spoofing

A ‘spoofing’ website believed to have caused an estimated worldwide loss in excess of £100 million (€115 million) has been taken down in a coordinated police action led by the United Kingdom and supported by Europol and Eurojust.  142 suspects have been arrested, including the main administrator of the website.

The website allowed fraudsters to impersonate trusted corporations or contacts to access sensitive information from victims, a type of cybercrime known as ‘spoofing’.  Spoofing relating to cybersecurity, is when someone or something pretends to be something else in an attempt to gain our confidence, get access to our systems, steal data, steal money, or spread malware.

Judicial and law enforcement authorities in Europe, Australia, the United States, Ukraine, and Canada helped to take down the website.

The services of this website allowed those who signed up and paid for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords. The users were able to impersonate an infinite number of entities (such as banks, retail companies and government institutions) for financial gain and substantial losses to victims.

The investigations showed that the website earned over €3.7 million in 16 months.  According to UK authorities, losses to victims at present are £43 million (€49 million), with estimated worldwide losses in excess of £100 million (€115 million).

In an international coordinated action carried out in November 2022, 142 users and administrators of the website were arrested across the world. The main administrator of the website was arrested in the UK on 6 November.  On 8 November 2022, the website and server was seized and taken offline by US and Ukrainian authorities.

The EAST Expert Group on Payment and Transaction Fraud (EPTF), which meets three times each year, focuses on the prevention of spoofing relating to cybersecurity. The 14th EAST EPTF meeting took place on 9 November 2022.