A coordinated law enforcement effort has dismantled an online phone number spoofing service called iSpoof and arrested 142 individuals linked to the operation.
The websites, ispoof[.]me and ispoof[.]cc, allowed the crooks to "impersonate trusted corporations or contacts to access sensitive information from victims," Europol said in a press statement.
Worldwide losses exceeded €115 million ($ 119.8 million), with over 200,000 potential victims believed to have been directly targeted through iSpoof in the U.K. alone, the Metropolitan Police noted.
Among the 142 people arrested is the administrator of the website, who was apprehended in the U.K. on November 6, 2022. The website and its server were subsequently seized and taken offline two days later by Ukrainian and U.S. agencies.
Per the National Police Corps, the helpdesk fraud allowed registered subscribers on the online portal to mask their phone numbers and make calls impersonating banks, retail companies, and government entities. The service was hosted on servers in the Dutch city of Almere.
The ultimate objective behind the social engineering scheme was to trick victims into revealing sensitive personal or financial information, or alternatively transferring significant amounts of money for financial gain.
The Politie stated that by placing a tap on the website servers, it was able to glean valuable information about how the service worked. It further led to the arrests of two male suspects, aged 19 and 22, in Almere.
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
The iSpoof website, the Met pointed out, was created in December 2020 and that it had an estimated 59,000 users, adding it began an investigation into the criminal activity in June 2021 under the moniker Operation Elaborate.
Judicial and law enforcement authorities from Australia, Canada, France, Germany, Ireland, Lithuania, the Netherlands, Ukraine, the U.K., and the U.S. participated in the takedown.
"By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable people," London Metropolitan Police Commissioner Sir Mark Rowley said.