Police are sending messages to 70,000 people who may have fallen victim to phone scammers

A major anti-fraud operation is underway, following an international crackdown on spoofing.
Written by Danny Palmer, Senior Writer
Image: Getty/Enes Evren

Police are sending text messages to over 70,000 people to warn them that they've fallen victim to online-banking scams, and telling them how to take action.

The messages are being sent by the Metropolitan Police as part of the UK's biggest ever anti-fraud crackdown, following an international operation to shut down a cyber-criminal service. The operation was led by the Met and involving law enforcement agencies in Europe, Australia, the US, Ukraine, and Canada, resulting in the arrest of 142 suspected cyber criminals.

Those arrested are suspected of being involved in conducting scams where they posed as representatives from banks – including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide and TSB – and tricked victims into handing over money, or one-time passcodes to access bank accounts.

The scammers used a website called iSpoof, which allowed them to disguise their phone number so it appeared they were calling from a trusted source – something known as a spoofing attack.

Also: How to keep your bank details and finances more secure online

Criminals attempt to trick people into handing over money or providing sensitive information such as one-time pass codes to bank accounts. In the 12 months up to August 2022, around 10 million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK. Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals. The 70,000 people being contacted are connected to calls made by individuals known to police, according to the BBC.

The attacks resulted in each victims losing an average of £10,000, according to Action FraudEuropol says worldwide losses total more than £100 million (EUR 115 million).

Most of the arrests relating to the spoofing scam have been made in the UK, with over 100 suspects charged with fraud.

The arrests come following an operation led by the Met's Cyber Crime Unit, which started in June 2021. Investigators infiltrated the site and gathered information about its cyber-criminal users. The website has now been shut down and seized.

"By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims," said Detective Superintendent Helen Rance, cyber-crime lead for the Metropolitan Police.

"Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are," she added.

Also: My stolen credit card details were used 4,500 miles away. I tried to find out how it happened

The force is sending text messages to tens of thousands of victims they've identified to tell them they fell victim to the scammers and to report it to Action Fraud. A Met Police spokesperson told ZDNET that the messages are only being sent out on November 24 and November 25 and don't contain any links - instead they tell those receiving them to visit the Met Police website for instructions on how to report what happened.

It's also recommended that anyone who thinks they've been a victim of fraud should contact their bank and contact the police.

Europol aided with coordinating the operation and information about the attackers has been shared with investigators around the world.

"The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity," said Europol executive director Catherine De Bolle.

"Together with our international partners, we will continue to relentlessly push the envelope to bring criminals to justice," she added.


Editorial standards