Wednesday, August 13, 2025

Chinese SMS Spammers Go Mobile

CommsRisk once more has a story today about how Chinese organized crime is recruiting people online to drive around with SMS Blasters installed in their vehicles. 

https://commsrisk.com/thais-caught-with-smishing-sms-blaster-say-chinese-boss-paid-75-per-day/

In many countries, notably NOT the United States, government telecom regulations has made a significant impact on scammers by blocking the scam and fraud campaigns being sent via SMS messaging.  The response to these blockages has been the use of mobile base stations.  The technique turns a vehicle into a mobile cell phone tower, allowing it to send SMS messages directly, bypassing cell phone company's ability to block the messages. But the downside is that, depending on the power used, there is a limit to the range from 100 yards to a couple miles. 

In this case, the scammers were recruited in a Chinese WeChat channel where they were contracted by the scammer and trained how to install and set up their mobile station, which they installed in a small Mazda.  Their rig was on the low end, with a limited number of SIM cards, but was still able to send 20,000 SMS messages per day.

In November 2024, the Thai Royal Police picked up a much larger rig that was operating from a van being driven by a 35-year old Chinese national, Yang Muyi.  This device sent over a million messages in a three day period before being seized by police, as revealed in a press conference by Police Lt. General Thatchai Pitaneelabut.

Image from ThaiExaminer

Thai police have been greatly assisted in their investigations by a partnership with AIS (Advanced Info Systems) who have been helping them locate the false base stations. The image below shows the rig seized in a Honda CRV in January 2025 driven by two Chinese men, aged 47 and 49.  Police then went to the apartment where additional mobile phones, SIM cards and other telecom equipment was seized. 

Image from TheNation

On 10JUL2025, the Royal Oman Police shared a high-production quality video PSA on their Facebook, X.com, and Instagram channels warning about a Chinese tourist arrested with a vehicular-borne SMS Blaster case being used to send messages claiming to be from a local bank!

https://x.com/RoyalOmanPolice/status/1943369135477657693

Telecom Fraud expert Eric Priezkalns regular writes about this emerging technique and his map at CommsRisk showing details of more than 50 similar cases provides the most comprehensive information about such cases. 

https://commsrisk.com/fraud-dashboard/#baseStationsSection

One of the UK-based cases above happened in June 2025, with the investigation beginning when a local police officer received an SMS message claiming to be from HMRC - His Majesty's Revenues & Customs - the UK tax office. Their investigation identified Chinese student Ruichen Xiong who had been driving around London with a generator and an SMS blaster in his vehicle.

Image from The Guardian

"Captured SMS Blasting" 

The use of "captured SMS blasting" started in China where local advertisers used the technique to push advertisements for their store or services only to phones that are physically close to their location.  But scammers quickly realized there was a far more lucrative market by using the service to drive calls to fraud call centers!

The "3" over Beijing, China in this map actually goes back as far as 2014.  One of those three is a story from 2014 about Beijing police making 1,530 arrests and seizing 2,600 SMS Blasting devices! Already then, several of the text messages were imitating financial institutions, claiming a phone was infected with malware, or that their AliPay password had been changed.

Image from IBTimes

Because of the range limitations, scammers have frequently targeted places where crowds congregate.

If the problem comes in large crowds, perhaps the answer is ... 

Crowd-Sourcing Rogue Base Stations Identification

What can be done to detect and refer more of these cases to law enforcement?  The Gold Standard would have to come from Radio Yakuza! After noticing that his phone had a 2G connection to a fake base station, "Radio Yakuza" decided to investigate the situation.  He ended up recruiting a small army of volunteers on social media who reported incidents of fake base station capture and helped him to map out the possible locations.  In his initial break-through case, he was actually able to track the false base station to a black Audi hatchback!  The car was observed several more times by his team of volunteers, who noted that the driver had swapped the license plate!  His team was even able to help him get photographs of the equipment in the back of the car and demonstrate that the gear was identical to that shown in arrest photos in Thailand. 

https://x.com/denpa893/status/1911755963516014940



As with all the best reporting on this topic, the most detailed story comes from Eric Priezkalns on CommsRisk: "Amateur Detectives Find More Fake Base Stations in Japan" 

Radio Yakuza ==> https://x.com/denpa893

In a troubling example that Eric reports on, (See https://commsrisk.com/amateur-sleuths-plot-route-of-tokyo-sms-blaster-and-other-news-about-fake-base-stations/ )  one of Radio Yakuza's most recent discoveries involved a base station that was circling the Imperial Palace during Japan's recent Senate elections.  

https://x.com/denpa893/status/1946887928380367291

As Eric points out, the idea of mobile SMS Blasters being used for political mischief has also been observed in the Philippines. Maria Ressa's The Rappler.  Last month, their headline was "Spoof, smear, sabotage: How disinformation marred Cagayan de Oro’s 2025 polls."  One example they showed was an SMS campaign that claimed if people came to one politician's rally, they could show their copy of the SMS messages to receive 50,000 Pesos! (That candidate, Lordon G. Suan, went on to win his Congressional race.) 

(I can't mention The Rappler without begging you to read Maria Ressa's book, which I reviewed in December 2022 ==> 




Sunday, August 10, 2025

Ghanaian fraudsters arrested for BEC/Sakawa

 In Nigeria, scammers who specialize in Romance Scams and BEC are called "Yahoo Boys."  In Ghana, the term for the same activity is "Sakawa."  Several Ghanaian headlines are talking about this case with headlines such as "Multimillion dollar Sakawa" or "Sakawa Chairman Busted" or "Sakawa Kingpin Bows to Extradition!" 

On 08AUG2025 the US Attorney's office in the Southern District of New York announced the extradition of four Ghanaian scammers who stole more than $100 Million via Romance Scams and Business Email Compromise. 


https://www.justice.gov/usao-sdny/pr/ghanaian-nationals-extradited-roles-criminal-organization-stole-more-100-million

The names likely are not well known in the US, but the first two are creating a stir in some parts of Ghana: Isaac Boateng, Inusah Ahmed, Derrick Van Yeboah, and Patrick Kwame Asare.

Inusah Ahmed, also known as Pascal, and "Agony" is the owner of the PAC Academy Football Club in the Ashanti region of Ghana. Ghana Soccer quotes one source as saying "Pascal was not just the owner; he was the heart and soul of PAC Academy.  This is a huge blow!" 

https://ghanasoccernet.com/pac-academy-fc-faces-uncertain-future-amid-owner-inusah-ahmed-pascals-arrest-over-alleged-internet-fraud

Isaac Kofi Oduro Boateng, better known as "Kofi Boat," claims to be the owner of ICEFOOD, a frozen food company specializing in chicken and fish in Ghana. But he is better known as the "godfather" of singer Shatta Wale.  

Kofi Boat

Shatta, whose real name is Charles Nii Armah, was featured on the Beyonce track "Already" on her 2019 Lion King album.  Last week he had his 2019 Lamborghini Urus seized by the government of Ghana, after the FBI informed them it was purchased with stolen funds.

https://www.bbc.com/news/articles/cq687q927r7o

Ghana and the City of Lexington BEC

The source of those Lambo funds was Nana Kwabena Amuah, another Ghanian, who performed a $3.9 Million Business Email Compromise against the city of Lexington, Kentucky. When Amuah was arrested in 2023, he posted bail and four days later was arrested attempting to flee to Canada on an Amtrak train. 

In an unusual court document, 58 victims of Amuah's BEC crimes are listed with complete street address and the amount of money stolen.  Victims are identified in Alabama, Arizona, California, Colorado, Florida, Georgia, Iowa, Illinois, Michigan, Minnesota, Missouri, North Carolina, Oklahoma, Pennsylvania, Tennessee, Texas, Vermont, Wisconsin, the United Kingdom and Switzerland.  Collectively they were tricked into sending $4,743,443 to Amuah and his co-conspirator, Shimea Maret McDonald.  McDonald had opened a shell company, Gretson Company LLC, and had bank accounts at many major banks in that name that were used to receive the funds. 

Victim Restitution Worksheet (1-20 of 58)


There were others arrested in this ring, including Samuel Kwadwo Osei, who was recruited into "Sakawa" by a Nigerian computer programmer, Sapphire Egemasi, who the Nigerian media calls a "Tech Queen." Nigerian blogger Linda Ikeji (who I've followed for many years) shared this photo of Sapphire: 

https://www.lindaikejisblog.com/2025/6/fbi-arrests-nigerian-tech-queen-sapphire-egemasi-over-alleged-fraud-in-us-2.html


Samuel Kwadwo Osei ("Tuga"), Derick Nii Ashitey, Chinemezu Sapphire Egemasi, and Fred Brobbey Awuah were all charged in the same ring as McDonald and Amuah. 

Osei laundered funds through his BofA account in the name "Lasko Company LLC."
Ashitey operated from the United Kingdom. Sapphire operated from Nigeria, while Awuah resided in the Netherlands. 

Another Boateng? Dada Joe Remix 

Perhaps the first linked case in this string of Ghana-related arrests comes from the 27MAY2025 arrest of  Joseph Kwadwo Badu Boateng, who was extradited to Arizona for ties to a romance scam case.  In Ghana, he is known as "Dada Joe Remix" and claims to be involved in oil and gas as well as real estate. According to "Pulse Ghana" he is "rumoured to be the man behind Shatta Bandle, Ghanian self-acclaimed billionaire and richest man in Africa."  A Ghanian "prophet" Abusua is now claiming that Dada Joe was formerly "his small boy." Abusua claims that he took him into the bush for three months to teach him how to invoke spiritual powers to help him have success in his frauds. 

https://x.com/StateDeptDSS/status/1940078310156865950

Are Ghana's "Elite" panicking? 

My favorite paragraph in the Pulse story "Accra socialite Dada Joe Remix nabbed in alleged FBI sting"  reads: 

"Since news of the arrest broke, panic has reportedly gripped Accra’s elite social circles. Several prominent figures allegedly involved in cryptocurrency, forex trading, and high-end real estate have gone underground. Phones have reportedly been switched off, luxury homes have fallen silent, flights are rumoured to be hastily booked, and inner circles – including partners, baby mamas, and close associates – are allegedly being coached on what to say should they be questioned."









Operation Chakra V: Call Center Scammers and your PII

Here we have another cautionary tale about off-shoring customer service when faced with the reality of Call Center Scams that commit fraud via Tech Support Scams and Government Impersonation. In this case, FirstIdea, an Indian company is charged with committing fraud against at least 100 victims from Australia and the UK. 

FirstIdea.us, according to their website, provides Debt Collection services for ADP, Aetna, Aramark, BASF, Bic, CareOne, CostCo, Horizon Blue Cross Blue Shielf, JPMorgan Chase, Kessler, Siemens, Sony, and others.

firstidea.us website "Our Clients" page


India's Central Bureau of Investigation (CBI) recently announced Operation Chakra V, which claims Microsoft Digital Crimes Unit, the US's Federal Bureau of Investigations (FBI), Japan's National Police Agency, and the UK's National Crime Agency (NCA) as partners. The Operation has had many focuses and has been ongoing for several months, including a bust of an Amazon-imitating call center today (10AUG2025).

One of the most significant findings was announced last month, as 37 were arrested with the announcement that 850,000 money mule accounts (8.5 Lakh) had been opened at 743 bank branches. That announcement pointed out a total disregard for KYC (India calls it Customer Due Diligence) and widespread failure to file STRs (Suspicious Transaction Reports.)

While there are dozens of articles that could be written about the successes of Operation Chakhra V, I want to focus on a ring-leader arrested in raids in Noida on July 7th. According to CBI's First Information Report (FIR) (similar to a Criminal Complaint in the US) Nishant Walia, Arjun Prakash, and Arjita Chopra were considered Significant Persons in a fraudulent Call Center operation.

Nishant Walia operated FirstIdea Solutions where Arjun Prakash was listed as a director. Nishant and Arjun were co-directors at several companies, including Marvello Infotech, FirstIdea Solutions, and DroidOne InfoSol.



Whistle-blowers who post on "Scammer.info" share more details and point out that Nishant's other company, Click Aurum, is also worth looking into.  In that chat thread, "Rogger" says they are "running outbound calling in UK, AUS and ask for cancellation and collect money from them. 

https://scammer.info/t/https-www-youtube-com-watch-v-xow1vct-whg/57340

While the date on the Scammer.info post shows Nishant Walia was "in the game" as early as May 2020, a UK court document actually puts the timeline even earlier.  In a case against one Baljinder Singh in a document dated 04JUL2019, we find that "Devine Technical Services Ltd" based in the UK was linked to "an Indian company which purported to provide online technical support for computer users." In that earlier case it is explained "The nature of the fraud was that computer users were made to think that their machines had been infected with viruses or had been subject to hacking and were encouraged to pay for the services of the IT support company."  Mr. Singh was charged with money laundering, receiving payments totaling  £300,188 from victims of the scam and forwarding the proceeds (minus his commission) to Nishant Walia in India. 

https://crimeline.co.uk/wp-content/uploads/2019/09/singh2019ewcacrim1428.pdf


Dozens of Indian media outlets shared the story of Nishant's arrest, calling him a "Key Operative" a "Kingpin" or a "Leader" of a "Cyberfraud syndicate." 


https://www.thehindu.com/news/national/cbi-arrests-key-operative-of-cyber-fraud-syndicate-targeting-uk-and-australian-citizens/article69788011.ece

While Nishant has been arrested by the CBI and charged with running a major fraud call center operation, Arjun Prakash claims to have moved to Hawaiian Gardens, California and began operating as the "Business Owner & Chief Executive Officer" of FirstIdea, sharing the firstidea.us website in his LinkedIn profile, but claiming to have worked their consistently for 9 years and 10 months (since October 2015) making it clear that this is the same organization.

According to business registration documents, Arjun left the company, opening a debt collection service in the US using the domain "firstidea.us" which he registered in 2015 using his personal gmail account (arjunprakash11@gmail.com) and later renewed using the company gmail (firstideasolutionsinc@gmail.com).  Clearly, despite resigning his directorship, Arjun was still part of the company.

linkedin.com/in/aazur (now deleted)

We have seen this pattern repeatedly where a company establishes an off-shore relationship for a business process operation that requires the sharing of #PII, and then operators of that same call center are subsequently accused of running fraudulent call centers.

Wednesday, August 06, 2025

Project Red Hook: Chinese Gift Card Fraud at Scale



Project Red Hook is a Homeland Security Investigations operation examining how Chinese Organized Crime is committing wholesale Gift Card Fraud by using Chinese illegal immigrants to steal gift cards, reveal their PIN, reseal the cards, and return them to store racks.  When the card is later purchased and activated, operators are standing by to quickly drain the card before the customer can use it. How many cards are we talking about?  More than $1 Billion worth! 

Here are a few cases of interest to me - especially the first one! 

Birmingham, Alabama 

https://www.justice.gov/usao-ndal/pr/chinese-nationals-charged-illegally-possessing-counterfeit-and-unauthorized-gift-cards

25JUN2025 - the Hoover Alabama Police Department put out a BOLO for two Asian males in a gray Lexus SUV with California tag DE53Y62 who were switching gift cards in racks at local CVS stores.  Jiadong Cao, 36, and Xuejun Zheng, 48, were stopped and arrested the following day in Pelham, Alabama and found to possess more than 5,000 gift cards.  Portions of the gift card numbers had been destroyed on the cards, which would allow the cards to be activated at the register, but not used by the customer who purchased them. 300 altered cards for Home Depot, Amazon, Sephora, Macy's and Nike were found in their car.  Home Depot reviewed their cards and confirmed they had not been sold.


The Federal criminal complaint was written up by a former student of mine!  USSS Special Agent Scott Easterwood! Jiadong Cao is a Chinese citizen who entered the US in September 2024 and is illegally in the country now.  Xuejun Zheng also entered the US in September and has filed for asylum in the US. In the CVS store that started this investigation, they had added altered gift cards to the rack, including six Nike cards, ten Macy's cards, and nine Best Buy cards. 

Louisville, Kentucky

https://www.wlky.com/article/men-arrested-gift-card-scam-louisville-millions-lost/62673181

19OCT2024 - Kroger security personnel observed Chaoming Lin placing gift cards back on a rack at a store on North Hubbards Lane. He was stopped shortly thereafter by St. Matthews Police, who found him in the car with Zhiqiang Huang.  Around 5,000 gift cards were found in a search of the vehicle, with at least 2,000 appearing to have been altered. That same day, Kroger loss prevention reported another instance and that an Asian man was seen leaving in a black Dodge Charger.  That car was also stopped with Tianlong Chen and Huixing Yu in the car with several cell phones and 658 gift cards in the car.   These four had hit stores in Ohio, Pennsylvania, and New York before being arrested in Kentucky. 






St. Matthew's Police chief Barry Wilkerson said the gift cards they recovered were worth at least $1 million. Tianlong Chen entered a guilty plea on 11JUL2025 and will remain in custody until sentencing on 16OCT2025. 


Gainesville, Florida

https://www.documentcloud.org/documents/24536188-gainesville-case-detailed-arrest-report/

24AUG2024 - The Alachua County Sheriff's office pulled over a Hertz rental vehicle being driven by Cheng Li, 25, with female passenger Jiaxin Jiang, 24.   The car was rented by Jiang despite him only possessing a New York Learner's permit.  After a narcotics K-9 hit on the car, the car was searched and found to contain 1,764 gift cards from Apple, Target, Visa, Mastercard, and American Express.  A GPS review provided by Hertz confirmed that the pair had left Long Island, New York, stopping at two Target stores in Laurel, Virginia, ten Target stores in the Duluth/Atlanta Georgia area, two Target stores in Knoxville, Tennessee, and a Target store in Johnson City, North Carolina before being arrested after a stop at the Target store in Gainesville, Florida.  Their mapping software indicated they were headed to a Target store in Ocala, Florida next. 


A review of Cheng's cell phones (after a search warrant) revealed that he had been involved in "Target fraud" chats on WeChat since as far back as December 2022. Ledgers on Jiang's computer showed they had been collecting gift card numbers and their associated PINs going back as far as 09AUG2022. WeChat groups retrieved by the phone show groups with as many as 1558 messages and 257 photos with some groups having as many as eleven members who all seemed involved in the same types of activities. 

The Chinese language website "https://www.uscardforum.com/t/topic/321165" shared a Chinese version of the traffic stop, complete with opening the trunk and finding the cards! 

The couple tell the police they are in Florida because they wanted to see a crocodile! 

 (Watch on YouTube here: https://www.youtube.com/watch?v=YChGKg2KrDo - jump to 16:40 for the "trunk reveal." ) 

Ventura, California

15MAY2024 - Ventura County detectives are part of the Ventura County Organized Retail Theft Task Force (VCORTTF).  They were operating a "blitz" against organized retail crime, deploying detectives in coordination with loss prevention specialists in retail stores. when they arrested Tingxiang Yang, 39, and Lingyu Chen, 35.  They were in possession of 800 gift cards stolen from a Moorpark Target store. They were released after posting $20,000 bail. 


Ocala, Florida

 https://www.ice.gov/news/releases/chinese-national-pleads-guilty-gift-card-fraud-scheme

17OCT2023 - a police officer in Ocala, Florida arrested Donghui Liao, age 32.  Liao was observed taking gift cards from his black shoulder back and placing those gift cards on a gift card display in a Target store. Seventy-one cards on the rack were found to have been altered.  The cards had been shop-lifted, scratched to reveal their PIN, "re-silvered" so that they did not appear to have been scratched, and then returned to card racks in stores.  Liao was found to be on surveillance camera imagery at stores in Ohio, Georgia, North Carolina, and Florida. 


When police searched his car, they found 6,032 additional gift cards with a face value of $1,886,000! 


Donghui was sentenced to 33 months in prison with 3 years supervised release to follow.