The scamming of Americans by Indians pretending to be officials of US government departments has been going on for a long time. So have the investigations. It was early September when the whispers started that there was some sort of call centre scam involving US “income tax”. Then, teams of suited-booted Federal Bureau of Investigation (FBI) agents started wandering around Ahmedabad and the Mumbai suburbs, handing out visiting cards to everybody. They blended into the local landscape about as unobtrusively as a herd of hippos strolling through Times Square.
Finally there’s been a series of raids and a massive number of arrests across various locations in India and the US. It seems about 15,000 Americans have been swindled to the tune of $300 million. Multiple call centres were involved. Shaggy Thakkar (who sounds like a failed rap artist) is the supposed mastermind.
The operation was elementally simple in its essentials. The entrepreneurs running those call centres bought some databases of personal information, stuff which is casually available all over the internet. Then, they called the people listed on those databases, pretending to be officials from the US departments of Citizenship and Immigration, and the Internal Revenue Service.
Call centre employees pointed out some purported violations. They made threats of possible arrests, imprisonment, fines and deportation. When the victims fells for it and paid up, the money was rerouted using prepaid debit cards and wire transfers into offshore accounts. Those databases again came in handy, with identity thefts being deployed to set up fake bank accounts to transfer money.
The scam therefore, relied on little more than the fear and gullibility of the victims and the acting skills of call centre workers. Many of the perpetrators were just bog-standard young graduates who had been put through a familiarisation course. They had learnt to memorise a glossary of idiomatic American phrases and been taught to speak in a vaguely American accent. They called themselves “Sam” instead of “Sameer”, and “Patricia” instead of “Priya”. It’s quite likely that many of them thought they were doing a totally legitimate job.
The “strike rate” was apparently not too high. Most people were not fooled, or at least demanded more corroborative details. Maybe Sam or Patricia screwed up on the accent or the idiom because somebody complained. But these operations raked in huge sums over many months.
This is known in the parlance as a social hack. It is possible to create an extremely sophisticated security system with state-of-the-art biometrics and strong encryption support. But it is impossible to immunise any security system against gullible users because, as circus impresario P T Barnum famously said, there is indeed a sucker born every minute.
If the hacker sounds convincing enough, people will willingly hand over personal details they have been told explicitly to never reveal to anybody. PINs for credit and debit cards; passwords for net banking; mother’s maiden name — you name it. Somebody will willingly release that information to anybody who asks for it convincingly enough.
On the internet, you and I are just a collection of unique attributes that identify us. Identity theft depends on tying together some personal details online. Name, address, email id, phone number, credit card number, expiry details and cvv (credit verification value) are often available online on casual searches. There are huge databases of these details — every online marketer collects them.
Americans have been using credit cards since the 1950s and they have been shopping online since the 1990s. The US also has, by and large, a transparent bureaucracy and transparent check-back systems to contact bureaucrats. It has data protection and privacy laws. A large number of people were still fooled by this scheme.
India has just discovered the joys of online transactions. The Indian bureaucracy is about as transparent as the walls of Rashtrapati Bhavan. India has no data protection or privacy laws. It’s easy to obtain documentation in the name of Lord Hanuman or a pet dog. It’s only a matter of time before Shaggy’s cousin, Rocky, harvests the low hanging fruit in his own backyard.
Twitter: @devangshudatta
Disclaimer: These are personal views of the writer. They do not necessarily reflect the opinion of www.business-standard.com or the Business Standard newspaper
