In the U.K. alone, victims lost the equivalent of more than $52 million, with projected global losses exceeding $124 million. According to Eurojust, iSpoof itself generated over four million dollars in just 16 months.
Most of the four million dollars went to Tejay Fletcher, the website administrator and mastermind of the scheme, according to the Metropolitan Police. Fletcher, 35, from Western Gateway, London, was apprehended in November.
"Fraud can have a devastating impact on victims, so tackling it is a priority for the NCA and our policing partners," said National Crime Agency Deputy Director Paul Foster, Head of the National Cyber Crime Unit. "Key to our response is targeting the online platforms that supply offenders with the tools and services they use to commit cyber-enabled fraud."
An international operation took down the website in November 2022 and resulted in the worldwide arrest of 142 administrators and fraudsters who paid to use the site for making spoofed telephone calls, sending recorded messages, and intercepting one-time passwords. They often impersonated representatives from banks such as Barclays, Santander, HSBC, Lloyds, and Halifax, pretending to warn victims of suspicious activity on their accounts to obtain their security data.
Between August 2021 and August 2022, nearly 10 million fraudulent calls were made globally via iSpoof.
"At the time of closure, the website had 59,000 registered users," Eurojust stated.
Eurojust initiated an investigation into iSpoof in October 2021 at the request of U.K. authorities.
Law enforcement from ten countries, including EU member states, participated in the probe, facilitated by Eurojust.