The Metropolitan Police have moved against a suspected organised crime group behind a scam website, known as “iSpoof”, in what has been described as “the UK’s biggest ever fraud operation.” Scotland Yard report that more than 100 people have been arrested, with the vast majority being detained on suspicion of fraud and details of other suspects being passed on to law enforcement in Holland, Australia, France, and Ireland.
Hundreds of thousands of victims in the UK are thought to have been directly targeted through the site, which allowed scammers to pose as representatives of various banks, including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide and TSB.
At one point, almost 20 people a day were being contacted by scammers using iSpoof.
Earlier in the month, the suspected site organiser was arrested in East London. He has been remanded in custody after being charged with a range of offences.
In a process known as “Spoofing”, the website enabled criminals to impersonate tax officials, bank workers and other official bodies when attempting to defraud victims.
Criminals, appearing to call from trusted sources, would then encourage victims to hand over sensitive details, such as Bank OTPs (one-time passcodes).
The Cyber Crime Unit at Scotland Yard worked with authorities in the US and Ukraine in their investigation, which had been running since 2021.
The Cyber and Economic Crime Unit of the Metropolitan Police worked alongside colleagues from Europol, Eurojust, the US Federal Bureau of Investigation, and Dutch authorities.
The President of Eurojust, Mr Ladislav Hamran, said: “As cybercrime knows no borders, effective judicial cooperation across jurisdictions is key in bringing its perpetrators to court. Eurojust supports national authorities in their efforts to protect citizens against online and offline threats, and to help see that justice gets done.”
In twenty months, those behind the site are thought to have earned almost £3.2 million, with the average loss from those who reported being targeted being a staggering £10,000.
Commissioner Sir Mark Rowley said: “The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century.
“Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery for thousands.
“By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable victims.”
Action Fraud report losses associated with the fraud service as being around £48 million.
However, because fraud often goes unreported, it is thought that the figure could be much higher.
The Met began its investigation into iSpoof in 2021, after the site was created in December 2020 and had 59,000 accounts.
The users of iSpoof paid for their services in bitcoin, the records of which were retrieved from the website server, along with what has been described as a “treasure trove” of information consisting of 70 million rows of data.
The Met are now actively contacting more than 70,000 numbers that have been approached by an identified suspect via iSpoof, and is encouraging them to visit the Met website to report losses and learn more information.
If you think you have been a victim of fraud, the Met advise you to contact your bank immediately and report the incident to Action Fraud at actionfraud.police.uk.