That Virus Alert on Your Computer? Scammers in India May Be Behind It


MUMBAI, India — You know the messages. They pop up on your computer screen with ominous warnings like, “Your computer has been infected with a virus. Call our toll-free number immediately for help.”

Often they look like alerts from Microsoft, Apple or Symantec. Sometimes the warning comes in a phone call.

Most people ignore these entreaties, which are invariably scams. But one in five recipients actually talks to the fake tech-support centers, and 6 percent ultimately pay the operators to “fix” the nonexistent problem, according to recent consumer surveys by Microsoft.

Law enforcement authorities, working with Microsoft, have now traced many of these boiler rooms to New Delhi, India’s capital and a hub of the global call-center industry. On Tuesday and Wednesday, police from two Delhi suburbs raided 16 fake tech-support centers and arrested about three dozen people. Last month, the Delhi authorities arrested 24 people in similar raids on 10 call centers.

In Gautam Budh Nagar, one of the suburbs, 50 police officers swept into eight centers on Tuesday night. Ajay Pal Sharma, the senior superintendent of police there, said the scammers had extracted money from thousands of victims, most of whom were American or Canadian.

“The modus operandi was to send a pop-up on people’s systems using a fake Microsoft logo,” Mr. Sharma said. After the victims contacted the call center, the operator, pretending to be a Microsoft employee, would tell them that their system had been hacked or attacked by a virus. The victims would then be offered a package of services ranging from $99 to $1,000 to fix the problem, he said.

Such scams are widespread, said Courtney Gregoire, an assistant general counsel in Microsoft’s digital crimes unit.

Microsoft, whose Windows software runs most personal computers, gets 11,000 or so complaints about the scams every month, she said, and its internet monitors spot about 150,000 pop-up ads for the services every day. The company’s own tech-support forums, where people can publicly post items, also see a steady stream of posts offering fake tech-support services.

Although American authorities have busted such scams in places like Florida and Ohio, the backbone of the illicit industry is in India — in large part because of the country’s experience running so many of the world’s call centers. India’s outsourcing industry, which includes call centers, generates about $28 billion in annual revenue and employs about 1.2 million people.

“The success of the legitimate industry has made it easier for the illegitimate industry there,” Ms. Gregoire said. As in any con, experience helps. “You have to convince them they have a problem,” she said. “You have to have the touch.”

For tech companies, combating the impersonators is complicated by the fact that many legitimate tech-support operations, including some of Microsoft’s, operate from India.

The scam is quite lucrative. Researchers at Stony Brook University, who published a detailed study of fake tech-support services last year, estimated that a single pop-up campaign spread over 142 web domains brought in nearly $10 million in just two months.

Najmeh Miramirkhani, lead author of the research paper, said the network of entities involved in the scams was complex, with some making their own calls and others running the sites but outsourcing the calls to India. Many of the scammers also share data with one another.

“This is an organized crime,” she said.

Microsoft said it was working with other tech industry leaders such as Apple and Google, as well as law enforcement, to fight the scourge, which is migrating beyond the English-speaking world to target other users in their local languages. In the 16 countries surveyed by Microsoft, people in India and China were the most likely to pay the con artists.

The problem extends beyond fake tech support, too. In July, the Justice Department said 24 people in eight states had been convicted for their roles in a scheme to use Indian call-center agents to impersonate tax collectors at the Internal Revenue Service. The thieves duped more than 15,000 people out of hundreds of millions of dollars. Thirty-two contractors in India were also indicted.

Mr. Sharma said that in a similar con broken up by his department, call-center agents had impersonated Canadian tax authorities.

Like the I.R.S., Microsoft and other legitimate technology companies do not call their users out of the blue. Nor do they send security alerts to the screen telling customers to call them.

Ms. Miramirkhani had some simple advice to avoid being conned: Don’t pick up the phone.

Source : Nytimes