Thousands defrauded in £48m hoax which let scammers impersonate high street banks
London’s Metropolitan Police Service (MPS) have disrupted one of the largest digitally-enabled fraud operations ever seen in a major blow to criminals targeting the UK public.
Operation Elaborate targeted iSpoof.cc, an underground website that sold call spoofing services which allowed fraudsters to contact their targets pretending to be trusted organisations, such as banks, tax offices or other official organisations, to trick them into handing over sensitive information including account credentials and, ultimately, funds.
It is thought that at one stage, scammers hiding behind false identities created using iSpoof were contacting 20 people every minute, posing mostly as representatives of banks, including Barclays, First Direct, Halifax, HSBC, Lloyds, Nationwide, NatWest, Santander and TSB. The biggest loss to a single victim was more than £3 million while every victim lost £10,000 on average.
The site’s infrastructure, which was hosted in the Netherlands but was moved to Kyiv, Ukraine earlier in 2022, was seized and taken offline in a joint Ukrainian-US operation earlier this month. At the same time, the MPS arrested the site’s administrator, named as Teejai Fletcher along with over a hundred others – the vast majority on suspicion of fraud. In Ireland, the Gardaí arrested six people in connection with this investigation.
The MPS is today launching an appeal for victims of iSpoof scammers to come forward and report any fraud losses online. The force has compiled a database of 70,000 UK mobile numbers that it knows to have been contacted via iSpoof and will be contacting each of them by SMS message on 24 and 25 November. They said the message from the police would only have links to the Action Fraud site and would only be sent on these two dates so any other texts should be regarded as fraudulent themselves.
CDA, with the support of member banks, reported this criminal service to the MPS and heavily supported this fantastic MPS investigation to detect iSpoof’s colossal activity and to identify and track hundreds of suspects.
The MPS Cyber and Economic Crime units also co-coordinated the operation with Europol, Eurojust and Dutch authorities. Commissioner Sir Mark Rowley said: “The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century. Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated.”
With thanks to the Cyber Defence Alliance and the Met Police. The full story is here: https://news.met.police.uk/news/more-than-100-arrests-in-uks-biggest-ever-fraud-operation-457840
Request A Demo: Security Awareness Training
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW