An international police operation has dismantled an online spoofing service that allowed cybercriminals to impersonate trusted companies to steal more than $120 million from victims.
iSpoof, what now displays a message stating that it was seized by the FBI and US Secret Service, offered “spoofing” services that allowed paying users to mask their phone numbers with a phone number belonging to a trusted organization, such as banks and tax offices, to carry out social engineering attacks to feed .
The website’s services allow those who sign up and pay for the service to make anonymous calls, send recorded messages and intercept one-time passwords. said in a statement on Thursday. “The users could impersonate an infinite number of entities for financial gain and significant losses to the victims.”
London’s Metropolitan Police, which began investigating iSpoof in June 2021, along with international law enforcement agencies in the US, the Netherlands and Ukraine, said it had arrested the website’s suspected administrator, named as Teejai Fletcher, 34, charged with fraud and offenses related to organized crime. Fletcher was remanded in custody and will appear at Southwark Crown Court in London on December 6.
iSpoof had around 59,000 users, causing £48 million in losses from 200,000 identified victims in the UK, according to the Met Police. One victim was scammed out of £3 million, while the average amount stolen was £10,000.
Europol says its operators have earned an estimated $3.8 million in the past 16 months alone.
The Metropolitan Police said it also used bitcoin payment details on the site’s server to identify and arrest another 100 UK users of the iSpoof service. The site’s infrastructure, which was hosted in the Netherlands but moved to Kiev earlier in 2022, was seized and taken offline in a joint Ukrainian-US operation earlier this month.
Police have a list of phone numbers targeted by iSpoof fraudsters and will be contacting potential victims via SMS on Thursday and Friday. The text message will prompt victims to visit the Met’s website to build more cases.
Helen Rance of the Metropolitan Police Cyber Crime Unit said: “Instead of just taking the website offline and arresting the administrator, we went after iSpoof users. Our message to criminals who have used this website is: we have your data and are working hard to locate you no matter where you are.”