An E-Book "webstore" used for phishing?

[hacker]

This has been quietly discussed on some ebook lists in the last few days, but I guess I'll stick my neck out and try to expose it, make it public.. or at least find out some more detail about the site to bring some justice to the people who are getting screwed by them.

I'm hoping others here can help me find some detail about the site, because sites like this (if it truly is fraudulent) give all of us a bad name.

This ebook store has some very suspiscious content on it. Look what the following searches bring up:

For Dummys ebooks
Harry Potter ebooks
Stephen King ebooks

..and thousands of others. Their legal page is a bit... suspiscious sounding too. The wording and grammar on the site are very inconsistent, and some of the phrases strike me as warning signs:

Q: Is it secure to make an order at your site?

A: Sure it is! All the info you provide to us is transferred through HTTPS protocol with 128-bit encrypting. Moreover, we store all the data about our clients at secure servers with crypto-disks. You do not have to worry about this with us!

("crypto disks"?)

Q: I am trying to make a purchase at your site but it keeps telling that they cannot process my credit card. What should I do?

A: Please do not worry. Our manager will contact you as soon as possible and you will surely get what you want.

When a question is in the FAQ related to not getting your credit card transaction processed, BIG FAT RED WARNING SIGN...

There's also no mention of what format your "ebooks" will arrive in after you "become a member". Are they Adobe PDF? eReader? Microsoft .LIT? Their FAQ goes into a brief explanation of a couple common formats, but it doesn't actually say which books are provided in which format. Just more fishy things to add to this pond.

Poke around on the site for a bit and see what I mean. It looks professional, but... it just doesn't "feel" right. I'm beginning to wonder if the site exists solely to phish credit card numbers and account information away from everyone who tries to sign up.

I've emailed quite a few of the publishers and copyright holders of material listed on the site to try to get some answers, but haven't heard anything back from any of them yet.

Anyone else getting a bad vibe about this site?

[Chaos]

http://maps.google.com/maps?oi=map&q...lmie,+WA+98065

Anyone happen to live in the area? That's the address they provide on their "Contact" page, claiming to have some form of real location... Although the contact phone number does have the correct area code for that general area. Anyone feel like trying the number to see if it's a real number?

And, continuing with hacker's line of thought on the "FAQ" page, their grammar is awful. I don't know about anyone else, but if I was running a webstore I wouldn't use phrases like "nearest future", or bad punctuation/capitalization like "Yes. of course."

http://www.bookaza.com/legal.html

Read the "Copyright notice" section of that, and compare with http://usa1.ebooks.com/information/authors.asp section called "What rights does eBooks.com wish to obtain?"

Also, compare the "What we promise to do" section on "Bookaza" to a section of the same name here: http://www.gdigest.com/en/agbs.php

Looks like they take little bits of copyright/etc. notices from other websites... While not incriminating, it's not exactly comforting.

http://validator.w3.org/check?uri=ht...bookaza.com%2F

Having that many errors is not comforting either... The closest to a real version of HTML it is is HTML 3.2...

I mean, again, not incriminating, but behind that "professional looking" exterior is a bad interior... Ok, so some legit websites suck more (Amazon - it was amusing to try validating it as XHTML 1.1... Over 2800 errors. Almost 1000 as plain HTML 4.01 Trans.)...


I think I'm getting off topic a fair bit. Maybe it's time for me to sleep a bit.

But yes, I agree with hacker - it seems creepy.

[TadW]

How those suckers! But why e-books? Wouldn't it make more sense to phish on a subject that is a bit more mainstream?

[cheshire]

Well phishing as a banking portal has already drawn too much attention, so I guess this is what they can think of next.

I clicked on "Membership" and this is what I got:

What do I get?
You gain unlimited access to all the books in all sections at the site. There is no restrictions to the quantity of books you download. After you download the book it stay permanently yours.

How much is this?
$29.95. At amazon-like sites you will get only one book for this price. At our site you will access 10000 books for the total price of $250000!

How long does the membership last?
It lasts 1 month. After this period you are able to prolong your membership at a special price $19.95. Certainly we do not demand you delete all the books you've downloaded in case you do not want to prolong the membership.

$29.95 for access to ALL ebooks for free? No DRM?

Oooh, I just saw a pig fly past my window!

But hacker's right, sites like that do impede the acceptance of ebooks, especially for those who are just beginning their ebook experiences.

[Gatton]

It doesn't remind me of a phishing scam so much as a site selling access to illegal books. I wouldn't be surprised if this site is "for real" if the content they are selling is made up of the home scanned stuff floating around on usenet and various ftp sites. If that's the case then Random House or some other publisher will probably be down on them soon.

Ah well. I am not brave enough to investigate it for myself but it seems clear these folks are not on the up and up.

[hacker]

I just got off the phone with Patrick Murphy, legal counsul for Wiley (they produce the "For Dummies" book series), and he said that this is just another of the eDonkey, Kazaa p2p front-ends that is used to redistribute copyrighted works illegally.

He said they send out cease & decist orders "almost daily" on sites like these all the time and when they shut one down, another 5 pop up in its place.

Its terrible that our industry has gotten to this point, it really is...

[Gatton]

Well that didn't take long!

-

This is the placeholder for domain bookaza.com. If you see this page after uploading site content you probably have not replaced the index.html file.

This page has been automatically generated by Plesk.

[Alexander Turcic]

They're back again.

Some interesting links on this discussion:
http://rianmonaire.bravejournal.com/
http://sumowrestlingcats.blogspot.co...scam-when.html
http://elizabethbutler.bravejournal.com/entry/10794

[hacker]

I'm still keeping up with their changes... I just got them shut down from their "new" host at Atrivo, both of their main domains. Now they've moved to a .biz host out of France, and are using forged information in their domain record (the 1-800 number points to Sears).

I'm going to notify ICANN now and get their IP block terminated. This is kind of fun. <grin>

[cheshire]

A little cat and mouse! Do keep us posted.

[Stef Kelsey]

Thanks for raising hell! Yes, it is both a book thief and a phisher, from reports. There are several legal folk and organizations trying to go through their legal bits, including the legal representation of both JK Rowlings and Stephen King. Scholastic and Time/Warner are both in on it as well, since one of our authors actually got through to the president of Scholastic and is keeping him posted.There are government folk also now involved as well. But everyone's gotta keep making noise so they'll keep it up.

[Mike Feury]

Hi all, found you guys while researching Bookaza. Nice digs you got here

As a small indy publisher, I can definitely confirm the "book thief" part of this scammer's operation. He has some of our books 'on offer,' completely illegally--and plenty books from other indies too. Obviously this kind of thing hurts us small guys the worst.

Thanks for your efforts Hacker, much appreciated. And for once, I'm cheering for the big publishers

[Alexander Turcic]

Looks like the owner of that site keeps on moving his server. Currently his IP, 221.11.133.15, belongs to a Chinese company, China Network Communications Group Corporation No.156, Fu-Xing-Men-Nei Street, Beijing 100031.

From Spamhaus we also gather that the IP is shared by other spammers/phishers:

221.11.133.15/32 is listed on the Register Of Known Spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Leo Kuvayev / BadCow.

At 221.11.133.15, we also see:
topstorelist.com ; pics-4-show.com ; nltzone.biz
huysuz1.com <-- tkia, Hua turklines@yahoo.com
fjerdes92.com <-- bennett, brian brimar@wanadoo.fr
wudhryc.com <-- danny barror, barbara20@freemail.hu
gotbroken.com <-- Bohncke, G. gbohncke@mail15.com
myfriendlyshop.com <-- Crook, Malvin malvin@aol.com
Platform C, App 43, phoenix, AZ 13553
US 245233764778
pics-4-show.com <-- WhoisGuard protected
neostylez.com <-- De Kort, Francois francoisdekort@mail333.com
nltzone.biz <-- Oleg Aprelenko, 706 Willowbrook rd.,
Staten Island NY 10314 altarrozzo@yahoo.com
8006698488 <-- this number is Sears' Gold Mastercard

That Russian Kuvayev guy is not an unknown, as this page reveals with various legal cases against him.

---

Another domain/IP that points to Bookaza is elbook.com, which IP, 69.50.184.172, belongs to a company called Atrivo. There are known as spammers and trojan sources as well, as various Google searches reveal. The owner, Emil Kacperski, is reportedly a 26 year old in California. He posts at webhostingtalk.com forums using the name "goose" -- to see how his company "works", just check out thread thread.

[hacker]

Just a quick update:

"Thank you for your email. The domain name BOOKAZA.COM is now under investigation for invalid whois. The owner of the domain will have a brief time period to update the information or the domain may be cancelled. I will let you know when the contact information is corrected, or when the domain is cancelled.

If you have any other questions, please feel free to email me."

[Alexander Turcic]

That is good news.