At the end of August 2025, The US Attorney’s office in San Diego announced four indictments against members of a Chinese organized crime ring that stole at least $65 million from thousands of older Americans. The case was notable because the US Attorney credited two YouTube channels with the leads that led to 25 arrests so far in California, New York, Texas, and Michigan.
When we see 25 Chinese arrests, it might be tempting to think this is all Chinese Organized Crime, but those who actually watch the videos will realize that’s not the case. The referenced videos are from late 2020 and early 2021 and each started with Scammer Payback (Pierogi) responding to a refund scam.
Indian Call Center operators refer to this type of “lead generation” as “email blasting” and we have tens of thousands of example posts from Facebook groups offering the “service” of sending bogus Microsoft Defender emails, claiming that the victim’s credit card is being charged and offering a telephone number to dispute the charge. The ads for this service in Tech Support Facebook groups have been constant for years, including ads as recently as this week:
A typical “Microsoft Defender Refund” from this time period looked like this:
We’ve called dozens of these numbers and they all follow a similar script, they convince the caller to allow remote control to their computer to assist them with the “refund.” We often feed a Virtual Machine to the scammers and use it to help us understand what remote control tool they are using and where it is hosted. But Scammer Payback goes quite a bit further!
When Pierogi received the numbers from a similar call center scam, he called the number. His video makes clear that the scammers he was communicating with were speaking Hindi to one another. He not only lets the remote control happen, but he helpfully has a bank account open. The scammers see the millions of dollars available and can’t help themselves. He is a juicy target!
 |
| Scammer Payback: https://www.youtube.com/watch?v=hrLZbc-Rfbo |
The scammers have Pierogi type in his own refund amount – but they alter it to make it appear that he typed too many digits resulting in a much larger than intended refund. Then they demand that he withdraw the difference in cash and ship it back to “them.”
Being a very compliant victim, Scammer Payback agrees immediately, taking down the address and agreeing to send the package of cash “overnight delivery.” At this point, Pierogi engages the Trilogy media team. Trilogy agrees to take their camera crew to the pick up site to find out who is on the other end of the package.
 |
| Trilogy Media: https://www.youtube.com/watch?v=in_Y5q_-F2Y |
But in three out of three cases where Pierogi uses Trilogy to deliver a cash package, the package is being sent to a young Chinese person who is at an Air BNB that has been rented for a very short time period.
Jianjie Liu did cash pickups for a wide variety of scams, including Grandparent scams, Inheritance scams, and Government Grant Scams. She was actually arrested in a case involving Walmart Gift Cards that led to the discovery of 718 Gift Cards in her vehicle. In one case almost exactly like those above, Liu was sent a $20,000 Cashier’s check after someone processing a $555 refund was accidentally refunded $20,555 and had to send the difference back to the scammers. The check was made payable to a shell company in Georgia controlled by Liu.
Where do these Chinese agents doing the cash, check, and gift card payment come from? Recently it is one of the most popular “Crime As A Service” offerings from the various Chinese Guarantee Syndicates. Each of the Guarantee Syndicates has a menu of vendors who have made a large deposit in USDT in order to have the right to sell their services there. This category is usually called some variation of “Collection Services.”
The “Buy and Sell” channel for Potato currently has 130,000 subscribers, while one of their primary channels has 209,000 subscribers. Category 2 on their vendor menu is “Collection Services” which currently has 656 vendors who have paid deposits between 15,000 USDT and 259,000 USDT to have their services recommended and advertised by the new Guarantee Syndicate. These are the teams that are offering cash pickup services across the United States.
 |
| (findings from non-profit Intelligence for Good) |
Many other Guarantee Syndicates have dozens to hundreds of similar vendors in their respective Collection Services vendor category. Here is a typical ad, boasting of the cities where the vendor maintains teams of workers, ready to pick up packages:
Several “Red Flags” are shared as advice to Financial Institutions to help them recognize CMLO behaviors that should be reported via Suspicious Activity Reports:
