# Scammers Everywhere

Posted on September 1st, 2013
Previous Article :: Next Article

As some of you may know, I am the webmaster and a member of the organizing committee for the 2013 International Electric Propulsion Conference (IEPC 2013). IEPC is a bi-annual conference taking place at locations alternating between international and United States venues. This year, the conference will take place at the George Washington University, place where I did my Ph.D. research. So far, the conference planning has been going smoothly. That is, with one exception. Turns out there are scammers everywhere, even in such a closed community as Electric Propulsion.

## First Contact

On June 21st, we received an email from “Joseph Markos” at “Primex International”, stating the following:

Good afternoon.

I would like to register some staff for this event-
Event: 33rd International Electric Propulsion Conference (IEPC): October 6 – 10, 2013 | Washington D.C., USA

## Visa Problems

Many international visitors need to get U.S. visas and we help facilitate this by issuing invitation letters for the attendees to take to the embassy. Joseph next asked us for the letters as he had scheduled an appointment at the U.S. Embassy in Equatorial Guinea. Unfortunately, the appointment did not go as planned:

This is so sad! Unfortunately the visa applications were denied. I tried all I could to find help but the issue is beyond my control. They said there is no document that can guarantee a visa.

Since we can’t do anything more I’d to contact you for help. Please kindly advice us further!

Regards,
Joseph

On Mon, Aug 12, 2013 at 4:25 PM, Primex International <manager@primexeg.com> wrote:
Thank you for your message. They were denied under section 214(b) of the United States Immigration and Nationality Act. I will contact our Supervisor tomorrow regarding the visa issue. We may have to seek an immigration lawyer assistance as well on this issue.

I will keep you posted. Thank you.

Joseph

and

On Tue, Aug 13, 2013 at 10:23 AM, Primex International wrote:
I have expressed the issue to our Supervisor to see if there is anything he can do to help on the issue of the visa and he made some calls to an immigration expert and a business associate who had more traveling knowledge than him. He was told that they have no influence at the embassy and the decision of the embassy is final. They advised that no supporting document can guarantee or change the decision of the embassy.

In short, he said we have already wasted money on the visa processing (e.g non refundable visa application fees) and he advised we cancel the registrations since they were unable to secure visas to avoid additional fees. I am sorry, I tried all I could but the issue is beyond my control. We don’t want to waste any more fees on the processing.

I am once again sorry that things didn’t work out as planned. Please advise.

Joseph

## Red Flags

As we started discussing refund options it dawned on me that this is likely a scam. I started looking into Primex in more detail, and the red flags just started popping up one after another. Take for instance:

1. I have never heard of Primex International and Googling them, did not reveal anything. There seem to exist few different companies by this name, and they specialize in totally random, non-EP related activities such as trading pistachios or providing financial services in South East Asia.
2. Their website, primexeg.com, was simply a front for webmail, see below. This seemed quite strange, especially for a company large enough to send 7 people to an international conference, when most reputable laboratories and universities struggle sending just one or two attendees.
3. Furthermore, by reviewing the headers for their email messages, I noticed the emails were actually coming from Gmail, i.e.
Received: from mail-pd0-f176.google.com ([209.85.192.176]:51851)
by cpanel38.au.syrahost.com with esmtpsa (TLSv1:RC4-SHA:128)
(Exim 4.80.1)
(envelope-from <manager@primexeg.com>)
id 1V8tzz-0023A2-JS


This was further confirmed by reviewing their MX record, shown below in Figure 2. Also, turns out the website was registered and hosted at syrahost.com/dnspackage.com, which are both used by what appears to be the Australian counterpart to GoDaddy, crazydomains.com.au.

4. I also reviewed the registrant info for the domain, and it contained a fictitious address in Ottawa, Kansas, while providing a phone number (fictitious I am guessing) in Ottawa, Canada. None of this points to a legitimate Equatoguinean company!
5. Finally, reviewing their originating IP addresses in the email headers indicated that they seemed to be using some anonymizing proxy with IP of 199.255.209.167. Again, not something a legitimate company would likely be doing.

## Contacting the Embassy

But to give them the benefit of doubt, I contacted the U.S. Embassy in Equatorial Guinea, briefing them of the situation:

Dear Consuls,

I am the webmaster/member of an organizing committee of a technical conference taking place this October in Washington, D.C., http://www.iepc2013.org. We have recently received interest in the conference from a “company” supposedly in Equatorial Guinea. They decided to send total of 7 people which by itself is a pretty unusual occurrence. Well, supposedly shortly after making the registration payment, the visa for all 7 attendees were denied and they are now requesting a refund. Since they paid by a virtual card, they are requesting that the money be wired back. This to me seems like the text book cashier’s check fraud (coupled with the fact we have never heard of anyone from EG conducting research on the topic of the conference, there is no online presence for this company, and even their website is just some webmail). However, just to give them a benefit of doubt, I was hoping you could confirm whether there in fact has been an appointment on Friday, August 9th for the following individuals:

>>>>> >>> Mr. Kedi Martin
>>>>> >>> Mrs.Michelle Raphael
>>>>> >>> Mrs.Karina Dingaan
>>>>> >>> Mr. Katalemwa Chueu
>>>>> >>> Mr. Barcza Bakumeni
>>>>> >>> Mr. Yamba Keith
>>>>> >>>

Thank you!

I sent the email in the evening of August 19th, and to my great surprise, I had the response when I woke up the following morning. As expected, the Embassy had never interviewed nor denied them. What however surprised me was that this was not the first time somebody came asking about Primex:

Hello,

Yours is one of several similar emails we’ve gotten from companies who’ve been approached by Primex with a similar story. We don’t know exactly what’s going on, but it appears to be a scam of some sort, involving a virtual credit card of some kind. One of the companies has expressed an interest in speaking to others who’ve been approached – in case you’d like to get in touch with them, their contact info is below.

[removed]

Visa information is confidential, but I can tell you that we’ve never interviewed anyone by any of those names, let alone denied them. None of those names are Equatoguinean and we’ve been unable to contact Primex by any of the numbers they’ve provided or at the address they’ve indicated on their correspondence.

So, we’re not sure what’s going on, but we’d recommend you tread carefully.

Consul
U.S. Embassy Malabo

## Chargeback

While I was doing this, the accounts manager at GWU was also doing his own investigation by working with the card processor and the bank to verify the legitimacy of the initial transaction. The same day we received the response from the embassy, our bank representative notified us of chargeback for this registration fee, originating not from this Joseph at Primex in Equatorial Guinea, but from a Tom P. in Canada. Turns out “virtual card” was nothing else but a stolen credit card!

Of course, we notified Joseph of the chargeback and that his use of the card and the request for a refund were fraudulent. To this, Joseph responded on August 21st:

I’m very shocked and disappointed to hear this. That was the payment information we received from our bank and I don’t know why it was blocked or called fraudulent.

I will have our accounting contact the bank asap. I am sorry for the inconveniences and loss this might have caused you or your company.

Joseph

That was the last we heard from Joseph. I must admit, I am actually quite impressed with “Joseph’s” professionalism. I guess being smooth is a skill required for any successful scammer. And the lesson from all this, as noted above, if offering refunds, clearly specify these can be issued only to the original payment method.

Subscribe to the newsletter and follow us on Twitter. Send us an email if you have any questions.

### 14 comments to “Scammers Everywhere”

1. September 1, 2013 at 8:33 pm

Wow! That’s the last thing we expect in electric propulsion group. You did a good job going through all the trouble and finding the scammer. But i still believe you guys should seek professional help to track him and send him to jail. Otherwise this would just be one of the many failed scams for him and he would just move on.

• September 1, 2013 at 8:39 pm

I think tracking him down would be quite difficult, especially since I believe he was accessing internet via some Tor-like protocol. This person could be literally anywhere in the world. Perhaps had we sent him the wire transfer, there would be some way to determine where and by whom the money was received. But that was bit beyond how far we wanted to play this game…

2. Jan
October 17, 2013 at 2:16 pm

This is word for word what happened to us. Even down to the seven registrations. Joseph is a professional Scammer. We have received a dispute letter from the Bank now and it is in their hands.

• October 17, 2013 at 2:30 pm

Thanks for letting us know! When did they try scam you? By the way, my guess is that they are based in Bulgaria since one of the emails did not have the originating IP masked and it resolved to an ISP there.

3. Jan
October 17, 2013 at 3:20 pm

First registered on the 17th August and are now trying to get a refund.

4. March 24, 2014 at 12:58 pm

We have also just had this almost identical scam happen to us for our 2014 NIRSA:Leaders in Collegiate Recreation Annual Conference. This time it was from a gentleman named Moses from a company called Sodexo International, which actually exists. I felt uncomfortable with the refund transaction having to be wired, so I did a little research and came up with this post. Thank you for your information!

• March 25, 2014 at 3:09 am

Thanks for letting me know, Angie. I guess they are using the Sodexo name since Sodexo is a well known name around universities, as they run many of the food and entertainment services. But checking the website, the full name is Sodexo Group, not Sodexo International.

5. Vallen
May 27, 2014 at 2:04 am

Thanks for this blog. We have just gone through this with our Australian conference with a man named Moses with compnay Sodexo – with the exact same wording as above. We were cautious but busy so allowed them to register. Now the bank are recalling funds as well as Moses asking for a refund – we googled as knew we had been scammed and here I am. The names he used are:Samuel Ansah, John Ekomie, Botha Maxwell, Manuel Kilonzo, Eliza Kigongo, Joyce Miquelina, Caroline Okwiri,Consolata Kibore.

6. Mike
September 19, 2014 at 8:32 am

Thanks for posting this information. We’ve received a similar request for our conference – slightly different details but same fact pattern. It seemed fishy right away but we weren’t sure until I saw your story here.

7. Charlee
March 25, 2015 at 2:06 pm

We are currently in the midst of this with our International Academy of Nursing Editors Conference. The original contact John Benson of LAWASON✪ International, supposedly in Gabon. He originally contacted the conference organizer using a donotreply wordpress.com sending address and a info@lawason.org reply-to address. With dozen of emails each hour, this initial red flag was unfortunately overlooked.

We were busy to process registrations and so went through the 3 month process to get the following 10 names registered: Dr. Festus Kahliga, Dr. Bernard Biribonwa, Mr. John Yeta, Mr. Samuel Urassa , Mrs. Faith Onyango, Mrs. Pauline Kurgat, Mrs. Meghan Nyamosi, Ms. Nathalie Basselier, Mr. Lucas Mehlomakhulu, Mr. Tadek Mendy.

We recently got the “visa denied message and I went to work trying to point where the initial contact started. The red alarm went off when it took 3 months to figure out payment, I should have started my search then.

I googled the street address in John’s signature: “#371 rue alfred-marche libreville 00241 gabon” and it directed me to “Ambassade du Burkina Faso
159 Boulevard Haussmann, 75008 Paris 08, France”. I did not find any information on Lawason International as a company, but did find the same group on a registration list of the International Fruit Tree Association conference. Almost all of the same names showed up on the registration list for the 58th Annual IFTA Conference, Feb 2015, in Halifax Nova Scotia.

I’m really glad I found this post! Thank you so much for writing it all out too. You helped me prove my concern had basis.

8. June 29, 2015 at 6:35 am

Thanks so much for your thorough investigation posting your findings. We manage a large international medical meeting. The contact we received from a company named “Centrixs Group,” supposedly located in Gabon, is word-for word as you have described.

The meetings community should be warned about this, possibly through MPI and PCMA as well as specialized organizations such as HCEA.

• June 30, 2015 at 2:04 pm

Thanks Rich. Definitely feel free to spread the word.

9. Kylee
July 21, 2015 at 4:25 am

Thanks for this, guys. Feel heaps better knowing it’s not just me. Rich, I have that guy too. Have shared this page with the Conference Organizers group on LinkedIn. Much appreciated.

10. July 26, 2015 at 3:25 am

We are organising a big conference in the first week of September 2015. We went through the same series of events from what was described a company called Centrixs Goroup in Gabon. We are now up to VISA PROBLEMS. We became very suspicious and when we investigated the company we found the above. Our last communication with them is given below:

James

This is a fraud. Therefore, the game is over. Do not contact us again.

We have done a Google search and found this, it’s shocking to see the amount of similarity between the details mentioned in the link below and the emails we received from you.

https://www.particleincell.com/2013/scammers-everywhere/

There is a comment in this link:

Rich
June 29, 2015 at 6:35 am
Thanks so much for your thorough investigation posting your findings. We manage a large international medical meeting. The contact we received from a company named “Centrixs Group,” supposedly located in Gabon, is word-for word as you have described.

Professor Al-Tai

On 24 Jul 2015, at 10:47 pm, Centrixs Group wrote:

Dear professor Al-Tai

I was informed this afternoon that the visa applications of the delegates were denied. It is very shocking as we have made all the necessary preparation for their trip and I am very surprised regarding the decision of the Embassy.

I tried to find help but the issue is beyond my control.

Since there is nothing more I can do, I’d to contact you for help. Please advice us further on how you can help on the visa matter.

I will also contact our Supervisor to see if we can get an assistance from an immigration lawyer.

Regards,
James