The Metropolitan Police has arrested more than 100 people in recent weeks after a phone-number spoofing site used by criminals scammed thousands of victims out of millions of pounds.
They will reach out to 70,000 people via text today (Thursday, November 24) to tell them they have been identified as potential targets of the scam.
Working with Europol, the FBI, and other law enforcement worldwide, the investigation found organised-crime groups linked to a website called iSpoof.cc.
This website enabled the groups to access software tools to help illicitly obtain victims’ bank account funds and commit other fraud.
One victim lost £3 million and the average loss among the 4,785 people who have reported to Action Fraud that they were targeted is £10,000. Total losses reported to Action Fraud as a result of the calls and texts via iSpoof are around £48 million.
In total, 120 arrests have been made, with 103 of these in London and 17 outside the capital.
If you think you may have been a victim of fraud, the Met is encouraging the public to contact their bank immediately and report to Action Fraud at actionfraud.police.uk.
But what is the fraudulent scheme and what can you do if you’ve been a victim?
What was the iSpoof scam?
iSpoof enabled criminals, who paid for the service in the cryptocurrency Bitcoin, to disguise their phone numbers, so it appeared as if they were texting or calling from a trusted source.
Fraudsters attempted to trick people into handing over money or providing sensitive information, such as one-time passcodes sent to banking apps or phones.
In many cases, scammers already had access to accounts from information obtained on the dark web. To win your trust, they can bring up valid transactions you've made.
In the 12 months until August 2022, around 10 million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK.
The Met is sending text messages to mobile-phone users it believes spoke with fraudsters pretending to be their bank.
How to know if the text from the Met Police is legitimate
The Met has said the text message will not include a link, but it will direct you to the website met.police.uk/elaborate.
If the website is different or if there is a clickable link it could be a scammer spoofing the website, so stay cautious.
What to do if you’ve been a victim of fraud
As police develop cases against suspects, everyone who receives a text message from the Met in the next 24 hours will be sent to the Action Fraud website to register their information.
It’s crucial you change your security details as soon as possible.
How to avoid fraudsters
Verify all payments and supplier details directly with the company on a known phone number or in person first. Check the back of your debit or credit card for this number.
Banks never ask you to confirm or give personal details over text.
Scammers have come up with many creative ways to gain personal information. For instance, a common scam is to claim you’ve been overcharged for a service.
Never give out details if you are at all unsure, and then contact the company yourself, to verify.