Neptura Oy, Credo power Oy, Reality Interactive Oy, Axion Suomi, Rapid Investment Ltd, Spamming, Fraud, And Who Knows What Else
Since a few months earlier, a few interconnected Finnish businesses have been spamming a list that isn’t documented (but is clearly based on Finnish Business Information System data) with messages regarding “your [mobile, Internet, whatever] subscription update” (original Finnish: Liittymäpäivityksestänne) or “Contact” (original Finnish: Yhteydenotto).
Elisa Oyj, the ISP, appears utterly inept and incapable of dealing with the problem.
The spamming originally started in February 2015. Here’s a sample from March.
From credopower@axionsuomi.com Mon Mar 16 hh:mm:ss 2015
Return-Path: <credopower@axionsuomi.com>
Received: from emh06.mail.saunalahti.fi (emh06.mail.saunalahti.fi
[62.142.5.116])
by x (Postfix) with ESMTP id x
for <x>; Mon, 16 Mar 2015 hh:mm:ss +0200 (EET)
Received: from PUDDELrealitylocal (puddel.reality.fi [194.157.96.178])
by emh06.mail.saunalahti.fi (Postfix) with ESMTP id x
for <x>; Mon, 16 Mar 2015 hh:mm:ss +0200 (EET)
MIME-Version: 1.0
From: Esa Kaasila <credopower@axionsuomi.com>
Reply-To: credopower@axionsuomi.com
To: x
Subject: Yhteydenotto
Date: Mon, 16 Mar 2015 hh:mm:ss +0200
Message-ID: <x@PUDDEL>
Content-Length: 2934
Lines: 57
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Terve x,
Kiinnostaako säästö?
Me tarjoamme Suomen parhaan asiakaspalvelun sekä 30-50% säästön verrattuna nykyisiin yritysinternet- ja puhelinliittymien kustannuksiin.
Kuulostaako uskomattomalta yhtälöltä? Me Credopowerilla laskemme turhan ilman pois hinnoista.
Arvomme vastanneiden kesken 5 kylpylälomaa 27.3.
Ystävällisin terveisin
Esa Kaasila
Credopower Oy
+358 50 5532321
The spam does not indicate anything about the address source, which in itself makes it illegal (Personal Data Act, Section 25).
It (solely) refers to a Finnish limited company, Credo power Oy as the originator. The phone number 050 5532321 is currently unlisted, but belonged to (yet another individual) at Credo power Oy at the time this first happened according to Fonecta’s online phone book.
The people behind Credo power Oy are documented on yritystele.fi, Miro Palmu as the chief of everything and currently Aleksandra Agareva as the required vice member of the board (was somebody else at the time).
The message appears to have been handed to the consumer mail servers of Elisa plc by a static host in their network (no WHOIS suballocation to anyone for 194.157/16), with a domain name (reality.fi) registered personally to somebody named Teemu Sorri but intimately connected with Reality Interactive Oy, behind which is (as documented on yritystele.fi) surprisingly only a vice member of the board, Tuukka Sorri.
It also refers to a domain name (axionsuomi.com) registered through a WHOIS anonymization service. There is no web page directly at axionsuomi.com [37.61.237.229] (in the network of LayerIP in the UK), it redirects to axion.fi [31.217.192.211] (in the network of Hostingpalvelu.fi right here in Finland; domain name registered to BM media Oy right here in Finland). The people involved with BM media Oy are documented on yritystele.fi; Teemu Sorri and Benjamin Salutskij. The web pages of axion.fi indicate BM media Oy as well, with a person called Riku Varjamo as the contact, and the phone number 050 550 8654, which, too, is unlisted.
A request for the description of the personal data file was met with the following surprise denial:
From credopower@axionsuomi.com Thu Feb 26 15:26:27 2015
Return-Path: <credopower@axionsuomi.com>
Received: from emh02.mail.saunalahti.fi (emh02.mail.saunalahti.fi [62.142.5.108])
by mail.atrotossavainen.fi (Postfix) with ESMTP id 70CE879501B
for <atro.tossavainen at atro.fi>; Thu, 26 Feb 2015 15:26:27 +0200 (EET)
Received: from Esbian (puddel.reality.fi [194.157.96.178])
by emh02.mail.saunalahti.fi (Postfix) with ESMTP id 282058184F
for <atro.tossavainen at atro.fi>; Thu, 26 Feb 2015 15:26:26 +0200 (EET)
From: "Esa Kaasila" <credopower@axionsuomi.com>
To: "'Atro Tossavainen'" <atro.tossavainen at atro.fi>
References: <20150226130129.GA7208@1655mc-node1.infinitemho.fi>
In-Reply-To: <20150226130129.GA7208@1655mc-node1.infinitemho.fi>
Subject: RE: Rekisteriseloste
Date: Thu, 26 Feb 2015 15:26:30 +0200
Message-ID: <003901d051c7$d4f2d450$7ed87cf0$@axionsuomi.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHsPPEgqgHpwQb3C/CT8ALm1Q9IUJzLFamQ
Content-Language: fi
Status: RO
X-Status: A
Content-Length: 618
Lines: 22
Emme ole suomalainen yritys.
Yst: EK
In other words, “We are not a Finnish company. BR: EK”
Of course that’s a lie. It was further qualified as follows (headers omitted as substantially identical to the above):
Axionsuomi.com kuuluu Iso-Britannialaiselle Rapid Investment Ltd -yritykselle joka valmistaa ja tuottaa markkinointikirjeitä asiakkaan toivomuksen mukaan.
Rapid Investment Ltd ei ole BM Median, Reality Interactiven, Credopowerin, Nebulan, Netmonitorin, Oikeusministeriön (??) eikä Suomispamin asiakas millään tavalla ja ilmoituksesi on näinollen täysin aiheeton. Kiitos kuitenkin huomiosta yhtiötämme kohtaan ja hyvää kevättä kaikille vastaanottajille. En halua jatkaa keskustelua aiheesta muutoin kun kirjepostilla tästä asiasta. Olette tervetulleita vapaasti myös käymään.Yhtiön yhteystiedot:
info@axionsuomi.com
Rapid Investment Ltd
6 Beechwood Crescent
LS4 2LL Leeds, England
The UK Companies House does in fact contain a business by that name (Company No. 09352398) but the address is nowhere near Leeds. If Rapid Investment Ltd indeed was involved in this activity, it would be doing so illegally as it has not registered to handle personal information with the Information Commissioner’s Office.
The spams are currently being sent by
From: Mika Korpela <mika.korpela@neptura.fi>
using exactly the same Elisa infrastructure as above.
The domain name Neptura.fi is registered with the following details:
[whois.ficora.fi] domain: neptura.fi descr: Neptura Oy descr: 21881214 address: Antti Savander address: Renvallinkuja 6 address: 00840 address: Helsinki phone: 0466624156 status: Granted created: 26.5.2015 modified: 4.6.2015 expires: 25.5.2018 nserver: ns53.domaincontrol.com [Ok] nserver: ns54.domaincontrol.com [Ok] dnssec: no
That’s the old address indicated in the FBIS entry for Neptura Oy – the current one is as indicated in the spam,
Neptura Oy Puusepänkatu 5 Hämeenlinna 13100 Finland
The phone number in the domain registration is unlisted. The message quotes the phone number 045 611 1294, which is unlisted. The people responsible for Neptura Oy are documented on yritystele.fi; they are Ilkka Laakso and Mika Untolehto.
The whole matter stinks to high heaven, and Elisa plc are doing absolutely f… all to stop it.
One Response to Neptura Oy, Credo power Oy, Reality Interactive Oy, Axion Suomi, Rapid Investment Ltd, Spamming, Fraud, And Who Knows What Else