I Investigated A Scam That Wasn’t A Scam…. Maybe….

Frequent readers of this blog will know that one of the things that I like to do is not only investigate scams, but when possible expose them so that you know what the bad guys are doing, and that the bad guys are less effective at scamming you. Yesterday, something very interesting hit my inbox, and I would like to detail it to you. It all started with this email:

Now right off the the top, this screamed scam to me. And my first thought about the Word document at the bottom right is that it was booby trapped with some sort of malware. But in the interest of science, I started poking around. First there was the email address it was sent from:

I Googled that and it came back as a legitimate address related to the New Delhi Police and their cybercrime unit. Here’s an example of what I found:

So at first blush, someone might be taken in by this and think that this was legitimate. But I was pretty sure it wasn’t. So I decided to dig further. I opened the attachment in a virtual machine so that if it had some sort of malware, it wouldn’t affect me. And I found this after determining that this Word document was not booby trapped:

A couple of things on this. First they did not include “our press clipping”. Which if they did, it would have tried to add some legitimacy to this. The second thing is that they say that my “contact details were found in their system” during their raid. If that is true, should they not be referring to me by name seeing as they have my details instead of sending me a very generic letter? That was kind of odd.

Having said that, I decided to go down the rabbit hole further by Googling “Insp. Manoj Kumar”. That actually brings up a real police officer in the Delhi police that works in the cyber crimes group. That was interesting and I’ll get back to Insp. Kumar in a bit. I decided to do some further research and found some news articles like this one that detailed a raid last summer that almost precisely fit the description of what this Word document was talking about. In short, it seems like the Delhi Police took down a pair of call centers that were scamming Americans.

I was beginning to think that this could be real unlike 99% of the things that I look into. And doing a whois lookup on the domain that the email came from yielded some interesting results. It came back as being legitimate as I compared them to other Indian Government organizations, all of which had the same registration details with the same registrar.

So to really get to the bottom of this, I called “Insp. Manoj Kumar” and I got him on his mobile phone to have a brief conversation with him. He claims trying to get to all the victims of the scam call center that the Delhi Police raided. He asked me a few questions without asking for any personal information. And I should note that the phone I called him from wasn’t broadcasting my caller ID. So there would be no way for him to call me back. He acted very professional during our entire conversation.

So what I am left with? It appears that this who episode is legitimate. But I am not 100% convinced of that just yet as I am cynical by default. After all this could just be a really sophisticated scam where the scammers have gone to great lengths to ensure that they can take advantage of as many people as possible. Thus I have reached out to Delhi Police for additional commentary. Hopefully they get back to me quickly so that I can update you on this.

Stay tuned for more.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: