London's Metropolitan Police has arrested the "iSpoof" operator, along with 146 individuals who used its services. The service aided in countless social engineering and phishing scams, which amounted to an estimated $3,850,000 in profit in just 16 months. The arrest occurred on November 6th in East London, followed by the seizure of its websites, "ispoof.cc" and "ispoof.me."
'iSpoof' Operation
"iSpoof" provided cybercriminals a way to mask their phone numbers, and make it appear as if the calls come from legitimate organizations. These include banks, retail companies, and government organizations, as stated by Europol. Upon conducting the scam, threat actors may access banking account information as well as intercept one-time codes.
The Metropolitan Police stated that from June 2021 to July 2022, the service was used to make around ten million fraudulent calls worldwide. Europol provided an estimated $120,000,000 worth of losses due to scams, as mentioned in Bleeping Computer. Through bitcoin payment records, authorities found 100 other UK-based servers which led to arrest.
The Culprit Has Been Caught
Back in August 2021, Eurorol helped the UK Police to gather evidence to make an arrest, and shine a light on the criminal network. The "iSpoof servers were found in Almere, as the Cybercrime Department of the Dutch Police investigated a bank helpdesk fraud. They began an operation that focused mainly on the service.
The Cybercrime Department also informed Scotland Yard, which also started its own investigation on the matter. The Netherland police placed a tap on the servers in Almere, which gave them an idea of how the service worked, and also those who used it. International law enforcement agencies stepped in, leading to the arrest of its supposed mastermind, Teejai Fletcher.
According to TechCrunch, "iSpoof" offered its services to around 59,000 users, which led to victimizing 200,000 people in the UK. The average amount stolen was around £10,000, but it also reached as high as £3 million for one victim. Authorities already have the phone numbers of the victims, and will send a text on Thursday and Friday, which asks the victims to visit the Met's website and help with the investigation.
Europol expressed that the exploitation of technology by organized cybercriminals is a big challenge for law enforcement in the 21st century. They also stated that they are reinventing methods for the investigation of fraud. Eurojust President Ladislav Hamran said that cybercrime had no borders, which is why effective judicial operations would help bring criminals to court.
Europol Executive Director, Catherine De Be Bolle, said that cybercriminals can no longer hide behind the veil of anonymity, as the law enforcement community Helen Rance from the Metropolitan Police Cybercrime Unit, stated that they have also decided to go after the users of the service, and not just the person behind it. She went on and said that they have details to locate the cybercriminals who used the spoofing service, no matter where they were.