Guilty Pleas from Executives of Cloud Attribution Uncover Telecoms Fraud Scheme
In a notable judicial development, two senior executives from C.A. Cloud Attribution, a call tracking company registered in Cyprus, have pled guilty to their roles in facilitating a telecom fraud scheme that targeted unsuspecting victims with false tech support claims. This case highlights the risks posed by legitimate-looking business services in enabling extensive fraud operations.
Adam Young, the firm’s former CEO, and Harrison Gevirtz, its ex-Chief Security Officer, admitted to knowingly providing vital telecommunications infrastructure to tech support scammers. Their activities spanned from early 2017 until April 2022, wherein they sold phone numbers, call-recording services, and call-forwarding capabilities to operations based in India that engaged in deceptive technical support practices.
Prosecutors from the Department of Justice have detailed the mechanics of these scams, typically initiated by victims encountering false pop-up warnings on their computers, alerting them to infections. Frightened, victims would dial the numbers displayed in these alerts, only to find themselves speaking to fraudsters impersonating technicians from reputable companies like Microsoft and Apple. These scammers demanded hefty sums, often several hundred dollars, for fabricated repairs. Furthermore, in numerous instances, they gained unauthorized remote access to victims’ computers, allowing them to steal sensitive financial information.
The executives’ involvement in this type of criminal enterprise was not merely passive; they actively engaged in coaching their clients on operational security procedures. Court documents reveal that Young and Gevirtz advised their clients to rotate through extensive pools of phone numbers, a strategy designed specifically to minimize complaints against any single number and avert the risk of termination due to customer feedback.
The executives also took proactive measures, encouraging their sales team to pursue fraudulent businesses knowingly and even facilitating connections between different fraud operations to trade calls among them. This extensive network of complicity made their actions particularly egregious. Furthermore, from 2016 to April 2022, they operated their own call center in Tunisia, allegedly conducting their scams directly from there.
To maintain a façade of legitimacy and keep a low profile, Young and Gevirtz strategically omitted their company details from the pop-up alerts sent to victims, thus obscuring their role in the fraud operation while still profiting from their robust infrastructure.
Both executives pled guilty to misprision of a felony, a charge pertaining to concealing knowledge of a crime, which comes with a potential maximum sentence of three years in federal prison and a fine of $250,000. Interestingly, prosecutors chose not to pursue wire fraud conspiracy charges, which could have resulted in sentences of up to 20 years.
This case follows regulatory scrutiny earlier in 2023 when the Federal Trade Commission intervened against a payment processing company, Nexway, which paid $650,000 after being found to have processed payments for tech support scammers, accounting for approximately a quarter of its revenue. Such actions indicate a growing awareness and response to the vulnerabilities in the telecommunications landscape exploited by fraudsters.
FBI Boston Special Agent Ted E. Docks expressed a firm stance on the severity of the executives’ actions, characterizing them as willfully profiting from schemes that exploited the elderly and vulnerable populations, draining them of their life savings. The relatively lenient potential sentences related to their misprision pleas pose thoughtful questions regarding the deterrents necessary to prevent future incidents involving infrastructure providers who might be tempted by fraudulent profits.
As sentencing for both Young and Gevirtz is scheduled for June 16, 2026, security experts continue to alert the public to remain vigilant when approached with unsolicited technical support requests. Users are urged to independently verify such requests before disclosing any personal information or payment methods. This case serves as a stark reminder of the pervasive threats that exist in the realm of telecommunications and the dire consequences of enabling such fraudulent schemes.