UK police on Thursday said their biggest ever counter-fraud operation had disrupted an international criminal network targeting hundreds of thousands of victims in millions of spam phone calls.
The Metropolitan Police, which spearheaded the 18-month global probe into the iSpoof.cc website, has arrested over 100 people in recent weeks, including one of its alleged London-based administrators.
Working with Europol, the FBI and other law enforcement worldwide, suspects were nabbed in the Netherlands, Australia, France and Ireland, while servers were shuttered in the Netherlands and Ukraine.
UK police believe organised crime groups are linked to the website and its tens of thousands of users, who could access software tools on it to help illicitly obtain victims' bank account funds and commit other fraud.
Met Commissioner Mark Rowley said the investigation signalled "a different approach" to criminals exploiting technology.
"This is about starting from the organised criminals that actually drive and create the fraud that we see in the world around us," he told reporters.
- Industrialised fraud -
The London force -- the UK's largest -- said in the year to August, suspects paid to access the website and make more than 10 million fraudulent calls worldwide.
Around 40 percent were in the United States, while more than a third were in the UK targeting 200,000 potential victims there alone.
Fraud detection agencies have so far recorded £48 million ($58 million) in losses in the UK alone, with the largest single theft £3 million and the average £10,000.
"Because fraud is vastly under-reported, the full amount is believed to be much higher," the Met said.
Those behind the site earned almost £3.2 million from it, the force added.
Only around 5,000 British victims have so far been identified.
However, the Met's investigation has yielded the phone numbers of more than 70,000 potential victims who have yet to be contacted.
The force will attempt to reach them over the next two days, sending text messages directing those contacted to its website where details can be safely logged.
"What we're doing here is trying to industrialise our response to the organised criminals' industrialisation of the problem," Rowley added.
- 'Operation Elaborate' -
The iSpoof website -- described as "an international one stop spoofing shop" -- was created in December 2020 and at its peak had 59,000 users paying between £150 and £5,000 for its services, according to the Met.
It enabled subscribers, who could pay in Bitcoin, to access so-called spoofing tools which made their phone numbers appear as if they were calling from banks, tax offices and other official bodies.
Some of the UK's biggest consumer banks -- including Barclays, HSBC, Santander, Lloyds, Halifax -- were the mostly commonly imitated.
Combined with customers' bank and login details illegally obtained elsewhere online, the criminals were then able to defraud their victims.
"They would worry them (about) fraudulent activity on their bank accounts and tricked them," explained Detective Superintendent Helen Rance, who leads on cyber crime for the Met.
She noted that people contacted would typically be instructed to share six-digit banking passcodes allowing their accounts to be emptied.
The Met launched "Operation Elaborate" in June 2021, partnering with Dutch police who had already started their own probe after an iSpoof server was based there.
A subsequent server operating in Kyiv was shuttered in September, while the site was permanently disabled on November 8.
The previous day the Met had charged Teejai Fletcher, 34, of east London, with fraud and organised crime group offences.
He remains in custody and will next appear in a London court on December 6.
"It's fair to say that he was living a lavish lifestyle," Rance said, noting the investigation remained ongoing.
"Instead of just taking down the website and arresting the administrator, we have gone after the users of iSpoof," she added.
Two other suspected administrators outside the UK remain at large, the Met noted.