Offshore Outsourcing & Scammer

Blog about offshore outsourcing and scammer in the outsourcing industry

Android Ransomware - Porn Droid

AndroidAs of late, zscaler ran over another variation of Porn Droid - an Android ransomware variation guaranteeing to be from the FBI, which blames individuals for watching youngster porn and after that requests a fine of USD 500.

It at first seems to the client as though they are downloading an obscene feature, yet once the client taps on the document, it takes on the appearance of the Google patch overhaul and traps the client into introducing the application.

Screenshot Update Patch Installation
It looks like a patch application

In the wake of clicking "Continue", the malware requests head access to the gadget asking for consents, for example, "Erase all data", "Set storage encryption", "Change the screen-unlock password" as demonstrated in screenshot beneath.

Screenshot: Activate Device Administrator - Porn Droid
Admin access

Once the client taps on the "ACTIVATE" button, the malware gets head control of the gadget and locks it while showing a fake FBI cautioning as seen underneath. It bolts the client's telephone by incapacitating keyguard and sets top need for the malware application which guarantees that no other application or client action can override the malware application's movement.

Screenshot: FBI device lock
FBI warning message

Screenshot: FBI Paypal payment
Payment tab

The FBI cautioning screen additionally contains dynamic data significant to the tainted gadget, for example, the program history, IMEI number, telephone number and casualty's photo, which has been taken by the malignant application. This is done to threaten the end client as a notice message proposes that the data will be utilized by the FBI to recognize the client if the fine is not paid.

Screenshot: FBI with user information
Screen with user information

Detailed analysis: zscaler ThreatLab

 

Why all these campaign offers from the low wage countries are SCAM?

Scam SchoolA company, which likes to outsource a campaign, is searching for a consultancy or outsourcing agency locally. The reason for this is that they like to feel save and have the same law situation for a contract. A local company can get easily verified. The hired consultancy agency gets paid from the outsourcer directly. It is normal that this one, which hires someone, pays the bill for it. For this are all these campaign offers with upfronts, royalty or however the fee is getting called nothing else then scam, because it shows that the broker or consultant does not have any contract with the client.

If a outsourcer is searching on the Internet abroad, then this one will not search for a consultancy agency or broker. Such a company is searching directly for a center, which can do the work. The contract structure and the verification process will be much more costly in time and workforce then to hire a consultant, which is doing all the work for them.

Additional has each one to respect the law in the destination country of the call. Consumer and customer data are in the traditional outsourcing countries (Australia, Canada, Europe Union, Ireland, New Zealand, USA, etc.) protected by law and are not allowed that others get access to them. Even if customer data are getting stolen this one, which has stored them, has to pay a fine. A nice example for this is the case from AT&T where 280,000 customer records got stolen from their own call center staff. AT&T had to pay a fine of US$ 25,000,000 for this case.  Do you really think that one of such companies give you access to their customer database when they are expecting such fines?

This shows already the reason why all the offered inbound and form filling campaigns are nothing else then scam.  You need only to think about it who is calling or which kind of forms should get filled. The most calls a company receive are coming from customers of the company. What can you do with such an incoming call if you have no access to the customer database? You are only able to forward the call to somebody, which has access to it. In such a case this one can pick up the call by himself too. The company will not save anything by outsourcing such a process. So why they shall outsource this kind of process?

Think now about the form filling process. Such campaigns have been available before the digital revolution has started. I started programming computer systems around 38 years ago. Since 30 years are already personal computer available. 1986 got the SQL (Structured Query Language) the first standardization. Since around 20 years are SQL databases in common use for storing data. That means all the data, which should get filled in forms, are already since more than 20 years digital available and the programs are able to fill forms automatically. There is no need to enter some data manually – the digital Stone Age is already a long time over! Why should you pay someone for a copy and paste work if there are programs are available which are doing the work within seconds?

Do you really think that any author is writing by hand or on a type writer? The first program I remember having used for writing letters has been Wordstar. The version 1 got sold already in the year 1978. It has been running on the CP/M System from Digital Research already and got later on ported to the system of MSDOS. Since 1983 is Microsoft Word available. Why should an author use a type writer or write his books by hand in this case? It is much easier to type it on a computer and forward it by email to the publisher, the editor can make easily his changes and forward it directly to the pressroom. With the export function is it easily to bring the book without typing into the eBook format. There is no manual interaction necessary. The books are getting stored for a reissue. Even old book got already digitalized during the past 30 years. So there is no need for eBook typing. Think about it, why should you pay an upfront fee for such a work? The answer is very simple: The scammer cannot get paid from any client for the invented process and the upfront fee is his only possible income in this case!

The next big scam is the tech support where the center should buy calls and charge the caller for the provided service.  In this case the center takes the risk about the way the calls are getting generated. A legal way to generate such calls is with advertising not possible. With advertisings at the best visited sites you can get one or two calls per day, because everybody knows someone, which can help by computer problems. The most common problems are network and driver problems. With network problems you have no access to the remote computer and cannot give any help. Driver installation from remote is very difficult too because in the most times you need exactly the model of the hardware part. An end user will not be able to tell it to you. In such a case are only the calls remaining, which are generated by scareware. Such scareware is illegal and the center can up in jail for making money generated by scareware, viruses, ransomware, etc. As the center is making money with the incoming calls is it reasonable that the center is the programmer or the distributor of the criminal software. The seller of the calls will be already trackless disappeared in such a case and the center owner will be alone in front of the law court. The devil takes the hindmost.

 

Which campaigns are remaining for offshore call centers in such a case?

The situation is very simple.  Campaigns other than lead generations from already heavy used data, which are getting traded between the centers, are not really available.

All the offered products from the real campaigns are on a pay per sale base and are well known from the spam emails. To sell such products by already heavy used calling data is not really easy and profitable. It is only profitable for the outsourcer because he is even saving the cost for the staff and has no risk about his product which is unsaleable on a normal way. For the center is it like fishing in troubled waters by taking all the risk.