Alleged site administrator Teejay Fletcher, 35, has been arrested and charged with making or supplying articles for use in fraud and for participating in the activities of an organised crime group
Here is the 'original' marketing video ispoof created...
ispoof was created in December 2020 and at its peak had 59,000 users, allowing them to pay for the criminal software using Bitcoin, with charges ranging from £150 to £5,000 per month
Threat actors paid a subscription to
iSpoof.cc to use technology that let them appear as though they were phoning victims from banks such as Barclays, NatWest and Halifax
Of 10 million fraudulent calls made, 40% were in the US
, 35% were in the UK
and the rest were spread across other countries
So far 120 arrests have been made in the UK alone
On Thursday and Friday, around 70,000 UK phone numbers called by criminals who used the site will be alerted by the Metropolitan Police via text message and asked to contact the force.
However, if a text message comes after that time, it will not be from the force
Dutch law enforcement managed to inject a tap onto the website's servers in the Netherlands to intercept the phone calls allowing them to record the calls and recover numbers of incoming and outgoing calls
Analysis Time
Any LE action is positive. Disruption is key to preventing fraud and scams from taking over. Although this website has scammed a huge number of people and any actors not arrested after this action will just move to another spoofing service this is good to see
I am worried about the SMS alerting, it's a great idea in concept but sending an SMS with a link is the same technique threat actors use.
Potentially an SMS alerting a victim and asking them to go to the site as opposed to adding a link might be a better technique
I can see this potentially being abused by fast thinking actors, although they only have 2 days to action their scam. However how many people will know that the police are only sending texts for 2 days?
One other highly notable part of this reporting is the Dutch polices malware implant on the websites server. This is offensive blue teaming at its best
It's great to see law enforcement taking proactive steps to enrich their investigations by hijacking websites to gather evidence to take down key players as opposed to just taking down the domain name or host
This is disruptive take downs and has multiple other places where this kind of deep action could take place. It's key moving forward to preventing fraud as opposed to playing whack-a-mole all the the with scammers
The ispoof website is now sitting on IP 66.212.148.115 which also hosts a number of with seized websites controlled and taken down by LE such as z-lib[.]org, kickass[.]to and pfizermx[.]com
I hope you learnt something from this thread
Follow me for more
#Phishing News Analysis and the Latest
#Phishing IoCs
Back to the top?
twitter.com/JCyberSec_/sta…