Offshore Outsourcing & Scammer

The new SCAM campaign from Rohit Malhotra is a USA Airlines Customer Care INBOUND Process (United Airlines). 

We know Rohit Malhotra already from the article Scammer: Rohit Malhotra - Accent Technologies with missing geography knowledge.

According the U.S. law is not one company able to outsource a customer support process to a country where the customer data protection is not guaranteed by law. See the explanations at Why all this offered offshore outsourcing campaigns where customer data are involved are nothing else then SCAM? and U.S. data protection law.

A similar warning got sent out on May 5, 2015 from campaignprovider.com:

USA Airlines Inbound (www.united.com) : We did contact the management team of United Airlines Inc, and they have confirmed that they are not looking for any Customer Support/ Inbound Team or Center.

One email from Rohit Malhotra:

---------- Forwarded message ----------
From: Accent Technologies <accentt7@gmail.com>
Date: Wed, Apr 22, 2015 at 8:51 AM
Subject: USA Airlines Customer Care INBOUND Process
To: Accent Technologies <accentt7@gmail.com>

USA Airlines Customer Care INBOUND Process 

Language Used : ENGLISH 

Find attachment for details of "PROCESS +  PROCEDURE + PAYOUT + Our CHARGES + About Client " * mentioned in index of attachment"

WE ARE NOT CONSULTANT. 

Skype us on : accent.technologies1

Call us on : "  +91  8284009208  "

             "  +91  8054143789 "

Rohit Malhotra

Accent Technologies

​Disclaimer: Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of my firm shall be understood as neither given nor endorsed by it.

Attachment: USA_Process.pdf (520.24 kb)

Today I got a second email forwarded:

 

From: Accent Technologies [mailto:accentt7@gmail.com] 
Sent: Monday, May 04, 2015 time removed
To: corporate
Subject: Fwd: SLA

 

 

---------- Forwarded message ----------
From: united Airlines Inc. <support@united.com>
Date: Mon, May 4, 2015 time removed
Subject: SLA
To: accentt7@gmail.com

Dear valued center,

 United is focused on being the airline customers want to fly, the airline employees want to work for and the airline shareholders want to invest in. 

• World’s most comprehensive global route network, including world-class international gateways to Asia and Australia, Europe, Latin America, Africa and the Middle East with non-stop or one-stop service from virtually anywhere in the United States
• A modern fleet which is the most fuel-efficient among U.S. network carriers (when adjusted for cabin size)
• Industry-leading loyalty program that provides more opportunities to earn and redeem miles worldwide
• Optimal hub locations, including hubs in the four largest cities in the United States
• More than 84,000 employees reside in every U.S. state and in countries around the world

We had recently done NDA signup with xxxxxxxxxxxxxxxx (name removed), Now   we are moving to next step called SLA by signing this  agreement which indicates / Explains all  the requirements / Working Terms / Future Plans / Calls & Quality Parameters  and also some terms and conditions.

By Signing  this  agreement  Call Center ( First Party ) indicates that they are agree with below mentioned terms & conditions / Quality / Work or  other requirements.

 

Note: - Accent Technologies will be responsible or take care to arrange call , work flow , further signup / meeting tasks or verification of call center.

James (Jim) Compton

Member of the Board of Directors

Linda Jojo

Executive Vice President and Chief Information Officer

 

Attachment: SLA.pdf (787.37 kb)

Update May 8, 2015:

A statement of United has arrived which confirms the fraud:

From: CustomerCare@united.com [mailto:customercare@united.com] 
Sent: Wednesday, May 06, 2015 8:53 PM
To: corporate
Subject: Re: [Attachments Contain URLs!] Experience (KMM26630439V25738L0KM)

 

Dear:

 

The fraudulent email you described is not from United Airlines. Please do not respond to this letter with any of your personal information. If you have any questions regarding our products and services, please visit us on united.com.

 

We appreciate your sharing this with us and look forward to welcoming you on board soon.

 

Regards,

 

Katherine Dawson

Customer Care

RE: 8976676

One tricky and complex programmed malicious software collects data from Internet users. if she gets discovered she swallows a digital cyanide pill.

Security researchers of the Talos Group, a division of the network equipment supplier Cisco Systems have discovered a Windows malware that has taken great care to cover up traces of their activities. "Rombertik", as the malware gets called from the experts, captures everything a user is doing with his computer on the Internet. If the malware believes that she got discovered, she makes the hard drive of the affected computer unusable and destroyed so herself.

Another feature of the digital pest is that it's not only searching for user name / password combinations of bank accounts. The malware is recording characterized obviously completely unfiltered everything what the respective users is doing with the infected computers on the Internet.

The distribution channel is not new: Rombertik gets distributed as an e-mail attachment from spam or phishing mails. According to the Talos Group, this emails are especially clever constructed and fooling the users easily. The infected emails mimics the sender "Windows Corporation" as shown by one example of the report

Camouflage by deleting

Noticeable is the elaborate camouflage with which the pest trying to protect themselves from detection. It works on several levels: If a user installs unconsciously the pest, Rombertik analyzes first the environment and checks if it is running in a "Sandbox" environment, an isolated area or the PC, which has no impact to the rest of the computer. Antivirus software uses such a sandbox to analyze suspicious software.

Only when this is excluded, the malware continues her installation. Before the malware starts her work, she is testing if she gets watched by a virus scanner. If so, she attempts to delete the so-called master boot record on the hard disk of the computer to make it unusable. If that does not work, Rombertik encrypts all user data on the boot hard drive of the computer for making them useless and brings the PC to fall into an endless loop of reboots.

Fogging by deflecting

Even if it does not come so far, Rombertik makes the work analysis software difficult: In order not to attract attention, the malware hides itself. Is the 28 kB small installation package gets unpacked, it is 1264 kilobytes long and leads to believe of 8000 program features. Although these are not getting used but makes the analysis extremely complex.

To ensure that the program does not get discovered or it is supposed to run in a sandbox, it uses another perfidious trick: Rombertik writes a file from one byte in a memory sector - 960 million times. Only by logging these processes would result in a log file of 100 gigabyte size explains Talos.

The report of the Talos group says nothing about the spread of Rombertik. User should follow the common recommendations:

Don’t click on links or attachments in emails from unknown senders and use an up to date security software.

Let us take a look first at the data protection law from Australia, European Union and the USA. All this directives and orders have in common that the consumer data are protected by law and this one which has collected them is responsible for the proper use of the collected data. If the data are getting used wrong, then this one, which has collected the data, is responsible in front of the law court for the misusage of the data. The fines are very high. It is not allowed to make data accessible in countries, where this data don’t have at least the same protection like in the country they got collected in respect of the law. Even if consumer data are getting stolen, the company will get prosecuted.

The fines for breaking the law are very high. You can see an example how high the fines are in the article “Data of 280,000 customers stolen: AT & T lost over $ 25 million”. Why companies shall take the risk for paying high fines for making their data accessible to offshore centers? Especially if they find out how the data are getting traded in the call center industry. The following screenshot from Facebook is showing how protected data are getting offered:

The above screenshot is only one example from many. Such data are not getting offered only on Facebook. You can find such offers at LinkedIn and a lot of sites.

As long as in your country is not the same or a better data protection rule guaranteed by law you are only able to use the already heavy used data, which are traded between the centers. This called one will not be really in the mood to buy something.

Even companies which are transferring consumer data between the USA and the European Union need to be certified by the international U.S.-EU Save Harbor Framework. The certification need to get renewed yearly. You can read about a judgment at "FTC Settles with Two Companies Falsely Claiming to Comply with International Safe Harbor Privacy Framework".

The next problem for call centers is the “Do Not Call List” where you have to scrub up your data against the list. You are declaring by signing up to the Don’t Call List that you are telemarketer and you’ll respect the local law. In this case you make yourself prosecutable to the local law and this law can get executed because you have accepted it before. Ignoring the Don’t Call List can result in high fines. The fines can get international prosecuted.

The next problem for call centers is the “Do Not Call List” where you have to scrub up your data against the list. You are declaring by signing up to the Don’t Call List that you are telemarketer and you’ll respect the local law. In this case you make yourself prosecutable to the local law and this law can get executed because you have accepted it before. Ignoring the Don’t Call List can result in high fines. The fines can get international prosecuted. An example of such a judgment can get read at "Court Grants Partial Summary Judgment in FTC Case Against Dish Network, Finding the Company Liable for Tens of Millions of Telemarketing Violations". That such judgments can get international prosecuted if proven by "Federal Court Orders Tech Support Scammers to Pay More Than $5.1 Million". All the Indian companies, which have been involved in this case, have been running into bankruptcy.

Centers you are searching for inbound campaigns? Think about who will be calling a company. What can you do with an inbound caller if you don’t have access to the consumer data because they are protected by law? For this are all inbound campaigns nothing else then SCAM.

Centers you are searching for form filling processes? Think about which data you need to put into a form. Since years all the consumer data are getting collected at the point of sales. In the USA even the signature get collected from digitizer pad. For copy and paste nobody will pay your agents. There are enough programs for automatize the process available. They are even cheaper than the salary of one agent for a month. For this reason all form filling processes are only scam.

If you think now logically, then you know why all this inbound campaigns and form filling processes are only getting offered with a huge upfront payment. Even the scammer has no other chance to get some money if he does not get it from you. He has no chance to get such a process and cheat you after you have done the work.

Even the client tries to burden all the legal risks to the centers by hiring them on a pay per sale base. For this they can say in front of the law court that they have only bought some leads from you and you have been working on your own risk.

A serious client will support you with phone numbers based on his selection. This phone numbers will be already scrubbed against the Do Not Call list. He will also provide you with an extension to his own phone system because he likes that the called ones are coming back to him for the case they have some questions or need some help.

A serious client will hire a marketing agency in his own country or living area and not a suspicious campaign broker from a low wage country, which try to make money with his campaign. The hired agency has the order to search for the best center for the client and gets paid from the client directly.

All other kinds of clients will burden you up the legal risk and they will provide you with products, which are already well-known from the email spam. For the case that you’ll not make enough sales to survive they even will tell you that you should buy some better data and to provide a better work. They even will lie you by telling that other centers are making sales with each call.

Microsoft customers are often targets of a scam that uses email messages to falsely promise money. Victims receive messages claiming "You have won the Microsoft Lottery!" There is no Microsoft Lottery. Delete the message.

If you have lost money to this scam, report it. You can also send the police report to Microsoft and we will use it to help law enforcement catch the criminals who send out these e-mail messages.

To help protect yourself from these e-mail hoaxes, you can use the same general guidance that you use to protect yourself from phishing scams.

Microsoft requires that your copy of Windows is legitimate before you can obtain programs from the Microsoft Download Center or receive software updates from Microsoft Update. Microsoft's online process that performs this validation is called the Genuine Advantage Program. At no time during the validation process Microsoft is requesting your credit card information.

In fact, Microsoft does not collect information that can be used to identify you such as your name, email address, or other personal details.

To learn more, read the Genuine Microsoft software program privacy statement.

To learn more about the program in general, see Genuine Windows: frequently asked questions.

Source: https://www.microsoft.com/en-us/safety/online-privacy/avoid-phone-scams 
(you need to switch your country setting to US/English for following this link)