Scamming king gets a taste of his own medicine after his fraud factory is hacked
Sarfraz uses social media to share pictures of his lavish lifestyle, funded by the unscrupulous scams.
A supposed criminal mastermind behind a scam call centre leaving Brits thousands out of pounds out of pocket has been unmasked.
Sarfraz’s computer was hacked by an ethical hacker for the BBC’s fraud-busting programme Scam Interceptors, revealing every move he made.
Workers in his fake call centre phone UK mobile numbers and pose as customer service staff. They trick the victims into handing over their account details and order thousands of pounds worth of phones, which they then sell on.
This is significant, as data from industry body UK Finance reveals 17% of all scams begin with a phone call or text.
Sarfraz uses social media to share pictures of his lavish lifestyle, which the BBC investigation claims is funded by the unscrupulous scams.
In pictures identified as Sarfraz by the BBC, he’s seen in expensive 4x4s and wearing designer clothes including Louis Vuitton logo belts and tailored suits.
He also shares videos of himself unboxing expensive phones, smirking at the camera as he holds up the proceeds of his crimes.
Thanks to the ethical hacking by the Scam Interceptors team, the location of the fraud call centre in Lahore was revealed – but sadly it’s thought the gang will simply change location and phone numbers and start again.
Presenter Nick Stapleton explained: ‘We informed the police and know they stopped operating at that address, but it is like whack-a-mole — they are usually quite quick to set up operations again elsewhere.’
Questions have been raised over how gangs can input hundreds of phone numbers and generate password reset codes from one internet address in Pakistan without raising suspicion from O2.
When asked why there is no alert system in place, an O2 spokesman said the company has ‘different monitoring capabilities in place to detect unusual activity and block suspicious IP addresses’.
He added the company’s focus is ‘very much on customer awareness and education’.
How does the scam work?
It’s believed Sarfraz’s criminal gang has purchased a hit-list from the black market containing hundreds of UK mobile phone numbers.
However, they don’t know which belong to O2 customers.
Sarfraz begins by entering the phone numbers into O2’s website, which confirms whether the number is linked to an O2 account.
Those that do belong to an O2 account holder are passed on to a call handler. They pose as O2 staff, calling to offer a fake one-off promotional deal.
When the customer answers, a friendly man’s voice says: ‘Hi, good morning, this is Ali here, calling you from O2. First of all, how are you?
‘The reason for my call is that O2 are running a promotion and we are going to reduce your monthly bills. For six months, you’ll pay just £7 without any change, all right?’
It sounds like a great deal, but there’s a catch — in order to unlock the offer, you have to verify your account. Ali asks for the email address linked to the account.
He then says he will generate a one-time passcode that will be sent to the victim’s phone, which they must read out to confirm their identity.
But this code isn’t linked to any deal. Instead, it’s the key that will give scammers access to their target’s account.
While the scammer is on the phone, Sarfraz is busy on his computer. He enters the target’s email address into the log-in on O2’s website and clicks ‘Forgotten your sign-in details’.
This automatically sends a six-digit passcode to the account holder’s mobile phone. Once they’ve handed over this code, Sarfraz and his team can log into their account and are a step closer to taking full control.
Within seconds, Sarfraz has changed the password and email address linked to the account. He then orders several expensive mobile phones, tablets and smart watches to arrive at the victim’s home, all of which they will be billed for.
As part of the promotional deal offered by Sarfraz’s team, victims are often told they will receive a phone upgrade. However, a few days after the phone call, they receive several electronic devices — none of which matches the one they were promised over the phone.
The Lahore-based scam factory relies on the good-natured honesty of their victims. Most are quick to report the incorrect parcels to the number left by the scammers.
Victims are then given a PO box address to return the phones to – but the box is run by scammers who forward the devices onto the factory in Lahore, leaving people out of pocket. The phones are then unboxed and sold.
O2 provides 34.1 million mobile phone connections — and, as well as its regular customers, many vital services rely on its network, including more than half of the UK’s police forces, many ambulance and fire services, local councils and Network Rail.
A spokesman for the company says: ‘We’re grateful to BBC Scam Interceptors for helping to raise awareness of this highly sophisticated, organised, and international crime, which is using professional scam call centres to target innocent consumers in the UK.
‘Customers should never share a one-time code with anyone who has called them unexpectedly. We’re doing all we can to keep people safe.’
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.