Tech Support Fraud: Executives Plead Guilty in Infrastructure Case

Overview of the Fraudulent Facilitation Scheme

Two former executives of the call-tracking and analytics company CallerReady, Naman Sumatlal Shah and Azim S. Shah, have pleaded guilty to conspiracy to commit wire fraud. According to BleepingComputer, the defendants provided the technical infrastructure necessary for international scammers to execute large-scale tech support fraud. This scheme relied on deceptive internet pop-up advertisements that falsely claimed a victim’s computer was infected with malware or had been compromised by hackers.

These pop-ups provided a toll-free number for ‘technical support,’ which was managed via the CallerReady platform. When victims called the number, they were routed through the defendants’ infrastructure to fraudulent call centers located primarily in India. Once connected, scammers utilized remote access software to gain control of the victims’ machines, frequently misrepresenting benign system files as malicious to justify charging hundreds or thousands of dollars for unnecessary repair services.

The Anatomy of Call-Tracking Facilitation

In many cybercrime operations, the TTP used by attackers involve third-party services that provide a veneer of legitimacy. In this case, CallerReady offered call-tracking, Voice over IP (VoIP), and Customer Relationship Management (CRM) tools. The executives were aware that their platform was being used to facilitate fraud but continued to provide services and optimize the routing of fraudulent calls to increase the scammers’ efficiency.

From a threat intelligence perspective, this case highlights the role of ‘bulletproof’ adjacent infrastructure. While the platform itself was a legitimate business tool, the executives’ willingness to ignore clear indicators of fraudulent activity allowed the scam to persist for years. Identifying fraudulent call-tracking analytics requires a close examination of traffic patterns; typically, these scams generate high volumes of short-duration calls originating from browser-based redirects rather than organic search or direct brand engagement.

Tech Support Scam Infrastructure Mitigation and Detection

Defenders and SOC teams must recognize that tech support scams often bypass traditional technical controls by targeting the human element through Phishing and social engineering. To defend against these threats, organizations should focus on several layers of protection:

• Browser-Level Controls: Implement ad-blocking and reputation-based filtering to prevent the display of deceptive pop-ups that serve as the initial vector.
• User Education: Conduct training specifically on how to detect tech support scams, emphasizing that legitimate software vendors like Microsoft or Apple do not use unsolicited pop-ups to provide support phone numbers.
• Network Monitoring: Utilize SIEM logs to identify unusual outbound traffic to known remote administration tool (RAT) ports or unauthorized remote access domains commonly used by scammers.

Intelligence and Legal Implications

The guilty pleas signify a growing trend of law enforcement targeting the ‘enablers’ of cybercrime. By providing the tools for Ransomware-like extortion and fraud, these executives became part of the criminal lifecycle. For intelligence analysts, the take-away is that the infrastructure used in fraud is often shared across multiple campaigns. Monitoring the telephony and CRM assets associated with these schemes can provide early warning of shifting social engineering tactics.

Proactive identification of these actors involves monitoring for the registration of domains that mimic legitimate tech support entities. Furthermore, as organizations move toward Zero Trust architectures, verifying the identity of external support entities becomes a requirement for maintaining environmental integrity.