Criminals in India Target Americans

Through our lens of Internet fraud and online criminal activity, the country of India sits near the top of the dung pile again and again.  We at The Daily Scam want to know, what’s up with India?  Before we appear to malign an entire country of nearly 1.4 billion people, it’s important for us to say that the overwhelming majority are law-abiding Indians.  Also, there are millions of skilled Indian citizens whose technical and programming skills have helped businesses and organizations the world over, including The Daily Scam!

 

And yet, we routinely learn of criminal gangs in India who target Americans, more so than other online criminal gangs from most other countries. We believe India is in the top six list of countries targeting Americans, alongside Russia, Ukraine, Nigeria and China.  Don’t believe us?  In late August, 2017 we first published a story called “Amazon Customer Support… NOT!” in which the scammers at the other end of the phone were identified as having Indian accents.  That scam grew from 12 original scam phone numbers littering the web to 35 phone numbers two months later.  The scam has now spread to include fake Apple and HP support phone numbers, as well as domains.  Since learning of this scam in August, 2017, The Daily Scam has identified 37 fraudulent phone numbers posted online and 5 fraudulent domains pretending to be Apple customer support.  On April 16, 2018 we traced a scammer pretending to be the FTC Law Department to Surat, India.

 

Most adults have heard about the IRS and U.S. Treasury phone scams that can be traced as far back as 2014.  These calls became rampant in 2016 and the first half of 2017.  What most people haven’t heard is that Indian criminal organizations were found to be responsible for most of these calls.  Below are links to a few articles about these criminal organizations, including one in Mumbai that was finally shut down by Indian police.

 

The Pindrop site contains data about the 2014 call scams, including a sample call:

Largest IRS Phone Scam Likely Exceeded 450,000 Potential Victims in March

 

https://www.cbsnews.com/news/india-tax-scam-against-americans-sees-70-people-arrested/

http://money.cnn.com/2017/04/09/news/tax-scam-india-arrest-ringleader/index.html

 

The Daily Scam has collected audio recordings sent to us by our readers, and also recorded our own scam calls and posted them on our website at these links.  All the callers have Indian accents (except those created with automated voice software.)

 

Enforcement Action from U.S. Treasury Agent

 

In 2016, the criminals were using automated voices to deliver their phone message most of the time.  However, Doug from TDS called one number back to speak to the “IRS agent” and recorded the call.  Listen to the “IRS agent” in the third recording down or listen to the recording sent to us by a TDS reader from “Officer Alex Watson” on March 27, 2016 near the bottom of the web page.  Both men have Indian accents.

IRS Phone Call Scam

 

Criminal gangs from India don’t just target Americans by phone, they also weaponize emails.  For months we’ve seen hundreds of different emails with similar layouts and designs that share one thing in common:  At the bottom of the email, recipients are invited to unsubscribe from the email by contacting the address Support “@” apexpoint-DOT-co-DOT-in.  The email address ends with the 2-letter country code for India.  Here are just two examples…  An email for a Visa Gift Card from Bath and Body Works and a survey about housing benefits from a sender identified as vabenefitsurvey “@” VABenefit-DOT-com.

The from address above shows the sender’s domain as bathbody-DOT-com, a domain first registered in 2001 through a private proxy service in Panama and is now hosted in Germany.  But more importantly, the links in this email all point to the domain bathandbodyy.bid, a mimic of the real website BathandBodyWorks.com.  This mimic was registered on September 8, the day the email was sent, once again using a private proxy service in Panama.  The Zulu URL Risk Analyzer informs us that this website is 100% malicious.

 

“Does your military service qualify you for special government programs?” “Are you eligible for 2017 VA Housing Benefits? Don’t pass up on great benefits. If you served, you could be eligible to save!”  All links in this email below point to the domain vabanyfit-DOT-download.

VAbenefit-DOT-com is not associated with the real VA Benefits office and is, itself, suspicious.  All links in the email point to vabanyfit-DOT-download.  It was also registered on the day the email came out, has no website, and was registered using a private proxy service in Panama.  By contrast, the very real VA Benefit website, benefits.va.gov, is a U.S. Government website.

 

Who is Apexpoint-DOT-co-DOT-in?

The website was registered in July, 2015 by someone identified as Naman Kathal from Bhopal, India.  A visit to their website informs us that Apex Point is a “web design / web development / social media” developer. (DO NOT VISIT THEIR WEBSITE! The Zulu URL Risk Analyzer has identified it as 100% malicious.  If you want to see that their website looked like, visit the Internet Archive project history for this website here and scroll down. ) Though their site navbar shows multiple links, such as WORK, ABOUT, PORTFOLIO, CONTACT, What we do and Talk to us, all content is contained on one long-scrolling web page….


If you were to click “What we do” on Apex Point’s website you’ll find this six item description with three of the points containing the same Latin-esque phrase that begins with “Duis aute irure dolor…”  According to Wikipedia, this text is actually known as the “Lorem ipsum” and is used as a placeholder text (filler text) in publishing and graphic design.   Meaning that the people who tossed this website on the Internet to add some credibility to their fraudulent company forgot to replace the Lorem ipsum in all fields with their own phony text.

If you were to click the link at Apex Point for “About” you will see this photo of their office with people in the background at work…

However, this is also a fraud. This photo is a stock photo found on many other websites.  We learned this by conducting a reverse image search using Google on October 1, 2017:

Everything about this web business called Apex Point in India appears to be a fraud.  And this business website is appearing on hundreds, possibly thousands of malicious emails targeting Americans over the course of months.  We asked hypestat.com, an online service that offers website statistics, to evaluate apexpoint-DOT-co-DOT-in during the months of October and November, 2017.  During that time hypstat showed that Apex Point is visited about 3,300 times each day with about half of those visitors coming from the United States and the UK combined.

Again, we want to say that we don’t wish to malign all the people of India.  There are nearly two hundred countries in the world.   Breadcrumbs from Internet-based fraud frequently lead back to criminal activity originating in India.  From our perspective, India represents one of the top six countries in this nefarious effort, putting them in the top 3% (6/195) of countries targeting Americans.

 

Below are more malicious email samples stamped with the unsubscribe link for Apex Point, and of the same basic design.