Tech Support Scams - Scammer Jailed for Debit Card Fraud

Show Notes

Fake Tech Support scams cost their victims billions every year.  This week on Scams, Hacks and Frauds we look into these scams, we'll tell you just how they trick you into thinking there really are problems with your computer.. But we wont stop there.  We'll tell you the story of Fraudster Michael Cotter, who ran these tech support scams, and how he used fraudulent debit card transctions to keep his scam in business.  We'll then tell you how you can keep yourself safe from these scams.

Tech support scams typically target the elderly, and people unfamiliar with computers.  If you know someone who's not that tech savvy, please share this episode with them to help protect them from these scams.

We publish new content every other Monday. The  10 minutes our episodes may save your wallet, and help protect your family.

If you like shows like "The Perfect Scam" or "Darknet Diaries" then this show might be for you.  

On our website you’ll find more computer hacking, identity fraud, impersonation, consumer rights and Romance Scams.  To find these and to access our transcripts, visit us at www.scamshacksandfrauds.com.

The transcript and spoken audio are available under the Creative Commons, Share Alike, With Attributions license. For more information on this visit creativecommons.org.  

Chapters

• 0:00: Intro
• 0:39: What is a Tech Support Scam?
• 4:12: How do Scammers take credit card payments? What is a chargeback?
• 6:19: David Cotter's Scam: Debit Card Fraud keeps the scam going
• 9:15: So how can we keep safe from Tech Support scams?

Transcript

This week, we’re pulling back the covers on Tech Support Scams. You’ll learn how they fool you, how they’ve been able to fool the financial system to stay in business, as well as learn how to stay safe from these scams on the podcast that keeps your family safe from scams, hacks, and Frauds.

—

Before we start. Tech support scams commonly target the elderly and others who don’t know much about computers, so if you have someone in your life you love who doesn’t know much about computers, please send a link to this show their way, so we can help protect them too.

Today’s scam story is the story of Michael Cotter, who was the director or managing director of about half a dozen companies, including Global Digital Concerge, NE Labs, Kevisoft, and Sensei Ventures, and they together were operating a multi national tech support scam operation, although they had some operations in the US, UK and Singapore, the bulk of the scamming took place in India, in Scam call centres.  Although it may seem India is synonymous with Tech Support Scams, similar operations do exist in other countries.

If you’ve never come across one of these tech support scams, they typically start with a pop up window appearing on your screen saying something like this:

“Your Windows Computer is infected with Viruses. Your Device is infected with 4 Viruses.  The Pre-Scan found possivle traces of (3) Malware and 1 Phishing/Spyware.  Your system is at risk of irreversable damage - Immediate removal advised.

Scanning and Cleaning is advised to prevent further system damage, loss of personal data, photos and passwords.  Traces of 1 Phishing/Spyware has been found on your computer.  Personal and banking information may be at risk

This will be on a page that is designed to mimic the site of a reliable brand - The one we read comes from Microsoft, but we do have testemony from one of Michael’s victims, where the alert claimed to be from Apple.  That one told the victim to call “Apple Protection Plan” and helpfully provided their phone number.  

The Call Centre Scammer who answered asked for $250 for “Lifetime Service” and a solution to their problem, and remote access to their computer.  If you’re not convinced they often try to weaponse unfamiliarity with computers by having you open up the computer’s task manager to highlight processes which are completly normal, but they will say are dangerous - and as their victims and even average users are unfamiliar with what these are and their names are - they accept what they’re told.

On other occasions, scammers will use the command line (or prompt), most modern users are completely unfamiliar with this, but it's a text-based way of interacting with the computer that predates graphical ways like Windows.  In that they’ll run commands that users of a certain age recognise as very basic commands that do things like show what folders your computer has, and try to tell you that this is a sign of viruses being on your computer.

The victim in our story gave remote access to their computer, and from there, they installed at least two programmes claiming to be Malware cleaners -  “Mac Adware Cleaner” and “Advanced Mac Cleaner” - must be a big problem if they’re bringing out the advanced tools… But neither of the tools worked, and later scanners detected these as being adware, creating the problem they’re supposed to be solving.

And just to point out there, yes, the user was using a Mac.  Although Apple Macs do tend to have less exposure to viruses and malware, they’re not immune from these threats.

But not to worry, there’s a money-back guarantee.  So the victim submitted their information to the site asking for a refund, which was, of course, refused, and was instead hit with demands to let the scammers back into their computer to resolve the issue.

Now remember how that $250 was supposedly for Lifetime service?  No, that's not true.  This victim was charged another $38 for the software, and a recurring charge of $9.99 per month.  So even if they are doing what they promised, which they’re not, they’re still a scam operation.

Before we go on, I want to talk a bit about how debit and credit cards work.  You’re probably familiar with names like Visa and Mastercard, which are the big two in this field, and you probably have a few cards with their logo on them.

You can think of the card companies as being like the filling in the middle of a sandwich, on one side is your bank or card issuer, and on the other side is a payment processor, and for a scam that relies on taking money through credit and debit cards, these payment processors are a weak link, as losing these payment processors can see you shut down, and if they shut you down, you’re shut down until you can replace the payment processor.

And that was happening in this scam, in one month in 2015, no less than 5 different card processors had told Michael Cotter and his co-conspirators, thanks but no thanks.

Now you might be thinking that this is a principled decision on the card processor's part, like they’d discovered the scam or something, it was nothing so noble.  With Credit Cards, if you have a problem with a purchase or have been scammed, you can often, depending on the laws where you are, of course, get your money back or reverse the transaction.  This is called a Chargeback.

When a business gets a lot of these chargebacks, then the card processors get upset because it starts to cost them money, so they start charging penalties and eventually can cut a business off - and it only takes around 3% of your transactions to be charged back for this to start happening, so businesses taking card payments have a strong incentive to do the right thing, or their card processor will put them out of business.

Obviously, scam call centres see chargeback rates much higher than this once their victims catch on, but you’d be surprised by how low, relatively speaking, it is.  In some months, these scammers were getting chargeback rates of over 6% and that was the high water mark.  Enough to annoy the card processors, but thats still means 94% of their victims either didn’t know they were victims of fraud, didn’t contact their bank, or their bank got in the way of the chargeback claim.

So how on earth do you keep your chargebacks so low that the card processor doesn’t cut you off, whilst running a scam?  Michael came up with a plan to bury their fraud in a pile of transactions they knew would not be charged back.

Michael started visiting stores and started picking up some cards of his own… Prepaid Debit cards.  Now, if you’ve not encountered prepaid debit cards before, they work just like gift cards in that you load them up with money, and can then spend the money, but unlike a gift card you’re not just locked into one store to spend it in, you can spend it almost anywhere cards are normally accepted.

Michael Cotter and his fellow scammers bought a lot of these gift cards, and I don’t mean a couple of dozen.  At one retailer, they bought 100 gift cards, putting an average of $21 on each card.  At another retailer, they bought 500 of these cards, each with $13.95 on them.  Those 500 cards were used to create an additional 3,000 transactions, so about $2.35 per transaction… And these aren’t everything.  Michael Cotter purchased over $2.4 Million Dollars in cards, but it was worth it, financially at least, as the scam brought in about $13 Million dollars over 4 years.

Now, to be clear, what Michael was doing is still fraud; they’re still obtaining a financial benefit - use of the card processor system - through deception - the prepaid card transactions - even though he’s legitimately buying and paying for the prepaid debit cards.  Well, as legitimate as you can when you’re using fraudulently obtained money to pay for them… and he wasn’t using his own information to get the cards or when processing the cards, he was using the personal information of his victims to try to make these charges look real.

Eventually, Michael’s scam came to Microsoft's attention.  As we mentioned before Microsoft’s name is used in a lot of these scams, so they do look out for them and try to shut them down.  They in turn reached out to the US Justice Department’s Elder Fraud Strike Force, which includes the FBI and the US Postal Inspection Service who, you might not realise this, are very good at investigating fraud - they’re not just about postage stamps - and it was the Postal Service who took the lead here, tracking down Michael through the payment processors he’d been using.  India’s central bureau of Investigation were also involved in what has been described as an unprecedented Investigation that included searching the company’s indian offices and even homes of its employees.

On 9 April 2026, Michael Cotter, aged 64, was sentenced to 28 months in prison and was ordered to hand over assets to try to compensate his victims.  Not exactly how he intended to start his retirement I’m sure.

—

So so the most important thing I’m going to tell you about avoiding this scam is to talk about what happens if unusual activitiy is detected from your computer.

Microsoft, Google, Apple, they’re not scanning your computer from their website, or any other random website.  They’re not going to push an alert to your computer to tell you that there’s a problem like that.  If you get a message like that, just close it and move on.

But, to tell you a little of my back story, once upon a time I used to work for some telecommunications companies, and on occasion - and I must stress this was very rare, we would see some unusual activity coming from a customer that did require us to take some action - we’re talking about insane levels of usage that don’t match up to how regular users use the internet.

What we absolutely did not do was send an alert to their computer.  We temporarily suspended their internet service.  The customer would then call us on the regular customer service number, and we’d tell them what the problem was and what we’d need them to do before we could unlock the service again.

Now, to be clear, it's only your internet company that can do this.  If you’re looking at a message from Microsoft, Google, Apple or anyone else, they can’t do this.  But if you are looking at a message from your internet company saying your internet has been suspended it could be real, but you should still be wary.

Close the window with the message and try to access another website.  If it works, the message was almost certainly fake.  If you can’t close it, restart your computer, hold down the power button if you have to, and start it back up, and try again.  If you have another device on the same network, like your phone on your home wifi, try that. If it works, the message is probably fake… And if all of that doesn’t work, call your internet company at a known-good phone number, like one from your bill, and check with them.

And yes, you should have a good antivirus product on your computer - even if it is a Mac.  This is a field that changes regularly, so I won’t recommend a specific product.  What I will say is check reviews on a good news techology site, Cnet, PCMag and TechRadar are sites that keep regular rankings of what products are out there so you can find the right one for you - and that way you know you’re looking at a real anti virus product, and not something thats just going to hack you.

Thanks for Joining us on Scams, Hacks and Frauds.  In our next episode we’re going to look at how scamming works on a truly industrial scale, with scam call centres popping up all over the world, particularly in South East Asia, full of kidnapping victims forced to work for the scammers.  We’ll tell you two stories of Hope, and talk to Cybersecurity Expert Robert Siciliano who has talked to the victims of these centres about the full scale of these centres and why governments have failed to act.  Subscribe so we’ll see you then.