Contents:
On Thursday, November 24, Europol and the United Kingdom’s police announced they stopped a criminal network specialized in mass spoofing attacks. 142 arrests were made in the biggest-ever counter-fraud operation carried out by the two authorities.
Details About the Police Operation
Law enforcement authorities in Europe, Australia, the United States, Ukraine, and Canada took down the spoofing website related to the criminal network. iSpoof website allowed cybercriminals to impersonate trusted organizations to obtain the victims’ money and data.
One of the supposed admins of the spoofing website was retained in London, along with suspected individuals from the Netherlands, France, Australia, and Ireland. And criminal group servers were suspended in the Netherlands and Ukraine after an 18 months-long operation conducted by the Metropolitan Police.
The exploitation of technology by organized criminals is one of the greatest challenges for law enforcement in the 21st century. Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated.
How the iSpoof Site Worked
The site’s services allowed those who signed up and bought them to secretly make spoofed calls, send voice messages, and exploit one-time passwords.
“The users were able to impersonate an infinite number of entities, such as banks, retail companies, and government institutions, for financial gain and substantial losses to victims,” according to Cybernews.
Among the most utilized fake identities by the hackers were well-known UK banks like Barclays, HSBC, Santander, Lloyds, and Halifax.
The damages caused by the iSpoof website are estimated at £100 million ($120 million). The platform had at the high of its popularity approximately 59,000 paying users that could even pay in Bitcoin, and more than 10 million spoofing calls worldwide were made.
The UK police advanced the theory that the site was linked to organized crime groups as users had access to illegal software created to get victims’ bank and login details. Using these details, cybercriminals could convince victims that fraudulent activity was spotted in their bank accounts and extort large sums of money from them.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.