Latest Breaking News & Hot Updates Around USA OR All Over World

Met Police chief admits fraud text sent by Scotland Yard is bizarre

0

Victims of a £50million phishing scandal told MailOnline today how they lost their life savings to fraudsters after apparently finding themselves on a ‘suckers’ list’ sold to criminal gangs who then emptied their bank accounts.

British detectives, working with police in the US and Europe, have made 120 arrests and shut down iSpoof.cc – nicknamed the world’s ‘online fraud shop’ – but not before 200,000 people in Britain lost an average of £10,000 each. 

With 70,000 of the victims still to be identified by name, Scotland Yard is texting them in the next 48 hours asking them to contact police.

Do you think you were targeted by the iSpoof scam? Have you received a notification of fraud from the police?

Email martin.robinson@mailonline.co.uk 

Martin Lewis tweeted: ‘Normally I say ignore texts pretending to be police scam warnings as they’re scams. Yet for the next 48hrs 70,000 people across UK will get LEGIT texts from the Met, don’t ignore them’.

But some of his own Twitter followers have blasted it as a ‘terrible idea’ and warned that fraudsters will have a ‘field day’. 

Met Commissioner Sir Mark Rowley has even admitted it is ‘bizarre’ that his own officers are sending 70,000 people texts that the public have historically been advised to ignore. 

But he insists there is no other option due to the tens of thousands of victims and said the Met’s text will not contain any ‘dodgy shortcuts’ or links. 

Criminal gangs would first buy victims’ bank details on the dark web to make their approach more convincing. Many of these people would be on ‘suckers lists’ of people vulnerable to scams.  Experts estimate up to a million elderly and vulnerable people might be on one.

The criminals then paid a £5,000 subscription to iSpoof, whose technology let them appear to phone from numbers used by banks such as Barclays, NatWest and Halifax. 

Victims told MailOnline how their mobiles rang and the name of their banks appeared on the screen of their phone. Using stolen personal details, the caller convinced them that their bank accounts had been compromised and the cash must be moved into a new account. In fact they would never see their savings again.

Michele Bucci, an Italian living in the UK, lost his entire life savings from his Metro Bank accounts. He told MailOnline: ‘I gave away my life savings of £5,000 to a scammer that knew all my details. 

How can I tell if the text I receive from the Metropolitan Police is real? What do I do if it’s not genuine? 

Some 70,000 Brits will be contacted by police from today after potentially falling victim to the country’s biggest ever scamming operation.

Detectives only have their numbers – not their names – so are contacting them by text on Thursday or Friday.

But there are concerns that that fraudsters might launch a scam in tandem to take advantage.

Martin Lewis has said these police texts should not be ignored.

This is how you can tell the text is genuine:

  • The Met is only sending messages on Thursday November 24 and Friday November 25. A text outside those dates is likely to be a scam and should be ignored.
  • The message will ask recipients to visit the Metropolitan Police’s website. It will share the website: met.police.uk/elaborate – but it will not contain a direct link to click on. Anything with a direct link should be deleted and reported to police.
  • The Met is leading the investigation for the entire UK – so you may get a text even if you don’t live in London. 

If you think you are a victim of fraud or a cyber crime, report it to Action Fraud, who will hand it to police.

‘English is not my first language. They caught me off guard and played straight into my fears and anxieties, I ended up transferring all my money into a new Metro Bank bank account, after they had me convinced that my bank account was under threat if I didn’t move it. I realised quickly after putting the phone down and called Metro Bank straight away’, but added it was ‘too late’.

He said: ‘It was all I had, in the middle of a cost of living crisis, with Christmas around the corner I am not sure how I am going to survive’, adding he is still not sure if he can get his money back.

The mother of a vulnerable teenager said that her daughter had lost her life savings. She believes that her child was on a ‘suckers’ list’ after falling for a Royal Mail fraud, which saw her personal details stolen. 

The woman, who asked not to be named, said: ‘From having spoken to others whose relatives have been victims of scams, it’s common for their numbers to go straight onto a ‘sucker’s list’ because it was so easy to hoodwink them and it’s easy money. 

‘We think they got my daughter’s bank details & mobile number from a spoof Royal Mail email saying a package needed to be re-delivered as no one had been in & there was a nominal charge for this service – which she paid’.

She added: ‘She received a call with her caller display showing “Halifax Bank” as she’d stored the contact in her phone. The caller said her bank account had been compromised, checked her balance with her and said that she had to immediately move the money into a “safe account”.

‘She wasn’t sure, but panicked as they said it was urgent and criminals could access her money. She transferred £5,000, which was all her savings from a weekend job as well as some money for rent’.

The Met’s messages will not contain links and will urge recipients to visit its website or contact Action Fraud, amid fears that victims who have already lost thousands could fall victim to fraud again. 

Sir Mark said: ‘Don’t respond to any texts with sort of dodgy shortcuts and things. Coming through official websites is the best way of doing this. 

‘There is something sort of slightly bizarre about this, isn’t there, which is why we’re encouraging people to actually go on to the Met Police website and they’ll find the shortcuts and links there to report this.

‘But we want to hear from you because the people we message in the next 24 hours have been victims of fraud or attempted fraud and we can stack all these offences against the people we’ve been arresting.’

He said the texts were needed because the number of victims is ‘extraordinary’, adding: ‘What we are doing here is trying to industrialise our response to the organised criminals’ industrialisation of the problem’.

Michele Bucci (pictured with his son), an Italian living in the UK, lost his entire £5,000 life savings. He told MailOnline: ‘It was all I had, in the middle of a cost of living crisis, with Christmas around the corner I am not sure how I am going to survive’

Met Police officers raid an east London flat to hold a suspect in the iSpoof scam. So far 120 arrests have been made – 103 in London and 17 outside the capital

Met Police officers raid an east London flat to hold a suspect in the iSpoof scam. So far 120 arrests have been made – 103 in London and 17 outside the capital

In a slick video to advertise to would-be criminals on encrypted messaging app Telegram, iSpoof branded itself 'the number one spoofing service'

In a slick video to advertise to would-be criminals on encrypted messaging app Telegram, iSpoof branded itself ‘the number one spoofing service’

Alongside graphics of people working at computers, a promotional video (pictured) said: 'iSpoof was made by spoofers, for spoofers.' Referencing the bank details scammers hoped their marks would type in during their calls, it adds: 'Pick up the digits the targets type, and see it displayed on your dashboard'

Alongside graphics of people working at computers, a promotional video (pictured) said: ‘iSpoof was made by spoofers, for spoofers.’ Referencing the bank details scammers hoped their marks would type in during their calls, it adds: ‘Pick up the digits the targets type, and see it displayed on your dashboard’

Anyone trying to access the iSpoof website is met with a message saying it has been 'seized' (pictured)

Anyone trying to access the iSpoof website is met with a message saying it has been ‘seized’ (pictured)

TikTok user posts a video with the caption 'RIP to all you iSpoof users' earlier this month as dozens were arrested across the UK. There is no suggestion the TikTok user was involved in the scam

TikTok user posts a video with the caption ‘RIP to all you iSpoof users’ earlier this month as dozens were arrested across the UK. There is no suggestion the TikTok user was involved in the scam

How the iSpoof website scammed tens of thousands of people around the world 

The iSpoof website – described as ‘an international one stop spoofing shop’ – was created in December 2020 and at its peak had 59,000 users paying between £150 and £5,000 for its services, according to the Met.

It enabled subscribers, who could pay in Bitcoin, to access so-called spoofing tools which made their phone numbers appear as if they were calling from banks, tax offices and other official bodies.

Some of the UK’s biggest consumer banks – including Barclays, HSBC, Santander, Lloyds, Halifax – were the mostly commonly imitated.

Combined with customers’ bank and login details illegally obtained elsewhere online, the criminals were then able to defraud their victims.

‘They would worry them (about) fraudulent activity on their bank accounts and tricked them,’ explained Detective Superintendent Helen Rance, who leads on cyber crime for the Met.

She noted that people contacted would typically be instructed to share six-digit banking passcodes allowing their accounts to be emptied.

The Met said in the year to August, suspects paid to access the website and made more than 10 million fraudulent calls worldwide.

Around 40 percent were in the United States, while more than a third were in the UK targeting 200,000 potential victims there alone.

Fraud detection agencies have so far recorded £48 million in losses in the UK, with the largest single theft £3 million and the average £10,000.

‘Because fraud is vastly under-reported, the full amount is believed to be much higher,’ the Met said.

Those behind the site earned almost £3.2 million from it, the force added.

Only around 5,000 British victims have so far been identified.

However, the Met’s investigation has yielded the phone numbers of more than 70,000 potential victims who have yet to be contacted.

Tens of thousands of people with UK phone numbers called by criminals who used the site will be alerted by the Metropolitan Police via text message on Thursday and Friday and asked to contact the force. 

It comes after a website used to defraud up to 200,000 people in the UK out of at least £50million was shut down following an international probe involving Scotland Yard, the FBI and European law enforcement agencies.   

Criminals paid a subscription to iSpoof.cc to use technology that let them appear as though they were phoning victims from banks such as Barclays, NatWest and Halifax.

A total of 59,000 scammers paid subscriptions of between £150 and £5,000 to use the technology, making £3.2million for the site’s owners while they scammed vast sums from unsuspecting victims. 

So far 120 arrests have been made – 103 in London and 17 outside the capital.

The majority of victims (40 per cent) were in the US, followed by Britain (35 per cent). Many people in Australia and other European countries were also targeted. 

The British suspected mastermind behind the site, Teejai Fletcher, 34, from east London, has been charged with fraud and is in custody following his arrest earlier this month. A court date is set for two weeks’ time. 

The average loss to victims was £10,000 each, with one losing more than £3million to fraudsters using the service, Scotland Yard said, adding that there had been more than 100 arrests in Britain alone in recent weeks. 

So far £48million of losses have been reported to Action Fraud, but the real figure is likely to be far higher. 

The Metropolitan Police plans to send mass text messages to 70,000 victims today and tomorrow asking them to get in touch to give evidence.

Det Supt Helen Rance, of the Met, said fraudsters would first buy victims’ bank details on the dark web to make their approach more convincing, then used iSpoof to make a fake bank phone call to clear out their accounts, she said.

Scammers made 10 million fraudulent calls after the site was set up in December 2020, with 35 per cent of the victims in Britain, 40 per cent in the US and the rest scattered across Europe and Australia.

At one point as many as 20 people every minute were being targeted by callers using technology bought from the site. 

Suspected mastermind Mr Fletcher was accused of fraud and participating in organised crime on November 7. He was remanded in custody and will appear at Southwark Crown Court on December 6.

In a slick video to advertise to would-be criminals on encrypted messaging app Telegram, iSpoof branded itself ‘the number one spoofing service.’

Alongside graphics of people working at computers, it said: ‘iSpoof was made by spoofers, for spoofers.’ 

Referencing the bank details scammers hoped their marks would type in during their calls, it adds: ‘Pick up the digits the targets type, and see it displayed on your dashboard.’ 

It continues: ‘Send spoof SMS messages and much more… our state of the art system handles auto-calling with custom hold music and convincing call centre background sound.’ 

It boasts that the scamming technology works ‘on both Android and ios’ and said would be users can sign up for free and pay monthly in Bitcoin to ‘stay totally anonymous.’

In a Telegram channel used by administrators and users of iSpoof, subscribers were told to ‘change the last digit’ when posing as a tele-caller from a bank. 

One message read: ‘Seems some people are very stupid and don’t understand the majority of bank numbers are blocked and cannot be used… if your mind is not creative enough or your skillset does not allow you to perform without a specific number then you should pack your bags and get a job at a grocery store.’ 

It added: ‘If I find you complaining about caller ID without changing a last digit etc or wasting our time this can be a reason you get barred from our service.’  

DSI Rance, who leads on cyber crime for the Met, explained how iSpoof users would defraud their victims. 

She said: ‘They would worry them (about) fraudulent activity on their bank accounts and tricked them.’ 

She said that people contacted would typically be instructed to share six-digit banking passcodes allowing their accounts to be emptied.

In a Telegram channel used by administrators and users of iSpoof (pictured), subscribers were told to 'change the last digit' when posing as a tele-caller from a bank

In a Telegram channel used by administrators and users of iSpoof (pictured), subscribers were told to ‘change the last digit’ when posing as a tele-caller from a bank

The Met launched ‘Operation Elaborate’ in June 2021, partnering with Dutch police who had already started their own probe after an iSpoof server was based there.

A subsequent server operating in Kyiv was shuttered in September, while the site was permanently disabled on November 8.

The next day, a TikTok user posted a video with the caption: ‘RIP to all you iSpoof users’, while one of his followers commented on November 11: ’50 people bagged already’, next to a laughing emoji. There is no suggestion the TikTok user was involved in the scam. 

On November 7, the Met had charged suspected ringleader Mr Fletcher with fraud and organised crime group offences.

‘It’s fair to say that he was living a lavish lifestyle,’ DSI Rance said, adding that the investigation remained ongoing.

‘Instead of just taking down the website and arresting the administrator, we have gone after the users of iSpoof,’ she added.

‘By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims.

‘Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.’

Two other suspected administrators outside the UK remain at large, the Met added.

Are YOU a victim of Britain’s biggest ever fraud? How iSpoof criminals operate, how to avoid con and what to do if you think you’ve been scammed

Police today dramatically revealed the details of Britain’s biggest ever fraud operation, which saw officers take down a website that criminals have used to scam 200,000 people in the UK out of at least £50million.

The Met will contact around 70,000 Brits in the coming days to tell them they may have fallen victim to iSpoof.cc, while more than 100 suspects have already been arrested.

Scammers paid a subscription to use a programme that let them appear as though they were phoning victims from major banks including Barclays, NatWest and Halifax.

Officers are now working to track down hundreds more suspects both in the UK and across the world, with the FBI, Europol and Eurojust also involved alongside authorities in Ukraine and the Netherlands.

Below we reveal how the website worked, how many people it may have scammed, and what lies next for the victims and the criminals behind it. 

How did iSpoof criminals operate? 

The website allowed users paying between £150 and £5,000 in Bitcoin for subscriptions to disguise their phone number so it appeared they were calling from a trusted source.

This process is known as ‘spoofing’.

Criminals posed as representatives of banks including Barclays, Santander, HSBC, Lloyds, Halifax, First Direct, Natwest, Nationwide and TSB.

They then attempted to trick people into handing over money or providing sensitive information such as one time pass codes to bank accounts.   

Teejai Fletcher, a British 34-year-old, from east London, is believed to have been involved with the operation. He was arrested last month and is in custody after being charged with fraud.

A total of 59,000 criminals bought accounts since iSpoof was set up in December 2020, making £3.2million for the site’s owners while they scammed vast sums from unsuspecting victims. 

The average loss from those who reported being targeted is believed to be £10,000.  

How many people were scammed through iSpoof?  

At one stage, almost 20 people every minute of the day were being contacted by scammers hiding behind false identities using the site. 

In total, 200,000 potential victims in the UK alone are thought to have been targeted, with many more across the world.

The majority of victims (40 per cent) were in the US, followed by Britain (35 per cent). Many people in Australia and other European countries were also targeted.

In the 12 months until August 2022 around 10 million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK.

Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals.

Losses reported to Action Fraud as a result of the calls and texts via iSpoof is around £50 million.  But because fraud is vastly underreported, the full amount is believed to be much higher.

In a Telegram channel used by administrators and users of iSpoof (pictured), subscribers were told to 'change the last digit' when posing as a tele-caller from a bank

In a Telegram channel used by administrators and users of iSpoof (pictured), subscribers were told to ‘change the last digit’ when posing as a tele-caller from a bank

How did its creators market the site to criminals? 

In a slick video to advertise to would-be criminals on encrypted messaging app Telegram, iSpoof branded itself ‘the number one spoofing service.’

Alongside graphics of people working at computers, it said: ‘iSpoof was made by spoofers, for spoofers.’

Referencing the bank details scammers hoped their marks would type in during their calls, it adds: ‘Pick up the digits the targets type, and see it displayed on your dashboard.’

It continues: ‘Send spoof SMS messages and much more… our state of the art system handles auto-calling with custom hold music and convincing call centre background sound.’

It boasts that the scamming technology works ‘on both Android and ios’ and said would be users can sign up for free and pay monthly in Bitcoin to ‘stay totally anonymous.’

In a Telegram channel used by administrators and users of iSpoof, subscribers were told to ‘change the last digit’ when posing as a tele-caller from a bank.

One message read: ‘Seems some people are very stupid and don’t understand the majority of bank numbers are blocked and cannot be used… if your mind is not creative enough or your skillset does not allow you to perform without a specific number then you should pack your bags and get a job at a grocery store.’

It added: ‘If I find you complaining about caller ID without changing a last digit etc or wasting our time this can be a reason you get barred from our service.’ 

How did law enforcement take the site down?

After a wave of reports to Action Fraud were linked to iSpoof, the Met’s Cyber Crime Unit began investigating the site in June 2021 under the name of Operation Elaborate.  

Investigators infiltrated the website and began gathering information alongside Europol, Eurojust, the Dutch authorities and the FBI.

Police were able to identify suspects by seizing the website server, which contained a treasure trove of information in 70 million rows of data. 

Bitcoin records were also traced. 

In the UK, more than 100 people have been arrested, the vast majority on suspicion of fraud. 

What should I do if I’ve been scammed? 

The Met plans to send mass text messages to 70,000 victims today and tomorrow asking them to get in touch to give evidence. 

Police also want anyone who believes they may have been scammed by the site to log an official crime report online. 

This could pave the way for some money being returned to victims later down the line. 

What will happen to the suspects? 

Teejai Fletcher, who is believed to have been involved in running iSpoof, has been charged with fraud and will appear in court in two weeks’ time. 

Because the pool of 59,000 potential suspects is so large, investigators are focusing first on UK users and those who have spent at least £100 of Bitcoin to use the site.

There have already been dozens of arrests and details of other suspects have been passed onto law enforcement partners in Holland, Australia, France and Ireland. 

Detective Superintendent Helen Rance, who leads on cyber crime for the Met, said: ‘Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.’ 

What can I do to avoid becoming a fraud victim?

The Take Five campaign has provided some tips and advice to help spot fraudulent messages – 

  • A genuine bank or organisation will never contact you out of the blue to ask for your PIN, full password or to move money to another account. 
  • Only give out your personal or financial details to use a service that you have given your consent to, that you trust and that you are expecting to be contacted by. 
  • Never automatically click on a link in an unexpected email or text. 
  • If you’re approached with a request for personal information, do not provide it. Instead, contact the company directly using a known email or phone number. 

Leave A Reply

Your email address will not be published.