A Tale of Two Fraud Facilitators: Ladette and Guy

A Tale of Two Fraud Facilitators: Ladette and Guy

The question has often been asked: How large are the scammers nests? In the previous post, From Benin: A Loan Scam Syndicate, we explored a syndicate operating from Benin, defrauding consumers mainly in Europe, the United Kingdom and Canada, having over 300 domains.

To show this is not an isolated incident and that domain fraud abusing fake domain registration details is rife, we will now look at two identified facilitators in Nigeria working in concert. First a female was identified (our alias Ladette), then a male person (we will call Guy), serially registering domains mostly for email fraud where no web content is visible.

In the process banks are being spoofed on a massive scale, likewise the regulators and even law enforcement authorities such as Interpol and the FBI.


In October last year, Artists Against 419 had a  “Seven days of Darkness” campaign after we exposed Ladette, a female scammer serially registering domains at numerous registrars to facilitate fraud. The issue illustrated why the internet is under threat from bad actors, with certain registrars being unreceptive to reports of fake registration details and fraud, ignoring their own obligations and slowly destroying the promise of the inetrnet.  Most registrars had happily terminated the malicious domains uncovered at the time, happy with the evidence supplied and we were happy. Yet one registrar was obstructive or blissfully ignorant on what to do.

At the time ScamSurvivors has posted on the subject here: https://www.scamsurvivors.com/forum/viewtopic.php?f=17&t=51755

The one registrar refused to address these, replying thus, despite evidence given of fake registration details and the user violating their own policies, with the email being titled: “AUP Violations & fake whois: numerous”.

Thank you for your email.

Please be advised that we have received your report of illegal activity. As checked, only the domain names are registered with us. It is hosted with a different provider and that we do not have a control on it.

In this case, you need to contact their hosting provider to shut the website down. You may refer to the whois information below:


IP Whois

This is much the same type of reply seen given by the “We are only a registrar”-class of registrars, happy to accept any money, ignoring of their ICANN obligations and their own AUPs.  We need to note that the much of the domain abuse is email based and only a lot of investigation can ultimately determine the usage, unlike a domain used for a website URL showing  fraudulent web content.

It was up to Artists Against 419 to challenge this registrar on their supposed registrar obligations. Quiet shocking does no begin to describe the unfolding events. The initial report was met with the following reply:

Thank you for your email.

My apologies for the inconvenience this has caused you.

We have referred this to our Authentication team for further investigation. And will notify you once we get an update from them.


Later to be followed by:

Good day!

We would like to inform you that we have received an update from Authentication team regarding the domain names. And the following domain names listed below has been suspended due to fraudulent intent:

gtbanking-ng.com: success
merchanttrustfinanceb.com: success
falconexpress-courierservices.com: success
mofepgovgh.com: success
remittancebofgh.com: success
alexanderattorney-za.com: success
alphaomegafoods.com: success
goldenstarcourier.com: success
rainbowswinners.com: success
ministerio-de-hacienda-y-economia.com: success
swiftexpresscourierservices.com: success
wxaxooilco.com: success

Please be advised that the Registrant of the following domains responded to our email sent last 20 Oct. 2016, providing us his valid ID. And we are still communicating with him and have it investigated.


Will get back to you once we receive and update from them.


None of Ladette’s real known details were used. Then later:

Good day!

Please be informed that we have now received an update the registrant of the following domains below and provided us their valid ID.


We have now unsuspended those domain names. And inform them that we will suspend their domains again if they try to update the details.

If you have further concerns, please do not hesitate to email us back.


Once again none of Ladette’s real details were used. Ironically these all these verified domain have since been host suspended again, no surprise.

So much for ICANN RAA Section The Registered Name Holder shall represent that, to the best of the Registered Name Holder’s knowledge and belief, neither the registration of the Registered Name nor the manner in which it is directly or indirectly used infringes the legal rights of any third party.

We really hope the sponsoring registrar did not expect the responsible registrant would have supplied real details, else they may be in for a shock. Knowing who the registrants are really are helps.

Fact: Scammers lie! Even registrars are not spared. Fraudsters make a living stealing other peoples’ money by producing fraudulent documents (One member of the anti-scam community was even made an ambassador to the United Nations and has the documents to prove it)! The domain names list should have run a bell, more so connected to the fake registration details.

Also so much for ICANN Advisory dated 3 March 2003, which we were assured still stands by ICANN as recently as mid last year:

On the other hand, where a registrar encounters a severe Whois inaccuracy being exploited by a registrant to evade responsibility for fraudulent activity being carried out through use of the domain name, prompt action by the registrar is appropriate. Under the approach of the Registrar Accreditation Agreement, the registrar is given discretion to act as appropriate in light of the particular circumstances of each case.

Unfortunately the registrar chose to overlook the pertinent details and use bad judgment, only concerned about registration details discrepancies, ignoring the reasons why they existed in the first place. Personally we have zero doubt that should the EFCC wish to follow up after reports from a victim and international, quite an innocent party will have some hasty explaining to do if he or she even exists. It would definitely not be the first time, this has been seen many times before. Like the Western World, West Africa has more than it’s fair share of identity theft and forged documents.

These were the original domains addressed in Ladette, now all suspended, some only at hosting level (This is by no means an ideal solution for a malicious domain – unlike a hacked website).

DomainScam Name and DB link


ABSA Bank South Africa


HSBC Bank Indonesia


Accountant General of the Federation of Central Nigerian Bank


Alexander Attorney


Alpha Omega Foods Group Ltd


The National Bank of Angola


Bank of America


Bank of Ghana


La Banque Postale


Bahrain Development Bank




Bank Login Portal


Dynamic Gulf Trust Finance Bank Dubai


Dynamic Gulf Trust Finance Bank Dubai


Directorate-General of Customs and Indirect Taxes France


EcoBank Togo


European Investment Fund


EMC Europe




Falcon Express


Falcon Express


Financial Conduct Authority


First Bank of Nigeria


Golden Start Courier Services


Golden Start Courier Services


Government of Republic of South Sudan


Guaranty Trust Bank Nigeria


Halifax Bank UK


Hongkong Beaus Cosmetic Ltd


HM Revenue & Customs UK


Hoxton Ventures


Hoxton Ventures


HSBC Indonesia


HSBC Bank Indonesia


Kames Capital Investment International


La Caixa Bank Spain


Lagos Liason Office


Mabel Livinghome


Merchant Trust Finance Bank


Ministry of Finance and Public Administration Spain


Ministry of Finance Ghana


Ministry of Finance Ghana


Merchant Trust Finance Bank


Nordea Bank AB


Merchant Trust Finance Bank


The Presidency of Ghana


Rainbows Lottery UK




Bank of Ghana


Santander Bank London


Santander Bank


Santander Bank


Sparbanken Öresund


SunTrust Bank


Swift Express Courier


Swift Express Courier


The United Nations Compensation Commission (UNCC)


Unico Bank


World Wide Express Courier Services


World Wide Express Courier Services


World Wide Express Courier Services


Wxaxooilco Oil Company

Follow up

This section expands on the previous one. In addition to more domains Ladette has since registered, we found her to be working with a another partner we will call Guy. Sometimes it’s not clear who registered the domains as the identities used to register them overlaps. The list contains some older historic domains and database entries, allowing us to join the dots to map the syndicate.

Since October, the syndicate has been regrouping and trying to make up for the suspended domains used in fraud.

Once again in cooperation with ScamSurvivors, we have done some in depth research and the domains listed can also be found discussed at  https://www.scamsurvivors.com/forum/viewtopic.php?f=17&t=56114

DomainScam Name and Database Link
abnamrobnk.comABN Amro Bank
abnamrobnkplc.comABN Amro Bank
absabk-za.comABSA Bank South Africa
adbnk-za.comAfrican Development Bank South Africa
ae-onlinenbad.comNational Bank of Abu Dhabi
aeb-cy.comAlpha Bank Cyprus
aebcy.comAlpha Bank Cyprus
aebnk-cy.comAlpha Bank Cyprus
aelex.orgAELEX - Law Firms Nigeria
africaclearing-house.comThe West African Clearing House
ahmedbokochambers.comAhmed Boko Chambers (ECO Bank)
alliance-bnk.comAlliance Bank
alliancebnk.comAlliance Bank
alphaexpressbanking.comAlpha Express Banking
am-jpm-client7586-texas.comJ.P. Morgan Asset Management / International Development Bank Of Commerce
am-jpm-texas.comJ.P. Morgan Asset Management
am-jpmtexas.comJ.P. Morgan Asset Management
asiacreditclaimsagent.comAsia Credit Claims Agent
b-ceaobk.comBCEAO Bank Togo
banco-espanol-decredito-es.comBanco Espanol de Credito, S.A
bancopopular-es.comBanco Popular
bancounicajes.comBanco Unicajase
bank-cyprusonline.comBank of Cyprus
bankofamericaonlines.orgBank of America
bankofhopeonline.comBank Of Hope USA
banqued-laposte.comBanque De La Poste
barclaysprivate.comBarclays Bank
bbnkass.comBarclays Bank Assets
bbvabnk.comBBVA Bank
bclaybk-online.comBarclay Bank Online
bclaysbanklondon.comBarclays Bank
bclaysbankonline-ke.comBarclay Bank Online
bclaysbk.comBarclays Bank
bclaysbkonline.comBarclay Bank Online
bclbank.comBarclays Bank
bclybk.comBarclays Bank
bendgo-bk.comBendigo and Adelaide Bank
bidubenin.comBidu Biotech Benin
bkofafricang.comBank of Africa Nigeria
bkofus-th.comBank of America Thailand
bnk-ofafrica.comBank of Africa
bnkcyprus.comBank of Cyprus
bnkicbcstduk.comIC Bank
bnkofeng.comBank of England
bnsshq.orgBanque Nationale Suisse (BNS)
boaonline-us.comBank of America
boausa.netBank of America
bofabkf.comBank of Africa Burkina Faso
bofaburkf.comBank of Africa Burkina Faso
bofaonlinetransfer-jp.comBank of America
bofausa.comBank of America
bofausonline.comBank of America
bradleyhoustonchambers.comBradley Houston Chambers
bsafarbr.comBanco Safra Brazil
bsafra-br.comBanco Safra Brazil
budgetofficeng-gov.comThe Budget Office of the Federal Government of Nigeria
cabrudoholdings.comCabrudo Holdings Nigeria
capital-onetrust.comCapital One Financial Corporation USA
capitalone-trust.comCapital One Financial Corporation USA
capitolcargo.netCapital Cargo
cbnbank-nig.orgCentral Bank of Nigeria
cbnbankng.orgCentral Bank of Nigeria
cbonline-tw.comClydesdale Bank
central-bank-ofnigeria.orgCentral Bank of Nigeria
centralbnkg.orgCentral Bank of Ghana
centralbnkgh.orgCentral Bank of Ghana
cgsdscom.comCoast Guard Security Delivery Service Company
chasebankna-us.comChase Bank
client7653-cgsdsc.comClient login portal
clientloginonlineportalssl.comClient Login Online Portal SSL
clientportalonlinelogin.comClient Portal Online Login
commonwealthbnau.comCommonwealth Bank Australia
commwealthbankau.comCommonwealth Bank Australia
commwealthbnkau.comCommonwealth Bank Australia
contnatbnk.comContinental National Bank
cwbau.comCommonwealth Bank Australia
cwbaus.comCommonwealth Bank London Branch
dareglogdatahtml.websiteDareg Log Data HTML
deutschebanag.orgDeutsche Bank AG
deutscheptcassets.comDeutsche PTC Assets (Deutsche Bank)
deutscheptcassetsltd.comDeutsche PTC Assets (Deutsche Bank)
dgs-es-online.comGeneral Directorate of Insurance and Pension Funds Spain
dgtfbk-ae.comDynamic Gulf Finance Bank
dibdubiaonline-ae.comDubai Islamic Bank
dynamicgfbae.comDynamic Gulf Finance Bank
e-gbkuwait.comGulf Bank Kuwait
ecbeurope.comEuropean Central Bank
ecbeuropeeu.orgEuropean Central Bank
ecobank-transnational.comEcobank Transnational
ecobnkng.comEcoBank Nigeria
ecofwest-africa.orgEconomic Community of West African States (ECOWAS)
egbkuwait.comGulf Bank Kuwait
equityfinancialchambers.comEquity Financial Chambers
es-irs.orgInternal Revenue Service
etablissementbeaudouxlogistiques.netEtablissement Beaudoux Logistiques
eu-bl.comEtablissement Beaudoux Logistiques Europe
eurobroker-claims.comEurobrokers SA Greece
eurocredits-claimagents.comEuroCredit Claim Agents
eurocreditsclaimagents.comEuroCredit Claim Agents
eurolab-cleansa.comEuro Lab Clean SA
european-compliance-claims.netEuropean Compliance Claims
fbiemteam-gov.orgFBI Emergency Team
fbiusa-gov.comFederal Bureau of Investigations
federalreservebnk-newyork.comFederal Reserve Bank New York
federalreservebnk.comFederal Reserve Bank
fedwireclearingny-us.orgFedwire and Clearing House Interbank Payments System New York
fidbnk-gh.comFidelity Bank Ghana
fidelity-bankplc.netFidelity Bank Nigeria
fidelitybankplc.orgFidelity Bank Nigeria
financialintelligentservices.comFinancial Intelligent Monetary Services ( FIMS)
firsnig.orgNigerian Federal Inland Revenue Service
first-unitedbnk.comFirst United Bank
firstbnkvi-usvi.comFirst Bank Virgin Islands
firstcityatlanticbnk.comFirst City Atlantic Bank
firstinland-bankplc.comFirst Inland Bank
firstnat-bank.comFirst National Bank US
firsttrustbk.comFirst Trust Bank
firstunited-bnk.comFirst United Bank
fmjustice-gov.comFederal Ministry of Justice
foindexhtmlglobal.websiteLloyds Bank / Deutsche PTC Assets
fsttstb.comFirst Trust Bank
ftbnk.comFirst Trust Bank
gov-rss.comGovernmental RSS feed
governorgodwinemefiele.comGodwin Emefiele (Governor of the Central Bank of Nigeria)
govrss.comGovernmental RSS feed
gscitybank.comGoldman Sachs Bank
gscitybnk.comGoldman Sachs Bank
gulfunion-bh.comGulf Union Insurance Bahrain
gvrss.comGovernmental RSS feed
gvrss.orgGovernmental RSS feed
halifax-bnk-uk.comHalifax Bank UK
halifaxbnkonline-uk.comHalifax Bank
halifaxbnkuk.comHalifax Bank UK
hangsengbkhk.comHang Seng Bank
hmlandsecurity.comHomeland Security
hsbc-malaysia.netHSBC Bank Malaysia Berhad
hsbcbankusa.orgHSBC Bank US
hsbccorporatebanking.comHSBC Bank
hsbcindon-id.comHSBC Indonesia
hsbcindon.comHSBC Bank Indonesia
hsbclondon-plc.comHSBC Bank UK
hsbcmobileapp-clients.comHSBC Bank Mobile App Clients
hsbcmobileappclients.comHSBC Bank
hsbfinid.comHSBC Bank Indonesia
htmlfastgologlls.websiteBank Login Portal
htpayinfoadmlogssl.websiteClient login portal
ibnkclientloginssl.comIBank Client LogIn SSL
ibnkclientonlinelogin.comI Bank Client Online Login
icbnkccn.comIC Bank
icc-eu.comThe European Union and the International Criminal Court
idbnkoc.comInternational Development Bank of Commerce
idrislawalcbnoffice.comCentral Bank of Nigeria
imcclaw.comImmaculata Law Firm US
imf-washington-us.orgInternational Monetary Fund
imfgovoffice.orgInternational Monetary Fund
immaclaw.comImmaculata Law Firm US
independentinvestmentreviewsltd.comIndependent Investment Reviews Ltd UK
irs-government.orgInternal Revenue Service US
johnpamchambers.comJohn and Pam Chambers
jpmcp-bnk.comJPMorgan Chase
jpmcpbnk.comJPMorgan Chase Bank
kamescapitalinvestmentinterntional.comKames Capital Investment International
kamescapitalinvestmentsinternational.comKames Capital Investments
kd-bnk-uk.comKD Bank
kd-bnk.comBank fur Kirche und Diakonie eG - KD-Bank Germany
kdbnkonline.comBank fur Kirche und Diakonie eG - KD-Bank Germany
kingshousepayment.orgKings Mortgage Services USA
lagosliaison-office.comLagos State Liaison Office
lloydsbnk-uk.comLloyds Bank
loomistechnicals.comLoomis Technical Ltd. UK
lydsbnk-uk.comLloyds Bank
lydsbnk.comLloyds Bank
mabelivingllp.comFirst Trust Bank
mashreqbankae.comMashreqbank UAE
mebvscogloballinsurance.comMEBVSCO Global Insurance UAE
mebvscoglobalnsurance.comMEBVSCO Global Insurance UAE
merchanttrust-financebank.comMerchants Trust UK
montecitobnktrust.comMontecito Bank & Trust USA
mortgageloanfirmjapan.comMortgage Loan Firm Japan
mortgageloanfirmjp.comMortgage Loan Firm Japan
mtf-b.comMarchant Trust Finance Bank
mtfbank.comMarchant Trust Finance Bank
mtfbonline.comMerchant Trust & Finance Bank
mydataloghtmlssl.websiteMyDataLog HTML SSL
mygovkenya.comMinistry of Energy and Petroleum Kenya
myloginfodatahtm.infoBank Login portal
myrhbank.comRHB Capital Bhd Malaysia
myrhbnk.comRHB Capital Bhd Malaysia
nationalbank-greece.comNational Bank of Greece
nationalbankgreece.comNational Bank of Greece
natwbnk.comNatWest Bank
natwtblondon.comNatwest Bank
nelsoneffiong.comSenator Nelson Effiong
ngembassy-usa.orgUS Embassy in Nigeria
nnpcbonnyoilterminal.comNigerian National Petroleum Corporation
nordeabkab.comNordea Bank AB
ntwtb-uk.comNatWest Bank
nwtbnkonline.comNatWest Bank
officeofthe-presidency.orgOffice of the Presidency
officeofthepresidency-nig.orgOffice of the Presidency Nigeria
officeofthepresidentgov.orgOffice of the Presidency
onldataadminhtmlssl.websiteCommerzbank / Unicaja Banco
ouestsecuritysystems.comOuest Security Systems
pitjechambers.comPitje Chambers
pncbnkus.comPNC Bank US
presidency-gov.netOffice of the Presidency Nigeria
presidencygovgh.netOffice of the Presidency Ghana
qatarnb-qa.comQatar National Bank
rbsonlinelondon.comRoyal Bank of Scotland
regiobknl.comRegioBank Netherlands
remittancedept-ubaonline.comUnited Bank for Africa
republicofsouthernsudan.orgRepublic of Southern Sudan Org.
royaibnkofscotland.comRoyal Bank of Scotland
s-ttb.comSun Trust Bank
sainsbury-b.comSainsbury Bank
sainsburybk.comSainsbury Bank
sainsburysb.orgSainsbury Bank
servicebureaubr.comRehabilitation Services Bureau
servicebureaubrs.comRehabilitation Services Bureau
snsbnknl-intl.comSainsbury Bank
southsudangov.orgGovernment of Republic of South Sudan
sparbken-oresund.comSparbanken Oresund
sparbkenoresund.comSparbanken Oresund
sparbnken-oresund.comSparbanken Oresund
speedypost-plus.comSpeedy Post Plus
ssbnkwa.comSecurity State Bank USA
standardbank-london.comStandard Bank
standardcbkonline.comStandard Chartered Bank
stbankusa.comS&T Bank
stdchtdbnk.comStandard Chartered Bank
stditb.comStandard Bank SA
strustbk.comSun Trust Bank
swiftexpresscourier.comSwift Express Courier
swisstrust.orgSwiss Trust
treasurydpmt.comTreasury Department
trubansecurities.comTruban Securities Limited
uacbankae.comUnited Arab Commercial Bank International
ubsbnkswiz.comUnion Bank of Switzerland
ucjbnkes.comUnicaja Banko
ukeuroclear.comUK Euro Clear
un-pmro.orgUnited Nations
ungov-online.comUnited Nations
unicajaes-online.comUnicaja Spain Online
unicajaesonline.comUnicaja Spain Online
unicjbnk-es.comUnicaja Banko
unicjbnkes.comUnicaja Banco
unicreditbk.comUniCredit Bank
unitedbkgroup.comUnited Bank Group
unitedbofa.comUnited Bank for Africa Africa Global Bank
unitnatfboard.orgUnited Nations Foundation
unitnatfoundation.orgUnited Nations Foundation
unpmro.orgUnion Pacific Corp - Melrose Industries
usbacconline.comUSB Bank
ustreasurydeptgov.orgU.S. Department of the Treasury
wealthbloomingeliteb.comWealth Blooming Elite Bank
wealthbloomingelitebk.comWealth Blooming Elite Bank
westafricanmonetaryzone.orgThe West African Monetary Zone
wiremesh-ky.comW&M Wire Mesh Co. China
worldbonline.comWorld Bank
worldwideexpress-courierservices.comWorldwide Express Courier Services
worldwideexpresscourierservices-aus.comWorld Wide Express Courier Services Australia
wwecds.comWorld Wide Express Courier Delivery Service
wxaxoilco.orgWax Oil Company
zenithbanknig.comZenith Bank Nigeria
zenithbnk-ngplc.comZenith Bank Nigeria

So how big are these nests? Here we see 268 + 62 = 330 domains abused in just one syndicate recently. We will be mitigating this nest as to protect consumers. Documentation is being prepared.

Sadly it also gets much bigger. One party has been identified to be responsible for in excess of over 1400 fraudulent domains!


Comments are closed.