The largest phone scam to ever happen in the UK, which included calling almost 70,000 people, has now been stopped by the police. Malicious actors contacted unsuspecting victims while posing as banks and other financial institutions, stealing tens of millions of pounds.
The police labelled the website “ispoof.cc” as a fraud site, and British police officers took part in a global effort to take it down. Together with Dutch police authorities, they were able to secretly tap the website’s Dutch servers and intercept phone calls.
On November 24, 2022, a text message alert from the Met police requesting contact information was sent to all UK numbers phoned by criminals who exploited the website. Criminals learned about the website via advertisements posted on Telegram channels and used it to buy equipment that allowed them to hide their phone number.
The trick made the criminals appear to be phoning from the bank. Prior to withdrawing money from the victim’s account, the scammers would ask for their password.
Phone Scam Targeted Victims Globally
The average amount among the 4,785 victims who reported the scam to the UK’s Action Fraud by phone was $10,000. Police claim that up to £48 million has been stolen. Scammers were calling twenty people per minute at one time.
Around 200,000 people worldwide are thought to be victims, with a huge portion of the calls coming from the US and the UK. Forty percent of the ten million fake calls were made in the United States, 35% in the United Kingdom, and the rest were made in other countries.
Through iSpoof, which was set up in December 2020, over ten million fake calls were placed throughout the world in the year leading up to this August. iSpoof advertised to the criminals as the “number one spoofing service” and claimed to be “built by spoofers, for spoofers.”
In collaboration with other foreign law enforcement agencies, Scotland Yard’s Cyber Crime Unit has now brought iSpoof to an end. However, it’s important to remember that scammers can still use other comparable websites and technologies to spoof real phone numbers.
The Met and the Dutch Police, who had previously begun their own investigation since an iSpoof server was hosted there, partnered to launch “Operation Elaborate” in June 2021.
Sergeant Rance clarified:
Instead of just taking down the website and arresting the administrator, we have gone after the users of iSpoof. By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims.
There have been 120 arrests so far, including 17 outside of the capital and 103 in London. This includes 35-year-old Teejay Fletcher, who is suspected of running the website and was recently arrested in east London.
Fletcher, who is allegedly a part of an organised criminal network, was described by police as enjoying a luxurious lifestyle.
Sir Mark Rowley, the commissioner of the Metropolitan Police, called the number of possible victims in the UK as “extraordinary.”
In December 2020, Ispoof was launched, and at its height, it had 59,000 users. Through Ispoof, users could buy illegal software for prices ranging from £150 to £5,000 per month using Bitcoin.
What if you receive a phone scam call?
Immediately hang up the phone if you believe you are the victim of a scam and carefully check your bank’s contact information on their official website to alert them.
If the Met Police has not contacted you and you believe you may have spoken to a fraudster or lost money to a fraudster posing as a bank representative, call them at once. The Met is asking that you send it to Action Fraud because those systems will be able to find other people who tend the victims of the specific set of crimes it is looking into. In even though your situation is unrelated to this operation, the information can still be helpful in other investigations.
On the Action Fraud website, you may anonymously report frauds. If you live in Scotland, you may report frauds to Police Scotland immediately by dialling 101. You can visit the Citizens Advice website or dial 0808 223 1133 to get more help.
The most effective training, notably that on “how to detect spoofing and spamming attacks,” is provided by Phishing Tackle. Start your two-week free trial of Phishing Tackle security awareness training now to help your employees.