Group-IB helped to arrest malefactors profiting off the backs of the Russian elderly

Moscow police department operatives, with the participation of Group-IB experts, have taken down a group of phone scammers who for several years have been extorting money from the elderly. They typically managed to steal between 450 and 4500 USD per victim, promising substantial compensation for their purchases of medicines, medical devices or dietary supplements. According to the investigation, in just 7 situations of fraudulent events in the investigation the damage is estimated to be 150 000 USD, and the police believe that the number of victims is much higher.

At the end of 2018, employees of the Moscow Department of Internal Affairs came across the trail of a group of telephone scammers who had long been involved in fraud, extracting large sums of money from Russian elderly people. The money was used to purchase real estate, cars, collectors’ coins, jewellery and securities. According to the investigation, the scheme was invented and conducted by a 35-year-old resident of Domodedovo originally from the Republic of Azerbaijan. In addition to the leader, the group was made up of «callers» who communicated with pensioners over the phone, «cashiers» who controlled transactions, «money mules» who withdrew cash from ATMs, and even a dedicated person responsible for the relevance and security of the database of phone numbers of potential victims.

The majority of victims describe the scheme in the same manner: a man called them from an unknown number and presented himself as the «prosecutor of the city of Moscow». He claimed that a company from which the elderly victims had purchased medicines and dietary supplements some years ago had been found to be fraudulent by a court decision, and that for this the buyers were supposed to receive compensation in the amount of 1500 USD to 9000 USD. Often the telephone scammer referred to non-existent laws, for example, «On payment of compensation to persons as a result of illegal actions organized by a group of persons» or «Order of the Ministry of Finance № 2750» of 29 October 2010. Many of the victims didn’t have any suspicions the «prosecutor» not only knew the names of the victims, but also the names of the drugs they purchased and their exact cost.

Where did the phone scammers get this data from? They profited from a scam, popular some time before, which sold «magic pills» counterfeit drugs and dietary supplements purported to cure even serious chronic diseases. This scam’s elderly victims spent hundreds and thousands of dollars on the products, borrowing from friends and taking loans. The database of these names, phone numbers and the cost of the «drugs» ordered was in the hands of phone scammers. According to Group-IB experts, the list held the names of about 1,500 pensioners, their phone numbers, and the names and prices of the medicines they trustingly purchased. Judging by the database, these potential victims were between the ages of 70 and 84, and were from Moscow, Rostov, Tomsk, Nizhny Novgorod, Leningrad, Chelyabinsk, Orenburg and other regions. They had at different times bought expensive drugs, including: «Weian capsules» (2287 USD), «Flollrode aqueous» (1600 USD), «Miracle patches» (313 USD), applicators (170 USD), «Lun Jiang» (157 USD), and «Black nut» (388 USD).

For those who were suspicious of the compensation process, the «prosecutor of Moscow» offered to clarify the information from the «head of the financial department of a bank» clarify the information. After that, the victim was contacted by another person «a representative of a credit and financial organization» who confirmed his willingness to transfer compensation to the pensioner’s account or to transfer the money in cash. When the victim agreed, «tax officers» entered into negotiations and reported that the victim needed to make an advance payment of 15% of the compensation as a tax. In addition, the scammers were able to collect an «insurance premium» or «lawyer’s tax».

For example, one of the pensioners, who was promised a compensation of 8660 USD, was required to pay a tax of 747 USD. In another case, a request for compensation of 448 USD was made for the receipt of 4480 USD. One of the victims was a famous opera singer who paid the scammers about 4480 USD. The elderly people transferred the money to the cards of cashiers «drops» or «money mules» indicated by the attackers, who then withdrew the money from ATMs.

Despite the fact that vishing (voice phishing) is a rather old type of phone fraud, it maintains popular to the fact that attackers come up with new methods of deception, targeted at the most vulnerable segments of the population pensioners. For years, deceived elderly people have repeatedly complained about telephone scams to the Russian Central Bank, the Ministry of Finance and the Prosecutor’s Office, and regulatory and law enforcement agencies have periodically issued warnings about these dangerous and very cynical fraudulent schemes, but the number of victims did not decrease. The scammers not only maintained secrecy but also improved their methods of social engineering: they quickly gained their victims’ trust, showed themselves to be intelligent and educated, and were persistent and aggressive. It’s rare for one of their victims to escape unscathed.

Sergey Lupanin
Sergey Lupanin

Head of the Group-IB Investigation Department

However, as the result of a large-scale police operation, the organized criminal group was defeated: on 5 February, several detentions and searches were carried out at the criminals’ place of residence. A police search of the apartment of the scheme’s organizer turned up large sums of money in roubles and other currencies, bank cards, a traumatic gun, a hunting rifle and collectible coins. The scammer invested the money received in shares of Russian companies. In his stash inside a toilet, field investigators found database printouts with names of pensioners as well as extracts with phone numbers and names of victims that the criminal’s girlfriend had tried to flush. In a private house belonging to another detainee the leader of the money mules a police search turned up bank cards, databases of pensioners, accounting of criminal activity, money, and jewellery.

A total of seven people were detained. According to the investigation, the damages from 7 episodes of fraud are estimated at 150 000 USD, but operatives believe that the number of victims is much higher at least 30 people. An investigation is underway.

About Group-IB

Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), and Europe (Amsterdam).

Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat IntelligenceManaged XDRDigital Risk ProtectionFraud ProtectionAttack Surface ManagementBusiness Email ProtectionAudit & ConsultingEducation & TrainingDigital Forensics & Incident ResponseManaged Detection & Response, and Cyber Investigations.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.

Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.