Online spoofing service ‘iSpoof’ has been taken down following an international law enforcement investigation which also led to the arrest of 146 people, including the suspected mastermind of the operation .

More than a hundred of these arrests, including that of the leader of the platform, were carried out by the Metropolitan Police of London.

iSpoof offered cybercriminals so-called “spoofing” servers that allowed them to mask their phone numbers with a number belonging to a trusted organization, making victims appear as if their bank was calling them.

This phone number spoofing has allowed scammers to conduct social engineering, phishing and “banking helpline” scams, steal money, account credentials banking and single-use codes.

“The website’s services allowed those who registered and paid for the service to anonymously make spoofed calls, send recorded messages and intercept one-time passwords,” Europol said. said Thursday.

“Users were able to impersonate an infinite number of entities (such as banks, retail companies, and government institutions) for financial gain and substantial loss to the victims.”

According to the Metropolitan Police announcement, between June 2021 and July 2022, iSpoof was used to make 10 million fraudulent calls worldwide.

Europol reports that iSpoof has caused around $120,000,000 in losses, with operators of the service raking in estimated profits of $3,850,000 over the past 16 months.

Discover iSpoof

The cybercrime department of the Dutch font says it found the servers hosting iSpoof in Almere, a small town near Amsterdam, while investigating a bank helpline fraud.

This led to a new service-focused investigation, which led to the discovery of operator iSpoof’s location in London. They then informed Scotland Yard, which launched its own in-depth investigation into the suspect.

Then the Dutch police put a “tap” on Almere’s servers and gathered information about how the service worked and who was using it.

British police say the covert iSpoof tracking operation began in earnest in June 2021, helping law enforcement authorities map the criminal network.

Europol got involved in August 2021 to help UK police collect evidence and intelligence from global law enforcement partners.

As part of its analytical work, Europol was able to identify other users of the iSpoof service, a number of whom were already known for their involvement in other high-profile cybercrime investigations at European level. —Europol

The owner of iSpoof was arrested on Sunday November 6, 2022 in East London, and iSpoof websites known as “ispoof.cc” and “ispoof.me” were seized.

Entry banner on ispoof.cc
Input banner on ispoof.cc (BleepingComputer)

The administrators of the Almere servers, two men, aged 19 and 22, were also arrested. Dutch police point out that they are now de-anonymizing more service users based on evidence collected from seized servers.

Following iSpoof’s takedown, users of the dark web forums service were advised to “throw it all away”.



Source link