London’s Metropolitan Police has successfully led a major anti-fraud operation that resulted in the dismantling of a prolific fraud site known as iSpoof. This fraudulent site is said to have cost victims over £100m ($121m) globally, making it one of the largest cyber-fraud busts in the UK.
The iSpoof site allowed customers to impersonate legitimate entities such as banks and government agencies to run convincing vishing campaigns. It also enabled them to send recorded messages and intercept one-time passcodes, as reported by Europol.
According to the Metropolitan Police, an estimated 10 million fraudulent calls were made globally via iSpoof in the 12 months leading up to August 2022, with 3.5 million of those calls originating in the UK. The average losses per victim are estimated to be around £10,000, with a total of 200,000 victims and reported losses amounting to £48m in the UK alone.
In a collaborative effort, the Metropolitan Police worked alongside Europol, as well as law enforcement agencies in Australia, the US, Ukraine, and Canada to take down the iSpoof site and make 142 arrests in November. This included 100 arrests in the UK.
The main administrator of the website was apprehended in the UK on November 6, while the web server was seized by authorities in the US and Ukraine two days later, according to Europol. The iSpoof site was launched in December 2020 and quickly grew to support 59,000 user accounts.
The investigation into iSpoof began in June 2021 as part of Operation Elaborate, conducted by the Met’s Cyber Crime Unit. Officers infiltrated the site, collected evidence, and made further arrests after seizing the web server, revealing a wealth of information in 70 million rows of data. Investigators are also tracing Bitcoin payments made by users of the site to its administrators.
Detective Superintendent Helen Rance, the Met Police’s cybercrime lead, stated, “By taking down iSpoof, we have prevented further offenses and stopped fraudsters from targeting future victims. Our message to criminals who have used this website is that we have your details and are actively working to locate you, regardless of your location.”
Europol’s executive director, Catherine De Bolle, emphasized the ongoing international effort to pursue users of iSpoof, stating that the arrests send a clear message to cyber-criminals that they can no longer hide behind perceived international anonymity. Europol coordinated the law enforcement community, gathered criminal intelligence, and will continue to target criminals wherever they may be located.