London’s Metropolitan Police has led a major anti-fraud operation to dismantle a prolific fraud site that is said to have cost victims over £100m ($121m) globally.
The iSpoof site allowed customers to impersonate legitimate entities like banks and government agencies in order to run convincing vishing campaigns. It also enabled them to send recorded messages and intercept one-time passcodes, according to Europol.
Average losses per victim are estimated at £10,000, with 10 million fraudulent calls made globally via iSpoof, in the 12 months to August 2022; 3.5 million of which were made in the UK, the Met said.
With 200,000 victims and reported losses alone totalling £48m in the UK, it's the country’s biggest ever cyber-fraud bust, the police force claimed.
The Met teamed up with Europol, as well as police in Australia, the US, Ukraine and Canada to take the site down and make 142 arrests in November, including 100 in the UK.
The main administrator of the website was arrested in the UK on November 6, while the web server was seized by US and Ukrainian authorities two days later, Europol said.
The iSpoof site was launched in December 2020 and grew to support 59,000 user accounts.
The Met’s Cyber Crime Unit began investigating in June 2021 as part of its newly created Operation Elaborate. Officers infiltrated the site and began collecting evidence, it said.
More arrests were made possible after the web server was seized, revealing a “treasure trove of information” in 70 million rows of data, according to the Met. Investigators are also tracing Bitcoin payments made by users of the site to its admins.
Police are first targeting those who have spent at least £100 of Bitcoin to use the site, although more global arrests will surely follow.
“By taking down iSpoof we have prevented further offenses and stopped fraudsters targeting future victims,” said Met Police cybercrime lead, detective superintendent Helen Rance.
“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.”
Europol’s executive director, Catherine De Bolle, echoed these sentiments, arguing that the international operation to pursue users of iSpoof will continue relentlessly.
“The arrests today send a message to cyber-criminals that they can no longer hide behind perceived international anonymity,” she added. “Europol coordinated the law enforcement community, enriched the information picture and brought criminal intelligence into ongoing operations to target the criminals wherever they are located.”