Picture: https://flic.kr/p/fqzie4
Picture: https://flic.kr/p/fqzie4

Indian Police (Cyber Crime Investigation Cell, CID, West Bengal) has made significant progress in its investigation into a phone scam operation that is estimated to have cost victims millions of pounds.

Kaspersky Lab welcomes the announcement and the scam, which involved people being called by fraudulent technical support staff, was uncovered in 2012 by a Kaspersky Lab Global Research and Analysis Team (GReAT) expert, and reported to the Indian Police.  

The Cyber Crime Investigation Cell has recently taken eight suspects into custody.

The phone scammers operated by calling random individuals and posing as representatives of a large, well-known consumer technology vendor. Targets were told that their computers had been infected with an unverified software licence, rendering their machines insecure.

The fraudsters offered to help by connecting remotely to the victim's device to supposedly fix and install updated software, forcing them to pay a subscription fee of at least US$250 for “lifetime support”, “lifetime updates”, “anti-hacker solution”, etc. In fact, the software they provided was nothing, wrapped in a nice graphic interface.

In 2012, David Jacoby, a senior security researcher at Kaspersky Lab, received calls on his home phone from scammers who were tirelessly pursuing him as a potential victim. Fed up, he played along, allowing the criminals to connect to his computer while he kept a virtual machine running, and convincing them to visit a website he had set up.

All this helped Jacoby to capture the network traffic and to find out the IP address, email address and phone numbers of the criminals. It turned out that they were calling from India.

“After collecting all the information, I contacted the appropriate people in the PayPal security team and at various law enforcement agencies, in the hope that we could stop these people from stealing a lot of money,” Jacoby said.

The data Jacoby collected was substantial and has now helped the police to locate and hunt down the criminals.

According to Jacoby, the phone scammers used social engineering to trick their victims – gaining the confidence of unwary individuals to get what they want. Targets of phone scammers are usually those who stay at home, such as the elderly, unemployed or those who are not technically-savvy, who they consider easy prey.

In this case, the criminals targeted people in countries where people speak good English – including the UK, Australia, the Netherlands and countries in Northern Europe.

“If cases like this get exposed to the public more, then fewer people will be victimised and the cyber-criminals will have nothing to earn,” the security analyst said.

“Law enforcement is an important ally in the fight against cyber-crime,” said Maxim Mitrokhin, managing director for Kaspersky Lab Asia Pacific. This investigation has proved to be lengthy and complex and we welcome the high level of commitment and collaboration displayed by the Cyber Crime Investigation Cell.”

The Cyber Crime Investigation Cell believes that partnerships with cyber-security experts are important in helping it to build its own cyber-expertise.

“While India is regarded as an IT power, it has also become a favoured hub for cyber-criminals in the APAC region,” said Rajshri Banerjee, inspector-in-charge, Cyber Crime Investigation Cell, CID, West Bengal. “We face many challenges dealing with cyber-crimes, but our cooperation with key experts such as Kaspersky Lab helps to strengthen our cyber-capabilities.”

To go back in time and learn more about this scam, please see David Jacoby's presentation, interview and blog post.