An international one-stop spoofing website has been taken down in the UK’s biggest ever fraud operation.
The Metropolitan Police has said it is sending 70,000 text messages to suspected victims of the sophisticated banking con. It believes spoke with fraudsters pretending to be their bank.
More than 200,000 potential victims in the UK alone were directly targeted through the scam website named iSpoof. At one point, almost 20 people per minute were being contacted by fraudsters hiding behind fake identities via the iSpoof site.
The criminals pretended to be representatives of major banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide and TSB. iSpoof enabled criminals to look like they were calling from banks, HMRC and other official bodies attempting to defraud people.
In the UK, police arrested more than 100 people, the vast majority on suspicion of fraud.
Scotland Yard’s Cyber Crime Unit worked together with international law enforcement, including the FBI in USA and Ukraine authorities, in order to dismantle the website servers this week. Become a crucial phase in a world-wide operation.
The Met’s Cyber and Economic Crime Units co-coordinated the operation with the National Crime Agency, Europol, Eurojust, the Dutch authorities and the FBI.
It is believed that Victims have lost tens of millions of pounds, whilst those who run the site earned almost £3.2 million in 20 months.
iSpoof allowed users, who paid for the service in Bitcoin, to disguise their phone number so it appeared they were calling from a trusted source. This process is known as ‘spoofing’.
Detective Superintendent Helen Rance, who leads on cyber crime for the Met, said: “By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims.
“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.”
Commissioner Sir Mark Rowley said: “The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century.
“Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery for thousands.
“By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable victims.”
Criminals attempt to trick people into handing over money or providing sensitive information such as one time pass codes to bank accounts.
The average loss from those who reported being targeted is believed to be £10,000.
In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK.
Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals.
Losses reported to Action Fraud as a result of the calls and texts via iSpoof is around £48 million. Because fraud is vastly underreported, the full amount is believed to be much higher.
The Met, which has also worked closely with the Cyber Defence Alliance and UK Finance, is asking anyone who believes they were contacted as part of a scam where a number was spoofed to report this online via Action Fraud.
The Met’s Cyber Crime Unit began investigating iSpoof in June 2021 under the name of Operation Elaborate. It was created in December 2020 and had 59,000 user accounts. Bitcoin records were also traced.
The website server contained a treasure trove of 59,000 potential suspects is so large, investigators are focusing first on UK users and those who have spent at least £100 of Bitcoin to use the site.