On Friday, news broke that the criminal mastermind behind phone spoofing website iSpoof, Tejay Fletcher, has been sentenced to 13 years in prison following a successful police investigation. Fletcher, 35, founded the notorious iSpoof.cc website which formed an integral part of scamming operations in the UK, US and around the world. The iSpoof website enabled criminals to disguise their phone numbers, usually in order to appear as though they were calling unsuspecting victims from trusted organisations including some of the worlds’ most prominent banks.
Last year, police swooped in on the iSpoof site, closing it down in one of the biggest fraud stings on record which saw over 100 scammers arrested and facing prosecution for fraud. In the wake of these arrests and the recent conviction of the mastermind behind the criminal subscription website, up to 200,000 Brits may soon be receiving communications from the police informing them that they could have been a victim of a scam conducted using the iSpoof website. Here we take a look at iSpoof, including what it was, what it did, and what to do if you think you may have been a victim of fraud.
What was iSpoof?
iSpoof was created in late 2020 by small time criminal Tejay Fletcher. The site was used by criminals looking to target their victims via phone scams by masquerading as a trusted source – in this case, large and well known banks including HSBC, Santander, Natwest, Nationwide, Lloyds, Halifax and TSB. iSpoof provided it’s users with a subscription based service, essentially allowing them to pay a monthly fee in order to disguise themselves as various services from banks. At iSpoof’s peak, the Metropolitan Police reported that the site had up to 59,000 users subscribed to use the spoofing service, and as many as 20 unsuspecting people per minute were being targeted at the height of its’ usage.
By allowing criminals to portray banks, iSpoof effectively enabled them to contact hundreds of thousands of people and request monetary transfers and/or sensitive financial or account information that granted them access to bank accounts. Victims were targeted in their droves by iSpoof users via phone and also via text message, often having their bank accounts completely emptied once they had provided access information to the scammers. The website is thought to have earned around £3.2million in cryptocurrency, with the iSpoof founder Tejay Fletcher taking a reported £2million of the overall sum.
What is a ‘spoofing’ scam?
‘Spoofing’ is terminology used in cybersecurity and cybercrime and refers to the act of masking the identity of an unknown source, usually as a known and trusted entity, with malicious intent. Usually, the intention behind spoofing is to gain access to sensitive information such as bank accounts and identity information, and/or to request payments and monetary transfers. Spoofing can be carried out in a number of ways, most commonly via phone, text message, email and other messaging services such as WhatsApp.
Who has been scammed by iSpoof?
The victims of Fletcher’s iSpoof are, unfortunately, wide ranging in demographics as the scammers using the website were indiscriminate in their targeting, often calling people en-mass every day until they were successful. We do know, however, that the majority of victims of iSpoof are based in the UK (35% of victims) and the US (40% of victims), as well as a smaller number in Australia and other areas of Europe. Whilst some victims have reported financial losses of up to £3million, the average loss as a result of being targeted by iSpoof is around £10,000.
The site was targeting up to 20 people per minute at the height of its usage, and in the year prior to being taken down in August 2022 it is reported that as many as 10million calls were made using the iSpoof technology, with 350,000 calls lasting more than one minute – an indication that they could have been successful. The 350,000 calls that lasted into a full conversation were made to around 200,000 individuals. To date, there have been around 4,800 cases of fraud enabled by iSpoof reported to Action Fraud – a drop in the ocean compared to the estimated 200,000 minimum victims.
If you received a call from someone purporting to be from your bank between December 2020 and August 2022, and experienced an account breach and financial losses shortly afterwards, then the chances are you may have been a victim of fraud enabled by iSpoof.
Can I get back my money that was lost to iSpoof scams?
Recovering your money from phone scams like iSpoof can be difficult, but is not impossible with the correct processes and/or professional help. Due to the nature of the scams and the obviously fraudulent activity involved, there are often ways to try and recover your lost money. Whilst the methodology for doing so depends largely on the circumstances of your case, a proportion of your lost funds may very well be recoverable so, whilst you may not get all of your money back, you will at least be able to recoup some of your financial losses from the scammers. The best way to get this process started is to take advice from a professional recovery solicitor with experience in dealing with cases involving fraud. If you are looking for assistance, we offer no-obligation, free of charge consultations to run through your individual case, and, having recovered millions for our clients over the last year alone, we are well-positioned to advise you of the best steps to take to recover your funds where it may be possible to do so. Contact us to book an appointment or call us on 02036959239 / 01617684798.
What will happen now with the iSpoof case?
Following the successful police investigation that resulted in the take down of the iSpoof website, police were able to trace Bitcoin records from the site and pinpoint any UK based users who had spent more than £100 on iSpoof during the time it was active. This has led to a large number of arrests with many cases still pending against alleged offenders. As things stand, it appears as though facilitator Tejay Fletcher’s arrest and conviction is just the tip of the iceberg.
