15 February 2019

Group-IB helped to arrest malefactors profiting off the backs of the Russian elderly

Moscow police department operatives, with the participation of Group-IB experts, have taken down a group of phone scammers who for several years have been extorting money from the elderly. They typically managed to steal between 450 and 4500 USD per victim, promising substantial compensation for their purchases of medicines, medical devices or dietary supplements. According to the investigation, in just 7 situations of fraudulent events in the investigation the damage is estimated to be 150 000 USD, and the police believe that the number of victims is much higher.

At the end of 2018, employees of the Moscow Department of Internal Affairs came across the trail of a group of telephone scammers who had long been involved in fraud, extracting large sums of money from Russian elderly people. The money was used to purchase real estate, cars, collectors’ coins, jewellery and securities. According to the investigation, the scheme was invented and conducted by a 35-year-old resident of Domodedovo originally from the Republic of Azerbaijan. In addition to the leader, the group was made up of «callers» who communicated with pensioners over the phone, «cashiers» who controlled transactions, «money mules» who withdrew cash from ATMs, and even a dedicated person responsible for the relevance and security of the database of phone numbers of potential victims.

The majority of victims describe the scheme in the same manner: a man called them from an unknown number and presented himself as the «prosecutor of the city of Moscow». He claimed that a company from which the elderly victims had purchased medicines and dietary supplements some years ago had been found to be fraudulent by a court decision, and that for this the buyers were supposed to receive compensation in the amount of 1500 USD to 9000 USD. Often the telephone scammer referred to non-existent laws, for example, «On payment of compensation to persons as a result of illegal actions organized by a group of persons» or «Order of the Ministry of Finance № 2750» of 29 October 2010. Many of the victims didn’t have any suspicions — the «prosecutor» not only knew the names of the victims, but also the names of the drugs they purchased and their exact cost.

Where did the phone scammers get this data from? They profited from a scam, popular some time before, which sold «magic pills» — counterfeit drugs and dietary supplements purported to cure even serious chronic diseases. This scam’s elderly victims spent hundreds and thousands of dollars on the products, borrowing from friends and taking loans. The database of these names, phone numbers and the cost of the «drugs» ordered was in the hands of phone scammers. According to Group-IB experts, the list held the names of about 1,500 pensioners, their phone numbers, and the names and prices of the medicines they trustingly purchased. Judging by the database, these potential victims were between the ages of 70 and 84, and were from Moscow, Rostov, Tomsk, Nizhny Novgorod, Leningrad, Chelyabinsk, Orenburg and other regions. They had at different times bought expensive drugs, including: «Weian capsules» (2287 USD), «Flollrode aqueous» (1600 USD), «Miracle patches» (313 USD), applicators (170 USD), «Lun Jiang» (157 USD), and «Black nut» (388 USD).

For those who were suspicious of the compensation process, the «prosecutor of Moscow» offered to clarify the information from the «head of the financial department of a bank» clarify the information. After that, the victim was contacted by another person — «a representative of a credit and financial organization» — who confirmed his willingness to transfer compensation to the pensioner’s account or to transfer the money in cash. When the victim agreed, «tax officers» entered into negotiations and reported that the victim needed to make an advance payment of 15% of the compensation as a tax. In addition, the scammers were able to collect an «insurance premium» or «lawyer’s tax».

For example, one of the pensioners, who was promised a compensation of 8660 USD, was required to pay a tax of 747 USD. In another case, a request for compensation of 448 USD was made for the receipt of 4480 USD. One of the victims was a famous opera singer who paid the scammers about 4480 USD. The elderly people transferred the money to the cards of cashiers — «drops» or «money mules» — indicated by the attackers, who then withdrew the money from ATMs.

Despite the fact that vishing (voice phishing) is a rather old type of phone fraud, it maintains popular to the fact that attackers come up with new methods of deception, targeted at the most vulnerable segments of the population — pensioners. For years, deceived elderly people have repeatedly complained about telephone scams to the Russian Central Bank, the Ministry of Finance and the Prosecutor’s Office, and regulatory and law enforcement agencies have periodically issued warnings about these dangerous and very cynical fraudulent schemes, but the number of victims did not decrease. The scammers not only maintained secrecy but also improved their methods of social engineering: they quickly gained their victims’ trust, showed themselves to be intelligent and educated, and were persistent and aggressive. It’s rare for one of their victims to escape unscathed.

Sergey Lupanin

Sergey Lupanin

Head of the Group-IB Investigation Department

However, as the result of a large-scale police operation, the organized criminal group was defeated: on 5 February, several detentions and searches were carried out at the criminals’ place of residence. A police search of the apartment of the scheme’s organizer turned up large sums of money in roubles and other currencies, bank cards, a traumatic gun, a hunting rifle and collectible coins. The scammer invested the money received in shares of Russian companies. In his stash inside a toilet, field investigators found database printouts with names of pensioners as well as extracts with phone numbers and names of victims that the criminal’s girlfriend had tried to flush. In a private house belonging to another detainee — the leader of the money mules — a police search turned up bank cards, databases of pensioners, accounting of criminal activity, money, and jewellery.

A total of seven people were detained. According to the investigation, the damages from 7 episodes of fraud are estimated at 150 000 USD, but operatives believe that the number of victims is much higher — at least 30 people. An investigation is underway.

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident