Security Experts:

Connect with us

Hi, what are you looking for?



Two Indicted in $10 Million Tech Support Fraud Scheme

The United States Department of Justice this week announced the arrest of two individuals charged for participating in a long-term tech support fraud scheme.

The United States Department of Justice this week announced the arrest of two individuals charged for participating in a long-term tech support fraud scheme.

The two, Romana Leyva and Ariful Haque, exploited elderly victims for years by remotely accessing their computers and tricking them into paying for computer support services they did not need. Not only that, but the conspirators never provided their victims with the promised services.

Overall, the schemers were able to defraud at least approximately 7,500 victims of more than $10 million.

The indictment (PDF) that was unsealed in Manhattan federal court alleges that, between March 2015 and December 2018, Leyva and Haque were members of a criminal fraud ring based in the United States and India, and which targeted victims in the United States and Canada.

The schemers mainly focused on tricking victims into believing their computers were infected with malware, and then deceiving them into paying hundreds or thousands of dollars for phony computer repair services.

As part of the scheme, the fraudsters caused pop-up windows to appear on victims’ computers. The windows falsely claimed that the computers were infected, instructing victims to call a particular telephone number for technical support. In some cases, they would also threaten victims that the system could be damaged if restarted or shut down.

In some instances, the pop-up windows would also include the corporate logo of a well-known, legitimate technology company. The phone numbers the victims were directed to, however, were not associated with the company.

The purported technician remotely accessed the victim’s computer and ran an anti-virus tool that is freely available on the Internet. They would also ask the victims to pay several hundred or thousand dollars, depending on the precise “service” victims were supposedly purchasing.

Leyva, 35, of Las Vegas, Nevada, was in charge with creating fraudulent corporate entities to receive fraud proceeds from victims, recruiting others to register such entities, and assisting others in setting up fraudulent entities and bank accounts.

Haque, 33, of Bellerose, New York, registered such a fraudulent corporate entity that was then used to receive fraud proceeds from victims, provided guidance to a co-conspirator who registered a different entity part of the scheme, and deposited fraud proceeds into accounts associated with that entity.

Leyva and Haque are each charged with one count of wire fraud and one count of conspiracy to commit wire fraud. Each of these charges carries a maximum sentence of 20 years in prison.

Related: Owners of Fake Tech Company Plead Guilty to Fraud Charges

Related: Tech Support Scammers Fined in US, Jailed in UK

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.