Thursday, May 31, 2012

Parcel Scam: The Modus Operandi (and, I Lodged a Police Report)

UPDATED on 12 November 2012: Rogar Brandon is now known as BRAN ROGER.

I discovered this a moment ago while searching for a string of old messages on Facebook regarding a scam I uncovered in May this year (see story below). I'm helping in a research conducted by a new friend who is a postgraduate candidate working on a project examining Internet romance scam.

Here's an excerpt of his original message dated way back in January this year when his identity was "Rogar Brandon" just like his signoff. However, it's now changed to "Bran Roger".

My Facebook album detailing various screenshots of his Facebook message and other details shows the initial "Rogar Brandon". Although he messaged me in January this year, it was not until May that I finally replied him when he contacted me again (twice).
 ***


Two days ago, on May 29, I lodged a police report related to a parcel scam case after collecting what I believe to be sufficient evidence and details. I am also posting it here with the hope that others will be aware of such a scam and will NOT fall prey to it. Included are specific details, so should you see something like this happen to you or your friends (I hope not) with a similar storyline/plot, you'd know how to avoid.

In my case, a man who calls himself “Captain Rogar Brandon” messaged me in my Facebook inbox a few times before I replied and responded to his friend request. He told me he'd fallen in love with me. Could this be a possible scam, I wonder?

The Rogar Details:
  1. He has two mobile numbers i.e. +1 713 574 8471 (US) and +44 7594 721906 (UK). His request is to always contact the UK number, which I experimented by sending him SMS but never received any reply. He did, however, acknowledge the specific contents of what I sent.
  2. His Facebook profile is http://www.facebook.com/rogar.brandon. He removed me from his Facebook on May 29, 2012, and I believe he blocked me after I blew his cover.
The Background:
Rogar Brandon first contacted me on Sunday, 8 January 2012 at 1:54 PM to which I did not reply. I received a second message from him on Saturday, 28 April 2012 at 5:37 PM to which I also did not reply. He sent a third message on Tuesday, 1 May 2012 at 2:52 PM and I did respond out of curiosity. I started chatting with him whenever he messaged me to see what he wanted.

Three weeks down the road, it smelled more and more like an online scam but I decided to play detective. It’s time to see and experience for myself how this thing (the scam if it is indeed a scam) works. The culprit in my case claimed himself to be an American.  He said he has an American father and a French mother, but he doesn’t want to talk about them because it reminded him of the sad things when his parents went their separate ways.

He asked for my phone number and I gave him because I wanted to listen to him and also to screen-capture important information should The Day comes. For an American, he sure sounded un-American (alarm bell!) and I even told him that. He said he is a ship captain with Odyssey Cruises in the US and has been with them for many years since his early twenties. His contract will be ending in March 2013 and wants to resign, get married (with me) and starts his own business.

How the Scam Works (In a Nutshell): 
He said he’s fallen deeply in love with me and wanted to send me really expensive gifts because of how he felt for me. He has plans for “us” he said. He arranged to send them along with some of his own clothes through a courier company that operates only in Europe. He said he cannot be seen taking the luggage to my country by his company so wanted to send it off to me first before his year-end visit. The courier company told him I will have to pay declaration fee when the box (yes, the luggage has turned into a box) arrives at my country. The fee was approximately US$1,000. The said parcel "arrived" in Malaysia at super speed. The courier company does not have a presence in Malaysia, so an agent will act on their behalf. The said agent did call me and she SMS the personal account information for me to make payment to a certain customs officer handling my parcel at KLIA Kargo.

How the Scam Works (The Details):
On Sunday, May 27, 2012, he told me he will be arranging to send me really expensive gifts because he really loves me very deeply (although I barely know him). I then received a lengthy Facebook message from him describing the expensive items he had sent, including cash, through a courier company called Interlink Security. However, I need to pay for the customs declaration fee when the parcel arrived at my country as advised by the courier company to him (I told myself the finale’s near).

He barely knows me and I barely know him, and within a month wanted to send me gifts such as jewelries, Apple laptop, iPhone, watch, and 8,500 pounds hidden in the battery compartment of the laptop? At first, when I asked, he was reluctant to tell me the exact items of gift because he wanted it to be a surprise, but did give a “preview” by mentioning the laptop, iPhone and perfumes probably to entice me. Later, he spilled the entire content of the "surprise" through in a comprehensive message he sent on May 29.

For more details and checking, I asked him for the courier company website link. After a while, he provided me the link with username and password to track the package. I visited the link and managed to log in to “track” the non-existent parcel.

The Courier Company:
  1. I researched the link with the following findings. All the websites listed below were accessed on Tuesday, May 29, 2012.
  2. This is the link given to me: http://interlinksecdelivery.page.tl/TRACK-YOUR-PARCEL-ALICE.htm
  3. I tried clicking on the link above but it didn’t work so I tried http://interlinksecdelivery.page.tl/. The website looked dodgy and not professional. Even the login credentials did not look right.
  4. I also found http://www.interlinksecdelivery.com which has similar, if not the same, contents as http://interlinksecdelivery.page.tl/.
  5. Further checks with a malware site found that the said link in item 4 is indeed a malware link; see http://www.malwareurl.com/ns_listing.php?ip=202.75.52.140 for the complete list of fake sites under this IP. The detailed report revealed that all the contacts (from domain registrant to billing) are all based in Selangor, Malaysia. So much for a "European courier company".
The Courier Company Agent:
Since the parcel had arrived in Malaysia, I waited for the Interlink Security agent to call me and the person did. The caller’s name is Wendy. The phone number used to contact me is +6011 1607 5421 and in the following manner, all on Tuesday, May 29, 2012: 
  • First phone call received: 12.40 PM
  • First SMS received (exact contents below): 12.55 PM
Ms Alice, this is the account details: MAYBANK ACC NO: 162197345278 NORKHAIZAH BINTI MOHD DAWAN. The amount payable is RM3250 for custom clearance and duty. Pls kindly inform me after payment made inorder for us to deliver ur luggage on time by this afternoon. Thanks from Wendy.
  • My reply to the SMS: 1.01 PM. I asked Wendy to tell me again the company she was acting for and who is Norkhaizah.
  • Second phone call in response to my SMS reply: 1.02 PM. I believe that the caller did not want to put it in writing through SMS but instead chose to call to reply to my SMS. She (Wendy) reiterated that she is an agent of Interlink Security and Norkhaizah Binti Mohd Dawan is the Custom Officer in-charge of my parcel at the KLIA Cargo. 011 is a pre-fix shared by telcos so I asked her what phone company she is using for the number she is calling me from and she replied DiGi. When asked how to inform her once the money is banked in, she said to contact her through the same phone number to let her know and she will arrange to release the parcel to my house today.
My Other Observations (throughout my conversations—both online and phone—with "Rogar Brandon"):
  1. He couldn’t provide a lot of details when I asked. For example, he could clearly articulate the declaration fee but he couldn’t (or wouldn’t?) tell me the courier delivery costs.
  2. I continued to ask him questions about himself which he could not reveal much. I tested further by posting something onto his stagnant Facebook wall which he promptly removed.
  3. (A fishy) Romance that's moving too quickly because I have no idea how he could have fallen in love with me without even knowing me.
  4. There were holes in his plot or storyline.
Please be careful, my friends! I hope this sharing is helpful.