Phone Scammers Target Chinese Speakers in the UK

Detailed research by Will Thomas, a security researcher who uses the online alias of BushidoToken, has highlighted a series of scam call campaigns exclusively aimed at Chinese-speaking inhabitants of the UK. Referring to the scammers as RedZei, which means ‘red thief’, BushidoToken concludes their approach is deliberate and meticulous:

The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation.

The compelling aspect about this scam is how well the attempts were crafted and the careful tradecraft employed to evade traditional steps users take to block such scams. For each wave of scam calls, RedZei will mostly use a new pay-as-you-go +44 UK phone number every time from one of the main mobile network operators (MNOs). This essentially renders blocking the scammers phone numbers ineffective.

Thomas neatly summarizes how the criminals have adapted other well-known scams to make them more likely to dupe Chinese students at British colleges.

Some of the key attributes of the RedZei gang includes leveraging Chinese enterprises, such as the Bank of China or China Mobile (CMLink) to social engineer the international students into providing their personal details. Other themes exploited by RedZei includes the “abnormal usage of your NHS number” and international parcels being delivered from DHL, which are both common concerns for Chinese students studying in the UK.

An extraordinary collection of recordings documents all the voicemails left by the scammers, alongside the originating phone numbers used each time. If you can help with translating the voicemails then you are encouraged to contribute to a collective effort maintained at this GitHub Gist page.

Not all of the originating numbers associated with RedZei are from UK mobile networks, though most were from O2 and EE. Thomas also identified Chinese-language scams originating on Tesco Mobile in Ireland and on Telia in Norway. This leads me to suspect that the scams identified by Thomas may only be scraping the surface of a much larger problem involving the systematic targeting of Chinese speakers worldwide. When researchers at North Carolina State University used a massive honeypot to investigate robocalls to US numbers they also identified scams that specifically targeted speakers of Mandarin. Commsrisk has also previously reported on scammers who spoofed the CLI of the Chinese Embassy in the UK.

Thomas was somewhat dismissive of the efforts made by telcos to protect visitors and immigrants from scams like these.

Further, as RedZei alternates between SIMs from several UK mobile carriers it is difficult for the telecom companies to stop this type of activity. As the activity is also in Chinese, the carriers are less likely to investigate this campaign to additional effort required (sic). The RedZei group, and others like it, are therefore effectively operating with impunity and will continue to do so for the foreseeable future.

Not being able to speak a country’s national language makes an individual more vulnerable. It is less likely that foreign-language scams will be publicized or that warnings about them will reach the intended targets. Victims may be inhibited about going to the police or may find it difficult to communicate their concerns to the authorities.

The language-neutral methods developed by the robocall researchers at North Carolina State University and implemented with the assistance of a US telco demonstrates that it is possible to set up an infrastructure that would gather intelligence on all phone scams, irrespective of the language being used by scammers. The real question is whether telcos and the authorities have the desire to deploy resources in this systematic fashion or whether we actually prefer a haphazard approach which places the onus on the public to report scams, even though not all members of the public will be as likely to do that in practice.

The BushidoToken blog about RedZei can be found here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.