The British mastermind behind a £100 million spoofing operation has been jailed for 13 years.
Tejay Fletcher, 35, was the founder of the notorious website iSpoof.cc, which allowed criminals to disguise their phone numbers in order to swindle victims.
Scammers paid a subscription to use a programme that let them appear as though they were phoning victims from major banks, including Barclays, NatWest and Halifax.
The shady online store was smashed last year in the UK’s biggest fraud sting, with over 100 criminals arrested on suspicion of fraud.
But, how exactly did iSpoof.cc work, and how did criminals access its services? Read on to find out about the infamous website that was once synonymous with phone scams.
What was iSpoof?
The website was created in December 2020, according to the Metropolitan Police, and at its peak had 59,000 users, with up to 20 people per minute targeted at one point by callers using its technology.
iSpoof allowed users to purchase subscriptions to disguise their phone number so it looked as if they were calling from a trusted source. This process is known as spoofing, and can also apply to scam texts that appear to be from a reputable sender, such as a business.
Criminals posed as representatives of banks including Barclays, HSBC, Santander, First Direct, Lloyds, Halifax, Natwest, TSB and Nationwide.
They then tried to con unsuspecting people into handing over money or providing sensitive financial information, such as one-time passcodes to bank accounts.
On messaging app Telegram, iSpoof promoted itself to criminals as a state-of-the-art system for handling auto-calls, complete with convincing hold music and call centre background sounds.
The scam calls, along with other features offered through the site to obtain passwords and PINs, were used to empty the victims’ bank accounts.
The website earned around £3.2 million in cryptocurrency Bitcoin, with the “lion’s share” of around £2 million ending up with its founder Fletcher, said prosecutor John Ojakovoh.
How many people were scammed by iSpoof?
At its peak, as many as 20 people every minute were being targeted by callers using technology bought from the site, the police said.
All told, 200,000 people in the UK alone are thought to have fallen victim to scams facilitated by iSpoof, with many more across the world.
In the 12 months until August 2022, around 10 million fraudulent calls were made globally via iSpoof, with around 3.5 million of those made in the UK. Of those, 350,000 calls lasted more than one minute and were made to 200,000 individuals.
The majority of victims (40 per cent) were in the US, followed by Britain (35 per cent). People in Australia and Europe were also targeted.
One victim lost £3 million, but the average loss among the 4,785 people who had reported being targeted to Action Fraud was £10,000.
How was iSpoof taken down by the police?
The Met’s Cyber Crime Unit began investigating iSpoof in June 2021 under the name of Operation Elaborate.
As part of the international operation, investigators infiltrated the site and began gathering information from its servers. They also traced Bitcoin records, initially focusing their efforts on Brits who had spent at least £100 on the site.
A wave of UK arrests followed with details of other suspects passed onto law enforcement agencies including Europol, the Dutch police, and the FBI, among others.
By late 2022, a wave of arrests had been carried out, including the site’s founder Fletcher, helping to bring iSpoof to its knees.