33.4k unique visitors in the last 3 days

Czech Police Detail Methods Used by $9mn Scam Call Center Based in Ukraine

Fraudsters used CLI spoofing and native Czech speakers to aid the impersonation of Czech banks and police.

A recent press release from Czech police highlights the techniques used by scam call centers which target victims in other countries. In this instance, a call center based in Dnipro, Ukraine, succeeded in defrauding over 600 victims, most of whom reside in Czechia. CLI spoofing was used to convince victims they had been separately called by both their banks and by police. The first call would appear to come from the victim’s bank, and would warn that their account was about to be raided by hackers. Victims were told they could stop their money being stolen by making a transfer into a new account which had been set up to protect them. They would then receive a second phone call which would seem to be from a Czech police officer. This would corroborate the previous call and recommend that the victim comply with the instruction to move their money to the new account. These new accounts had been set up by the gang and would be drained soon after any transfer had been made. Using this method, the fraudsters took a total of CZK195,086,374 (USD8.7mn).

Ukrainian police operations were slowed by the impact of Russia’s invasion, with Dnipro suffering multiple missile strikes. The front line of the war with Russia is less than 150 miles away. However, local police were able to close the scam call center in April, seizing simboxes, mobile phones, computers and cash in the process. The Czech police simultaneously arrested four people residing in Czechia who also belonged to the same gang (pictured above). Of the arrests made in Ukraine, eight were of Czech citizens, six of whom have since been extradited to Czechia. There was also one Belarusian national amongst a gang that comprised 20 members in total, with their ages ranging from 18 to 29 years old.

Both police forces referred to the scam as an example of vishing, but this is a misuse of that word. The goal of voice phishing is to make a call that leads the victim to share confidential information. This information, such as the victim’s passwords, may then be used to commit a crime. However, this scam was simpler than a crime involving vishing because the victims were convinced to transfer the money themselves.

It is worth emphasizing the similarities between this scam and other crimes which occur across electronic networks. The criminals were young; some were still teenagers. CLI spoofing was used to aid the impersonation of reputable organizations. The spoofed calls were international but appeared to originate within the same country as the recipient. The cross-border nature of the call means single-country methods of validating CLIs, like STIR/SHAKEN, would be rendered ineffective. However, that is no excuse to allow spoofing because the use of a domestic number for an inbound international call means network operators have a more straightforward way of determining that the call is suspicious.

Numerous countries have begun the process of implementing controls to block international calls that spoof domestic numbers. The rate at which these controls have been adopted is influenced by the perceived risk, with many countries feeling themselves to be at less risk if their native language is not spoken elsewhere. This gang illustrated why relying on language barriers will become increasingly reckless; Czech speakers were intentionally recruited for the call center in Ukraine.

Gangs conduct cross-border scams because they assume local police will do nothing about crimes that afflict residents of a foreign country. They are usually right. This instance was different because the Ukrainian authorities are highly motivated to cooperate with the goals of allied countries. Czechia has taken in Ukrainian refugees and its government has been a forthright supporter of Ukraine’s defense against Russia. Not every police force will be as diligent at locating and closing down scam call centers.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email