Today, Money Mail urges every reader who falls victim to spoofing scams to come forward to help end this scourge.
In a major escalation in our war on fraud, we’ve teamed up with the Metropolitan Police to crack down on tricky technology that allows scammers to impersonate your bank, telecoms provider or government agency such as the Bureau of taxes.
The Met has already sent urgent text alerts to 70,000 people who it says have been scammed by “forged” calls or text messages and robbed of their savings.
Join the fight: we’re working with the Metropolitan Police to fight technology that allows scammers to impersonate your bank, telecom provider or government agency such as the tax office
But officers have told Money Mail the true number of victims could be as high as 200,000. Now the race is on to identify victims who can help put ‘spoofing’ fraudsters behind bars.
Detective Superintendent Helen Rance told us that the more victims who come forward and report losses, the stronger the Met’s case can be against the perpetrators.
“It’s really important that victims of fraud report what happened to them to Action Fraud,” she says.
“The more we know and understand about this type of criminal activity, the more opportunities we have to prosecute offenders and understand the extent of their criminal network.
“We thank Money Mail for bringing attention to this investigation.”
Our call for victims of fraud to share their stories comes after the Met last week revealed a major breakthrough in its number spoofing investigations.
Officers have busted a major online fraud factory behind £48million in fraudulent losses – and released the name of its alleged mastermind.
The website, iSpoof, offered scammers a free trial before paying between £150 and £5,000 a month for its software.
Users of iSpoof technology were able to make scam calls and text messages to victims appear to come from legitimate organizations, usually a bank.
The victims simply saw the name of their bank appear on the screen of their telephone.
All the major banking names were impersonated, including HSBC, Lloyds, NatWest, Barclays, Santander, Nationwide and TSB.
Thinking they were talking to real bank employees, the victims were then tricked into transferring money from their account or giving key personal information that allowed the fraudster to loot their account.
Campaign: Detective Superintendent Helen Rance
Victims have been defrauded of up to £3million by scammers using the site’s technology. Average losses of £10,000 have been reported to Action Fraud.
More than 100 alleged users of the technology have also been arrested, the vast majority suspected of fraud.
The crackdown is part of the Met’s Operation Elaborate – its biggest ever fraud investigation. The operation to take down the iSpoof website was an international effort also involving Europol and the FBI. It took 18 months.
At one point, nearly 20 people per minute were being contacted by scammers using iSpoof to hide behind fake identities. Those behind the iSpoof site earned almost £3.2m over a 20 month period.
Det Supt Rance says: “Our message to criminals who have used this website is that we have your contact details and are working hard to locate you, wherever you are.”
The day after the Met revealed details of Operation Elaborate, panicked messages began to appear on encrypted messaging app Telegram. This Russian-based app allows users to post messages anonymously. The app does not share information with the police.
A search of the app by Money Mail found a message saying: ‘[It] will soon be knocking on everyone’s door.
Another said: “Everyone clear [their] cats.’
On some groups, users are sharing information on how to scam people, with boasts of criminals posting screenshots of victims’ bank transfers they have tricked.
The Met’s text messages to 70,000 iSpoof victims, sent last Thursday and Friday, do not include a link or phone number. The Met has asked Money Mail not to publish the message so it cannot be spoofed by scammers.
Victims should visit met.police.uk/elaborate and report the fraud or call Action Fraud on 0300 123 2040. You can write to Money Mail at email@example.com
Imposters: Users of iSpoof technology may have made fraudulent calls and text messages appear to victims as coming from legitimate organizations, usually a bank.
Detective Superintendent Rance said a text alert was the only way the Met could contact the victims, as it does not know where the victims live or who they are.
“This is a call to help and support the victims by letting us know what happened.”
Banks reported a record total loss of £1.3bn to scammers last year. Much of this came from identity theft scams, where fraudsters pretend to be from a legitimate organization.
Professional criminals – often in fluent English – will have a script to read and basic information about their target of fraud, which means they appear believable.
They often try to cause panic by saying that the customer’s bank account has been compromised.
They will also insist that time is of the essence, to rush into a mistake such as transferring money to a new “safe” account. In reality, your money will go to an account linked to the fraudster.
Often this money is siphoned out of the country, making it quickly difficult to track down. Scammers also trick people into handing over sensitive information, such as one-time passcodes to bank accounts.
Warning sign: banks will never ask you to transfer money to a new account over the phone, ask for one-time passcodes, or send a courier to pick up a card
Other common tricks include scammers claiming a debit card has been cloned and, in extreme cases, sending a courier to retrieve it.
Banks will never ask you to transfer money to a new account over the phone, request one-time passcodes or send a courier to collect a card.
Detective Superintendent Rance warned that when one impersonation website is shut down, another will pop up.
Money Mail found examples of spoofing sites in seconds by searching for “number spoofing website”. One offered 200 call credits for 25 euros (£22), or 350 credits for 40 euros (£35).
Security Minister Tom Tugendhat warned at a fraud prevention event last week that social media companies were not doing enough to crack down on number spoofing organisations.
How to report YOUR case
- Call Action Fraud on: 0300 123 2040 (Monday to Friday 8am to 8pm)
- Or use the online Action Fraud tool: reporting.actionfraud.police.uk
- And email Money Mail at: firstname.lastname@example.org
“As banks reimburse fraud, we need to ensure that they are able to get the cooperation they need from telecom and technology. [firms] to prevent fraud from happening in the first place,” he said.
‘I want to see [tech firms] look for scams, prevent them, and when they find them, not only stop this message, but stop the source of this message.
Scammers often identify targets of fraud by purchasing financial transaction details and personal information from the dark web, a hidden part of the internet that requires a special browser.
Marijus Briedis, cybersecurity expert at NordVPN, says, “Many iSpoof customers would have been highly professional gangs who view these tools as worthwhile investments.
“Officials must be examples and new powers must be introduced, if necessary, to enable the police to accelerate the pace at which they can crush these organisations.
“The end of iSpoof is fantastic news, but there are thousands more like them.”
Some links in this article may be affiliate links. If you click on it, we may earn a small commission. This helps us fund This Is Money and keep it free to use. We do not write articles to promote products. We do not allow any business relationship to affect our editorial independence.