Anatomy of a Scam Investigation: Chapter Two

Print This Post

You may also like...

33 Responses

  1. David says:

    (2) … I could have sworn that when I ran this last week it named an individual.

    Rather than use the whois facilities of various domain providers (such as Network Solutions), you might consider using BetterWhois.com. The former may filter some information, but the latter shows a complete record, as below:

    Registrant:
       US Telecom Inc.
       1967 S. Myrtle Av.
       Monrovia, California 91016
       United States
    
       Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
       Domain Name: USTDEVELOPMENT.COM
          Created on: 09-May-08
          Expires on: 09-May-13
          Last Updated on: 21-Jun-11
    
       Administrative Contact:
          Bell, David  dbell@ustdev.com
          1967 S. Myrtle Av.
          Monrovia, California 91016
          United States
          +1.6262568911
    
       Technical Contact:
          Hostmaster, Hostmaster  hostmaster@earthlink.net
          1375 Peachtree St.
          Level A
          Atlanta, Georgia 30309
          United States
          +1.8889321997      Fax -- +1.7177035107
    
       Domain servers in listed order:
          NS77.DOMAINCONTROL.COM
          NS78.DOMAINCONTROL.COM
    
  2. Ken says:

    You're awesome. Readers, I should point out that I've learned many things about internet cavity searches from my co-bloggers David and Patrick. The info above confirms a Monrovia address, and provides a new phone number that yields some good new results for the next chapter. It also yields a new domain (ustdev.com).

  3. TJIC says:

    Awesome work. Looking forward each day to these updates!

  4. David says:

    I'm sure you've already noticed the address on the photocopies of the returned checks, since you previously alluded to that physical location. So I'll just note that it's an amazing time to be a consulting detective.

  5. Dan says:

    The facts of the case in pdf of the lawsuit ("victimized lawyers") are almost cliche, right out of the 419 scammer handbook. You have to wonder at what point the attorneys realized that they should have never taken on the case. Client selection is so critical.

  6. Scott Jacobs says:

    I wouldn't be shocked if you find a lot of incorporation docs coming from Nevada – IIRC, Nevada has some very nice Inc and LLC laws allowing for owners of a business to remain hidden, or at least unpublished.

    I've long suspected such laws have an origin in the Mob.

    And Ken, remind me how much the yearly fee is to stay on your good side. :)

  7. Ken says:

    Its not my experience that the wife is always complicit, Roger. I'm open to evidence, but haven't yet seen in in this case.

    Edit: Also, please note that Ms. Bell maintains that Bell is her name, that Lapolice is her former name, and that she does not use aliases, and that she is not any of the other persons with other names listed through those links.

  8. RandomDude says:

    Ken,

    Check out Pedalz and Zencycles, Cynthia Bell primary, located at [redacted].

    Her name and numerous aliases appear on several other commercial entities as well.

    Madonna Francis Bell,
    Cynthia Francis Bell, Cindy S Bell, etc

    Checking that address, which matches plenty of hits for David William Bell, it appears the house was built in 1977 and sold to an Archie Bell, who died in January 2010 at the age of 72. The narrative emerges that Archie's daughter, Cindy Francis, married William David Bell and was living with her father through numerous iterations of "enterprise."

    It's entirely possible there is another Cynthia Bell in southern CA that married a William David Bell, but it seems quite unlikely based on the many, many businesses that tie back to these names.

    Edited: Note that Ms. Bell indicates that the "Madonna" name is not her, and that Bell is her name and Lapolice her former name.

  9. RandomDude says:

    Sorry, David William, not William David in that last paragraph.

  10. doug says:

    i love it.

  11. bill. says:

    This is very entertaining and informative. But as a side note, and as someone who is not a lawyer nor have I taken part in any legal proceedings, reading thru the "victimized lawyers" pdf I am astonished by how much of that $25,000 is a very large number of 10 minute phone calls.

  12. Mark Bennett says:

    Bill, as I read it those are not ten-minute phone calls, but rather tenth-of-an-hour (or six-minute) phone calls.

    Prepare to be further astonished: to a lawyer billing in 0.1-hour increments, any amount of time less than six minutes counts as "six minutes." So a 0.1-hour phone call might have lasted twenty seconds.

  13. Ken says:

    About to drop some money on some criminal records.

  14. Grandy says:

    "Minimum length" time units is not really uncommon across many fields. E.g. it's not unusual for an IT support person who is going by the hour to bill over-time work in minimum time increments (and this is often contractually agreed on).

  15. John says:

    Want me to drive by and take a picture, tell you what's there? I live about 20 minutes from South Myrtle in Monrovia: it's between me and the Home Depot, so I'm there a lot (serial handyman). I promise not to get out of the car.

  16. G Thompson says:

    Google also has another not widely known search ability – Google Finance which is currently Beta only for certain countries
    Looking on Google Finance for UST gives some interesting factoids plus names from Hoovers. (The Hoovers Link is basic info unless you want to pay for it)

    For people and Business Searches (its beta and wonky on Buss search though) I have for years used pipl
    For example On the Business Search using basic info you get some interesting public data but a lot of false positives too.

    Though using the normal name and specific location search Useful Information abounds (esp under public records) and look at the perty pics on the side ;) . Cut down, change and massage the search for even better data. Sometimes this saves having to pay for standard checking especially if like me you reside in another country.

    Searching for yourself is probably not a good idea ;) though the username and email searches pipl does is amazing.

  17. Pete Hokner says:

    We just got the same invoice today (09-13-11). Thanks for the info – this will be sure to go to the shredder. To John who is 20 minutes away – yes, please drive there, get out of your car, and kick this guys a** !

  18. Ken says:

    Thanks, Pete! I assume you got here through a search for UST. That's exactly why I am doing this. Can you tell us what industry you are in?

  19. Ken says:

    Search hits for today only as of 2:00 p.m. PST:

    ust development, inc. ontario (3)
    ust development, inc. preventative maintenance
    ust development scam invoices
    ustdevelopment.com (3)
    http://www.ustdevelopment.com (2)
    ustdevelopment.com reviews
    ust development inc scam
    ust development inc ontario ca

  20. If you're dropping money, a few bucks spent on a DomainTools.com DNS history can reveal prior addresses, web hosts, and other sites hosted on that server (useful if the hosting company is small)

  21. John says:

    Pete, sorry, but I don't want to muddy Ken's water by creating a sympathetic "victim".
    But there are other means….. (cue mad, scary laughter)mwaahwahhwahwahhahaha

  22. Gabi says:

    Interestingly enough, us-telecoms.com, as opposed to us-telecom.com, looks fairly reputable and it pops up in the website completion bar.
    I bet they hope that people will look at that site instead.

  23. n/a says:

    Several sites give historical "WHOIS" data, e.g. http://www.domaintools.com/research/whois-history/

    I can't find any free ones but there must be some out there.

  24. Andy says:

    There are references in these posts to future discussions of PACER, but those discussions don't materialize. No link, no info.

  25. Ken says:

    There are references in these posts to future discussions of PACER, but those discussions don’t materialize. No link, no info.

    Aw, gee, Andy, am I not producing free content fast enough for your tastes? I'm so sorry!

  26. Pete says:

    Don't forget the Internet Archive's wayback machine: http://www.archive.org/web/web.php – it lets you enter a url and gives you all the changes to the site over time. They only have two snapshots of ustdevelopment.com from 2010, but have dozens of snapshots of us-telecom.com dating back to 2002.

  27. Ken says:

    I really love that some commenters are giving me leads on methods I had forgotten or had never heard of.

  28. Michael says:

    If the company is foreign, and they have an English-language page separate from their native language, check the native-language page too (easier to do now with Google translate). Several years ago we were approached by a German bank with suspicious-looking terms for a listing on Frankfurt. The people on their English webpage checked out, but their German page had different people listed as officers, and some of those turned out to have been charged in the past with securities fraud.

  1. September 19, 2011

    […] intentan estafarte telemáticamente, aquí va una serie de 4 post (1, 2, 3 y 4) detallando un proceso de […]

  2. September 19, 2011

    […] Chapter Two: How to do a serious Google search! With details of how he applied those principles to this specific search. […]