Former C.A. Cloud Attribution Executives Plead Guilty for Aiding Microsoft Tech Support Scammers
Two former executives of a call tracking company admitted to selling phone infrastructure to Indian tech support scammers impersonating Microsoft and Apple.
Two former executives of C.A. Cloud Attribution Ltd. pleaded guilty last week to knowingly selling phone numbers and call infrastructure to tech support scammers in India who impersonated Microsoft and Apple. Adam Young, the former CEO, and Harrison Gevirtz, the former CSO, admitted to misprision of a felony—concealing knowledge of a crime—after a multi-year investigation by the Department of Justice. The pair operated from the United States but registered their company in Cyprus, funneling call-routing services to fraudsters from 2017 through April 2022.
The scheme followed a now-familiar script: fake virus pop-ups appeared on victims’ screens, displaying a toll-free number to call for “Microsoft” or “Apple” support. When victims called, the Indian-based scammers charged hundreds of dollars for fictitious repairs. In many cases, the fraudsters used remote-access tools to steal personal financial information directly. Young and Gevirtz didn’t just supply the phone numbers—they coached their clients on evading detection, advising them to rotate through large pools of numbers so complaints wouldn’t trigger any single account’s termination.
Prosecutors revealed that Young and Gevirtz even instructed their own sales staff to pursue businesses they knew were fraudulent and occasionally brokered introductions so different scam operations could buy and sell calls between each other. To compound their involvement, the pair ran a scam call center of their own in Tunisia from 2016 to 2022, where some employees allegedly carried out fake tech support scams themselves, according to court documents.
The DOJ charged the two executives with misprision of a felony, which carries a maximum sentence of three years in federal prison and a $250,000 fine. The charge fell short of wire fraud conspiracy, which could have brought up to 20 years in prison. Sentencing is scheduled for June 16, 2026, in Boston federal court. FBI Boston Special Agent in Charge Ted E. Docks said: “By their own admission, they willfully profited from telemarketing and tech support scammers, here and abroad, who preyed on the elderly, exploited the vulnerable, and drained victims of their life savings.”
The case highlights the overlooked role of infrastructure providers in fueling tech support fraud. C.A. Cloud Attribution is not the first back-end enabler to face consequences. In 2023, the Federal Trade Commission went after payment processor Nexway, alleging strong dependence on premium tech support fraud clients. That case ended with a $650,000 penalty after Visa had already placed Nexway into its Chargeback Monitoring Program. The disparity in penalties—three years in federal prison versus a reduced fine—raises questions about deterrence for companies tempted to look the other way.
The scam itself relies on loud fake pop-ups, often with sirens and fake blue-screen warnings, but the supply chain underneath it is corporate and quiet. Young and Gevirtz deliberately avoided having their company’s name appear on the pop-up alerts, according to court documents, to keep C.A. Cloud Attribution visible only to their fraudulent customers. With sentencing approaching, the case serves as a reminder that infrastructure providers who enable cyber fraud face real consequences—even if the maximum penalties seem disproportionately small compared to the scale of harm inflicted on victims worldwide.