Skip to content
Naked Security Naked Security

Anatomy of a scam – how phone frauds harvest millions from us

A review of guilty pleas by phone scammers holds many lessons for ordinary people

The phone rings. You answer it and the voice on the other end says, “This is the Internal Revenue Service [IRS] calling about your delinquent taxes.” Your mind immediately goes to, “Really?” While the voice continues how a penalty is now due or an arrest warrant will be issued. And you don’t want to be arrested, so you listen and learn. You learn that if you pay the penalty, right now, all will be brought up to date and you will have additional time to sort out your delinquent status. Sound far-fetched? This scam happens every day. Indeed, it happens thousands of times a day.

When you think of this type of scam, our mind conjures up an image of a boiler room operation. And you would not be wrong. A recent review of the series of guilty pleas by members of an Indian and US based group of conspirators who defrauded at least 15,000 victims has been obtained by the US Department of Justice (DOJ).

In late 2016, a federal grand jury returned an indictment and the DOJ charged 56 individuals and five India-based call centers with conducting various scams, including the IRS scam. A review of the original indictment shows us how the infrastructure and methodology of the call-center scam is a bit more complex. Let’s take a look.

The various scams run by theses individuals included:

  • IRS tax scam: individuals in call centers impersonate IRS officials as described above;
  • Immigration scam: by impersonating officers from the US Citizenship and Immigration Services they misled victims into thinking that if they did not pay a fine for their paperwork errors, they would be deported immediately;
  • Payday loan scam: Posing as loan officers and offering payday loans, which would be linked to their next check – often a Social Security check. The victim would pay a “worthiness” fee to demonstrate “ability to repay the loan”.
  • Government grant scam: Similar to the payday loan scam, the caller would offer the victim a government grant, and pay an upfront “IRS tax” or “processing fee”.

The known number of victims is 15,000, that is to say, the number of individuals known to have been scammed out of their money. An additional 50,000 having had their identities stolen as part of the support infrastructure needed to operate the scam.

The various roles required to make the above work included:

  • Call center: Five call centers located in Ahmedabad, India (HGlobal, Call Mantra, Worldwide Solution, Zoriion Communications and Sharma BPO. The centers shared scripts, victim target lists, processed payments for one and other and liquidated the victim funds.  What was eye-opening to this writer was the number of moving parts involved in making the scam work in the US.
  • Domestic manager: Located in the US, these individuals supervised the Runners, providing them with guidance, resources (vehicles, credit cards, etc.) These individuals were the linchpins between the US operations and India.
  • Runners: Located in the US, purchased re-loadable payment cards and forwarded the numbers to the call centers in India. The runners would buy money orders using the cards and retrieve cash payments sent via Western Union and MoneyGram. They would use fake identity documents and deposit funds into various bank accounts.  Runners were located in various locales, and supported by the various call-center entities, the number of runners under indictment is 19 runners.
  • Call center operator: Individuals located in India. According to the indictment, these individuals oversaw “the day-to-day operations of the call centers” including obtaining and distributing “lead lists”, which contained personal identifying information (PII) of the target – name, address, phone number, date of birth, social security numbers, etc.  The number of operators indicted was 20, some individuals had dual roles.
  • Caller: These people make with the victims, reaching out to victims in the US and beyond. Their job is to separate the victim from their money. The identities and number of callers which took part in this multi-million dollar scam were not identified in the indictment.
  • Payment processor: Theses individuals, located in India would handle the movement of money between the runners and the call centers, the Hawaladars and provide the PII of unwitting US people to facilitate the liquidation of the payments to/from the payment cards.
  • Data brokers:  The data brokers obtained the leads, buying information from both the US and abroad. These names were then divided into targets and those to be used to facilitate the movement of the money.
  • Hawaladar:  The indicted hawaladar operated a hawala, an informal money tranfer system used throughout south Asia based on trust. Money can be sent internationally, without the money actually moving or there being a record of the transaction within a banking system. Hawaladar keep track of transactions and repay the amount owed by transactions moving in the opposite direction from individual hawalas.

On the technical side of the equation, the infrastructure was remarkably low-tech. They used voice-over-internet protocol (VOIP) connections, and would spoof the call as coming from US or Canadian numbers. They purchased 1,500 magicJack (VOIP) devices allowing unlimited calls via the internet to the US. These devices were sent to India and from India the call centers would choose a number to be associated with a magicJack, and they would register the accounts to unsuspecting individuals in the United States.

An example of the use of a magicJack number registered from India to an unsuspecting individual in Waco, Texas, showed the number was used to access more than 4,000 Green Dot payment cards; and registered more than 1,300 misappropriated identities. This method was used repeatedly.


An HGlobal caller successfully extorted $43,000 from a victim in San Francisco, by posing as state and federal agents and demanding payment for alleged tax and immigration violations. The victim purchased 86 prepaid MoneyPak cards with a stored value of $43,000 and then sent to the cards’ PINs  to the callers. A runner, in Illinois, sent 27 general purpose reloadable (debit) cards to the call center. The payment processor registered the cards with stolen identities and then moved the $43,000 from the 86 MoneyPak cards to the 27 debit cards.

What can we do? How do we prepare ourselves, our family members and others from being exploited?

If the call comes on the telephone: have a script at hand. It is a reality, telephone contact is often the only contact some older people and others have, and they relish the opportunity to engage. Or they don’t wish to be rude to the individual calling and thus will listen and engage. Having a script next to the telephone is one way to help move the call toward termination. The script can be as simple as, “Thank you for calling, I am cooking dinner” or “Thank you for calling, I’ll contact <insert entity>.

If it comes in email or via a pop-up, don’t click!  But if you do so by accident, make sure you have good security software on your devices.

Don’t forget that scams still come via snail mail, too. If you think a letter might be official, look up the phone number they’re giving to check that it’s really from the organization it claims to be. If the number you look up is different to the one on the letter you’ve received, call that number and ask them to verify what’s in the letter you’ve had. This is especially important when it comes to the IRS, who will only communicate with you via mail, unless you originate or arrange a telephone appointment.

In every instance, do report the attempt to defraud you to the appropriate authorities, and tell your neighbors and family members. The more widely you share the information, the more sensitized our communities become to the scams which are populating our space and our lives.


I got 2 of those “IRS Criminal Investigation Unit” calls. I Googled the first number and got a website where people warned others about this scam. One person said they called the number in the message and a man answered and accused the caller of sleeping with his wife! I went to the IRS site and reported the call…and had a good laugh telling my friends I was a wanted felon!


“US Citizen and Immigration Services”

Uhh, that should be “US Customs and Immigration Services.”


Thanks for getting me to check it: it should actually be US Citizenship and Immigration Services; I’ve fixed it. Edited in London by a Brit, hence missing it the first time!


Here in the UK we have had a great deal of these things go on and, eventually, some prosecutions. A phone number that I traced came up as a Baptist church in the U.S. which really puzzled me but now I know that it is easy to get equipment to falsify the incoming phone number. Another, an email, told me that I owed Her Majesty’s Revenue (equivalent to the IRS) more than I had actually earned that year so clearly a fake! The most aggressive caller was supposed to be someone from Microsoft saying my PC had a fault that needed fixing. He really didn’t like it when I told him after an hour or so that I actually don’t have a PC.


I never answer my phone. My friends leave a message. I answer those calls.
(edited to remove obscenity)


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!