Cybercrime , Fraud Management & Cybercrime , Social Engineering
US Indicts 6 India Call Centers for Scams Targeting Seniors'Tens of Millions' Targeted by Call Center Operators Posing as IRS Officials
The U.S. Attorney’s Office for the Northern District of Georgia has indicted six India-based call centers and their directors for conspiring with Voice over Internet Protocol provider e-Sampark in attempts to defraud U.S.-based victims.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Kurt Erskine, the U.S. attorney for the Northern District of Georgia, says the indicted call centers made initial scam calls, and then e-Sampark, through its VoIP service, forwarded "tens of millions of scam calls" to American consumers. "These India-based call centers allegedly scared their victims and stole their money, including some victims’ entire life savings," says Erskine.
The names of the indicted call centers are Achivers A Spirit of BPO Solutions Private Limited, Fintalk Global, Global Enterprises, Shivaay Communication Private Limited, SM Technomine Private Limited and Technomind Info Solutions.
India-based call center operators posing as IRS officials have been scamming U.S. citizens for years now. One of the earlier cases dates back to October 2016 when Mumbai Police cracked down on five scam centers operating out of Thane, Mumbai.
The call center operators impersonated IRS tax investigators, and police found that to avoid facing investigation, many victims paid between $500 and $60,000 in gift cards.
Triveni Singh, superintendent of police for Cybercrime at Uttar Pradesh Police, has been involved in most of the crackdowns on fake call centers in India, including the one in 2016.
Singh tells ISMG that in the 2016 raid, investigations revealed that the scammers targeted American and Canadian citizens. "The operators had the full profile of citizens from leaked IRS databases. The scammers - most of them in the 20-22 age group - spoke in a fake accent and assumed the identities of federal agents," he says.
Scammers also target Indian citizens. In March 2018, Noida Special Task Force's cyber wing arrested 105 scammers for defrauding victims out of 2 billion rupees ($26.8 million) by posing as insurance agents from reputed companies and representatives of well-known e-commerce firms.
Singh says that the police view these scams seriously, and the people found guilty are sent straight to jail.
On Nov. 17, 2020, e-Sampark and its director, Guarav Gupta, were indicted for pushing scam calls to U.S. consumers on behalf of India-based phone scammers. Byung J. Pak, the U.S. attorney for the Northern District of Georgia at that time, said that e-Sampark and its director had "bombarded" American consumers, especially the elderly, with scam calls leading to emotional and financial devastation.
The crackdown on scam call centers targeting senior citizens is led by the U.S. Justice Department's Transnational Elder Fraud Strike Force, which was established in June 2019 to investigate and prosecute individuals and entities associated with foreign-based fraud schemes targeting the elderly population in the U.S.
In addition to IRS and tech support scams, Andrew Barratt, vice president of technology and enterprise at cybersecurity advisory firm Coalfire, tells ISMG that romance scams hit a new high of more than $300 million - costing upward of $2,500 per event, according to FTC reports.
"While identity fraud numbers are harder to trace, it is believed consumers were exposed to over $50 billion in losses. Card payment fraud is usually reimbursed by banks, but it's costing the U.S. economy close to $30 billion annually," says Barratt.
Pop-Up Scams Use Bulk Malware Distribution
In addition to IRS scams, Singh tells ISMG that call center operators use pop-up calls to defraud their targets through tech support scams.
A pop-up call notifies users of incoming calls with a pop-up window that appears on their desktop screens when a customer calls a support helpline.
Singh says individuals can purchase pop-up calls from sellers in Mumbai, Delhi or Kolkata, and each pop-up call typically costs around $5. The call center uses VoIP, not regular telephone lines, to communicate with the victims, he says.
So, if 100 pop-up calls are purchased, the call center will receive 100 incoming calls from customers in the U.S. over VoIP.
"There are cybercriminal syndicates that supply malware in bulk. The malware is targeted at the victims' devices. When an unsuspecting target clicks on an infected link, they see a pop-up that tells them their system is infected and they'll need to call a number to purchase a malware cleaner costing $70 to restore their computers," Singh says.
He adds that an average user is not able to locate the malware file on the system due to its obfuscation capabilities, but the operator knows exactly where to look and remove the malware.
Deducting the $5 charged for purchasing the pop-up, the call center makes a $65 profit on every successful call. Singh says these cybercrime groups are part of an international syndicate.
"The operators are based in India and in the U.S., and the U.S.-based operators are responsible for injecting the malware and sending bulk emails to victims, Singh says.
Scams Affect Indian Multinationals
The effect of India-based fake call centers scamming U.S. citizens also affects Indian multinational companies that do business with American firms.
Sandip Kumar Panda, CEO and co-founder of cybersecurity firm InstaSafe, tells ISMG that any incident that affects a particular geography has a fallout effect on businesses in that geography.
He also says the absence of adequate compliance and regulations in India affecting domestic businesses that aim to liaise with U.S. companies.
"Our cybersecurity bill and Data Protection Act have been pending for a long time now" Panda says. He says Singapore and Australia already have strong regulatory regimes around customer data protection.
Panda says that investigating financial fraud is difficult as it's a coordinated activity that involves multiple parties. "Threat actors do not randomly pull up data to target people. They go through a very elaborate social engineering process."
He adds that cryptocurrency - including India's soon-to-be-introduced digital currency - is going to be increasingly targeted for fraudulent activities by these groups due to its "get rich quick" reputation.