The UK’s Metropolitan Police has taken down an international crypto scam ring in what it describes as the largest ever fraud operation led by the force.
More than 200,000 potential victims in the UK alone have been directly targeted through the iSpoof fraud website and contacted by scammers hiding behind false identities, the Met said in a statement. The involved scammers posed as representatives of a number of major banks, including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide, and TSB.
“Scotland Yard’s Cyber Crime Unit worked with international law enforcement, including the National Crime Agency and authorities in the US and Ukraine, to dismantle the website this week,” according to the statement. “This was a crucial phase in a world-wide operation, which has been running out of the public eye since June 2021, targeting a suspected organised crime group.”
Cyber criminals used iSpoof to appear as if they were calling their victims from banks, tax offices and other institutions as they attempted to defraud them.
The scam’s victims are believed to have lost tens of millions of pounds, and the criminals behind the site earned close to £3.2 million ($3.9 million) in one 20-month period, according to data released by the British police.
“Losses reported to Action Fraud as a result of the calls and texts via iSpoof is around £48 million. Because fraud is vastly underreported, the full amount is believed to be much higher,” the statement said.
The Met’s Cyber and Economic Crime Units co-coordinated the effort with the National Crime Agency, Europol, Eurojust, the Dutch authorities, and the U.S. Federal Bureau of Investigations (FBI).
“In the UK, more than 100 people have been arrested, the vast majority on suspicion of fraud,” the police said. “iSpoof allowed users, who paid for the service in Bitcoin, to disguise their phone number so it appeared they were calling from a trusted source. This process is known as ‘spoofing’.”
The Met’s Cyber Crime Unit launched its probe into iSpoof in June 2021. The site was created in December 2020 and had 59,000 user accounts. Police officers infiltrated the site and started to gather data in cooperation with their international partners. The site’s server comprised a treasure trove of information in 70 million rows of data. Bitcoin records were also traced by the Met.
Detective Superintendent Helen Rance, who leads the Met’s cyber crime-focused efforts, commented that by “taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims”.
“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are,” she said.