UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts.
200,000 people in the UK, including the elderly and disabled, are thought to have been targeted by conmen who masqueraded as highstreet banks.
Scammers paid a subscription to a service called iSpoof.cc that allowed them to disguise their phone number so they appeared to be calling from major banks including Barclays, NatWest, HSBC, Santander, Lloyds, First Direct, Nationwide, Halifax, and TSB.
The site, set up in December 2020, helped fraudsters steal sensitive information (such as one-time passcodes) from unsuspecting banking customers, allowing the criminals to break into accounts and steal funds.
Most of the victims were based in the United States (40%) and the UK (35%), but individuals across Europe and even as far afield as Australia were also targeted.
iSpoof, which promoted itself as a "state of the art system" that handled "auto-calling with custom hold music and convincing call centre background noise" had its own Telegram channel, where the site's administrators and users communicated.
A staggering 10 million spoof calls are said to have been made between June 2021 and July 2022. At its height, almost 20 people were being contacted by scammers using iSpoof every minute of the day.
Close to £50 million is thought to have been stolen, although the true amount is likely to be much higher as fraud is typically under-reported.
British police began investigating iSpoof in June 2021, working closely with Europol, Eurojust, the FBI, and Dutch law enforcement authorities. The investigation was given the name "Operation Elaborate."
Seizing the website's server, police were able to identify suspects - and more than 100 people have already been arrested in the UK. The vast majority of those arrested are suspected of committing fraud.
The prime suspect is 34-year old Teejai Fletcher from East London, who has been described by iSpoof's "mastermind". Fletcher, who has been charged with making or supplying articles for use in fraud, participating in activities of an organised crime group and proceeds of crime matter, is due to next appear in court on 6 December.
Met Police uploaded their own spoof video to iSpoof's Telegram channel, mocking the criminals' own advertising.
The Metropolitan Police is reaching out to some 70,000 people who they believe may have fallen victim to fraudsters using iSpoof, in the hope that they can gather extra evidence to bring those responsible to justice.
However, the Met Police only know the numbers of those believed to be victims, not their names. And there are concerns that other criminals may exploit the police's outreach to launch their own scams - posing as messages from the Met.
The Met says that it will only be sending messages today (Thursday November 24 2022) and tomorrow, and that a text claiming to come from them outside those dates is likely to be a scam.
Furthermore, the Met Police will tell recipients to visit their website at met.police.uk/elaborate. It apparently will not be a clickable link, and anyone receiving a message with a different link or clickable link is told to delete it and report the communication to the police.
Finally, the Met Police is leading the investigation for the whole UK, so you may receive a text even if you do not live in London.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire, Inc.
Financial Services Cybersecurity Regulations
Learn how Tripwire's strategies bolster cybersecurity in the financial sector. Facing heightened risks, financial organizations can benefit from Tripwire's expertise in security configuration management and file integrity monitoring, ensuring compliance with critical regulations and safeguarding sensitive data.
