Police are sending text messages to over 70,000 people to warn them that they’ve fallen victim to online banking scams, and telling them how to take action.
The messages are being sent by the Metropolitan Police as part of the UK’s biggest ever anti-fraud crackdown, following an international operation to shut down a cyber criminal service. The operation was led by the Met and involving law enforcement agencies in Europe, Australia, the US, Ukraine, and Canada, resulting in the arrest of 142 suspected cyber criminals.
Those arrested are suspected of being involved in conducting scams where they posed as representatives from banks – including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide and TSB – and trick victims into handing over money, or one time passcodes to access bank accounts.
The scammers used a website called iSpoof, which allowed them to disguise their phone number so it appeared they were calling from a trusted source – something known as a spoofing attack.
Criminals attempt to trick people into handing over money or providing sensitive information such as one time pass codes to bank accounts. In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK. Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals. The 70,000 people being contacted are connected to calls made by individuals known to police, according to the BBC.
Most of the arrests relating to the spoofing scam have been made in the UK, with over 100 suspects changed with fraud.
The arrests come following an operation led by the Met’s Cyber Crime Unit, which started in June 2021, which saw investigators infiltrate the site and gather information about its cyber criminal users. The website has now been shut down and seized.
“By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims,” said Detective Superintendent Helen Rance, cyber crime lead for The Metropolitan Police.
“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are,” she added.
The force is sending text messages to tens of thousands of victims they’ve identified to tell them they fell victim to the scammers and to report it to Action Fraud. A Met Police spokesperson told ZDNET that the messages are only being sent out on November 24 and November 25 and don’t contain any links – instead they tell those receiving them to visit the Met Police website for instructions on how to report what happened.
It’s also recommended that anyone who thinks they’ve been a victim of fraud should contact their bank and contact the police.
Europol aided with coordinating the operation and information about the attackers has been shared with investigators around the world.
“The arrests today send a message to cybercriminals that they can no longer hide behind perceived international anonymity,” said Europol Executive Director Catherine De Bolle.
“Together with our international partners, we will continue to relentlessly push the envelope to bring criminals to justice,” she added.