Thursday, December 27, 2007

Elite Herbal, GenBucks, SanCash and Tulip Labs

Happy Holidays.

There was a flurry of activity in the weeks of December before the Xmas holiday. I saw a lot of diligent reporting of the activities of what is arguably the most annoying and least-compliant illegal spam operations in the world today: The mailers of the pernicious "Elite Herbal" penis enlargement herbal remedy products.

If you have an email address at all, of any sort, whether you've ever given it out to anyone or not: you've more than likely seen this spam, though fortunately most of it ends up where it belongs, in the junk folder. This doesn't stop the spammers behind this "product" from sending multiple copies of the same messages every single day to you.

Elite Herbal is one of a batch of products promoted via what is known as the SanCash program, a spammer affiliate program sponsored by members Sancash and Azzy. Several members of are active mailers for that program, notably "Moneyminters", a non-compliant mailer going back several months now at least.

Starting in July of 2007, the spam research blog Spam In My Inbox began investigating who was behind the relentlessly high volumes of spam he continued to receive for this unwanted product. He did quite a bit of due diligence and appears to have been very forthright in trying to find specific contact information for who was behind Elite Herbal itself. All initial contact was ignored (of course) whenever posted via one of the spamvertised fly-by-night websites.

He discovered that IP addresses associated with the spammed websites belonged to a company claiming to be called "Tulip Lab Pvt. Ltd.", located in Mumbai, India. He attempted to contact them regarding the mountains of unwanted spam emails. He never once received any kind of response.

Using some clever technological tricks, he entered an order into one of the spamvertised sites, but while doing so he carefully also entered some tracking code of his own (I'm not privy to what he specifically did, but I have my own theories.) This meant that any computer which viewed his order would report back to him regarding its IP address. He reported on this on July 4th, 2007, stating that an IP address belonging to DSL Internet provider known as iHug (now a division of Vodaphone), located in New Zealand. He complained to iHug and provided his evidence. They took action and investigated the offending account, eventually shutting it down. That IP address turned out to be directly related to one Shane Atkinson, a spammer who has been uncovered at least once (back in 2003) and who had claimed to have given up spamming altogether.

He also noticed that an IP address belonging to Tulip Lab also viewed his order. He documented all of this.

In August, 2007, the spam runs for Elite Herbal intensified. I myself noticed an increase from the usual 14 - 22 messages a day which were received to my control monitoring account, to upwards of 24 - 33 per day, all promoting only Elite Herbal.

In September, SpamInMyInbox wrote an open letter to Tulip Lab and those who supported them. He asked why they continue to allow spammers to promote their "products", and asked for verification as to what the correlation was of the Tulip Lab IP address to the order he placed. He sent an email version of that open letter to the operators of Tulip Lab, cc'ing numerous India-based media outlets and newspapers, and the Pharmaceuticals Export Promotion Council in India, of which Tulip Lab was a member.

Nothing happened for a while after that, but the spam maintained its ridiculously high numbers on a daily basis.

Then in December, the BBC4 program "The Investigation" hosted by Simon Cox aired a half hour program which investigated this exact same rampant spam operation. Since it was the BBC, it appears that they got deeper access than an average individual would otherwise get. They took all the same steps as SpamInMyInbox did - placing an order, waiting to see if anything happened, drawing the same conclusions as to the involvement of Tulip Lab, and eventually contacting the author of SpamInMyInbox himself, which provided them the link to the New Zealand spammer behind his particular spam messages, and those received by the BBC themselves. They further correlated that an affiliate program known as GenBucks had several connections to Tulip Lab and Elite Herbal.

They also directly contacted Shane Atkinson, asking why he had spammed them and others. Atkinson answered that he was a spammer in the past, but claimed that "we've closed all that down years ago", before abruptly ending the interview.

The next day, law enforcement in Christchurch, New Zealand performed a raid on four addresses and "seized 22 computers and boxes of documents ... as it investigates an international spamming operation". []

This harsh spotlight has recently caused the spammers behind this setup to hide like a bunch of cockroaches. The day after the BBC investigation aired, the author of SpamInMyInbox was told by the BBC that Tulip Lab was apparently going to sue him for what they claimed to be "harrassment" (likely related to the numerous unanswered inquiries whcih pretty much anybody would like an answer to: why are they still spamming everybody? Why do they condone spamming? Why do they allow it to happen in such high volume related to one specific product of theirs? Etc.?)

This ruffled some feathers over on One member named "icanspam" posted a link to the story, and made the same assumption that the BBC did: that Shane Atkinson was the spammer behind this particular spate of annoying Elite Herbal spam runs. This caused other bulkerforum members to pipe up, and several of them were definitely in some distress concerning what appeared to be the exposition and shutdown of the Elite Herbal program run by Sancash. Some excerpts:

TOPIC: SANCASH.. What's going on ?

Joined: 12 Jul 2007
Posts: 37
Posted: Thu Dec 20, 2007 8:19 am
Post subject: SANCASH.. What's going on ?

they are offline .. been like that the last 3-4 days.
Commissions NOT paid this week.

Anyone has news on that ??

I am a little worried for my $$

In the thread: General Talks: raided suspected spammers in Christchurch:


Joined: 06 Feb 2007
Posts: 12

Posted: Thu Dec 20, 2007 10:26 am
Post subject:

not sure if this is sancash

this is related to this audition.. and hmm.. looks like GB...



Joined: 23 Oct 2006
Posts: 151

Posted: Thu Dec 20, 2007 11:51 am
Post subject:

thanks for link ubuntu..

eliteherbal/manster IS SanCash



Joined: 10 Aug 2007
Posts: 52

Posted: Thu Dec 20, 2007 2:22 pm
Post subject:


Shane Atkinson, bro.



Joined: 15 Sep 2006
Posts: 33

Posted: Thu Dec 20, 2007 5:18 pm
Post subject:

I know Shane is a straight up guy and doesnt deserve all this heat. I hope he can survive this like he did last time he came under a lot of heat before him and his brother. He has been running a smart business for a long time and looks after his people and if he has to shut down the biz there will be many affiliates effected and unpaid.

I guess, in spammer talk, "smart business" translates to: "violating court orders to promote fake products illegally using botnets" because that's precisely what Shane Atkinson was doing.

I checked moments after those postings were made, and the domain was unresponsive (and still is.) Suddenly, I saw no spam whatsoever for Elite Herbal. All of a sudden. Just like that. Instead, the spammer who's chosen to keep sending to my control account had switched to stock spam. Many other rather sudden changes also ensued, all very much noticed by SpamInMyInbox in further investigations he pursued, all posted on his blog. It was clear that whoever was responsible for this spam specifically wanted to suddenly and completely remove any trace of connection between Sancash, GenBucks, Elite Herbal and Tulip Lab. It struck me (and others) as a rather clumsy and desperate move.

It's worth mentioning that this is not the first time I and others have investigated and taken action against this group of companies. Last November, in 2006, I and several colleagues performed our own investigation into the operation of several spamvertised sites promoting a bogus product known at that time as "Spur-M". We discovered that they used a third-party back-end server, hosted and owned by GenBucks, for the processing of credit card orders. We also noticed quite a bit of correlation between the domains registered for the Spur-M websites and the GenBucks affiliate program.

The same day, I created what became known as "The Spur-M-Enator™" which allowed for several thousand automated, believable, and completely fake orders to be placed at these back end servers. I released it to a handful of colleagues and we all left it running in the background for several hours.

This definitely made them mad, but never once did they stop spamming us. We increased the volume of fake orders per hour, which we know for a fact caused them to lose a considerable amount of time in processing and verifying the orders themselves. We could tell they were upset by this because the back end servers previously never output anything. Now they were outputting a bogus message about how our hard drives had been completely downloaded, or some such nonsense. It didn't stop us. What did stop, after a few days, was any spam - or indeed any mention - of Spur-M as a product. Instead all such spam numbers were focused on stock spam, a trend we notice they tend to fall back on when something isn't going as planned.

They later created "ManXL" and "Manster" as the replacement name for "Spur-M". In the BBC investigation, the label on the bottle which was eventually received from Elite Herbal said that the product was actually called "Manster." That definitely connected more dots for us, and confirmed that for two straight years now, we'd made it difficult for this pernicious operation to profit from relentless spamming. I should hope that this has cost them considerable effort and lost profits, and that further arrests will be forthcoming.

Over the holidays I noticed that all such "Elite Herbal" spam has now been replaced either with more Stock Spam, or spam initially promoting "Express Herbal" and then later "VPXL", yet another so-called Penis Enlargement herbal remedy (though the header banners on these sites actually still say "Express Herbal". They can't seem to focus much.) The cycle repeats again, apparently.

This is very obviously the same criminal group, and the shutdown of Shane Atkinson's operation has clearly not diminished the amount of spam I continue to receive for this particular product. As happy as I am (and many others are) to see the death of the Elite Herbal "brand", it doesn't appear to be diminishing any of this bogus "herbal remedy" spam at all.

In the days following the raid, SpamInMyInbox dug even deeper into what he had discovered on Tulip Lab and GenBucks. I'll leave you to read it for yourself, but trust me: it's outstanding research, and makes it even clear just how guilty all of these parties are in perpetrating illegal spamming of an unwanted product to the world at large.

I and others are determined to find out who, specifically, is continuing to flood our inboxes with this scourge, and will continue to assist law enforcement in finding and shutting down every last one of these malicious criminals.

Tulip Lab and GenBucks: get the message. We hate you. We hate your "products" and we hate the fact that you seem to employ ONLY illegal spammers to do your promotions for you. Your days are numbered. Count on it.


Wednesday, December 19, 2007

2007: A Very Bad Year For Illegal Spammers

2007 is winding down, and I thought I'd take a moment to list just how many big achievements were met by the dedicated research and hard work of all the members of the numerous anti-spam forums such as KillSpammers and CastleCops, and organizations such as SpamHaus, the FBI Cybercrime Division, the i-Law Group, IronPort, SecureWorks, Shadowserver, F-Secure and countless others. Just look at how many large-scale arrests, convictions, and media stories regarding cybercrime and illegal spamming came about in the past twelve months.

In this synopsis I will make reference to several key members of what once was the Kill Spammers forum which was DDOS'd out of existence in August, 2007. The loss of that forum has absolutely not diminished or impeded the continued efforts of its members, all of whom continue to investigate and report all manner of illegal spamming, server hijacking and botnet operation. If anything it's only lead to more and more of us banding together via other means.

Make yourself some hot chocolate and join me in a look back at 2007, the worst year so far for any illegal spammers out there.

January 2007:

  • Chris "Rizler" Smith is sentenced to 30 years in prison for drug trafficking, witness tampering and illegal spamming practices.

  • Many members of the KillSpammers forum report on an illegal / fake charity known as "Save Childs". It appears to be related to a spate of spam for both Discount Pharmacy (Vincent Chan) and My Canadian Pharmacy (Yambo.) After reporting their multiple spammed addresses to law enforcement agencies and hosting companies, all of the sites are eventually shut down.

February 2007:

  • Spaminator creates the spamwiki. SiL creates a lengthy report on My Canadian Pharmacy based on a lengthier report which was already widely cirulated to many security companies and law enforcement agencies around the world. Red Dwarf writes and updates numerous sections. A crucial tool for collecting and exposing evidence is made. Law Enforcement and Spamhaus eventually take notice.

March 2007:

  • The Vancouver Sun (among many others) publishes a story about the death of Marcia Bergeron of Quadra Island, BC due to fake drugs purchased from a spamvertised source

  • SiL begins performing research on the Yambo sites in assistance of the i-law group (Jon Praed) and IronPort (Patrick Peterson.) His research and other data are eventually used in a web seminar covering the a-z of the My Canadian Pharmacy spam group (Yambo Financials) including an indepth look at their supply chain processes, message dissemination, botnet size and implementation, and server hijacks.

  • The SEC suspends trading on 35 spamvertised stock symbols in Operation Spamalot. 14 of the stocks are tracable to Vancouver stock traders. International law enforcement is given huge amounts of data on these companies and the illicit trading manipulation that took place.

April 2007:

  • After being inundated with spam for Discount Pharmacy, SiL decides to write a synopsis about their known functionality and operations. AlphaCentauri and Red Dwarf assist greatly.

  • ILoveCrapfloods creates FsckChickenboners! (a bot for crapflooding spammers' forms) It slowly gains a following and is refined and modified throughout the year, sending thousands of fake orders to illegal pharmacy and replica watch sites, resulting in wasted time and lost profits for several illegally promoted websites selling counterfeit products.

May 2007:

  • Renowned bulkerforum member and proxy reseller mcproxy retires from the spam and proxy reselling business after nearly having his personal data exposed by This indicates that the research posted on that blog is very much on the right track and leads to a lot of illegal DDOS activity against that site on behalf of members of BulkerForum.

  • Notorious repeat spammer Robert Alan Soloway is arrested in Seattle after a federal grand jury indicts him on 35 charges ranging from wire fraud to identity theft. The lawsuit against him is ongoing and he remains in prison in Seattle pending commencement of the trial.

  • The country of Estonia has its entire computer infrastructure come under a massive DDOS attack. Everything from train schedules to utilities and banking is completely knocked off the grid for several days. The investigation into this attack is still ongoing and thought to lead to Russian and Ukranian sources. Several rumors floated around at this time that the Russian government itself was behind these attacks. None of this has been proven. This event has the effect of raising the awareness of DDOS attacks and the criminal groups behind them.

June 2007:

  • SiL posts a lengthy description of the illegal activities of Nick Danger / Marion Lynn to the newsgroup NANAE.

  • AlphaCentauri and SiL begin a coordinated series of reports regarding the Discount Pharmacy hijack of Windows 2000 / 2003 servers. This results in the eventual shut down (or cleanup) of several hundred hijacked servers and a great deal more data on the hijacking process for Windows servers on behalf of Vincent Chan. We eventually see a complete stop in any spam runs for this spamvertised product line around August of 2007.

  • Darrel and Jack Uselton are arrested for "hijacking personal computers across the country to send mass e-mails and inflate prices on at least 13 stocks."

July 2007:

  • SiL is interviewed in Forbes Magazine for an article about Patrick Peterson from Ironport Systems. The article covers Peterson's investigation of the My Canadian Pharmacy operation, run by Yambo Financials.

  • E360 files numerous motions against Spamhaus for labelling them as spammers. All of these charges would later be either withdrawn or dismissed.

  • The FBI's Operation Bot Roast identifies over one million computers as being under the control of illegal botnets. This is the first of two such investigations which later results in several arrests directly related to illegal hacking and owning or operating botnets generally.

August 2007:

  • Several anti-spam and anti-fraud websites come under a huge, unrelenting DDOS attack. Sites attacked include the Kill Spammers forum (whose domain has remained down since then,) CastleCops, 419eater, thescambaiter, and countless others. Kill Spammers operator KyferEz mitigates the attack on the KS forum to the best of his abilities, but the domain eventually folds. Several of us take up temporary residence in CastleCops (many of us stay active there also.) The criminals behind these attacks idiotically think this will slow us down.

  • In what is arguably one of the bigger blows against spammers everywhere, Red Dwarf introduces his diabolical Complainterator™ application for the automated reporting of illegally hosted domains. Over the next several months, several people start using it and it undergoes numerous upgrades and improvements. Use of this tool leads to even some of the more highly unresponsive domain registrars taking notice and removing several thousand offensive domains from their registries.

  • Members of the CastleCops Phishing Incident Reporting and Termination Squad (PIRT) as well as their other Termination Squads for spam (SIRT) and malware (MIRT) begin joining the KillSpammers forum.

  • Red Dwarf releases the AutoSA application for automated reporting of malware phishing and spamming sites to Site Advisor. He inevitably gets several other sites to provide extended services for users of this tool, notably dnsstuff.

September 2007:

  • Red Dwarf begins automating a method of monitoring, researching, collating and ultimately reporting the existence of hijacked PC's using what would eventually become the Botnet scanner. Over a few months he single-handedly reports several tens of thousands of infected IP's, resulting in more of a significant response from ISP's than most of us probably expected.

October 2007:

  • Several news stories from October to November 2007 track the Russian Business Network (RBN), exposing its ties to Russian politicians, their multiple shifts in locations from Russia to China to disappearing completely, and interviewing its so-called representative.

  • Porn spammers Jeffrey Kilbride and James Schaffer are sentenced to five years in prison, convicted of "conspiracy, money laundering, fraud, and transportation of obscene materials".

  • Greg King, 21, of Fairfield California is arrested for performing a DDOS attack on CastleCops in February of 2006. He faces a maximum sentence of ten years in prison and a $250,000 (USD) fine.

November 2007:

  • Spaminator creates numerous international domains for the spam wiki and attempts (where possible) to get several large-scale sections of it translated and duplicated into these mirror sites. This proves to be very helpful in its use as evidence against illegal spam operations, and leads to big changes at several previously spammer-friendly domain registrars.

  • Marion Lynn creates a blog ( which exposes the identity of several known, high-level spammers who were members of, including Phantom (Norman Holmes), Lizza (Steve Joseph), Dollar (Christopher Brown) Dave (David Oleg Barsky), bigjohnson (Igor Shaposhnikov) and others. Notable omissions are Crypto and moneyminters. It's unclear what prompted this sudden need to tell the world about the identity of these spammers, but he did it. SiL works with members of Spamhaus in collecting whatever is posted on spamgossip and sending it back to them (and law enforcement), and correlating it to the already massive amount of collected information on the members of

  • While we're at it: several other members of begin exposing each other in a spate of scammer outcries on the forum. We didn't even have to do anything.

  • SiL transcribes a lot of the content from the spamgossip blog into his own blog (which you are now reading) which has the curious effect of reaching higher page ranks than Marion's blog. Marion later takes down quite a bit of personal data without any explanation.

  • Jason Michael Downey is arrested for running a botnet consisting of 6,000 compromised PC's.

  • New Zealand law enforcement break up a major international botnet and arrest its ringleader.

December 2007:

  • The FBI's Operation Bot Roast II results in the arrests of 8 individuals who owned or operated large-scale criminal botnets.

  • Secureworks investigates spamming runs in relation to US presidential candidate Ron Paul and discovers a connection with known porn spammer and botnet operator "nenastnyj", aka Andrew Nenastnyj, known on bulkerforum as "Nena".

  • Justin Daniel Medlin is sentenced to 72 months in prison in connection with pump-and-dump stock spam runs he committed during 2004.

  • Akhil Bansal is sentenced to thirty years in prison for illegally distributing medications without any prescription. This followed a lengthy investigation dubbed "Operation Cyberchase", documented in a multi-part investigative series in the Philadelphia Inquirer.

  • BBC 4's "The Investigation" do some digging into the group behind the rampant spam for "Elite Herbals", leading to a very thorough investigation of GenBucks, Tulip Lab, and one of their spammers, Shane Atkinson. Burgeoning illegal spam blog Spam In My Inbox is also consulted for this story, and much of his evidence matches that of the BBC. This eventually leads to a police raid in Christchurch, New Zealand, resulting in the seizure of "22 computers and boxes of documents from four Christchurch addresses", including that of Atkinson.

Definitely a very active year for people who fight online crime in all its facets, and absolutely a very bad year for illegal spammers.

This kind of activity will only continue. As long as people like myself continue to be on the receiving end of unwanted illegal spam from asshole criminals like the ones listed above, we'll continue to do everything we can to get to the bottom of it. There is a difference between general commercial email, and spam for products that are illicit, fake, counterfeit, or outright illegal - and in some cases lethal. We are not going to stand for this any longer, and this year's numerous arrests prove that.

SiL / IKS / concerned citizen

Friday, December 14, 2007

Elite Herbal Exposed by BBC4, Blogger

Another quick one. Another intrepid investigator of illegal spammers, Spam In My Inbox, has joined the BBC in investigating the cretins behind the endless flood of unwanted "Elite Herbal" spam, drawing direct links between the Elite Herbal spam type, the GenBucks affiliate program, Tulip Labs in Mumbai, India (who create and ship the bogus "herbal remedies") and the actual spammer who hit the send button: Shane Atkinson of New Zealand.

It's a fascinating story and has apparently led to several new investigations.

You can listen to the show, BBC4's "The Investigation", here.

I have created a temporary download of an mp3 podcast of the show here, and I also created a complete transcript of the show here.

You can read SpamInMyInBox's response to the show here.

This is great news regarding this widely reviled group.


Saturday, December 8, 2007

Is Phantom Really Norman Holmes?

Just a quick one since I noticed that spamgossip has vastly modified its content.

All posts referencing anything but LIZZA have been taken down!.

Indeed. When did that happen, Marion? And for what reason? Someone bringing more heat than you expected?

Looks like his identification of Phantom as one Norman Holmes of Perth, Australia was probably correct, and this appears to be reflected in Phantom's complete silence on bulkerforum and most other places we'd expect to find him.

That may also mean that he's been correct about the identification of many others. How did he get this information? Who would trust an idiot like Marion Lynn with their personal data? He certainly wasn't welcome on bulkerforum for most of the time he was there, and in a relatively short span of time he managed to completely piss off most of that forum's members. I can't fathom who would openly share this kind of data with him, but clearly whoever they were: they were successful in providing a ton of evidence to the completely wrong guy. (It's apparent that a lot of the info came from Lizza aka Steve Joseph, as evidenced in the remaining AIM chat transcripts, but there must have been others, as this info paints a far from complete picture on its own.)

This whole thing looks fishy, and in the grand scheme of things proves that no real heavy hitters were actively posting on bulkerforum anyway.

Phantom's last posting in the public areas of bulkerforum back on Nov. 15th was mostly a whiny rant about Nick Danger and his original posting on the NANAE newsgroup. He further alleges that Marion Lynn is now guilty of computer hacking. That's a pretty ridiculous conclusion to come to, Norm. :) We all know that Marion's computer expertise does not extend beyond the most basic workings of frikkin' AOL for christ's sake.

Anyway it's interesting, and I'm certain that I'm not the only one who has noticed this stunned silence from the bulk (get it?) of bulkerforum members.

You may have heard about the scads of recent arrests of individuals involved in botnet ownership and operation, theft of personal data and credit card fraud just in the past two weeks. This has been a banner year for cracking down on the scum that continue to send everyone illegally propogated spam messages to people who don't want them, promoting products which are not only unwanted by 99.99999% of its recipients but are also fraudulent, counterfeit, and in some cases fatal. I fully expect to see more arrests in the coming months, and who knows: maybe we'll see a Mr. Norman Holmes behind bars for enabling so many mailers to illegally use services which are not theirs for the propogation of illegal spam using his infamous WarpSpeedMailer software.

The old adage is true that whenever you shine a light on a bunch of cockroaches, they scatter and hide in record time. Spammers, apparently, are absolutely no different.

SiL / IKS / concerned citizen

P.S. Of course I and many others have complete sequential backups of spamgossip including all of the personal data which was posted regarding Norm Holmes and others. I won't repost all of it here just yet, but it's definitely still out there. Also: that original NANAE posting and several others still contain this same information including all of the images of his household, the location of his house, and his god-awful taste in furniture and upholstery. None of that is going away anytime soon.

Friday, December 7, 2007

Fake Diplomas Are Illegal

Many people wonder what the deal is with ridiculous spam messages such as these:

F A S T T R A C K D E G R E E P R O G R A M Obtain the degree you=
deserve, based on your present knowledge and life experience. A prospero=
us future, money earning power, and the Admiration of all. Degrees from a=
n Established, Prestigious, Leading Institution. Your Degree will show ex=
actly what you really can do. Get the Job, Promotion, Business Opportunit=
y and Social Advancement you Desire! Eliminates classrooms and traveling.=
Achieve your Bachelors, Masters, MBA, or PhDin the field of your experti=
se Professional and affordable Call now - your Graduation is a phone call=
away. Please call:1-206-888-2083

This is what's referred to as "Diploma Mill" spam. If it sounds shady, that's because it is. In fact it's 100% illegal to sell fake diplomas, and more importantly it's a crime to represent yourself as having earned such a degree when applying for work.

The spam operation works like this:

- A sponsor handles the printing and shipping of the fake diplomas.
- Sponsor contacts spammers / mailers in the hopes of drumming up leads
- Spammer sends a message to millions of recipients (who probably, like me, don't want them)
- Inevitably one or two of them call the number, which is a voicemail prompt which reads as follows (for the number above, anyway - it varies):

Thank you for calling the university degree program. After the tone, please leave your name and two telephone numbers. One where you can be reached during the daytime hours and one for evenings.

Please do speak clearly after the tone. One of the registrars will be in touch with you shortly. Thank you and have a nice day.

From there, the spammer provides your voicemail response to the diploma sponsor. Lately that process has become a bit more labor intensive for the spammer, since (of course) so many people DON'T want to be contacted regarding this so-called "offer." As a result, several angry recipients of these emails have left voicemails in the hopes of tracking down who is behind them. This leads to issues for the spammer, who previously used to just hand over the voicemails only to be told by a pissed-off diploma sponsor that 4 out of 5 of the calls were angry complaints, or legitimate sounding responses that led to an angry person at the other end of the phone when it came time to reel them in.

So now the spammers have to filter out the complainers from the legitimate people who want to illegally purchase their fake diplomas.

An example of a fake diplomaYou'll notice that they word the voicemail in such a way as to indicate that you're undergoing some University-style admissions process. In reality this is, as one might expect, a purely commercial process. You want the piece of paper. They want your money. No background check takes place. No school transcripts of any sort are required. All you need is a credit card and an address to ship the phony diploma to. And you're done.

The hazards involved with this flatly illegal practice should be obvious to anyone. Would you trust any new doctor with a diploma on their wall if you were aware that any percentage of real people actively spend their money on these documents? Would you trust a new hire in any field if they presented you with this document as evidence of their expertise? Would you trust a contractor to make any repairs or modifications to your property if they claimed to have a degree or diploma claiming their excellence at what they do?

This kind of fraudulent representation has already happened, and led to some horrifying consequences. In 2003 one Laurence Perry was convicted of manslaughter. He took an 8 year old girl off her insulin and she died. Later, it was discovered that he represented himself with fake medical degrees. That's an old story, so in all likelihood he's out of jail by now.

A similar story unfolded as recently as a week ago, when "Doctor" John Curran was convicted of wire fraud and money laundering, after he "treated" 18 year old Taylor Alves in 2002 for terminal ovarian cancer. He basically ruined her life, which was already in jeopardy after such a crushing diagnosis. He's behind bars for 12 years.

Certainly it's not only medical degrees or MBA's which are on offer from these operations.

The sponsors behind these illegal documents treat it as though it's any other product. One member of (among numerous others) who goes by the name of "Princess" is clearly very experienced in this field. She posted the following back in October of 2007, and apparently generated quite a bit of interest:

Topic: Mailers needed


Joined: 15 Sep 2006
Posts: 25

PostPosted: Thu Oct 04, 2007 2:24 pm
Post subject: Mailers needed

Hi all.
for those who do not already know :)
I Sponsor a University program.
I am looking for more mailers to join our mailing group because my program is expanding.
A leads related program.
Pay starts at $18 to $20 depending on volume, for a good lead.

Q: What is a good lead?
A: A person who responds to your non URL adds who calls the phone number and leaves his contact information with a working phone number. It's so simple just too good to be true.

I use a non URL add that works through an email voice mail system, there is a phone number in our adds.
Only USA or Canada leads needed.
A qualified Mailer should be able to generate at least 10-20 good leads per day.
12 leads *$20 = 240$ USD a day
The conversion our good mailers have, is 70% good leads and about 30% bad. They make from $500 to $1500 weekly.
Payments, sent weekly via Bank Wire or WU.

I have a very good relationship with all our mailers and treat them well because I recognize that they are the fuel that helps run my business.
Please look me up and we can discuss this further.
You can contact me on ICQ # 338-284-118

Thanks Dianna

Cute. "Princess" Dianna wants to sell us fake degrees.

She continued to push this promotion several more times right through November 2007.

Note the specificity of what constitutes a "good lead". No websites, period. This is probably due to the arrest, prosecution and conviction of sponsors such as Craig and Alton Poe, back in December 2004. You can read a brief description of their conviction here. The story itself is quite entertaining not only because it involves lowlife criminal spammers going to jail, but also because of how it came to the attention of the Pennsylvania Deputy Attorney General:

Colby Nolan (pictured, left) is probably the first animal to hold this distinction -- an executive MBA from a university.

Pennsylvania Attorney General Jerry Pappert isn't amused, since Colby is a pet cat and a Texas-based online college allegedly gave the feline a degree for $399.


Pappert's office used the pet cat to investigate an alleged scheme designed to promote and sell bogus online academic degrees.

The main reason it was so easy to prosecute them and send them to jail is because they gathered their so-called "diploma leads" via easy to identify websites. Diploma sponsors couldn't ignore this and so they adopted a variety of alternate methods of generating the leads, most notably via throwaway voicemail phone numbers.

None of this makes the practice any more legal, or any more legitimate. If you attempt to use a fake document to gain employment, that's a crime. in the United States: It's a federal offence. Several states have begun cracking down on these illicit operations, and more than half of the states in the US have specific laws on the books regarding the sale of these documents, or the use of them as personal documentation.

As with most other types of spam-related crime, this is generally considered a variety of fraud.

In the case of the Poe brothers, they also generated fake grades transcripts, which is a further federal offence.

As with most other products promoted via illegal spammers: you should avoid these at all costs. Princess said it herself: "It's so simple just too good to be true."

There is a fantastic blog which tracks illegal diploma mills called (appropriately) Definitely worth a read.

One can only hope that spammers convicted of this type of fraud end up being represented by lawyers with similar "credentials."

SiL / IKS / concerned citizen