Anatomy of a Scam Investigation: Chapter One

Print This Post

You may also like...

43 Responses

  1. Al says:

    Oh man, this makes me pine for the heyday of the MMF Hall of Humiliation.

  2. Bethany says:

    I am so excited to see how this turns out! My office just got a similar invoice from a company nobody's heard of with an answering machine on their phone line…. If I can get some alphabet soup on them before I leave forever for maternity leave, it would make me very happy.

  3. Ken says:

    Bethany, feel free to send me a pdf (ken at popehat dot com) if you want me to do some digging.

  4. Doug says:

    thank you

  5. Kresh says:

    Had similar invoices come through every so often while I was AP manager for my former company. The office used to have a good time laughing at them.

  6. Mark Bennett says:

    It's Branden Bell, not Brandon. Branden Tomeric Bell.

  7. shotgunner says:

    good on your office manager/AR person. Saved you some bux and provided you with a fun piece to work on!

  8. G Thompson says:

    I Love a good Spammer/Scammer hunt *gets out elephant gun* ;)

    For your info the CALI License board has some interesting info, and the hunt begins at the source

  9. Ken says:

    G. Thompson, you're reading ahead. We're still in Chapter One.

  10. Mike says:

    Any chance I'll be able to turn the series into a how to manual, now that I am located in an international tax haven?

    Kidding of course.

    When I had my little company it was depressing to learn of all the ways people would try to scam us for a few dollars. The endorsement of a check as signing a contract, that one really pissed me off.

  11. d-day says:

    /getting popcorn

  12. Fnord says:

    Oh, this is going to be good. I can hardly wait for chapter 2.

  13. perlhaqr says:


    I wonder if this would apply to the various domain registrar companies who send out "renewal notices" to customers of other registrars, which, when you pay the bill, do at least really renew your domain registration, but also transfer your account from your previous registrar to the new registrar, and typically charge you 3 to 4 times what you were paying before.

  14. McNugget says:

    I ,literally, cackled with glee when I read this. I cannot wait to hear the rest. However, question- Do you think they are capable of finding this site based on the info they may have or find on you? If so would them reading the posts destroy the future fun and potentially help them to know what you're doing so they can plan ahead? Or have they already bulldozed themselves into a hole so enormous that you could give them a detailed outline on your plans for them and there's still no way they could squirm away?

    Anyway, happy hunting!

  15. Chris Berez says:

    Excellent post. I'm looking forward to reading further chapters. I hope you destroy these bastards (or at least serve as a prime factor in their destruction).

  16. You know, for all the supposed street-smarts that con-men are meant to have, you might have thought it would occur to them that it's probably a poor idea to send your fraudulent notices to law firms, especially those with former prosecutors as partners.

  17. b says:

    Shylock, it's about numbers, as with any phishing or other email scam. They send this to a broad swathe of people and are still virtually guaranteed that only a tiny minority will even Google the company name, much less engage in further investigation or file any sort of complaint.

    And I agree: scammers are scum. Or, in this case, thanks to Ken, they're also chum.

  18. G Thompson says:

    Ken replied in a moment of clarity: G. Thompson, you’re reading ahead. We’re still in Chapter One.

    Oops, sorry.. I plead temporary incapax since whenever scammers are involved I get all psychicpsycho.

  19. @b, I guess that's right – they must need to send such large numbers of letters in order to generate a return that it's not feasible to check who they're sending it to. Either that, or they're actually dumbasses. Probably a little of column A, a little of column B…

  20. piperTom says:

    I note that "" now redirects to "". Don't know if the later is related to the former. Possibly, they are covering up in reaction to Ken. If I was them, I'd be in Argentina by now.

    No, on second thought, I'd be refunding as much as possible, pleading guilty, and apologizing — but that's just me.

  21. joshua says:

    BTW another useful thing to google for is the phone number on the document. Lots of idiots reuse numbers with different identities.

  22. ab says:

    Visiting from BoingBoing. Thank you sir, excellent series. Bookmarked.

  23. Mark Giles says:

    Excellent first chapter, better than a bodice ripper. I'm on the edge of the cliff awaiting more chapters.

  24. As a former Corporate Controller I can tell you this is not unusual. There are enough amateur bookkeepers in the world who are so snowed under with the volume of their work that this can easily slip by. Typical scenarios are when a new accountant comes in to clean up the mess of a previous slipshod accounting office. Accurate invoice purchasing and invoice records may not exist. The company is probably being bombarded with overdue statements from angry vendors. It's easy for a statement like this to get paid in that kind of environment.

  25. @shotgunner This would have more likely been caught by a competent A/P person, not A/R.

  26. Sue says:

    The BK was reopened by ePay last month, I do believe. Ken, send me an email. Sue S.

  27. Sue says:

    Ken – Let me complete that last sentence. Send me an email so I can reply back with a bunch of stuff I have on them. Sue S.

  28. Ken says:

    Please note update in bold at the bottom of the post:

    Edited to add: Cynthia Bell, wife of David Bell, or a person pretending to be her, sent me an email that contained, in part, the following response about the fraud analysis above:

    “This mailing was nothing more than a marketing tool to rebuild a business after a devastating loss. There were no threats of being sent to collection, no run around. If the client calls the office, they get a human being who explains the benefit of purchasing the service agreement and if they decide they do not want it, they are permanently removed from the database. If they paid the invoice, they received a welcome letter outlining the service agreement and what was included with their payment. There is no fraud here. Every single person who pays the invoice will receive the service they are paying for.”

    I find this completely unconvincing, for the reasons already enumerated above, and for reasons shown in the next chapters of this discussion.

  29. Mark Bennett says:

    I'm not saying that Cynthia Bell is a sociopath, but trying to garner sympathy ("to rebuild a business after a devastating loss") when called to account for one's bad acts would be prototypical sociopath behavior.

  30. SPQR says:

    Ken, you remain unconvinced because the invoice speaks for itself … and it speaks of brazen and outright fraud.

    Wouldn't you think that this email confirms Cynthia's involvement in the fraud, BTW?

  31. Ken says:

    @SPQR, it could be interpreted that way. But it's not conclusive. Many a wife has refused to believe her husband is a bad man.

  32. SPQR says:

    Ah, well, we've both got stories that start with that, don't we?

  33. Scott Jacobs says:

    Hell, Ken's entire marriage is predicated upon just such a belief…

  34. Justin says:


    A great article. I couldn't help but think about my own long-running experience with a company that calls me at work about once a month with the same tired, overpowered, ridiculous method. I had two incoming calls yesterday and they forgot to 'anonymous' or falsify their number or name. 813-849-0783 – Commercial Lighting Co from Tampa (they have a few similar complaints at These guys are crooks – every one of them. I've reported them to the state AG, but they've been at this for at least 8 years. Unbelievable.

  35. Givem Hell says:

    One trick you can do is to take that email address and paste it into Facebook and hit "search", this – if associated with FB, will confirm their identity.

  1. September 10, 2011

    […] Internet scammer and give him some hell. Luckily for the rest of us, he has also decided to provide a mini-tutorial over the next however many days on how to go about doing […]

  2. September 11, 2011

    […] at Popehat got the same statement; he didn't pay it, but he's calling UST Development (and likely its principles, David […]

  3. September 18, 2011

    […] intentan estafarte telemáticamente, aquí va una serie de 4 post (1, 2, 3 y 4) detallando un proceso de […]

  4. September 18, 2011

    […] Chapter One: Background about this particular invoice and why it satisfies the legal requirements for fraud. […]

  5. September 19, 2011

    […] Anatomy of a Scam Investigation: Chapter One | Popehat. Share this:Like this:LikeBe the first to like this […]

  6. September 19, 2011

    […] won't go into the particulars in this (it's a five part series starting here), but Ken's methods, including a PACER search for public records on the scammers, is a […]

  7. September 20, 2011

    […] that described of two different scams, and both were very interesting.  The first one is "Anatomy of a Scam Investigation," and the second one is "Traffic light camera scam steals your identity."  The […]

  8. September 28, 2011

    […] Anatomy of a Scam Investigation: Chapter One. And you thought you were good at internet stalking research. […]