27 Aug 2020
US authorities have charged three suspects involved in a large-scale tech support scam operation after FBI agents arrested one of their co-conspirators and turned him into an informant.
Evidence provided by the informant along with court documents filed in the case provide an in-depth glimpse at the techniques and inner workings of a modern-day tech support scam, from its earliest stages to the methods crooks use to launder funds obtained from defrauded victims.
Of the three suspects named in the case, one has been arrested earlier this year, and he pleaded guilty earlier this week.
It all started with an informant
However, while charges were filed in January this year, the investigation into this group began in May 2019, when the FBI arrested an Indian national on fraud-related charges.
According to court documents obtained by ZDNet today, the suspect (hereinafter “the informant“) agreed to cooperate with investigators and become an informant for the FBI, seeking leniency from US authorities in his case.
The informant admitted to FBI agents that he was an active member of a tech support scheme and gave up the names of three of his collaborators, all three Indian nationals.
Two of the suspects owned call centers in India, while a third lived inside the US, where he acted as a money mule by receiving funds from victims into his US bank accounts, and then transferring the money to the call center operators.
Publishers, brokers, and call centers
The informant said that his role in the scheme was as a “broker,” and he sold “call traffic.” According to the informant, brokers are the second category/stage in an online tech support scam scheme.
The first category is what the informant described as “publishers.” These are criminal groups that create the actual tech support websites that show misleading error messages and popups urging users to call a toll-free number.
Publishers then ran online ads on platforms like Facebook, for various topics, such as travel and more, but redirected users who clicked on the ads toward their malicious sites.
Brokers, such as the role which the informant played, operated as intermediaries between the publishers and the call centers. Brokers managed telephony servers through which they sold “call traffic” to a call center operator willing to buy it, based on their respective capacity, or to other brokers, who had active clients (call centers) with free capacity.
The informant, which agreed to provide the FBI with access to his device and have calls recorded, said that most of these negotiations took place via WhatsApp and other online chat applications.
Call center owners would get in touch with brokers, agree to a price per batch of calls, and provide a number to which the broker would re-route incoming calls from tech support scam victims.
The scheme in which the informant was involved used tech support pages that posed as Microsoft security alerts.
The alerts told visitors they’d been infected with malware and that they had to call a phone number for further assistance from a Microsoft employee.
Victims listed in the indictment were all elderly citizens who lacked technical skills to determine that the security alert was fake.
Call center operators would often gain access to bank accounts
Past IM chat logs and phone calls recorded by the FBI also allowed agents to learn how the scheme continued once victims connected to the call center.
Per court documents, call center employees would operate by convincing callers they needed to download and install a version of the SupRemo remote control software on their computers.
This software would allow call center operators to connect to the victim’s computer and resolve the supposed “technical issue.”
At the end of this operation, victims would be asked to pay for the technical assistance they received, usually through a bank transfer or through gift cards acquired from local stores.
According to a recorded phone call the informant had with one call center owner, call center operators would often ask victims to connect to their bank accounts while the operator would still have access to their systems, allowing the operator to collect bank account credentials.
Similar experiences were also reported by past victims, which the FBI contacted during their investigations.
Money received as payments, or surreptitiously stolen from victims’ bank accounts, would usually be transferred to intermediary bank accounts controlled by money mules.
By Catalin Cimpanu, ZDNet, 24 August 2020
Read more at ZDNet
RiskScreen: Eliminating Financial Crime with Smart Technology
Advance your CPD minutes for this content, by signing up and using the CPD WalletFREE CPD Wallet