The 'iSpoof' online spoofing service has been dismantled following an international law enforcement investigation that also led to the arrest of 146 people, including the suspected mastermind of the operation.

Over a hundred of these arrests, including that of the platform's leader, were made by London's Metropolitan Police.

iSpoof offered cybercriminals so-called "spoofing" servers which allowed them to mask their phone numbers with one belonging to a trusted organization, making it appear to the victims as if their bank called them.

This call number spoofing made it possible for the crooks to conduct social engineering, phishing, and carry out "bank helpdesk" scams, stealing money, banking account credentials, and one-time codes.

"The services of the website allowed those who sign up and pay for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords," Europol said on Thursday.

"The users were able to impersonate an infinite number of entities (such as banks, retail companies, and government institutions) for financial gain and substantial losses to victims."

According to the announcement of the Metropolitan Police, between June 2021 and July 2022, iSpoof was used to make 10 million fraudulent calls worldwide.

Europol reports that iSpoof caused approximately $120,000,000 in losses, with the service's operators raking in estimated profits of $3,850,000 in the last 16 months.

Uncovering iSpoof

The cybercrime department of the Dutch police says it found the servers hosting iSpoof in Almere, a small town near Amsterdam, during a bank helpdesk fraud investigation.

This led to a new investigation focusing on the service, which led to the discovery of the iSpoof operator's location in London. They then informed Scotland Yard, which started its own in-depth investigation into the suspect.

Next, the police in the Netherlands placed a "tap" on the servers in Almere and gathered insight into how the service worked and who used it.

The UK police say the covert operation of tracking iSpoof closely started in June 2021, helping the law enforcement authorities map the criminal network.

Europol got involved in August 2021 to help the UK police collect evidence and intelligence from global law enforcement partners.

The owner of iSpoof was arrested on Sunday, November 6, 2022, in East London, and known iSpoof websites like "ispoof.cc" and "ispoof.me" were seized.

The administrators of the servers in Almere, two men, aged 19 and 22, were also arrested. The Dutch police underline they're now deanonymizing more service users based on evidence collected from the seized servers.

Following iSpoof's takedown, the service's users from dark web forums have been advised to "throw everything away."

The information contained in this website is for general information purposes only. The information is gathered from BleepingComputer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.