While doing an investigation into a fraudulent website offering recovery services, we came across efundsrecovery.com
The very first red flag that was noticed was that the address listed on its website and the name servers connected with the website were in different countries. The address listed on its website is in the US.
While its name servers belong to Whogohost Limited, a Nigerian Hosting service.
Also, this site had another feature of scam websites, a lack of information about the owners or those running efundsrecovery.
A review of the source code on the website led to a link with the following domains below:
- assetsrecoveryblog.com
- besthackingservice.com
- cellphonehackreview.com
- forensicsreview.com
- fundsrecovery247.com
- incfidelibus.com
- legitimatehackerslist.com
- peeptraque.com
- spyphonehacker.com
- arconglomerate.com
- tranzactinvest.com
- globalhackingservice.com
- pegasusiphonespyware.com
- solidarityhackers.com
- hackerscoven.com
A quick peek at some of the websites listed above showed that the perpetrator(s) apart from running a fake recovery gig is also involved in offering fake hacking services. This was revealed by visiting besthackingservice.com, which listed two emails and various hacking services.
A quick search with the email led to a report on bitcoinwhoswho.com which revealed that it was involved in a scam where money was obtained under the false pretense of delivering hacking software.
Also, another website on the list, legitimatehackerslist.com listed an email Providencehacker@gmail.com which was involved in a recover scam
Finally, only one domain out of all the domains listed above was able to yield a lead to the perpetrator(s) behind these scams. A WHOIS search of arconglomerate.com revealed a name, phone number, and city.
Post Update: We were contacted by the Online Academy Team which claimed to have designed the website www.arconglomerate.com. They stated that: “We are a reputable website design company, registered with the government and with a reasonable number of jobs to our credit. Top on the list is our ZERO tolerance to cybercrime which is why the number one point on our T and C which every potential client must read and agree to before we take their job is: We create websites only for legitimate purposes, should we discover otherwise, such website(s) will be taken down without prior notice. We get contacted to set up websites for different companies, organizations, and individuals so it is not within our reach to tell if a website like www.arconglomerate.com was set up for fraudulent means or not.”.
The Online Academy Team (OAT) also stated that as a result of our investigative publication, the following interesting steps were taken:
• www.arconglomerate.com web hosting was taken down immediately. The website presently shows nothing.
• The domain registrar was contacted to see if there is a possibility of canceling the domain. This wasn’t possible because the domain was registered for many years.
• A privacy protection was activated on the domain to protect Online Academy Team as the web designers.
• The registrant details was changed for the domain (www.arconglomerate.com) so it won’t point to OAT.
• The privacy protection was then canceled.
The Online Academy Team also added that “When we set up websites for people, we hand over to them their cpanel details. If the website wasn’t hosted on a web hosting account with more than one website and we also hand over the client’s website admin login details.”