Details of a Computer Banking Scam

This is a longish video that describes a profitable computer banking scam that’s run out of call centers in places like India. There’s a lot of fluff about glitterbombs and the like, but the details are interesting. The scammers convince the victims to give them remote access to their computers, and then that they’ve mistyped a dollar amount and have received a large refund that they didn’t deserve. Then they convince the victims to send cash to a drop site, where a money mule retrieves it and forwards it to the scammers.

I found it interesting for several reasons. One, it illustrates the complex business nature of the scam: there are a lot of people doing specialized jobs in order for it to work. Two, it clearly shows the psychological manipulation involved, and how it preys on the unsophisticated and vulnerable. And three, it’s an evolving tactic that gets around banks increasingly flagging blocking suspicious electronic transfers.

Tags: , , , , ,

Posted on March 22, 2021 at 6:15 AM15 Comments

Comments

TexasDex March 22, 2021 1:03 PM

I think the glitter bomb device used is also interesting from a security perspective. If you watch earlier videos featuring it, you’ll see how it was carefully designed to inflict mischief while maximizing chances that the device produces good video for evidence/entertainment, and is recovered for reuse.

Nick March 22, 2021 1:48 PM

Jim Browning is the interesting one to watch Bruce. Particularly when it comes to how the scam works and some of the methods of getting them shut down.

Karl Rock has worked with him too.

What’s interesting and not mentioned, is that there is a recruitment industry as well to supply scammers to the king pins.

Sadly, the scams are going to destroy the legitimate call service industry in India. I don’t trust an Indian voice any more. The presumption is scammer.

The Indian police need to clamp down and clamp down big time. That means setting the scammers up, and arresting them. They by and large aren’t concerned because the victims aren’t in India. A mistaken view, its legitimate Indians that lose jobs.

So the real solutions are more technical. Spoofing numbers and the ability after hanging a call up to dial a set number to report the previous caller as a scammer. Of course that comes with denial of service attacks against others.

SpaceLifeForm March 22, 2021 3:25 PM

This has been going on a long time.

Over 10 years ago, I happened to be at an older gents house, when he got the scam call. It was not a number he recognized, but he answered anyway.

So, I am listening, and I hear him say something about virus and some RAT (do not recall which RAT).

I walk over to him, and shake my head, and mouth to him, ‘hang up, scam’.

He did that. Because he knew I knew what I was talking about as I was his tech support person and he was not technical.

Imagine if I was not there listening at the time.

name.withheld.for.obvious.reasons March 22, 2021 5:38 PM

I note the peculiar similarity to other stories involving people of the United States. Seems there is a whole raft of persons capable of vulnerable behavior relative to many circumstances. Every wonder why a plea from Ethiopia to send money to someone was written in English (okay, “Merican”)? As my daughter would say, “Look that up in the British dictionary.”

xcv March 22, 2021 9:14 PM

There’s just too much law enforcement fail in this area to count.

https://www.secretservice.gov/covid/mule

Money Laundering: Don’t Be a Money Mule … pretending to be an entrepreneur or a bachelor looking for romance.

Well, in other words, don’t get ripped off. Shut up and don’t get caught yourself if you’re a victim of a financial crime. If you were stupid enough to fall for a scam, you’re just going to end up in prison for your time and money. Don’t you know that?

And while it’s true that criminal statutes of federal law apply only to male suspects and male defendants, with very few exceptions,
https://www.bop.gov/about/statistics/statistics_inmate_gender.jsp
there are females out there who do rip people off with the same scams played by the males.

A further problem is that money itself isn’t illegal, and the victims of thefts, seizures, confiscations, and civil asset forfeitures aren’t criminals.

https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/money-mules
https://www.fbi.gov/contact-us/field-offices/houston/news/press-releases/fbi-warns-of-money-mules

Clive Robinson March 22, 2021 9:43 PM

@ name.withheld…, ALL,

I note the peculiar similarity to other stories involving people of the United States. Seems there is a whole raft of persons capable of vulnerable behavior relative to many circumstances.

It’s not just vulnerable people in the United States, we get the same in the UK. So much so both the Government and Police forces run adds and campaigns against scammers, over and above what quite a lot of charities do. I hear similar is true for France, Spain, Germany so I assume orher “considered affluent” societies who’s first languages are other nations second languages.

I know a number of Brazilian’s who can speak english, spanish and french more than well enough to pass themselves of as native speakers. And befor people think I’m picking on Brazilian’s I’m not, similar applies to other South American and African nations that have had the misfortune to be “colonised” at some point in the past.

The real problem behind the issue that nobody is talking about, and is getting worse is,

The pace of technology change is now measured in fractions of an adults life, not as it used to be of two to five human generations.

Thus most humans can not keep up, they see the glitz and the glamour of new tech but not the risks. Thus old scams get dressed in new tech clothing.

What also does not help is the legislative process is both slow and fails to address the issues. Whilst being “conservative” in legislation generally acts in societies favour, in that new legislation and regulation is “considered” thus the law of “unintended consequences” is reduced. Tech moves four to ten generations in the time it used to take for major legaslitive change.

The result is politicians are seen to be failing and thus “go off half cocked” at best and we have ended up with truely appaling tech based legislation that only realy suits prosecutors looking to make a name for themselves by making crimes where non currently exist.

The simple fact is legislation generation is speeding up, and these new laws are not being considered or discussed just pushed through. In the US it is not unknown for legislation to be “bussed in by lobbyists” for politicians that do not actually read it and nolonger have the impartial advisors to keep the ellected independently advised for the benifit of the voters.

If the “supposed great and the good” can not keep up, and as in recent times shown to be extreamly wanting, how the heck do we expect others who’s lives are not related to tech to keep up?

In the UK the banks and financial industry are getting hit with wave after wave of new compensation claims and despite the best efforts of their legal advisors they are having to pay up on what is politely called “mis-selling” claims. Basically back in the 1980’s “mad maggie” Thatcher and Ronald “Ronnie the ray-gun” Reagan “deregulated” the banking and finance sector who then invented wave after wave of “faux markets” and “faux services” to skim another 20-30% off of the top. Basically what the average person would call “fraud”, “crooked”, “Criminal”, or a “scam”. In which we have all been “scammed” one way or another directly or as a consequence of others being scammed.

The only reasons these scammers are not cooling their heals in jail are,

1, There is no legislation.
2, They pay to stop legislation.
3, They pay to get the legislation / regulation they want.
4, As in any ponzie hot potato scheme those that start and make the most get out and leave the costs and downsides to others (finacial crises 1&2).
5, They are assisted by technology loop holes.

The only difference between them and what are considered criminals are steps 2&3, which most would call “Kick backs”, “nest feathering”, “bribes”, and “being on the take”… But note how many countries have legislation that protects the politicians…

As long as there is “new tech” the “new wine in old bottles” tricks will carry on at a pace at least as fast growing as the technology.

Oh and the old saw of “You can not cheat an honest man” is just not true when there are people in the middle making the rules to benifit the dishonest be they crooks or prosecutors.

name.withheld.for.obvious.reasons March 22, 2021 10:27 PM

To follow on, we see what is the fundamental nature of specific rationalizations that lay blame for scamming on those victimized by the scammer. It’s almost hilarious that one can coop a group and use their allegiances, which undermines the group, to take what is considered an economic or political “advantage”. How cynical many are respecting addressing scammers and how barbaric does this behavior need to raise to a level such that it is socially unacceptable to do so? Scammers are not demonized, more like lionized by many in society…consider that one can say; “I’m smart because I got away without paying my share in taxes.”

name.withheld.for.obvious.reasons March 22, 2021 10:33 PM

@ Clive
Okay Clive, you’ve been identified as a possible fan of the series “Black Books”. Do you the character Bernard or the troll Bill Bailey? The series was hilariously smart, liked the scene where Mormons are invited into the book store. Too many great skits to mention here.

Erdem Memisyazici March 23, 2021 5:59 PM

I like the ones where the scammers actually send you money to gain your trust so you send it back. Just don’t send it back. 😄

That being said though banks couldn’t stress the point enough that you shouldn’t log in for anybody, and no official will ask you to do so. Most of them just use the browser to edit the account balance, so another fun thing to try (if you logged into a fake bank app for them) is to just refresh the page and tell them you sent it back and just listen to them go ballistic.

The nerve of some people.

humdee March 25, 2021 5:00 PM

Clive and name.withheld.

Yeah, sure the government is behind…that’s why we have the bitcoin and entruium boondoggle. Neither would be worth anything except for the fact the government likes to experiment with what it doesn’t understand.

Right now I don’t know which is worse social outcome letting bitcoin survive or pulling the plug. But we should never have been faced with that choice.

The government is only conservative when it wants to be.

Alex April 13, 2021 2:23 AM

I’ve told my elderly parents that there’s a new rule in their house –

IF THE PERSON IS INDIAN SOUNDING AND CALLED OUT OF THE BLUE – THEY ARE A SCAMMER.

Sad for India, but the amount of calls coming into the UK from Indian scammers is off the charts. My parents are getting at least one a week from ‘Amazon’, ‘Netflix’ and so on.

eric April 15, 2021 2:24 PM

One thing to watch out for is that more and more scammers are creating web pages to prove to the unwary that they are on the level. I saw this a few months ago with a scam involving Quickbooks. The web pages can pretty much make them look legitimate.

In the same vein, I often do a web search for telephone numbers of suspicious calls. There are several web sites for people to report scam calls from different numbers and identify them as either scam or legitimate. In one recent scam call, I looked up the number and a number of the comments on some sites claimed that it was legitimate. So it seems that scammers are signing on to the web sites and reporting their own telephone numbers as being completely on the level.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.