Search

Fraud at Varian Medical Systems

Makeupbymegs is a hobby that I have been doing for over 5+ years and I have never had the opportunity to create Makeupbymegs as an official business since I was more focused in my career as an engineer. Unfortunately, "Makeupbymegs" was opened as a merchant account at Bank of America without my consent, with the use of my identity. I was at first shocked when I discovered this, knowing that I have never opened it as a business in any county. In order for Bank of America to open this merchant account, there must have been a tax ID linked to the DBA. I visited the Alameda County Clerk in Oakland to see if the DBA existed in their records under the following: Makeupbymegs, Makeupbymeg, Makeup by Megs, and Makeup by Meg and received no results. I then did a search for any business that had been opened under my name and only one business was valid: Executive Coach Limousine, filed on 1/20/2015 but is currently inactive.


I visited Bank of America to do a search for Makeupbymegs in their system, however, Bank of America denies of any ties to this merchant account. When visiting bankofamerica.com I found their merchant account contact information, what was strange was the contact number changed each time. There was a total of three different merchant customer care numbers: (877) 884-2408, (866) 606-0247, and (800) 430-7161. I knew my calls were being redirected to other call centers that were not related to Bank of America. I started to receive promotional rates for balances over $250,000.00 in my Email as a selective client to Bank of America, after reading the terms and conditions for these promo rates it was safe to conclude a "selective" client is someone who deposits a minimum of $20,000.00.

After my investigation, the professional con artists realized my discovery and started to shop for a new merchant account to process their payments. A request was sent to www.buyerzone.com under the contact information, Name: Mejgan Fazil, Phone#: 510-364-7077, and Email (does not belong to me) : Sarajojanalyn185236@my.minbox.email. I'm currently receiving all the callbacks for this request.


Third-Party apps, such as Earnin.com and Meetalbert.com cannot connect to my Bank of America account because they have found an "internal" issue with the bank itself. Also, PayPal has failed to resolve its spoofed app in my phone and website. PayPal is currently connected to my Bank of America account as a linked third party app, but I'm unable to view the "balance" tab that can obviously conclude how much money is in the account. When contacting PayPal customer care with an Email to notify the issue at spoof@paypal.com on 03/25/19 Case ID: KMM94118187V17589L0KM I received two Emails confirmations in response, with a Case ID: KMM94119852V21465L0KM on 03/25/19 and Case ID: KMM94151073V4167L0KM on 03/26/19. I finally got a hold of PayPal through customer care on the phone, and they had confirmed that these Case ID numbers did not exist nor do their case ID numbers start with letters. I informed them that these Emails were sent from spoof@paypal.com and they also confirmed that spoof@paypal.com never Emails a response and that these Emails were fake. With this information, the only valid proof I have is fake Emails and I'm sure it is to cover the stolen financials that have been deposited into my Bank of America Account. However, I have received a tip that there is physical money stashed in my parents property. I have been encouraged to find this money by digging a very deep hole of 6 feet, I have accomplished only 1 feet and decided that I will no longer dig any deeper. I'm aware that if I do so, the harassment and threats will only be greater and finding the money for myself was never my intention to begin with. I have the location of where the money is and would like the appropriate authority to take care of it from here. This money is in fact linked to the same con artists that have framed me with large deposits in my Bank of America account. I have reported this to the Newark Police Department, Officer A. San Pedro #123 Report #19-0331-0100.


I started to notice the crime on the month of October of 2018 at Varian Medical Systems and since then I started my investigation, I received a termination letter in March 18, 2019 from my company due to excessive tardiness and absences but there were reasons why I was unable to show up to work. All my accounts were being compromised: personal and work, I notified Varian with this issue multiple times and I do not feel I received the proper response. Somehow, everything was linked to Varian Medical Systems Wifi Lion Network and ethernet connection: ad.varian.com I noticed my personal laptop, when located in my home in Hayward, Ca., and my fathers laptop located in Newark, Ca., were being "used" under "Netbios" under the network tab of the laptops. To my knowledge this is an internet connectivity where the laptop computer screens were being monitored under a local network.


On my iPhone, I had downloaded an app named "Network Analyzer" (http://tinyurl.com/y68ka8ja) and I had did a search on the "Lion" network while I was on Varian Medical Systems premises, Building 3. All devices that were connected to the network showed up on the app. The devices included my cell phone, my fathers laptop, and my personal laptop, as I mentioned above. These devices were not located at Varian Medical System's premises at the time. Each device had an ID number, and in fact, matched my personal devices. Clearly, my personal devices were connected as "work" devices under Varian Medical Systems supervision, which explains the "Netbios" connectivity.


I started to investigate the issue myself, since Varian failed to do so after I brought this up to their attention. There was a virus downloaded through the "Lion" network in July 2017, I had looked into the logs on our cell computers, this one specifically was cell 13 and found an error message from Norton Virus that there was malware and to report it as soon as possible. This virus was in July 2017, and to my knowledge this virus was ignored.


As employees we were allowed to download some, not all, software applications without administrator rights. I had downloaded Google's Chrome browser in my VMS windows login at every cell computer for my own personal use. These accounts included my personal Emails, bank accounts, phone accounts and regular internet browsing that had nothing to do with work. I had multiple Emails that were automatically logged in to the Google browsers, rarely did I ever sign off since I felt this was secure and only to be accessed with my windows login. The Emails that were saved on Google Chrome at Varian Medical Systems cell computers were the following: Meganfazil@gmail.com, Makeupbymegss@gmail.com, Mejganfazil@gmail.com, ExecutiveCoach01@gmail.com, IsmiInstallations@gmail.com, Ismirentals@gmail.com, fantasticcutssalon@gmail.com. Meganfazil@gmail.com and Makeupbymegss@gmail.com had IP addresses show up under Gmail "detail" when I was home. I traced the IP addresses and it would link to cell 19 IP. This was when I was at home and not at work. IP addresses I can provide for you once I get full access to my Gmail accounts, which Is still in the works. IP addresses were traced to multiple locations, including Varian Medical Systems and the White House.


In Google Chromes browser there is an extension feature, on developer.chrome.com this feature is described as:


"Extensions are small software programs that customize the browsing experience. They enable users to tailor Chrome functionality and behavior to individual needs or preferences. They are built on web technologies such as HTML, JavaScript, and CSS. An extension must fulfill a single purpose that is narrowly defined and easy to understand. A single extension can include multiple components and a range of functionality, as long as everything contributes towards a common purpose. User interfaces should be minimal and have intent. They can range from a simple icon, such as the Google Mail Checker extensionshown on the right, to overridingan entire page. Extension files are zipped into a single .crx package that the user downloads and installs. This means extensions do not depend on content from the web, unlike ordinary web apps."(https://developer.chrome.com/extensions)


This information is vital because I started to notice visible extensions on the corner of my Google Chrome web browser on my work computers, one in particular was Rocketrip (http://tinyurl.com/y5qo4ptw) The reason why this extension caught my intention was because it was new and it was not an extension I added myself. I checked the extension tab for Google Chrome and was unable to disable this extension, it was grayed out and was set to on. My Chrome browser was completely controlled by another user. On my mouse, I right clicked to check the setting of the Google Chrome browser and noticed in order to delete the app itself that it needed administrator rights. I asked management and IT if I was able to download the application without administrator rights, why was I unable to delete it. They’re response was that it was “unusual” and that they “did not know”.

I then logged into my Okta account to see what applications were downloaded and noticed the application “rocketrip” I asked my manager why this application was downloaded on my Okta and he confirmed it was controlled by IT but he himself was not sure why this specific application needed to be downloaded.

Varian Medical Systems uses the software Okta, On Okta's website Okta's software is described as: