This week the US Attorney for the Southern District of Texas unsealed indictments against 56 individuals operating a conspiracy to commit wire fraud through a sophisticated scam involving five call centers in Ahmedabad, Gujarat, India.
The Call Centers — HGlobal, Call Mantra, Worldwide Solutions, Sharma Business Process Outsourcing Services, and Zoriion Communications — placed calls in four primary types of telefraud, and then laundered the money through a network of Domestic Managers, Runners, and Payment Processors in the United States. The money was then moved via a Hawaladar, a person who runs an underground banking system, or an international money transfer service called a Hawala. Hawala banking speeds the availability of international funds by operating on a trust system where the Hawaladar can incur or pay debts in one country for a large number of trusted parties from locally available funds on hand.
|October 27, 2016 Press Release|
IRS Scams: India-based call centers impersonated U.S. Internal Revenue Service officers and defrauded U.S. residents by misleading them into believing that they owed money to the IRS and would be arrested and fined if they did not pay their alleged back taxes immediately.
Law Enforcement Scams: India-based call centers also impersonated various law enforcement agencies, as with the IRS scams, threatening immediate arrest if the victim failed to comply with transferring funds. (This blog has covered this scam before, including sharing a recording of one such call — see: “Warrant for Your Arrest Phone Scams” from November 7, 2014.)
USCIS Scams: India-based call centers impersonated U.S. Citizen and Immigration Services (USCIS) officers and defrauded U.S. residents by misleading them into believing that they would be deported unless they paid a fine for alleged issues with their USCIS paperwork.
Payday Loan Scams: India-based call centers defrauded U.S. residents by misleading them into believing that the callers were loan officers and that the U.S. residents were eligible for a fictitious “payday loan”. They would then collect an upfront “worthiness fee” to demonstrate their ability to repay the loan. The victims received nothing in return.
Government Grant Scams: India-based call centers defrauded U.S. residents by misleading them into believing that they were eligible for a fictitious government grant. Callers directed the U.S. residents to pay an upfront IRS tax or processing fee. The victims received nothing in return.
Roles in the Operation
In the US, the primary parties were the Domestic Managers, the Runners, and the Payment Processors. A Domestic Manager directed the activities of the runners and provided them with the resources they needed to do their work, including vehicles, and credit cards to be used to pay business expenses. The Runners job was to purchase temporary “GPR cards” (General Purpose Reloadable) and then send the information about these cards to the scammers who were working in the call centers in India. When they reached the “payout” portion of the scam, the funds would be transferred from the victim to the Runner’s GPR card. The Runners would then retrieve the cash and send it further upstream, often via Western Union or Moneygram using false identification documents.
Data Brokers helped to generate “lead lists” for the Call Center Operators. (For example, One of the data brokers used by the call centers was working as an IT Consultant for a company in New York. Vishal Gounder would steal the PII from company databases and use the identities to activate the GPR cards. )
Payment Processors acted as the intermediary between the Runners and the Call Centers for exchanging funds either through Hawaladars or via GPS Cards and international wire transfers.
The largest number of arrested and indicted individuals came from the HGlobal call Center. I’ve illustrated the information from the indictment below:
|HGlobal: Runners in 8 states, including Alabama|
|The other Ahmedabad, Gujarat, India Call Centers and their indicted members|
One of the methods that the members of the conspiracy were tracked was by their reliance on certain GPR cards, including the GreenDot MoneyPak cards. When a GreenDot MoneyPak card is used, an identity and a telephone number have to be associated with the card. The call centers in India operate primarily by using “Magic Jack” devices to place unlimited international calls over Voice Over IP (VOIP) lines where they can choose the callerid number that is displayed. GreenDot investigators found that more than 4,000 GreenDot cards had been registered to the same Magic Jack telephone number, (713) 370-3224, using the identity details of more than 1,200 different individuals!
That Magic Jack number was controlled by Hitesh Patel, the call center manager of HGlobal.
The criminals did a poor job back-stopping their fake identities. In this case, the Magic Jack was registered to the email “email@example.com” which used as its recovery email firstname.lastname@example.org, which lists the telephone number 9879090909, which Hitesh also used on his US Visa Application. The Magic Jack device had been purchased in Texas by Asvhwin Kabaria, who used the email email@example.com to send the news to firstname.lastname@example.org that he was shipping him 20 Magic Jack devices via UPS. The same individual would ship more than 100 Magic Jack devices to other members of the conspiracy, including people in India and in Hoffman Estates, Illinois.
Another Magic Jack number, (630) 974-1367, was associated by 990 Green Dot GPR Cards using 776 different stolen identities. (785) 340-9064 was associated with 4,163 Green Dot cards using 1903 different stolen identites! That one was used by Jatan_oza@rocketmail.com which was frequently checked from the same IP address that Magic Jack calls using this number were originating.
Sunny Joshi (email@example.com) was shown to have purchased $304,363.45 worth of GPR cards in a single month (October 2013!) Emails to and from Sunny often had spreadsheets documenting which transactions had been funded by which GRP cards. One spreadsheet showed $239,180.79 worth of transactions from 116 different cards!
Another investigative trick was to look for cards that were used in “geographically impossible” situations. For example, on January 13, 2014 at 11:37 AM a conspirator used a card to buy gas in Racine, Wisconsin. On the same day at 12:46 PM the same card was used to buy groceries in Las Vegas, Nevada.
At least 15,000 victims have been confirmed to have lost money to these scammers, and an additional 50,000 victims are known to have had their identity details in the possession of these scammers.
The Most Vulnerable Among Us
The most vulnerable victims seem to have been recent immigrants and the elderly. Those who are accustomed through habit or fear to quickly obeying any order of authority, even when it seems incredulous. There are several victims who were ordered repeatedly to purchase the largest possible Green Dot cards ($500 value) and to do so in batches over several days. One victim in 2013 purchased 86 cards worth $43,000 and transmitted the details to the scammers. These cards were accessed from the IP of the 703 Magic Jack phone and transferred by email to “firstname.lastname@example.org”.
One resident of Hayward, California was contacted repeatedly from January 9, 2014 through January 29, 2014 and extorted into purchasing 276 MoneyPaks worth $136,000 and transmitting the PIN numbers to the thieves. She was frightened into believing she was speaking with the IRS and would be immediately arrested if she did not comply!
Recent immigrants are also especially vulnerable. In one of the many examples from the indictment, Rushikesh B., a resident of Naperville, Illinois, was extorted for $14,400 by an individual claiming to be the Illinois State Police and threatening arrest if he did not immediately pay fines related to immigration violations.
Those who work with our elderly and with recent immigrant communities are strongly encouraged to remind them that NO LAW ENFORCEMENT OFFICIAL will EVER take payment for a fine via money transferred over the internet or email! Nor will they ever require a GPR card to be used to pay such a fee!
Anyone who hears of a friend, family member, co-worker who has been a victim of such a scam is strongly encouraged to file a report.
For all IRS-related telephone scams, please help your colleague to report the scam by using the TIGTA website, “IRS Impersonation Scam Reporting” run by the Treasury Department’s Inspector General for Tax Administration.
The URL is: https://www.treasury.gov/tigta/contact_report_scam.shtml
For all other Telefraud scams involving government impersonation, this FTC website may be used: https://www.ftccomplaintassistant.gov
Email Traffic a key to the Case
The indictment goes on for 81 pages listing incident after incident, including many email accounts used by the criminals. Some of the criminals made accounts for money movement, such as money.pak2012@gmail, payment8226@gmail, but others used their “primary emails” like Cyril Jhon who used the email cyrilhm2426@gmail for his conspiracy traffic. Saurin Rathod used the email saurin2407@gmail, while Hardik Patel used hardik.323@gmail! One of the payment processors, Rajkamal Sharma, sent over 1,000 emails to conspirators with directions about where to deposit various funds. Almost 50 pages of the 81 page indictment are walking through the evidence uncovered by email analysis!
The full indictment is a fascinating read … you can find a copy here:
Hitesh Madhubhai Patel
Hardik Arvindbhai Patel
Janak Gangaram Sharma
Tilak Sanjaybhai Joshi
Saurin Jayeshkumar Rathod
Tarang Ranchhodbhai Patel
Kushal Nikhilbhai Shah
Karan Janakbhai Thakkar
Manish Balkrishna Bharaj
Rajpal Vastupal Shah
Sagar Thakar (aka Shaggy, Shahagir Thakkar)
Cyril Jhon Daniel
Jatin Vijaybhai Solanki
Jerry Norris (aka James Norris, IV)
Rajubhai Bholabhai Patel
Jagdishkumar Chaudhari (Jagdish)
Bharatkumar Patel (Bharat)
Montu Barot (Monty Barot)
Dilipkumar Ramanlal Patel
Dilipkumar Ambal Patel (Don Patel)
Abshishek Rajdev Trivedi
Samarth Kamleshbhai Patel
Aalamkhan Sikanderkhan Pathan
Jaykumar Rajanikant Joshi
Anjanee Pradeepkumar Sheth
Kunal Chatrabhuj Nagrani
Subish Surenran Ezhava (aka Chris Woods)
Sunny Tarunkumar Sureja (aka Khavya Sureja)
Sunny Joshi (aka Sharad Ishwarial Joshi, Sunny Mahashanker Joshi)
Rajesh Bhatt (aka Manoj Joshi, Mike Joshi)
Tarun Deepakbhai Sadhu
Vishalkumar Ravi Gounder (Vishal Gounder)
Rajesh Kumar Un
Aniruddh Rajeshkumar Chauhan
Rahul Tilak Vijay Dogra
Vicky Rajkamal Bhardwaj
Clintwin Jacob Chrisstian
Aneesh Antony Padipurikal (Aneesh Anthony)
Jatankumar Kareshkumar Oza (aka Jatan Oza)
Rajkamal Omprakash Sharma
Vineet Dharmendra Vasishtha (aka Vineet Sharma, Vineet Vashistha)
Gopal Venkatesan Pillai
*** This is a Security Bloggers Network syndicated blog from CyberCrime & Doing Time authored by Gary Warner, UAB / PhishMe. Read the original post at: http://garwarner.blogspot.com/2016/10/major-call-center-scam-network-revealed.html