Anatomy of a Scam Investigation: Chapter Two
[Wondering what's going on here? Check out the Chapter Index on this series.]
In Chapter One, I introduced you to UST Development, Inc., explained why I believe that its looks-like-an-invoice-but-isn't mailing constitutes mail fraud, and asserted that anyone with an internet connection, a few bucks, and some time can investigate and expose scammers like this. Today I want to talk about Google search methodology and free resources.
But first, let's review why this is a worthwhile enterprise:
1. Scammers are scum.
2. Scammers live on the margins. That means that maybe a tenth or a half of one percent of their solicitations yields a victim, and only a few percent of victims make any real effort to do anything about being scammed, including researching, complaining about, or publicizing the scammers. Scamming "works" as an economic model because the scammers can (and routinely do) give refunds to some of those few percent who complain, and because so few go to law enforcement or publicize their experiences, they can ride out complaints for a few months, abandon the scam, and move on to a new one. This is precisely why individuals have the power to thwart scammers. If a few more percent of us research scam solicitations and report them to the authorities, if a few more percent of us Google a suspicious invoice or solicitation before biting, if a few more percent do a righteous internet cavity search of the scammers and write about it to raise the Google profile of warnings about the scam, then the margins become too narrow, the scam is publicized too quickly, and the scammers lose. The margins are the scammers' friend, but we can make those margins the scammers' foe.
3. Scammers don't stop. They redesign, reload, and repeat scams under different guises, often using similar entity names, similar pitches, and the same telephone numbers or addresses. Thoroughly researching and publicizing one scam may make it more difficult for the scammer to succeed in his next scam.
So. As I said in Chapter One, we want to learn all we can about UST Development, Inc., its activities, and the people running it. We're going to start with the scammers' most formidable foe: Google.
Google is far more powerful if you approach it with a methodology:
1. Build a search term list, consisting of entity names, variations on entity names, individual names, variations on individual names, addresses, phone numbers, email addresses, and key words and phrases from the fraudulent solicitations in question. Your list should account for abbreviations (for instance, UST's "305 N. Sacramento" may yield different results than "305 North Sacramento." Your list should also include a few common descriptors to combine with other terms — descriptors like "scam" and "fraud."
You're going to add to this list as you search, because you're going to encounter more entities, individuals, addresses, and key words. If you're being very thorough and methodical, you may want to create a list of combinations of terms (e.g. "+UST +scam") so you can keep track of what word combinations you have tried.
2. Build an issue list containing general subject matters, concepts, and ideas for later follow-up. Example: in Chapter One I noted that an early search on UST Development, Inc. yielded a Scam Informer page with a complaint. That complaint was by someone claiming to be a former employee who was promised salary but never paid. The alleged ex-employee asserted that (1) the principals of the company made numerous promises of repayment that they didn't honor (as we'll discuss later, the conduct described is classic con-man lulling), and (2) later attempted to evade payment by declaring bankruptcy. That adds subjects to our issue list: salary and payroll issues, false promises of repayment, and bankruptcy. We're going to use those later — in part by going to PACER to search for bankruptcy court records. We're going to remember these issues in order to look for patterns and corroboration. Preview: the claims of payroll issues and false promises of repayment are going to be repeated big-time.
2. Learn to use Google search commands to make your searches more effective. Google itself has some good tips, and there are plenty of essays out there on the subject. The main impediment to effective searches is not necessarily that Google fails to tell you about a page; rather, it's that Google buries the page amongst 20,000 others. Hence UST Development, without quotes, might return different results in a different order than "UST Development", with quotes. You may wind up trying both. Similarly, the order of search terms can yield different results — scam UST yields different pages than UST scam.
3. Think about how people write and talk about the things they encounter. What words would you expect people to use if they were complaining about a scam like this? What words would you expect the perpetrators to use in prior solicitations? In this context, "scam" and "fraud" are both popular, but sometimes you should consider "refund", "response", "answer", and similar terms to catch descriptions of people's efforts to communicate with the scammers. This is an art, not a science.
4. Think about connections between terms. As I noted above, you're going to be combining search terms. Doing so is a key investigative tool in testing hypotheses. Say you find complaints of a similar-sounding scam using a different name. You'll want to know if they are related. So you're going to combine terms from the first scam (say, the phone number, or individual's name) and run it with terms from the second scam (say, an address or name) to see if you find any connections.
5. Be aware of useful sites that don't tend to show up early in Google results. By design or chance, or because of some barrier to Google's scary-ass spider bots, some incredibly useful sites have information that won't turn up in response to Google searches, or at least not in the first few pages of results. Learn about them. For the purposes of a fraud investigation, some key sites are the Better Business Bureau, the Secretary of State of the various states (which often include an internal search engine with which you can find out about entities created or authorized to do business in that state), the Fictitious Business Name registries of the various counties, and WHOIS search engines listing the registrars of web sites. It's often more efficient to visit these sites first to build your search and issue lists before you start Google searching.
So. Let's get to work, shall we? This would be a good time to go to the bathroom.
Look, I said up front that this takes time, and I mean it. It can be tedious. I'm not going to describe all the unsuccessful searches here, or all the searches that yielded the same old hits, or the other boring things. Let's go for the fun stuff.
1. Starting with the fraudulent solicitation I posted in Chapter One, we're starting with search terms of UST Development, Inc., 305 N. Sacramento Avenue, 305 North Sacramento Avenue, www.ustdevelopment.com, 800-818-9777, 626-205-1133 (always remember the fax number! Note it isn't toll-free like the primary number — who knows where it may lead?), $175, "This is not a statement for services rendered but for preventative maintenance." Those are our building blocks.
2. A quick trip to www.ustdevelopment.com, the web site listed on the solicitation, gives us more terms. First, I note (as piperTom, in comments, already has) that the url redirects to a web site called www.us-telecom.com. That's not the last we'll hear of that name. From the website, after noting the awful design and architecture (typical of fraudsters; they're cheap and they think they're web designers), we add some email addresses to our search term list and some locations (Monrovia, San Diego and Las Vegas) to our issues list. As always, we check the WHOIS data. The www.us-telecom.com WHOIS doesn't yield much — they are using a professional registrar as a buffer — but the WHOIS of www.ustdevelopment.com shows that "U.S. Telecom Inc." registered it. Two lessons here. (a) Scammer entity names are often related, and you can spot patterns. Hence US Telecom becomes UST becomes UST Development. (b) Take screenshots of pages early, or print as pdfs. I could have sworn that when I ran this last week it named an individual.
3. Next, to build our search list some more, let's go to the California Secretary of State business search portal. Here you want to start a bit broader — US Telecom rather than US Telecom Inc., for example. "US Telecom" doesn't yield any obvious candidates — there's a "US Telecom Communication Services Company" out of Texas that's suspended, and a "US Telecom Long Distance" out of Nevada. Let's add those names to our search and issue lists. Foreshadowing: we're going to see that Nevada entity again. While we're there, we repeat the same search for US Telecom as an LLC, in case it's been mislabled deliberately or accidentally, or in case it has similarly-named related entities. That yields one US Telecom, LLC hit — we'll add its data to our lists to determine whether it is related. We repeat the same steps for "UST Development" and hit paydirt. It's a California corporation created in 2008 and its address matches the 305 N. Sacramento address on the solicitation. It also gives us the name of an agent for service of process, who is an individual attorney rather than a professional registered agent company.
A word about registered agents: the fact that someone is a registered agent for a scammer doesn't mean that they are in on the fraud. Agents — even individual attorney agents — often have no connection to or knowledge of the day-to-day operations of the entities for which they are the registered agent of process. Mark Bennett says as much, but suggests — correctly, I assert — that if any attorney reviewed and approved the UST Development, Inc. solicitation, that attorney would have to be either a participant in the fraud or freakishly incompetent. For what it's worth, all this started when I emailed this attorney and the general info address of UST; the President of UST called me directly, saying the attorney had called him about the email. [Edited to add: In Chapter Eleven, I report that Mr. Baranowski resigned as agent for service of process of UST Development, Inc., though not for another apparent UST/Bell entity.]
Note that keeping track of registered agents can be useful because if diverse companies use the same agent, that could be (but may not be) a sign of a connection among them.
4. Now, it's off to the local Better Business Bureau. You may want to start with the BBB for the area where the scammer has his nominal address, or where you received the solicitation, or both, or you may want to start at the national level and do a global search on their engine. Here we hit paydirt again and more terms for our search and issue lists. US Telecom yields hits. UST Development yields hits. Those hits tell us the following: (1) we've got another address, this one at 1967 South Myrtle in Monrovia, with the same 800 number; (2) the BBB treats US Telecom and UST Development as the same entity (and posits a UST Inc.); (3) the one customer complaint describes getting a $175 "invoice" and attempting to get an answer from UST; (4) the BBB views the UST solicitation as so self-evidently improper that they've reached out to UST to tell them about U.S. postal laws regarding solicitations disguised as invoices and given them an "F" grade; and (5) DAVID BELL is listed as the "President."
After we've noted all that, we're going to use the BBB's quite useful search tool to search by individual name, address, and phone number. A search for the Myrtle address in Monrovia yields another F-rated business — "Celestial Mouldings", the 626-205 phone prefix of which is the same as the 626-205 fax prefix of UST Development. Could they be connected, or is it some sort of mail drop for multiple companies, or strip mall/office park? I don't know yet. Google Street View is not conclusive. To be safe, I'm putting it on the search list, to rule them in or out.
A note about that customer complaint on the BBB site — it reminded me of the importance of attention to detail. The customer noted that the contact email for the company was email@example.com. I had not noticed that; it led me to a defunct corporation called UST Dry Utilities, Inc., and another address in Ontario, California. More grist for the lists. Remember to work backwards when necessary: when you find new names and addresses and phone numbers, go back to the Secretary of State and BBB and plug them in. Always be building your list.
5. Los Angeles County's Fictitious Business Name search engine isn't very good — unlike some counties, it doesn't give access to underling filings — but it gives us some activity snapshots and potential names for our search list.
Okay: enough for today.
What. You want a taste of more?
Like, say, more salary shenanigans?
How about victimized lawyers?
Tune in next time.
Last 5 posts by Ken White
- With Apologies To Baron Macaulay - November 18th, 2014
- Shirts And Shirtiness - November 17th, 2014
- A SLAPP False Alarm Out Of Chicago: The Law Is An Ass - November 12th, 2014
- Roca Labs, Lacking A Hornet Nest Into Which It Could Stick Its Dick, Has Sued Marc Randazza - November 11th, 2014
- "Digital Homicide Studio" Abuses DMCA To Lash Out At Reviewer Jim Sterling, Gets Fair Use Wrong - November 11th, 2014