British police on Thursday said their biggest anti-fraud operation to date had disrupted an international criminal network targeting hundreds of thousands of victims in millions of spam calls.
The Metropolitan Police, who led the 18-month global investigation into the iSpoof.cc website, have arrested over 100 people in recent weeks, including one of their suspected London-based administrators.
Working with Europol, the FBI and other law enforcement agencies around the world, suspects were caught in the Netherlands, Australia, France and Ireland, while servers in the Netherlands and Ukraine were shut down.
UK police believe organized crime groups are linked to the site and its tens of thousands of users, who could access software tools on it to help illegally extract funds from victims’ bank accounts and commit other scams.
Met Commissioner Mark Rowley said the investigation signals “a different approach” for criminals exploiting technology.
“This is about starting from the organized criminals who are actually driving and creating the fraud that we see in the world around us,” he told reporters.
– Industrialized Fraud –
London police – the largest in the UK – said suspects paid to access the site and made more than 10 million fraudulent calls worldwide in the year to August.
Around 40 percent were in the United States, while more than a third were in the UK, targeting 200,000 potential victims there alone.
Fraud detection agencies have so far recorded £48m ($58m) in losses in the UK alone, with the largest single theft being £3m and an average of £10,000.
“Because fraud is so underreported, the total is believed to be much higher,” the Met said.
Those behind the site made almost £3.2million from it, the force added.
Only around 5,000 British victims have been identified so far.
However, the Met’s investigation has revealed the phone numbers of more than 70,000 potential victims who have yet to be contacted.
The force will attempt to reach them over the next two days by sending text messages directing those contacted to their website where details can be securely logged.
“What we’re doing here is trying to industrialize our response to the industrialization of the problem by organized crime,” Rowley added.
– ‘Operation Elaborate’ –
The iSpoof website – described as an “international one-stop spoofing shop” – was created in December 2020 and, according to the Met, had 59,000 users paying between £150 and £5,000 for its services.
It gave subscribers who could pay in bitcoin access to so-called spoofing tools that made their phone numbers appear as if they were calling from banks, tax offices, and other official bodies.
Some of the UK’s largest consumer banks – including Barclays, HSBC, Santander, Lloyds, Halifax – have been the most frequently impersonated.
In combination with the customers’ bank and login details, obtained illegally elsewhere on the Internet, the criminals were then able to scam their victims.
“They worried about (about) fraudulent activity in their bank accounts and deceived them,” said Detective Superintendent Helen Rance, the Met’s cybercrime director.
She noted that people contacted would typically be instructed to share six-digit banking passwords, which could be used to empty their accounts.
The Met launched “Operation Elaborate” in June 2021 in collaboration with the Dutch police, who had already launched their own investigation after an iSpoof server was stationed there.
Another server operated in Kyiv was shut down in September, while the website was permanently deactivated on November 8th.
The previous day the Met had charged Teejai Fletcher, 34, of east London, with fraud and organized crime gangs.
He remains in custody and will next appear in a London court on December 6.
“It’s fair to say he lived a lavish lifestyle,” Rance said, noting that the investigation was still ongoing.
“Instead of just shutting down the site and arresting the admin, we went after iSpoof’s users,” she added.
Two other suspected administrators outside the UK remain at large, the Met noted.