.ripe@telefonica.es
     remarks:      ***************************************************
     remarks:      For ABUSE/SPAM/INTRUSION issues
     remarks:      PLEASE CONTACT THROUGH LINK
     remarks:      http://www.telefonicaonline.com/nemesys/
     remarks:      or send mail to nemesys@telefonica.es
     remarks:      any mail to adminis.ripe@telefonica.es will be ignored
     remarks:      ***************************************************

Example of response from fake security company:

Thank you for your response, Please find application form attached, endeavor to fill-in the apprioprate info and return it as soon as possible by fax.
Alternatively you can also send it via email attachement if you find it difficult to get through our fax.

Also endeavor to notifiy us by email as soon as the fax is sent to our office to avoid any delay.

Await your prompt response and acknowledgement.

Best regards,
MARTINS ALBERTO

The "claim application form", a Microsoft Word document named "Claim Application Form Doc.B2.doc" that accompanied this email lists "ARAB & CO." as the company and "ARAB" as the author, the same as in the "CITY TRUST LOTTERY". It was last saved by someone logged in as "Quaisar". Another Word document emailed to the same person was called "CERT. OF DEPOSIT 2.doc", with a company name of "Cibernet" and an author "x". It was last saved by a user logged in as "Naeem".

Are these deliberate acts to lay a false trail, or does this scam maybe involve Moroccans or other Arabs living in Spain? We don't know yet.

Here were the message headers: 

Received: from  netscape.net (mow-d26.webmail.aol.com [205.188.139.167])
 by air-in04.mx.aol.com (v103.7) with ESMTP id MAILININ43-589a41c2d8c821;
 Fri, 17 Dec 2004 08:02:00 -0500
Date: Fri, 17 Dec 2004 08:02:00 -0500
From: onxyfinance2@netscape.net
To: emailaddress ("FIRSTNAME LASTNAME")
Subject: Re:CLAIM FORM ATTACHED
MIME-Version: 1.0
Message-ID: <416AB002.202E26C4.94774544@netscape.net>
X-Mailer: Atlas Mailer 2.0
X-AOL-IP: 212.145.113.203
X-AOL-Language: english
Content-Type: multipart/mixed; boundary=-------418341da2046b89c418341da2046b89c
Content-Transfer-Encoding: 8bit

This indicated the email was sent from 212.145.113.203 in Spain: 

     inetnum:      212.145.0.0 - 212.145.127.255
     netname:      IPCOM-NET
     descr:        Infraestructura Red y Servicios IP
     descr:        Comunitel Global S.A.
     country:      ES
     admin-c:      MV1331-RIPE
     tech-c:       TLM1-RIPE
     status:       ASSIGNED PA
     mnt-by:       COMUNITEL-MNT
     changed:      tlestayo@comunitel.es 20000531
     source:       RIPE
     
     route:        212.145.112.0/23
     descr:        Comunitel Global PA Block
     origin:       AS12357
     mnt-by:       COMUNITEL-MNT
     changed:      tlestayo@comunitel.es 20041007
     source:       RIPE
     
     person:       Monica Vales
     address:      COMUNITEL GLOBAL S.A.
     address:      Consorcio de la Zona Franca
     address:      Area Portuaria de Bouzas
     address:      36208 VIGO (PONTEVEDRA)
     address:      SPAIN
     phone:        +34 986 21 40 44
     fax-no:       +34 986 21 40 41
     e-mail:       mvales@comunitel.es
     nic-hdl:      MV1331-RIPE
     changed:      lpozo@comunitel.es 19990215
     source:       RIPE
     
     person:       Tomas Lestayo Martinez
     address:      Avenida de Manoteras, nº 44
     address:      4ª planta, módulo D
     address:      08039 ESPAÑA
     phone:        +34 91 2963321
     fax-no:       +34 91 2963310
     e-mail:       tlestayo@comunitel.es
     nic-hdl:      TLM1-RIPE
     notify:       dominios@comunitel.es
     mnt-by:       COMUNITEL-MNT
     changed:      aceide@comunitel.es 20020416
     source:       RIPE