As some of you may know, I am the webmaster and a member of the organizing committee for the 2013 International Electric Propulsion Conference (IEPC 2013). IEPC is a bi-annual conference taking place at locations alternating between international and United States venues. This year, the conference will take place at the George Washington University, place where I did my Ph.D. research. So far, the conference planning has been going smoothly. That is, with one exception. Turns out there are scammers everywhere, even in such a closed community as Electric Propulsion.
On June 21st, we received an email from “Joseph Markos” at “Primex International”, stating the following:
I would like to register some staff for this event-
Event: 33rd International Electric Propulsion Conference (IEPC): October 6 – 10, 2013 | Washington D.C., USA
But going through the registration form, I noticed that payment must accompany registrations and in order for us to complete the payment part of the registration, we need to contact our bank. They will request for an invoice to facilitate the payment. To proceed, we need a pro-forma invoice showing the names of the participant with the total amount due.
Please let me know if you can issue an invoice and what information do you need?
This didn’t look too suspicious as this was not the first email asking for registration options. The standard way to register was via the website using a credit card, but some (legitimate) attendees had trouble with the form, or they had to make a wire transfer. So we responded, basically saying there is no problem preparing the invoice, and asking for the number of registrants. Joseph again responded, this time giving us a list of 7 people and also a mailing address in Equatorial Guinea.
Now, I must admit I found this a bit strange, since in all my years of involvement with the EP community I have never come across a company or a research group from Equatorial Guinea. But, partly due to being busy with a number of other things, and also not really expecting a scam at this point, none of us paused long enough to investigate this in more detail.
Virtual Credit Card
Few days later we were copied on an email supposedly from the accounting department:
On Wed, Jul 3, 2013 at 8:48 AM, Accounting Department
I have spoken with our bank representative this morning regarding the registration payments. Unfortunately we have a limited option here.
Due to the new BEAC restriction, they have temporarily stopped international wire transfer services. He also said our cheque is not an option because it works only here.
But as part of their international payment services, they offer a virtual credit card payment option with certain restriction. This might be our only option to pay the registration payments.
Will they accept credit card for the registration payments? Please let me know before I proceed with this option.
We responded that sure, payment by a credit card is acceptable – in fact this was the standard method of payment. To this, Joseph responded on July 17th with this email:
Good news! The virtual card application has been approved by our bank, attached is a copy of the payment invoice. I need to return the authorization form before they finally provide us the virtual card to make the payment.
There are certain conditions regarding the nature of this virtual card payment service which I want you to know. I have also attached a copy of their terms and conditions for your review.
— The E-Virtual card works just like credit or debit cards but delivered electronically via email.
— We will be responsible for the service charges and payment.
— We cannot use the E-Virtual Card to receive payments. Once payment processed, they are unable to provide refunds.
Our bank specifically told us to inform you about the nature of this E-Virtual transaction. Our only concern is regarding the refund policy in case this event is cancelled.
They stated that we can not use the E-Virtual card to receive payments (there are no cancellations or refunds). In case of refund, we will need to follow up with the return policy and work with the company which goods were originally purchased for our refund.
We hope not but there are unforeseen circumstances which might occur and may result to cancellation of the event (e.g due to low enrollment, weather, act of God. e.t.c), do you agree to process the refund via our payment choice (telegraphic method)?
Please check with your accounting department to know if this is suitable. If the term is against your policy, our best option will be payment on arrival.
Please let me know your opinion before we continue with this payment. They will issue the virtual credit card for payment once I return the authorization form.
In hind sight, this was the first big red flag. Joseph was basically telling us that, in case of a refund, it will not be possible to send the refund back to the original card and you will need to wire us money. To avoid scams, you should always refund back to the original payment method! As we found out later, this was basically a variation of the classic cashier’s check fraud. The scammer sends the victim a fraudulent check and asks for money from the victim’s bank account before the bank realizes the check was bad. But since we did not expect the need to issue a refund, we did not pay much attention to this tidbit. We replied again stating that this “virtual” card should work fine as a payment method. On July 26th, we received the online registration for the seven employees of Primex in the total amount of $4,550.
Many international visitors need to get U.S. visas and we help facilitate this by issuing invitation letters for the attendees to take to the embassy. Joseph next asked us for the letters as he had scheduled an appointment at the U.S. Embassy in Equatorial Guinea. Unfortunately, the appointment did not go as planned:
This is so sad! Unfortunately the visa applications were denied. I tried all I could to find help but the issue is beyond my control. They said there is no document that can guarantee a visa.
Since we can’t do anything more I’d to contact you for help. Please kindly advice us further!
On Mon, Aug 12, 2013 at 4:25 PM, Primex International <firstname.lastname@example.org> wrote:
Thank you for your message. They were denied under section 214(b) of the United States Immigration and Nationality Act. I will contact our Supervisor tomorrow regarding the visa issue. We may have to seek an immigration lawyer assistance as well on this issue.
I will keep you posted. Thank you.
On Tue, Aug 13, 2013 at 10:23 AM, Primex International
I have expressed the issue to our Supervisor to see if there is anything he can do to help on the issue of the visa and he made some calls to an immigration expert and a business associate who had more traveling knowledge than him. He was told that they have no influence at the embassy and the decision of the embassy is final. They advised that no supporting document can guarantee or change the decision of the embassy.
In short, he said we have already wasted money on the visa processing (e.g non refundable visa application fees) and he advised we cancel the registrations since they were unable to secure visas to avoid additional fees. I am sorry, I tried all I could but the issue is beyond my control. We don’t want to waste any more fees on the processing.
I am once again sorry that things didn’t work out as planned. Please advise.
As we started discussing refund options it dawned on me that this is likely a scam. I started looking into Primex in more detail, and the red flags just started popping up one after another. Take for instance:
- I have never heard of Primex International and Googling them, did not reveal anything. There seem to exist few different companies by this name, and they specialize in totally random, non-EP related activities such as trading pistachios or providing financial services in South East Asia.
- Their website, primexeg.com, was simply a front for webmail, see below. This seemed quite strange, especially for a company large enough to send 7 people to an international conference, when most reputable laboratories and universities struggle sending just one or two attendees.
- Furthermore, by reviewing the headers for their email messages, I noticed the emails were actually coming from Gmail, i.e.
Received: from mail-pd0-f176.google.com ([188.8.131.52]:51851) by cpanel38.au.syrahost.com with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.80.1) (envelope-from <email@example.com>) id 1V8tzz-0023A2-JS
This was further confirmed by reviewing their MX record, shown below in Figure 2. Also, turns out the website was registered and hosted at syrahost.com/dnspackage.com, which are both used by what appears to be the Australian counterpart to GoDaddy, crazydomains.com.au.
- I also reviewed the registrant info for the domain, and it contained a fictitious address in Ottawa, Kansas, while providing a phone number (fictitious I am guessing) in Ottawa, Canada. None of this points to a legitimate Equatoguinean company!
- Finally, reviewing their originating IP addresses in the email headers indicated that they seemed to be using some anonymizing proxy with IP of 184.108.40.206. Again, not something a legitimate company would likely be doing.
Contacting the Embassy
But to give them the benefit of doubt, I contacted the U.S. Embassy in Equatorial Guinea, briefing them of the situation:
I am the webmaster/member of an organizing committee of a technical conference taking place this October in Washington, D.C., http://www.iepc2013.org. We have recently received interest in the conference from a “company” supposedly in Equatorial Guinea. They decided to send total of 7 people which by itself is a pretty unusual occurrence. Well, supposedly shortly after making the registration payment, the visa for all 7 attendees were denied and they are now requesting a refund. Since they paid by a virtual card, they are requesting that the money be wired back. This to me seems like the text book cashier’s check fraud (coupled with the fact we have never heard of anyone from EG conducting research on the topic of the conference, there is no online presence for this company, and even their website is just some webmail). However, just to give them a benefit of doubt, I was hoping you could confirm whether there in fact has been an appointment on Friday, August 9th for the following individuals:
>>>>> >>> Mr. Kedi Martin
>>>>> >>> Mrs.Michelle Raphael
>>>>> >>> Mrs.Karina Dingaan
>>>>> >>> Ms. Valentin Adjorlolo
>>>>> >>> Mr. Katalemwa Chueu
>>>>> >>> Mr. Barcza Bakumeni
>>>>> >>> Mr. Yamba Keith
I sent the email in the evening of August 19th, and to my great surprise, I had the response when I woke up the following morning. As expected, the Embassy had never interviewed nor denied them. What however surprised me was that this was not the first time somebody came asking about Primex:
Yours is one of several similar emails we’ve gotten from companies who’ve been approached by Primex with a similar story. We don’t know exactly what’s going on, but it appears to be a scam of some sort, involving a virtual credit card of some kind. One of the companies has expressed an interest in speaking to others who’ve been approached – in case you’d like to get in touch with them, their contact info is below.
Visa information is confidential, but I can tell you that we’ve never interviewed anyone by any of those names, let alone denied them. None of those names are Equatoguinean and we’ve been unable to contact Primex by any of the numbers they’ve provided or at the address they’ve indicated on their correspondence.
So, we’re not sure what’s going on, but we’d recommend you tread carefully.
U.S. Embassy Malabo
While I was doing this, the accounts manager at GWU was also doing his own investigation by working with the card processor and the bank to verify the legitimacy of the initial transaction. The same day we received the response from the embassy, our bank representative notified us of chargeback for this registration fee, originating not from this Joseph at Primex in Equatorial Guinea, but from a Tom P. in Canada. Turns out “virtual card” was nothing else but a stolen credit card!
Of course, we notified Joseph of the chargeback and that his use of the card and the request for a refund were fraudulent. To this, Joseph responded on August 21st:
I’m very shocked and disappointed to hear this. That was the payment information we received from our bank and I don’t know why it was blocked or called fraudulent.
I will have our accounting contact the bank asap. I am sorry for the inconveniences and loss this might have caused you or your company.
That was the last we heard from Joseph. I must admit, I am actually quite impressed with “Joseph’s” professionalism. I guess being smooth is a skill required for any successful scammer. And the lesson from all this, as noted above, if offering refunds, clearly specify these can be issued only to the original payment method.