Pierluigi Paganini February 15, 2019

Moscow police department operatives, with the participation of Group-IB experts, took down a group of phone scammers who for several years have been extorting money from the elderly.

Phone scammers typically managed to steal between 450 and 4500 USD per victim, promising substantial compensation for their purchases of medicines, medical devices or dietary supplements. According to the investigation, in just 7 situations of fraudulent events in the investigation, the damage is estimated to be 150 000 USD, and the police believe that the number of victims is much higher.

At the end of 2018, employees of the Moscow Department of Internal Affairs came across the trail of a group of telephone scammers who had long been involved in fraud, extracting large sums of money from Russian elderly people. The money was used to purchase real estate, cars, collectors’ coins, jewellery and securities. According to the investigation, the scheme was invented and conducted by a 35-year-old resident of Domodedovo originally from the Republic of Azerbaijan. In addition to the leader, the group was made up of “callers” who communicated with pensioners over the phone, “cashiers” who controlled transactions, “money mules” who withdrew cash from ATMs, and even a dedicated person responsible for the relevance and security of the database of phone numbers of potential victims.

Where did the phone scammers get this data from? They profited from a scam, popular some time before, which sold “magic pills” — counterfeit drugs and dietary supplements purported to cure even serious chronic diseases. This scam’s elderly victims spent hundreds and thousands of dollars on the products, borrowing from friends and taking loans. The database of these names, phone numbers and the cost of the “drugs” ordered was in the hands of phone scammers. According to Group-IB experts, the list held the names of about 1,500 pensioners, their phone numbers, and the names and prices of the medicines they trustingly purchased. Judging by the database, these potential victims were between the ages of 70 and 84, and were from Moscow, Rostov, Tomsk, Nizhny Novgorod, Leningrad, Chelyabinsk, Orenburg and other regions. They had at different times bought expensive drugs, including: “Weian capsules” (2287 USD), “Flollrode aqueous” (1600 USD), “Miracle patches” (313 USD), applicators (170 USD), “Lun Jiang” (157 USD), and “Black nut” (388 USD). 

For those who were suspicious of the compensation process, the “prosecutor of Moscow” offered to clarify the information from the “head of the financial department of a bank” clarify the information. After that, the victim was contacted by another person — “a representative of a credit and financial organization” — who confirmed his willingness to transfer compensation to the pensioner’s account or to transfer the money in cash. When the victim agreed, “tax officers” entered into negotiations and reported that the victim needed to make an advance payment of 15% of the compensation as a tax. In addition, the scammers were able to collect an “insurance premium” or “lawyer’s tax”.

For example, one of the pensioners, who was promised a compensation of 8660 USD, was required to pay a tax of 747 USD. In another case, a request for compensation of 448 USD was made for the receipt of 4480 USD. One of the victims was a famous opera singer who paid the scammers about 4480 USD. The elderly people transferred the money to the cards of cashiers — “drops” or “money mules” — indicated by the attackers, who then withdrew the money from ATMs. 

“Despite the fact that vishing (voice phishing) is a rather old type of phone fraud, it maintains popular to the fact that attackers come up with new methods of deception, targeted at the most vulnerable segments of the population — pensioners, — highlights Sergey  Lupanin, Head of the Group-IB Investigation Department. For years, deceived elderly people have repeatedly complained about telephone scams to the Russian Central Bank, the Ministry of Finance and the Prosecutor’s Office, and regulatory and law enforcement agencies have periodically issued warnings about these dangerous and very cynical fraudulent schemes, but the number of victims did not decrease. The scammers not only maintained secrecy but also improved their methods of social engineering: they quickly gained their victims’ trust, showed themselves to be intelligent and educated, and were persistent and aggressive. It’s rare for one of their victims to escape unscathed.”

However, as the result of a large-scale police operation, the organized criminal group was defeated: on 5 February, several detentions and searches were carried out at the criminals’ place of residence. A police search of the apartment of the scheme’s organizer turned up large sums of money in roubles and other currencies, bank cards, a traumatic gun, a hunting rifle and collectible coins. The scammer invested the money received in shares of Russian companies. In his stash inside a toilet, field investigators found database printouts with names of pensioners as well as extracts with phone numbers and names of victims that the criminal’s girlfriend had tried to flush. In a private house belonging to another detainee — the leader of the money mules — a police search turned up bank cards, databases of pensioners, accounting of criminal activity, money, and jewellery.

A total of seven people were detained. According to the investigation, the damages from 7 episodes of fraud are estimated at 150 000 USD, but operatives believe that the number of victims is much higher — at least 30 people. An investigation is underway.

About the author: Group-IB Group-IB is one of the leading providers of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection.

Pierluigi Paganini

(SecurityAffairs – phone scammers, cybercrime)

[adrotate banner=”5″] [adrotate banner=”13″]