An international law enforcement operation that was conducted by authorities in Europe, Australia, the United States, Ukraine, and Canada, with the support of Europol, has dismantled online phone number spoofing service called iSpoof. The iSpoof service allowed fraudsters to impersonate trusted corporations or contacts in an attempt to gain access to sensitive information from victims.
Threat actors used the service to trick victims into disclosing financial or private information or transferring money.
“The services of the website allowed those who sign up and pay for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords.” reads the announcement published by Europol. “The users were able to impersonate an infinite number of entities (such as banks, retail companies and government institutions) for financial gain and substantial losses to victims.”
The ‘spoofing’ service is believed to have caused an estimated worldwide loss in excess of GBP 100 million (EUR 115 million).
“According to the police, some victims have seen their savings or pension pot disappear within hours.” reported the Dutch Police.
The investigation, dubbed Operation Elaborate, was launched in October 2021 at the request of the UK authorities. The iSpoof was launched in December 2020 and authorities estimated it had 59,000 users.
“The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century. Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery to thousands.” London’s Metropolitan Police Commissioner Sir Mark Rowley stated. “By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable people.”
In the coordinated effort led by the United Kingdom, 142 suspects have been arrested, including the administrator of the iSpoof website (ispoof[.]me and ispoof[.]cc).
The police seized the servers behind the service and two days later Ukrainian and U.S. agencies took them offline.
“The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity. Europol coordinated the law enforcement community, enriched the information picture and brought criminal intelligence into ongoing operations to target the criminals wherever they are located.” Europol’s Executive Director Ms Catherine De Bolle said. “Together with our international partners, we will continue to relentlessly push the envelope to bring criminals to justice.”
“As cybercrime knows no borders, effective judicial cooperation across jurisdictions is key in bringing its perpetrators to court. Eurojust supports national authorities in their efforts to protect citizens against online and offline threats, and to help see that justice gets done.” Eurojust President Mr Ladislav Hamran said.
(SecurityAffairs – hacking, iSpoof)