More than 140 arrests in biggest ever UK-led fraud operation

The Metropolitan Police Service (MPS) led a global operation to bring down iSpoof, described as an international “one-stop spoofing shop”.

More than 200,000 potential victims in the UK alone have been directly targeted through the fraud website, said the MPS.

At one stage, almost 20 people every minute were being contacted by scammers hiding behind false identities using the site.

iSpoof enabled criminals to disguise their phone number to appear as if they were calling from banks, tax offices and other official bodies as they attempted to defraud victims.

Victims are believed to have lost tens of millions of pounds while those behind the site earned almost £3.2 million in one 20-month period.

In the 12 months until August 2022, around ten million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK.

Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals.

Losses reported to Action Fraud as a result of the calls and texts via iSpoof is around £48 million. However, because fraud is “vastly under-reported”, it says the full amount is believed to be much higher.

The average loss from those who reported being targeted is believed to be £10,000.

There are more than 70,000 numbers that have been contacted via iSpoof that the MPS has linked to an identified suspect.

It said it was “actively contacting those numbers this week” asking owners to contact the force.

So far 142 suspects have been arrested, most of them in London. These include alleged site administrator Teejay Fletcher, 35, who was arrested in East London earlier this month and has been charged with a range of offences and remanded in custody.

The MPS’s Cyber Crime Unit worked with international law enforcement, including authorities in the US and Ukraine, to dismantle the website this week.

It said this was “a crucial phase in a world-wide operation”, which has been running out of the public eye since June 2021, targeting a suspected organised crime group.

Detective Superintendent Helen Rance, who leads on cybercrime for the MPS, said: “By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims.

“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.”

MPS Commissioner Sir Mark Rowley said the exploitation of technology by organised criminals was “one of the greatest challenges for law enforcement in the 21st century”.

“Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated,” he said. “The Met is targeting the criminals at the centre of these illicit webs that cause misery for thousands.

“By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable victims.”

The MPS’s cyber and economic crime units coordinated the operation with Europol, Eurojust, the Dutch authorities and the FBI.

In the UK, more than 100 people have been arrested, the vast majority on suspicion of fraud.

iSpoof allowed users, who paid for the service in bitcoin, to disguise their phone number so it appeared they were calling from a trusted source.

They posed as representatives of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, NatWest, Nationwide and TSB.

The criminals then attempt to trick people into handing over money or providing sensitive information, such as one time pass codes to bank accounts.

The MPS’s Cyber Crime Unit began investigating iSpoof in June 2021 under the name of Operation Elaborate.

The website was created in December 2020 and had 59,000 user accounts.

“Investigators infiltrated the site and began gathering information alongside international partners,” said the MPS.

“The website server contained a treasure trove of information in 70 million rows of data. Bitcoin records were also traced.”

Because the pool of 59,000 potential suspects is so large, the MPS said investigators were focusing first on UK users and those who have spent at least £100 of bitcoin to use the site.

In addition to the “wave of UK arrests”, the MPS said details of other suspects have been passed onto law enforcement partners in Holland, Australia, France and Ireland.

Commander Nik Adams, from the City of London Police, said: “As the national lead force for fraud, we have coordinated activity across the country with other police forces and Regional Organised Crime Units to provide a coordinated response to support the MPS with their action and help make this operation a success.

“Our collaborative approach has supported this operation, which is also underpinned by our work with the National Economic Crime Centre within the National Crime Agency.

“Collaborative and proactive operations like this to tackle fraud are vitally important in clamping down on criminals and preventing innocent members of the public from being targeted for their hard-earned money.”

Eurojust president Ladislav Hamran said: “As cybercrime knows no borders, effective judicial cooperation across jurisdictions is key in bringing its perpetrators to court.

“Eurojust supports national authorities in their efforts to protect citizens against online and offline threats, and to help see that justice gets done.”

Europol executive director Catherine De Bolle added: “The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity.

“Europol coordinated the law enforcement community, enriched the information picture and brought criminal intelligence into ongoing operations to target the criminals wherever they are located.

“Together with our international partners, we will continue to relentlessly push the envelope to bring criminals to justice.”