Case study: are traditional financial fraud schemes applicable to the Indian IT educational market?

05/11/2009 Written by Roberto Preatoni

Today we indulge ourself in a pure hypothethical activity by analyzing whether it would be possible to apply traditional financial fraud schemes to India's educational market. We agree, it might look a mere academic work but later on we might find out that it makes much more sense that what we originally thought.

1910 police mugshot of Charles Ponzi

First of all, let's define what a Ponzi scheme is:
A Ponzi scheme is a fraudulent investment operation that pays returns to separate investors from their own money or money paid by subsequent investors, rather than from any actual profit earned. The Ponzi scheme usually entices new investors by offering return other investments cannot guarantee, in the form of short-term returns that are either abnormally high or unusually consistent. The perpetuation of the returns that a Ponzi scheme advertises and pays requires an ever-increasing flow of money from investors to keep the scheme going.

click on the news title to read more...

Needless to say, the Ponzi scheme, together with the pyramid scheme is at the base of most of the financial frauds as for example the recent one that gained the definition of the biggest financial scam in Wall Street thanks to Bernard Madoff.

For the sake of the Indian IT Security industry and of course with a purely speculative approach, we will try to understand how a fraudster could apply a Ponzi scheme to India's educational market. The question that immediately arises is: "why are we using India for our academic research?". The answer is given by the implicit nature of Multi-Level-Marketing of a Ponzi scheme. The only difference between a Ponzi scheme and a Multi-Level_Marketing scheme is that in the former it is not provided any form of compensation for the participants for attracting new participants (victims). India is not among those countries who banned Multi-Level-Market or derived schemes so it's perfect for our speculative work.

The second question arising is: "How can a Ponzi scheme be applied to the Indian educational market?". In order to answer to this question we have to speculate on an hypothethical security-company offering hypothetical educational services, located in an unexistent Indian city: Cyberabad.

RECIPE FOR A PERFECT CON IN THE IT SECURITY EDUCATIONAL FIELD

- A COUNTRY BIG ENOUGH: India is perfect, with an *estimated* population of 1,2 Billions, there is a market big enough to organize a successful fraud scheme

- A CITY BIG ENOUGH AND WITH IT INFRASTRUCURES: We imagine the hypothethical city of Cyberabad as a city with 4 Millions inhabitants. Cyberabad is a strategic city for the success of the Ponzi scheme as it is the cyber-heart of the country, with a lot of IT successful companies and startup and a strong demand of professional skills. Youngsters might be dreaming to come and live to Cyberabad and find the way to make up a good living out of a good job.

- A COUNTRY WERE MOST YOUNGSTERS ARE COMING FROM MIDDLE/LOW-CLASS FAMILIES, EAGER TO APPLY EVEN FOR A LOAN TO END UP WITH THE POSSIBILITY TO FIND A GOOD JOB AS A SECURITY EXPERT: India is perfect. The upcoming middle-class is large enough to supply prospect students. Students might get access to loans to finance the job-oriented course, families might feel obliged to take such risk if it would be useful to give their sons a good job opportunity. On the other way, the market might be large enough to convince them that is a good investment.

- BUILDING A STRONG INTERNATIONAL IMAGE: the hipothethical IT security company might start to try to tie up with important names and brands in the international hackers/security panorama. The manager of such company might pursue the ethically questionable practice to get portraied on pictures nearby public and well-known faces. Such pictures might be posted on the hipothethical company's website in order to convince people of its solid background. False certificates portraiting a strong technical background might be hanged on the hipothethical company manager's office wall. Billboards portraiting unaware well-known international professionals might be placed around Cyberabad, offering long term educational plans after which a very high return job position might be guaranteed. The website of the hypothethical IT security company might report strong international brands logos without their knowledge. In the technical area of the website there might be published some articles and whitepapers which might be a mere cut and paste of original material done by others, without their knowledge or consent and without reporting the credits.

- A POWERFUL GRIP ON SOME OF THE INDIAN MEDIAS: the manager of the hypothethical IT security company might exploit his personal relatioship with some journalists, pushing them to produce articles to boost his corporate image. From time to time the practice of bribing some of the journalists might be adopted. This might be needed to have those journalists keeping writing about new partnerships between the hypothethical IT security company and international brands, without raising the question why the previous partneships boasted with old articles, ended up in nothing in the best case or in a war in most cases.

- PRACTICING FORUM SPAMMING AT THE HIGHEST LEVEL: the manager of the hypothethical IT security company might assign from time to time to some of his faithful employees, such a secretary for example, the task to browse the Internet, looking for all the student's forum, promoting the company's courses, lessons, seminars by impersonating fake students and by leaving bogus positive comments. Some of those comments might be so blatantly faked that they might be just a copy&paste from other forum's comments.

- KEEPING A FIRM HAND ON THE WALLET: it might happen that the manager of the hypothethical IT security company might use the company's money to bribe people rather than paying the employees. This might end in creating a big employees turnover problem for the hypothethical IT security company. Delaying or not paying the international professionals and companies previously lured into signing a partnership might help to reduce the hypothethical IT security company's costs and keep the manager's living standard high.

- APPLYING THE PONZI SCHEME BY TOPPING THE COURSE PRICE WITH A JOB OFFER: now that the hipothethical IT security company has somewhat built a reputation, disseminated the press with self-referencing articles, spammed the online forums with bogus comments, lured targeted students into getting information about the offered courses, it's time to get the Ponzi's scheme up and running. The math behind the Ponzi's scheme behind this particular fraud is very symple.

Let's start by stating that the hypothethical IT security company might try to thicken the bait to lure students in by announcing that after a 6 month course they will be offered a guaranteed job. Plus, that course will be backed up by famous international IT security brand and faculties whose names and logos are kept shown onto the hypothethical IT security company's website. Let's put down some hyphothethical figures, just for the benefit of the calculus.

300,000 indian rupees will be the cost of the 6 months course

35,000 rupees will be the guaranteed monthly income that the students are promised to get with the job position offered by the hypothethical IT security company at the completion of the 6 months course.

The Indian targeted students, who are worldwide known to be good in mathematic, will immediately do the math:

300,000 / 35,000 = 8,571 which means that in ONLY eight and a half months of the promised salary they will recover the entire cost of the educational plan offered by the hypothethical IT security company. It is such a good educational investment proposal that even the most world's authoritative and renowned schools cannot beat. It's definitely the case to ask to their family to go to the bank and take a loan to secure their professional carreer. After all, where is the risk if in only 8,5 months they will be capable to repay it?

So they enroll to the course. Which might happen to start a few weeks later than the scheduled time due, for example, of lack of faculties.

Before getting "accepeted" by the hypothethical IT security company into the class, they might be asked to resign from their previous jobs, like to show them that this is a serious educational/job proposal. Many of them might accept this risk and might resign from their current job. Hey, after all they are going to get the chance they and their families have been waiting for all their lifes.

After the prolongued delay in the scheduled beginning of the course, once in the classroom the students might discover crappy IT infrastructure, absence of proper teaching material, no international faculties at all, always the same local teacher's face, outdated course tracks made by cut&paste from old and stolen seminars. At the end of the course they will be offered a "Cybersquad Team Member" certificate printed with the office's HP laserjet 100 printer on the cheapest paper ever and some merchandise (such t-shirts) the hypothethical IT security company's manager skimmed from somebody's else seminars. But at this time it's too late to complain, they paid the money, they convinced their families to take loans, eventually they left their jobs.

Real figures might be higher but let's put down an ipothetical round figure of 10 students attending the 6 months course, twice per year, totaling 20 students, just for the sake of the easy math.

300,000 * 20 = 6,000,000 rupiees cashed by the hypothethical IT security company in a year, just from that course track. Always for the easyness of the math, let's stay focused only on that course track.

But then it comes the time to fullfill the promises and the hypothethical IT security company has now to provide the "guaranteed job". But not to all the students, because 3 out of the 10 left the course before the end, as they understood it was a pure scam, leading to nothing.

None of the 7 students are offered a job in a serious company because no serious company is keen to accept the hypothethical IT security company's students. So the manager of the hypothethical IT security company has no other chance left than offering them an "internal job" position.

But not for the promised 35,000 rupees/month. No Sir, it's crisis time now, you must accept from 5,000 to 10,000 rupees/month at the best. And you will probably get that money only at the first month, having the next months payments possibly delayed/unpaid. What kind of job all those new "cybersquad team members" will be doing all day long in the hypothethical IT security company's offices? Nothing. Browsing the Internet, chatting with friends as the hypothethical IT security company has no capability to attract real customers for serious jobs.

Then, after a few months, the hypothethical IT security company will find a silly excuse to fire those freshly hired "cybersquad team members" like abusing of the company's network or unwillingly unplug a router patch causing a 15 seconds downtime or forcing them to leave with strong mobbing actions.

Once again, let's do the math:

6,000,000 -     rupees cashed by the company

   282,000=     rupees paid for the six months course to the local faculty

5,718,000-      total net profit before the cost of the guaranteed job

   280,000=     4 months of guaranteed job before being fired * 7 "cybersquad team members" at 10,000 rupees/month  (sometimes 5,000)

5,438,000       net profit after the scam and before the general costs

Not bad for such a simple Ponzi's scheme. Why is this scheme matching the typical Ponzi's scheme charachteristics? Because in the typical Ponzi's scheme the victim provides the money upfront and then later on a small part of that money will be used to pay them back some interests or presumed gains.

In this case the students provide money upfront to pay the course and then later on part of this money is then given back in a form of promised salary but only for a few months. Most of it will be ending up in making the hypothethical IT security company's manager happy.

This is the end of our academical and speculative research, we hope Indian authorities might find it useful to avoid that such *iphothethical* application of the Ponzi scheme might sooner or later happen for real.

Because so far, this scheme has been applied only by the hypothethical IT security company located in the hipothethical city of Cyberabad.

uhmm... maybe not. Perhaps in the future we will do some serious scouting to see if some real IT security company applied such Ponzi's scheme against students coming from families now bankrupted by the loan they asked to pay them the tuition fees.

admin@zone-h.org