Cybercrime in Yerevan: Stealing Personal Data via Tech Support Scams
An American is scammed by someone working the phones in Yerevan. Hetq goes undercover to investigate.
Max Baucum, a Vietnam War vet living in Texas, has long since retired.
Browsing the internet one morning, the following window pops up on his computer screen.
“Your computer has been locked. It’s either been infected with a virus or with spyware that want to steal your Facebook password and bank and email data. Call the Windows technical service unit at the following number 661 888 40822. If you fail to heed this warning and close this page without resolving this issue your computer system will be disabled to prevent further damage to our network.”
An example of such a message taken from the internet
Mr. Baucum calls the tollfree number and is connected to an address in Yerevan- on the 4th floor of the Makkony Business Center located at 73/1 Nairi Zaryan Street. Gurdip Singh, an Indian national, picks up the phone. Singh gets on and gives a false name - Gary Daniels.
Gary tells Baucum that he’s an online technical rep for Microsoft Windows located in Denver, Colorado. He tells Baucum that his computer has been hacked and that the culprits want to steal his virtual identity-his Facebook password, bank data, etc. Gary tells the unsuspecting Baucum that he can resolve the problem, but that he needs permission to enter his computer. Gary enters the computer and makes some programming changes. During their ninety-minute conversation, Gary also convinces Baucum to pay US$450 for a one-year security program that will defend his computer from such viruses.
Baucum was hesitant at first to fork over the money given his tight finances. But he takes the plunge, saying that he felt somewhat obligated since Gary had worked on his computer for ninety minutes to resolve the virus issue.
Taking advantage of the situation, Gary demands Baucum social security number, his bank card number with the expiration date and 3-digit verification code. He also asks for Baucum’s home address.
Obtaining such personal data by third parties is considered identity theft in the United States and is the most common form of cybercrime in the country.
Cybercrime is defined as criminal activities carried out by means of computers or the Internet.
The most common types of cybercrime are computer piracy, online fraud, attacks on computer systems, identity theft, illegal distribution of prohibited information.
“Individuals stealing personal data can use tour number and good credit history to take out loans in your name. They later use credit cards and don’t pay the amount owed. You only find out that another has used your number only when they reject to give you a loan or when they call unknown creditors and demand to be paid for goods or services that you never purchased,” writes the U.S. Social Security Administration.
Photo from malwarebytes.com
There are thousands of internet domains created by those involved in cybercrime containing fake virus warnings instructing users to phone a certain number to resolve the problem. These warning can appear if the user enters a suspicious website or mistyping a URL. Those taking the bait, mostly unsuspecting seniors or the middle-aged, become the latest victims of cybercriminals.
Gary Daniels, in reality Gurdip Singh, works at Piconet Technology LLC, a company registered in Armenia that services one of these domains that circulate the fake warnings to citizens of the United States and Canada. Using the Microsoft Pop-up Scam device, the company fishes for unsuspecting users and proceeds to defraud them out of hundreds in cash to make their computers safe. The company also gets a hold of their personal and financial data.
The sole Piconet Technology shareholder is Zhanna Vardanyan. It’s run by her husband Lavish Madaan, an Indian by birth. Madaan is assisted by two young Armenian men, Samvel and Edik. The company is registered at 36 Aygegortzneri Street in the Armavir community of Norakert. There’s a plot of land and a residential house, complete with a barn, pool and garage, at this address. Zhanna Vardanyan, who is registered at 1/22 Nerkin Shengavit Street in Yerevan, owns the house. 24 other individuals are also registered at the Yerevan house.
Piconet Technology actually operates out of an office at 73/1 Nairi Zaryan Street in Yerevan. The company was founded in 2005 and as far as we can ascertain has only paid taxes for one employee, in 2018.
Fosis LLC and Lavanna Designs LLC are two other companies registered to Zhanna Vardanyan and her husband Lavish Madaan. He serves as the Fosis director and is registered as the founder of Lavanna Designs. The legal and business address of the two companies is 36 Aygegortzneri Street in Norakert, Armavir.
Former Piconet Technology Employee Tips-Off Hetq
A former Piconet Technology employee told Hetq about what was going on at the company. He only worked there a few days, leaving after getting wise to the scams being perpetrated.
Piconet Technology recently posted an online want ad looking for telephone operators and technical sales and customer support agents fluent in English. The starting monthly salary for the permanent five-day a week job (8pm-5am) is listed as AMD 200,000 (US$417). It’s a nighttime job in Yerevan because the company targets the United States and Canada.
Hetq Reporter Goes Undercover: Gets Job at Piconet Technology
There are seven computer desks in Yerevan’s Piconet Technology office. There’s a chalkboard on the opposite wall with the fake western-sounding names (Frank, Gary John, etc.) used by the employees, mostly Indians and Armenians. The nine-member telephone operation experiences a lot of turnover. Not everyone hired stays at Piconet once they realize what’s going on. On average, Piconet employees talk to three “customers” per hour, requesting their financial and personal data for services rendered. The amount of the payment, to resolve a virus that never existed in the first place, depends upon the duration of the call.
Samvel greets the company’s new recruits. He tells them that he’s one of the company’s directors. Samvel continues the pep talk by saying that Lavish Madaan operated a similar business for years in India and launched Piconet after marrying an Armenian and moving to Armenia.
The Windows Pop-up Scam isn’t a virus but a regular site that flashes a fake virus warning. The computer user can close the window and proceed.
Explaining the operation to Hetq’s undercover reporter posing as an employee, Samvel says that those telephoning the company “don’t know anything about computers.” Piconet employees must convince those calling that their computers are vulnerable to crashing and that they need the company’s professional technical expertise. Those new to the job transfer incoming calls to Gary who proceeds to hit the callers up for personal data and for payment for a security program.
The program is called Free PC Diagnosis. On web forums it’s described as a program that cleans minor programming errors while at the same time adding unnecessary files. Regardless of the amount paid, all receive the same support- downloading of the Free Diagnosis program.
The company provides copies of “successful” telephone conversations to new employees, showing them how to close the deal.
Here is an example of such telephone conversations
From the telephone conversations it appears that most of those who fall prey to the scam are senior citizens and the retired. This leads us to surmise that Piconet Technology acquires the telephone numbers of this demographic group to target.
Hetq’s undercover reporter was supplied with more than 100 names and telephone numbers to cold call with the virus ploy. Thus, the company not only waits for incoming calls from those replying to the virus warnings, but also makes outgoing calls to potential “customers”.
Of note is the fact that Piconet employees sometimes ask customers to pay them with Google Play gift cards for services rendered. These cards are only sold in various small and large stores in the U.S. The employees warn those who fall for the scam not to tell the card sellers that they are buying the cards to purchase a computer program. Rather, they advise them to say that the cards are for “personal use”, telling them that they’d pay more in tax otherwise. This, of course, is a lie. They merely want to erase all traces of a scam and its victims.
Those engaged in cybercrime usually avoid bank transfers. It’s too risky. Those scammed out of money can go to their bank, report the fraud, and get the cash back. U.S. and Canadian banks have taken special measures to protect their clients.
Hetq has not talked to the owners or directors of Piconet Technology․ Our phone call could have prompted them to cover their tracks and flee the country.
Law enforcement agencies in Armenia have been apprised of the story.