Save, make, understand money


Police to contact 70,000 bank ‘spoofing’ scam victims this week

Paloma Kubiak
Written By:
Paloma Kubiak

Tens of thousands of people will be contacted by police warning them they have fallen victim to a ‘spoofing’ scam and to report it to Action Fraud.

As part of the Metropolitan Police’s biggest ever fraud operation, it has brought down an “international one-stop spoofing shop” which saw 200,000 UK victims targeted.

The fraudulent iSpoof website allowed criminals to appear as if calling from banks, including Barclays, First Direct, Halifax, HSBC, Lloyds, Nationwide, NatWest, Santander and TSB, as well as tax offices and other official bodies as they attempted to defraud victims.

At one point, almost 20 people every minute of the day were being contacted by scammers hiding behind false identities using the site. The iSpoof website was used to make 10 million spoof calls between June 2021 and July 2022.

Victims reported losses of £48m, an average £10,000 loss each, though one victim lost £3m. However, the actual losses are likely to be much higher as “fraud is vastly underreported”, the police said, which is why it will contact potential victims to report any losses.

Meanwhile, the criminals pocketed £3.2m within 20 months as 59,000 iSpoof users paid for the service in Bitcoin.

The mass text messages are being sent to the 70,000 numbers that have already been contacted via iSpoof which the Met has linked to an identified suspect.

If it has your number, it will text you on 24 and 25 November asking you to get in touch with the Met Police and Action Fraud and help fight fraud to help bring perpetrators to justice.

A year-long multi task force operation

The Met’s Cyber Crime Unit began investigating iSpoof in June 2021 under the name of Operation Elaborate.

Scotland Yard’s Cyber Crime Unit worked with international law enforcement Europol, Eurojust, the Dutch authorities and the FBI to bring down the website this week.

In the UK, more than 100 people have been arrested, the vast majority on suspicion of fraud.

Detective Superintendent Helen Rance, who leads on cyber crime for the Met, said: “By taking down iSpoof, we have prevented further offences and stopped fraudsters targeting future victims.

“Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are.”

Commissioner Sir Mark Rowley, said: “The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century.

“Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery for thousands.

“By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable victims.”

Scam epidemic how to stay safe

Laura Kankaala, consumer security expert at F-Secure said: “The operation led by Metropolitan Police is a positive step towards cracking down on bank scams. However, unfortunately this will not be the end of the phone call and text message scam epidemic because there are similar spoofing services that still exist online, and the legitimacy of these sites make it incredibly difficult for consumers to realise it’s a scam.

“There are ways to reduce the risk of receiving fraudulent calls. We’d urge everyone to talk to their phone provider and ask about the call blocking and privacy settings that are available. In some cases, there may be an additional fee on your monthly bill, but some may be free to use so it’s worth asking. There are also blocking features in settings on most smartphones so do look at that too. For landlines, there are ways to opt out of unsolicited calls, so it’s worth looking online at what is available.

“If you find yourself in an unfortunate situation where you think you could be being scammed, hang up immediately. Never give out personal information such as bank details, address, date of birth or pin numbers, over the phone. Explain that you’ll get in touch with them to progress the matter. If the call feels pressured and urgent, for example, the caller says your bank account is being compromised and you must act immediately, just say you’ll end the call but get in touch with your bank yourself straight after.

“If you happen to fall victim to a scam, make sure to file a police report and immediately contact your bank.”