2022 iSpoof fraud investigation

ispoof.cc was a website used by many people to make unauthorised phone calls while displaying a caller ID falsely indicating that they were legitimate callers. In 2021 and 2022 it was part of an investigation by numerous law enforcement agencies into frauds enabled by this caller ID spoofing. It was shut down in November 2022 as the result of Operation Elaborate, a multi-agency investigation led by the Metropolitan Police and supported by Netherlands Police, Europol and Eurojust. As of 2022, it is the largest fraud investigation that has ever taken place in the United Kingdom.

The investigation began in June 2021, targeting a suspected organised crime group.

Method of fraud
The website allowed criminal callers to make phone calls displaying caller IDs of legitimate bodies such as banks, which enabled them to defraud victims by tricking them into transferring money, or providing information such as banking passwords which made transfers possible.

History of fraud
Those behind the site are believed by police to have earned almost £3,200,000 in a 20-month period. Globally, 142 people were arrested. Police focussed first on UK users and those who had transferred at least £100 worth of bitcoin on the site, as the total number of potential suspects, 59,000, was too great to deal with at the same time. Between August 2021 and August 2022 approximately 10 million fraudulent calls were made via the website, 3.5 million of them in the UK. At least 4,785 victims reported the crime to Action Fraud, with the highest loss to an individual of £3,000,000. In the UK, 70,000 individual phone numbers are known to have been targeted, and the Metropolitan Police estimate that there had been 200,000 victims in the UK by November 2022; the average loss of victims identified by Action Fraud was £10,000. UK authorities estimated at the time that the worldwide loss to victims exceeded £100 million.

Netherlands
Netherlands Police came across iSpoof in an ongoing spoofing investigation. They discovered that the spoofing service was hosted on servers in The Netherlands. This resulted in a new investigation, completely focused on the service itself. Deconflicting with international partners turned out to be the start of a close collaboration with London's Metropolitan Service which had their sights on the administrator residing in London. By means of a wiretap in Almere, the Netherlands Police gathered all calls made using the spoofing service. This resulted in insight into the users and how they work. Several forensic images of the server were taken over time and the databases were analyzed. Since then, several suspects have been identified and arrested in the Netherlands. The Dutch information about the criminal users has been shared with other countries making further investigations possible.

Republic of Ireland
Six people were arrested in Ireland in 2022 as part of the investigation. Seventeen locations across County Louth, County Meath and Dublin were searched, and 132 electronic devices seized. The Garda Síochána also identified 64 suspicious bank accounts. Detective Inspector Mel Smyth said that, while the exact amount lost in the Republic of Ireland was not known, it did run into the millions. He also said that more searches and arrests would be carried out as the investigation unfolded.

Ukraine
The Department of Cyber Police of the National Police of Ukraine were involved in the seizure of the website and server.

United Kingdom
The investigation was led by London's Metropolitan Police, and assisted by multiple other agencies, including the City of London Police and the National Fraud Intelligence Bureau (known publicly as 'Action Fraud'). In the UK, as of 25 November 2022, 120 arrests had been made; with 103 in London and 17 outside London. The site administrator, 34-year-old Tejay Fletcher, was arrested in East London on 6 November 2022; on 20 April 2023 he pleaded guilty to multiple charges. He was sentenced to 13 years and four months in prison at Southwark Crown Court on 19 May 2023.

United States
Authorities from Ukraine and the USA seized the website and server, taking it offline on 8 November. The Federal Bureau of Investigation (Pittsburgh), United States Secret Service (Pittsburgh), and United States Attorney (Western Pennsylvania) were involved.

Other agencies
Agencies also involved are:
 * Australia: Australian Federal Police (several suspects identified in Australia)
 * Canada: Royal Canadian Mounted Police (Federal Policing Cybercrime Investigation Team Toronto)
 * European Union: Europol and Eurojust
 * France: 'Cyber Criminality Unit' of Paris, and the Gendarmerie National (several suspects identified in France)
 * Germany: Bundeskriminalamt
 * Lithuania: Lithuanian Criminal Police Bureau
 * Belgium : Federal Computer Crime Unit