In a major blow to India’s prospects as an outsourcing destination, international authorities have unearthed a scam that traces its origins to India.

Australian, American and Canadian authorities have reportedly joined forces to foil a major international phone scam, which included defrauding people into parting with their credit card details under the garb of telemarketing initiatives.

The Federal Trade Commission said a US judge has ordered a halt to six fraudulent operations and has frozen their assets following an investigation in cooperation with Canada, Britain, Australia and New Zealand. FTC Chairman Jon Leibowitz said the schemes involved calls to consumers in English-speaking countries from call centres in India, informing consumers of bogus infections.

“In these outrageous and disturbing cons, you get a call from someone pretending to be from a major computer company who dupes you into thinking you have a virus on your computer,” Leibowitz told a news conference in the US. “At one level, it's like a bad Bollywood movie, but at another level it's a rip-off of consumers.”

how it worked

People pretending to be Microsoft employees offering to fix computer viruses took the credit card numbers of more than 10,000 customers. These callers would say they had detected a virus or other malware issues with the customer’s computer. After this, they are told to open a Windows Event viewer to confirm the diagnosis.

The Windows Event viewer helps one get detailed system information, such as a failure to start an application. After several errors are listed, which are actually common and harmless, the caller then transfers the call to a technician, who then asks them to log on to a third party Web site so that they can remotely access their computer.

In this process, the caller may either install an anti-virus program and ask the person’s credit card details but instead of installing anti-virus software, install malware on their computer so as to control it remotely, or access and steal personal and financial details from their computer.

The $100-billion Indian IT sector has been repeatedly under fire for data breaches of this kind but this one comes as a jolt, especially at a time when anti-outsourcing sentiments are at their peak in the backdrop of continued high unemployment in the US.

“While fraud can happen from any location, what is worrisome is the fact that this has again put the spotlight back on India,” said a Mumbai-based cyber security expert. In 2005, four employees of MphasiS’ BPO operations in Pune indulged in fraud that was estimated at $400,000.

> venkatesh.ganesh@thehindu.co.in