India raids tech-support fraud compounds after tip from Amazon, Microsoft


Law enforcement officials in India conducted raids at 76 locations across the country accused of running tech support scams after receiving tips from Amazon and Microsoft.

India’s Central Bureau of Investigation (CBI) said it worked with several international agencies to crack down on cyber-enabled financial crime organizations.

The fraud ring allegedly ran several call centers across five states and “systematically preyed on foreign nationals, masquerading as Technical Support Representatives,” Indian officials said on Thursday.

Those involved targeted people by impersonating technical support representatives of two multinational companies, officials said, without specifying. Microsoft later published its own statement confirming that it was one of the companies, noting that the operation followed a joint referral made with Amazon.

Most of the victims are based in the U.S., U.K. and Germany, Indian officials said. The U.S. Federal Trade Commission and other agencies have repeatedly warned consumers about the scams, and journalists have been documenting their behavior for years.

In total, officials focused on five cases that spanned 76 locations across Pradesh, Uttar Pradesh, Karnataka, Haryana, Kerala, Tamil Nadu, Punjab, Bihar, Delhi, West Bengal, and Himachal Pradesh.

“In the wake of Operation Chakra-II, 32 mobile phones, 48 laptops/hard disks, images of two servers, 33 SIM cards, and pen drives were confiscated and numerous bank accounts were freezed,” Indian officials said.

“CBI also seized a dump of 15 email accounts, illuminating the intricate web of deceit spun by the accused. Among the cases targeted under Operation Chakra-II, two instances of International Tech Support Fraud Scam came to light. In these cases, the accused impersonated a global IT major and a multinational corporation with an online technology-driven trading platform.”

The operations ran for at least five years, and those in charge used a variety of international payment systems to facilitate payment, officials said.

The scammers allegedly “would contact the victims via internet pop-up messages that falsely appeared to be security alerts from these MNCs (Complainants),” officials said. “The pop-up messages fraudulently claimed that the consumer’s computer was having various technical issues.”

The call centers would convince victims to allow them to remotely access their computer, convincing them of non-existent problems before making them pay hundreds of dollars to resolve the fake issues.

Microsoft noted that the FBI estimates tech support fraud caused more than $800 million in losses last year.

“Microsoft, Amazon, and international law enforcement have come together to send a strong message to perpetrators of tech support fraud: There will be consequences for their actions,” Microsoft said.

“The joint referral enabled the exchange of actionable intelligence and insights with CBI and other international law enforcement agencies to help them take action at scale.”

Microsoft confirmed that several of the call centers raided by CBI were created to intentionally impersonate Microsoft and Amazon, targeting 2,000 customers in the U.S., Canada, Germany, Australia, Spain, and the U.K.

This is the first time Microsoft and Amazon worked together to address the tech support fraud issue. Microsoft said it has worked with law enforcement agencies over the years to assist in more than 30 call center raids leading to more than 100 arrests.

“Technology-enabled fraud remains a persistent threat to both companies as the same cybercriminals and their infrastructure targets both our customers,” the statement said. “Joining forces helps us more effectively protect individuals globally and prevent criminals from impersonating the Microsoft and Amazon brands to target innocent and unsuspecting victims.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

War crimes tribunal says September cyberattack was act of espionage

Next Post

Exclusive: How a defend-forward operation gave Ukraine’s SBU an edge over Russia

Related Posts

New Attack Technique Exploits Microsoft Management Console Files

Threat actors are exploiting a novel attack technique in the wild that leverages specially crafted management saved console (MSC) files to gain full code execution using Microsoft Management Console (MMC) and evade security defenses. Elastic Security Labs has codenamed the approach GrimResource after identifying an artifact ("sccm-updater.msc") that was uploaded to the VirusTotal malware
Read More

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target over 1,500 banks across the world, spanning more than 60 countries in Central and South
Read More