The Federal Bureau of Investigation (FBI) took down voice-scamming company iSpoof, which offered to impersonate trusted organizations or individuals to make spoof calls to unsuspecting individuals. As per reports, the company allowed subscribers to pose as legitimate entities, such as banks, and make calls to users. Their numbers would remain hidden; however, a fraudulent label was allowed to show on True caller that would make them look credible.
The scamming site iSpoof was used by several scammers to pose as employees of organizations such as Barclays, HSBC, Santander, Lloyds, Halifax, Fast Direct, NatWest, Nationwide, and TSB.
It is suspected that over 200,000 people may have been scammed using this voice-scamming site in the United Kingdom alone. A UK victim is said to have lost £3 million, while the police speculate that over £48 million may have been made using iSpoof by various scammers. Globally the sum is suspected to be over £100 million.
Reports suggest that nearly 10 million calls were made worldwide using iSpoof in only 12 months. Among those calls, about 350,000 lasted over a minute, raising suspicion over the impact on the targets. Most of the victims and scamming calls were targeted toward the UK.
About the scammers using iSpoof
One hundred forty-two alleged scammers have been arrested so far by the police, with more than 100 arrests from those from the United Kingdom itself. While making fake calls, iSpoof would remain hidden with a phony brand name reflecting on the target’s device. They would then ask for sensitive information like one-time passwords sent on their device. To avail iSpoof voice-scamming services, scammers would pay £150 and £5,000 a month in bitcoin. It would sometimes allow calling 20 people in a minute based in the US, UK, France, Netherlands, Ireland, and Australia.
While the case is still under investigation, 34-year-old man Teejai Fletcher, who was arrested, is suspected to be the perpetrator behind iSpoof. He will be appearing at the Southwark Crown Court on December 6.
This massive crackdown happened when the Netherlands police came across the website making fraudulent calls while posing as bank employees. A press release by Europol dated 24 November 2022 stated that the massive crackdown was undertaken by the global collaboration between the following departments:
- Australian Federal Police,
- The Royal Canadian Mounted Police – Federal Policing Cybercrime Investigation Team Toronto,
- Cyber Criminality Unit – PPO Paris; Law Enforcement: C3N – Gendarmerie Nationale, from France
- Bundeskriminalamt (Federal Criminal Police Office) – Cybercrime Division and Office of the Public Prosecutor General in Bamberg – Bavarian Central Office for the Prosecution of Cybercrime from Germany,
- An Garda Síochána from Ireland,
- Prosecutor general’s office of the Republic of Lithuania; Lithuanian Criminal Police Bureau,
- Cybercrime team Midden-Nederland and Public Prosecutor’s Office Midden-Nederland,
- Department of cyber police of National Police of Ukraine
- The Metropolitan Police Service (Cyber Crime Unit), City of London Police, and Crown Prosecution Service and
- Federal Bureau of Investigation – Pittsburgh Division; United States Secret Service – Pittsburgh Field Office; and the United States Attorney’s Office for the Western District of Pennsylvania
“The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity,” the Executive Director of Europol Catherine De Bolle said in the press release.