>
Today, Money Mail is urging any reader who has fallen victim to so-called “number spoofing” scams to come forward and help end this scourge.
In a major escalation of our fight against fraud, we have joined forces with the Metropolitan Police to crack down on the devious technology that allows scammers to impersonate your bank, telecom provider or a government agency such as the IRS.
The Met has already sent urgent text alerts to 70,000 people it believes have been scammed by ‘spoof’ calls or text messages and robbed of their life savings.
Join the fight: We’re working with the Metropolitan Police to tackle technology that allows scammers to impersonate your bank, telecom provider or a government agency such as the IRS
But agents have told Money Mail that the actual number of victims could be as high as 200,000. Now the race is on to identify victims who can help put the spoofing scammers behind bars.
Superintendent Helen Rance told us that the more victims come forward and report losses, the stronger the case the Met can build against the perpetrators.
‘It is very important that victims of fraud report what happened to them at Action Fraud,’ she says.
“The more we know and understand this kind of criminal activity, the more opportunities we have to prosecute the perpetrators and understand the size of their criminal network.
“We thank Money Mail for bringing this investigation to the attention.”
Our appeal to victims of fraud to share their stories comes after the Met revealed a major breakthrough in its number spoofing investigations last week.
Officers broke up a major online fraud factory behind £48 million in scam losses – and released the name of the alleged mastermind.
The website, iSpoof, offered crooks a free trial before paying between £150 and £5,000 a month for the software.
Users of iSpoof technology could make it appear that fraudulent phone calls and text messages to victims came from legitimate organizations, usually a bank.
Victims simply saw the name of their bank light up on their phone screen.
All major bank names were forged, including HSBC, Lloyds, NatWest, Barclays, Santander, Nationwide and TSB.
Thinking they were talking to real bank employees, the victims were tricked into taking money from their account or handing over important personal information that would allow the fraudster to loot their account.
Campaign: Superintendent Helen Rance
Victims were scammed out of as much as £3 million by crooks using the site’s technology. Average losses of £10,000 were reported to Action Fraud.
More than 100 alleged users of the technology have also been arrested, the vast majority on suspicion of fraud.
The crackdown is part of the Met’s Operation Elaborate – the largest ever fraud investigation. The operation to destroy the iSpoof website was an international effort that also involved Europol and the FBI. It took 18 months.
At one point, nearly 20 people per minute were being contacted by scammers using iSpoof to hide behind fake identities. Those behind the iSpoof site made nearly £3.2 million over a 20-month period.
Det Supt Rance says: ‘Our message to criminals who have used this website is that we have your data and are working hard to locate you wherever you are.’
The day after the Met revealed the details of Operation Elaborate, panic messages began appearing on the encrypted messaging app Telegram. This Russia-based app allows users to post messages anonymously. The app does not share information with the police.
An in-app search by Money Mail found one message that read: “[It] it won’t be long before they knock on everyone’s door.’
Another said: ‘Clearly everyone [their] to chat.’
On some groups, users are sharing information on how to scam people, with criminals boasting who post screenshots of the wire transfers of victims they cheated.
The text messages from The Met to 70,000 iSpoof victims, sent last Thursday and Friday, did not contain a link or phone number. The Met asked Money Mail not to publish the message so that it cannot be imitated by scammers.
Victims should visit met.police.uk/elaborate and report the fraud or call Action Fraud on 0300 123 2040. You can write to Money Mail at spoof@dailymail.co.uk
Imposters: Users of iSpoof technology could make it look like fraudulent phone calls and texts to victims came from legitimate organizations – usually a bank
Det Supt Rance said a text alert was the only way the Met could contact victims because it does not know where victims live or who they are.
“This is a call to help and support victims by letting us know what happened.”
Banks reported a record loss of £1.3 billion in total to scammers last year. Much of this was through impersonation scams, where fraudsters pretend to be from a legitimate organization.
Career criminals – often in well-spoken English – have a script to read from and basic information about their fraud target, which means they sound believable.
They often try to create panic by saying that the customer’s bank account has been hacked.
They will also insist that time is crucial to get you out of a mistake as soon as possible, such as transferring money to a new ‘safe’ account. In reality, your money will arrive in an account linked to the fraudster.
This money is often funneled out of the country, making it quickly difficult to trace. Scammers also trick people into handing over sensitive information such as one-time access codes to bank accounts.
Warning sign: banks will never ask you to transfer money to a new account over the phone, ask for one-time access codes, or send a courier to pick up a card
Other common ploys include scammers claiming a debit card has been cloned and, in extreme cases, sending a courier to collect the card.
Banks will never ask you over the phone to transfer money to a new account, ask for one-time access codes, or send a courier to pick up a card.
Det Supt Rance warned that when one spoofing website is shut down, another will pop up.
Money Mail found examples of spoofing sites in seconds by searching “number spoofing website.” They offered 200 call credit for 25 euros (£22), or 350 call credit for 40 euros (£35).
Security Minister Tom Tugendhat warned at a fraud prevention event last week that social media companies are not doing enough to crack down on number spoofing organizations.
“As the banks pay back fraud, we need to make sure they can get the cooperation they need from telecoms and technology [firms] to prevent fraud in the first place,” he said.
‘I want to see [tech firms] look out for scams, prevent them and, if they find them, not only stop that message, but also stop the source of that message.”
Scammers often identify fraud targets by purchasing details of financial transactions and personal information from the dark web – a hidden part of the internet that requires a special browser.
Marijus Briedis, a cybersecurity expert at NordVPN, says, “Many of iSpoof’s clients would have been highly professional gangs who see these tools as valuable investments.
“An example should be made of those responsible and new powers should be introduced if necessary, so that the police can increase the pace at which they can destroy these organizations.
“The end of iSpoof is great news, but there are thousands more people like them.”
Some links in this article may be affiliate links. If you click on it, we may earn a small commission. That helps us fund This Is Money and use it for free. We do not write articles to promote products. We do not allow any commercial relationship to compromise our editorial independence.