
How a Russian Syndicate Scammed Us for $25K - coderholic
http://empireflippers.com/russian-scammers-vladislav-smolensev-alexandr-smolensev/
======
knieveltech
Ok so wait, in response to getting scammed you hacked into this guys accounts
to gather information? And then _admit to it publicly_? And then dox the guy?
Unprofessional doesn't even begin...

~~~
danbruc
Exactly this. I reply here because it applies to most of the other replies so
far. Breaking the law is not justified even if you »only« affect someone who
also broke the law and affected you with that. In the real world as on the
internet. Period. Sometimes the world is unfair, suck it up, but don't become
criminal yourself.

~~~
thieving_magpie
The only thing I'd do differently is I probably wouldn't write a blog about
it. This idealist world you're living in sounds lovely but I'm not going to
sit and risk my livelihood by "sucking it up" and accepting "the world is
unfair".

If you want to base your moral code on laws made by old white guys, go for it.
I'm going to live my life based on what I believe to be just. That's really
how change comes about, challenging legal authority. Think about the
historical figures you respect - rosa parks, mlk, snowden (maybe?). The world
would be a worst place if they didn't break the law. To me that is
contributing to the good of the world.

~~~
danbruc
_I 'm going to live my life based on what I believe to be just._

Exactly this is the problem. There is nothing fundamentally wrong with
frontier justice, the only problem is that people don't act rationally in
general. What if it is not some lost money but if someone got badly hurt,
raped or killed? Can you hold back your emotions? Make sure that you are not
targeting the wrong person? And even in the case of this story, what if those
two guys are themselves just victims of the real scammer hiding behind their
identities? You just publicly stigmatized two innocent people as scammers.

~~~
thieving_magpie
Again, I do not think it was right to air any of this publicly.

I get what you're saying, but I still do not agree that I should never disobey
the law when I feel it is morally justified.

------
ukandy
"Because we helped with the website migration, we also had one of his
passwords. As it turns out, he likes to use this password for his email
address and other accounts as well.

We ended up with access to multiple private email accounts, one of his
registrar accounts (NameCheap), his eBay account, SitePoint account and more."

That's as sketchy as it gets.

Go clean out your support tickets with customers passwords in now.

~~~
justincooke
All of those passwords are changed after migration. In this instance they
weren't, as we had an active/open ticket with him.

~~~
dmurray
All of your customers change the passwords to all of their other accounts
after doing business with you?

------
thegreg
I think scammers deserve to be exposed. The truth is if more people shared
this kind of information publicly then there would be less scammers. The
reason many scammers can do what they do for a long time is because the
victims never speak out and warn others against them.

~~~
justincooke
Yeah, it's a pretty horrible feeling. We were angry with the scammers and
somewhat embarrassed that it happened at all.

------
random28345
"We could submit a DMCA takedown request via GoDaddy and Media Temple.
Starting with a broad request to see if that works, and then lay out the
details if we get any pushback from the companies."

Awesome. More DMCA abuse. And this is why we need penalties against bad actors
who knowingly file fraudulent takedown requests.

Does empireflippers know they are also the bad guys in this story?

~~~
philjohn
Is it?

I'm sure the transfer deal when you buy the site will include an IP provision,
whereby, if you reverse the charge, or don't pay in some way, you don't own
the copyright to the site and its contents. That sounds like a valid case of a
DMCA complaint being made.

I remember the story of a client who got an agency to do a load of branding
work. Said he didn't like it, and would be going elsewhere, having only paid
the deposit - that's fine, it's part of the terms and conditions ... however,
said client then went and used that exact branding.

Last I heard, a DMCA claim took the website down and he came crawling back to
pay the balance at he had a regional advertising campaign about to go live.

------
ryanlol
So you're publicly admitting to several felonies?

------
KezBradley
Wait Empire Flippers don't even bother to vet their buyers?

It's not great getting scammed either but I'm sure it's also illegal to use
customer information to get into someone's account and then post their
information online.

You couldn't pay me to use these website brokers.

------
obisw4n
"we also had one of his passwords."

Sorry, but you should not have your customers plaintext passwords, so very
unprofessional.

Time to submit Empireflippers to plaintext offenders list?

~~~
thowar2
They are directly involved in facilitating the site transfer... Of course they
have access to the passwords.

------
josefresco
Rare to see a write up like this where they not only expose the scammers (by
name), but also share their personal information.

~~~
justincooke
I wasn't sure about publishing, but now that I did I'm glad it's out there.

~~~
EugeneOZ
About last name: letter Ц from Cyrillic alphabet can be transcripted as ts, c,
tc, so all variations are correct.

------
waxy
You just nuked your service in my opinion. Not sure who's going to appreciate
this posting except very very small guys, anyone serious will not want to do
business with you.

~~~
justincooke
I seriously doubt you're right, but I guess we'll see. Those that do
appreciate it will be our customers and that might be a bigger pool than you'd
think. Appreciate the comment, though.

~~~
hewhowhineth
I feel for you, but shady market, no buyer screening, plain text passwords,
doxxing, ... not a lot of trust there.

 _When you gaze long into the abyss, the abyss gazes also into you._ I hope
next thing you do won't be looking for a hitman on the dark web :)

~~~
justincooke
Shit - time to throw the laptop in the oven. :-(

I understand where you're coming from, but I really think we'll have plenty of
support.

~~~
hewhowhineth
Best of luck, but is there any danger for you to get in legal trouble with
Namecheap, eBay, SitePoint, etc?

------
yc1010
Why don't they add a bitcoin option as well? it would cost them anything to
accept bitcoin via bitpay (0% fee) and they completely eliminate their
chargeback risk

webmasters are a fairly tech literate lot and I am sure alot of them already
use or know of bitcoin

~~~
justincooke
We are, actually. We currently accept bitcoin for both deposits and full-on
purchases. We prefer it, actually.

~~~
yc1010
Aha :) good stuff, sorry I was only checking your site in a hurry and didn't
notice

~~~
justincooke
It's not on the site yet, but we're adding it so that it's public/clear.

------
IkmoIkmo
Quarter way through the article and it's clear this is a story of chargeback
fraud.

People love to tout the beauty of chargebacks but the fact is that for a lot
of business to consumer ecommerce, the buyer has a lower risk profile than the
seller. It's the buyer who knows he is dealing with Amazon. The seller hasn't
a clue who he is dealing with. Are the odds that Amazon will take your
payment, not ship a product and say FU, or are the odds a buyer will do that,
either with his own creditcard or stolen credentials?

Obviously there are exceptions here. But to me it makes a lot more sense to
have no chargebacks inherently. That way businesses are protected from
chargeback fraud, and as there is less fraud, payment processors have fewer
losses as do merchants, which positively influences pricing both of products
and creditcards in a small manner (say 1%).

Does a user still want the ability to chargeback? Fine, but it'll cost 1% in
costs, from which fraudulent cases are paid for. And it's only possible if the
merchant accepts it. Why is it so crazy for a merchant to be able to say 'no
chargebacks possible if you use your card with me'? Of course, if it's a new
kid on the block in a shady location with a weird website and no phone number,
he's not allowed by the payment processor to disable chargebacks, and
customers will avoid him anyway. But if he's a large retailer like Amazon, or
a vetted SME like these guys with a business registration, phone number, a
track record, hell perhaps even a surety bond if necessary, do you really want
to force them to expose themselves to chargeback fraud or not take payments at
all?

That seems pretty obvious. They still accept wire, without chargeback risks.
And customers still use them. In other words, there's a market for easy and
fast payment processing without chargeback protection both from the merchant
and consumer side, that's faster and easier than wiring money. In the
Netherlands for example we have this, it's called iDeal, wiring money that
arrives seconds later without chargeback fraud, cheap and fast.
Internationally the equivalent is using bitcoin with a USD wallet at e.g.
Circle or Bitreserve by the founders of ColdFusion and CNET respectively.

Don't get me wrong, chargeback protection has its place. But payment
processing without it, does, too.

~~~
justincooke
You bring up some interesting points regarding chargebacks but, in this
instance, chargeback protection actually saved the credit card holders from
becoming victims as well, no?

I'm pretty sure these were stolen credit cards and that the credit card owners
had the cards used without their permission. That's why, after the first
chargeback, we didn't fight it - we didn't want the credit card owners to get
screwed if we WERE to win.

~~~
IkmoIkmo
That's a good point. I guess creditcard are just horribly unsecure right now.
They're literally pieces of paper (plastic) with a password (credentials)
written on them. Usually without any form of 2FA.

Anyway, have you spoken to some other company's about this? It's a very common
issue of course, you'll usually have an part of an entire department dedicated
to it at larger company's like AirBnb. For shipping there's usually a pretty
decent flagging process (check IP, compare shipping address vs creditcard
address, flag certain countries as high risk, flag first-buyers for high-price
items as high risk etc etc. Once something is flagged you follow up with a
phonecall. If someone is spending $30k or $100k and has to wait days to wire
it, usually a phone call or an ID selfie (getting popular) isn't such a big
deal to arrange everything within 24h.

Anyway, I guess the most important question right now is... did you see bounce
rates spike once you started showing people the 'wire only' page? Very
curious!

Btw, I generally condone posting information of the scammer on the condition
the scammer was warned of the fact the information would get posted and that
if he complies, even years later, and returns the money, the info is removed.
And on the condition the information was publicly available. And part of that
could have been done just fine without illegal access to his email. I
sympathise (was scammed two months ago) and in all honesty I'm 99% sure I
would've entered the email accounts if I got scammed, but that doesn't mean
it's right. At the very least I'd strongly consider taking down those facts,
not just for your own protection but also because it glorifies something
illegal. Criminals are not alienated from their right to privacy, particularly
not at the hands of citizens, as much as it sucks.

------
EugeneOZ
So Syndicate or one narcissistic guy?

~~~
justincooke
Narcissistic guy and his brother, I guess.

~~~
kolev
From Wikipedia:

Crime syndicates

In the case of criminal activity, the syndicate is there to promote, and
engage in, organized crime, that is, organizations which run common illegal
businesses on a large, national, or international scale. The subunit of the
syndicate is a crime family or clan, organized by blood relationships, as seen
in the Italian Mafia and the Italian American Mafia crime families (the Five
Families dominating New York City crime, namely, the Gambino crime family,
Genovese crime family, Lucchese crime family, Bonanno crime family, and the
Colombo crime family).

------
bobcostas55
If you knew he was getting a US visa, why not just wait for him to come over
and have him arrested?

~~~
justincooke
I don't really know anything about when he's heading over. Plus, not sure it
would work out that cleanly.

~~~
ryfm
[https://instagram.com/p/18jkxdHXbH/?taken-
by=smolensev](https://instagram.com/p/18jkxdHXbH/?taken-by=smolensev) June
28th Honolulu (stop over at LA)

------
Sleaker
So Ycombinator allows news articles that include public doxxing to be listed
on the frontpage.... Classy..

~~~
jcoffland
So you're calling for censorship?

~~~
Sleaker
I would think that publicly displaying doxxed information was against the
rules... not a matter of censorship. But I'm new around here. I just find it
odd that it's allowed. Also think it's tasteless.

~~~
jcoffland
I agree with your sentiment. I'm just not a fan of censorship. Perhaps this
company should be punished but blocking the link from HN would mean we
couldn't have this discussion.

------
natch
>Nate ended up buying both sites for only $5,000—amazing value, considering
they were fraudulently purchased from us for nearly $23K!

Really, is that how you decide that something is an amazing value?

~~~
whyaduck
Yeah - the "heroes" in this story don't come off as terribly appealing. The
"happy ending" caption was the nail in the coffin for me.

