24 November 2022

UK’s biggest fraud sting takes down ispoof site linked to 200,000 victims

24 November 2022

The UK’s biggest ever fraud sting has brought down a phone number spoofing site used by criminals to scam thousands of victims out of millions of pounds.

Members of British law enforcement were part of a global operation to bring down ispoof.cc, a website described by police as an online fraud shop.

They worked with Dutch law enforcement who managed to tap the website’s servers in the Netherlands to secretly listen to phone calls.

At one point as many as 20 people every minute were being targeted by callers using technology bought from the site.

Criminals, who found out about the site from adverts posted on channels on encrypted messaging app Telegram, used it to buy technology that allowed them to mask their phone number.

This meant they could trick victims into thinking they were being contacted by their bank and persuade them to pass on personal details that allowed the fraudsters to steal cash.

One victim lost £3 million and the average loss among the 4,785 people who have reported being targeted to Action Fraud is £10,000.

There are thought to be many more potential victims.

Of 10 million fraudulent calls made, 40% were in the United States, 35% were in the UK and the rest were spread across a number of countries.

Around 70,000 UK phone numbers called by criminals who used the site will be alerted by the Metropolitan Police via text message on Thursday and Friday and asked to contact the force.

Metropolitan Police Commissioner Sir Mark Rowley acknowledged it is “slightly bizarre” that potential fraud victims will now be contacted about the crime by text, but encouraged people to go through the official police website if contacted.

He told BBC Radio 4’s Today programme: “There is something sort of slightly bizarre about this, isn’t there, which is why we’re encouraging people to actually go on to the Met Police website and they’ll find the shortcuts and links there to report this.

“So don’t respond to any texts with sort of dodgy shortcuts and things. Come through official websites is the best way of doing this.

“But we want to hear from you because the people we message in the next 24 hours have been victims of fraud or attempted fraud and we can stack all these offences against the people we’ve been arresting.”

So far 120 arrests have been made – 103 in London and 17 outside the capital.

These include alleged site administrator Teejay Fletcher, 35, who was arrested in east London earlier this month and is facing criminal charges.

Police said Fletcher, who is alleged to be a member of an organised crime group, was living a “lavish” lifestyle.

The site is said to have made more than £3 million profit.

Sir Mark said the number of potential UK victims is “extraordinary”, adding: “What we are doing here is trying to industrialise our response to the organised criminals’ industrialisation of the problem.”

Ispoof was created in December 2020 and at its peak had 59,000 users, allowing them to pay for the criminal software using Bitcoin, with charges ranging from £150 to £5,000 per month.

UK police began investigating the site in June 2021, opting for ispoof as the largest criminal site that was based in the country.

Detective Superintendent Helen Rance, who leads on cyber crime for the Met, said: “By taking down ispoof we have prevented further offences and stopped fraudsters targeting future victims.

“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.”

The best videos delivered daily

Watch the stories that matter, right from your inbox