More than 100 people have been arrested in the UK’s biggest ever fraud operation, which brought down a website police describe as a “one-stop spoofing shop” used by scammers to steal tens of millions of pounds from Britons via fake bank phone calls.
It is estimated that more than 200,000 potential victims were targeted via the iSpoof fraud website, which was taken down this week by Scotland Yard’s cybercrime unit with the help of the authorities in the US and Ukraine.
At one stage almost 20 people every minute of the day were being contacted by scammers hiding behind false identities created using the site and it is estimated that criminals may have stolen close to £50m. The actual amount is likely to be higher as fraud is often underreported.
One victim was scammed out of £3m, while the average amount stolen was £10,000. Those running the scam shop made about £3.2m over a 20-month period, it is estimated.
Fraudsters paid iSpoof, which was set up in December 2020, for a service that allowed them to disguise their phone number and pretend to be calling from a credible organisation, such as a bank or the tax office. The scammers used bitcoin to pay for the service.
They would then trick people into handing over money or giving them access to their bank accounts. In the year to August around 10m fraudulent calls were made globally via iSpoof, with about 3.5m of those made in the UK. Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals.
Users of the service, which was shut down this week, believed they were anonymous. However, that was not the case, and more than 100 people have been arrested as part of Operation Elaborate so far, predominantly in London.
The arrests include the suspected mastermind behind the website, Teejai Fletcher, whom police described as living a “lavish” lifestyle.
Fletcher, 34, of Western Gateway, east London, has been charged with making or supplying articles for use in fraud, participating in activities of an organised crime group and proceeds of crime matters on 7 November. He was remanded in custody and is next due to appear at Southwark crown court on 6 December.
The Met, which led the operation, began investigating iSpoof in June 2021, working with international law enforcement agencies including those in the US, the Netherlands and Ukraine to close down the website.
Investigators infiltrated the website – which had 59,000 users – and discovered 70m rows of data and bitcoin records, allowing them to begin to trace the suspects.
As the pool of suspects is so large, the investigation is initially focused on UK users and those who spent at least 100 bitcoin to use the site.
Det Supt Helen Rance, who leads on cybercrime for the Met, said: “By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims.
“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.”
Police have a list of phone numbers targeted by iSpoof fraudsters and will contact potential victims via text on Thursday and Friday. Any message received after 25 November was not from the police, it warned.
The text message will ask victims to visit the Met’s website to provide more details about their experience. It will not include a clickable link.
Anyone who is not contacted by the Met but believes they have been the victim of a number-spoofing scam should report the incident to Action Fraud.
The police force said it plans to use the Proceeds of Crime Act to recoup the money where possible.
The Met police commissioner, Sir Mark Rowley, said: “By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable people.”