UK police leads Europol action against one stop spoofing shop

Europol and the United Kingdom’s police have successfully concluded their biggest-ever counter-fraud operation, they said on Thursday. Disrupting a criminal network that enabled mass spoofing resulted in hundreds of arrests.

Judicial and law enforcement authorities in Europe, Australia, the United States, Ukraine, and Canada have taken down a website that allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims, a type of cybercrime known as ‘spoofing,’ Europol announced.

The iSpoof website is believed to have caused an estimated worldwide loss in excess of £100 million ($120 million). It’s now been seized, and one of its alleged London-based administrators was arrested. In total, 142 suspects were taken in.

People were also picked up in the Netherlands, France, Australia, and Ireland, and servers were shuttered in the Netherlands and Ukraine. The global probe, spearheaded by the Metropolitan Police, spanned 18 months.

iSpoof website was taken down.

The services of the iSpoof website allowed those who signed up and paid for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords.

At its peak, iSpoof – described by the British police as “an international one-stop spoofing shop” – had 59,000 paying users. The latter could also pay in Bitcoin.

The users were able to impersonate an infinite number of entities, such as banks, retail companies, and government institutions, for financial gain and substantial losses to victims.

More than 10 million fraudulent calls worldwide were made. According to the Met, some of the UK’s biggest consumer banks – Barclays, HSBC, Santander, Lloyds, and Halifax – were the most commonly imitated.

“The exploitation of technology by organized criminals is one of the greatest challenges for law enforcement in the 21st century. Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated,” London’s Metropolitan Police Commissioner Sir Mark Rowley said.

“The Met is targeting the criminals at the center of these illicit webs that cause misery to thousands. By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable people.”

The website has earned nearly four million dollars in 16 months, and losses to spoofed victims at present stand at $51 million.

The UK police believe organized crime groups are linked to the page as users could access software tools that helped them illegally obtain victims’ bank and login details.

Spoofsters, already in possession of these details, were usually able to convince their victims that fraudulent activity was taking place in their bank accounts and trick them out of lump sums of money.

In March, another large spoofing scheme was disclosed in the United States. Back then, the Federal Bureau of Investigations warned that the scheme involved scammers spoofing authentic phone numbers to lull victims into thinking they were talking to a legitimate government officer.