No More iSpoofing! Met Shuts Down Massive Fraud Scheme

November 25, 2022
Back
iSpoof, a fraudulent website that offered a service to help criminals cheat out more than £100m from people all over the world has been shut down in an international effort led by the UK Metropolitan Police.

iSpoof, a fraudulent website that offered a service to help criminals cheat out more than £100m from people all over the world has been shut down in an international effort led by the UK Metropolitan Police (Met).

Authorities in Europe, Australia, the United States, Ukraine and Canada have shut down a website that allowed fraudsters to steal more than £100m from their victims, Europol announced.

The website called iSpoof enabled fraudsters to appear as if they were calling from banks, tax offices and other official bodies and obtain sensitive information from their victims, a fraud type known as spoofing.

The website allowed those who sign up and pay in bitcoin to anonymously make spoof calls, send recorded messages and intercept one-time passwords.

The website made 10m spoof calls between June 2021 and July 2022, and its operators earned £3.2m in one 20-month period.

Europol estimates that total losses paid by victims worldwide exceed £100m.

In early November, investigators arrested 142 users and administrators of the website across the world.

The main administrator of the website was arrested in the UK on November 6, while the website was taken offline and the server was seized by US and Ukrainian authorities on November 8.

In total, ten countries took part in the investigation, which was led by the UK with the support of Europol and Eurojust.

'Operation Elaborate'

The Met’s cyber crime unit began investigating in June 2021 and alerted the international bodies of the suspected fraud in August of the same year.

The action, called Operation Elaborate, is the largest ever proactive fraud operation in the country to date, according to the Met.

Fraudsters reached out directly to more than 200,000 people in the UK, causing them losses of around £48m. However, the Met noted that fraud is “vastly underreported” and the full amount could be “much higher”.

The average loss from those who reported being targeted is believed to be £10,000.

Fraudsters using iSpoof often posed as representatives of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, NatWest, Nationwide and TSB when targeting people in the UK.

UK investigators gathered information by infiltrating the service, collaborating with international parties and from the website server, which, according to the Met, contained “a treasure trove of information in 70m rows of data”, including bitcoin records.

It included data about the 59,000 accounts of potential criminals that used the services of the website.

The Met said investigators are focusing first on UK users and those who have spent at least £100 of bitcoin to use the site to commit potential acts of fraud.

It identified more than 70,000 numbers that have been contacted by an identified suspect via iSpoof.

Out of the 142 people arrested worldwide, more than 100 people were arrested in the UK.

“The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity,” Europol executive director Catherine De Bolle said.

“As cybercrime knows no borders, effective judicial cooperation across jurisdictions is key in bringing its perpetrators to court,” Eurojust president Ladislav Hamran added.

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Opt in to hear about webinars, events, industry and product news

Still can’t find what you’re looking for? Get in touch to speak to a member of our team, and we’ll do our best to answer.
No items found.
No items found.