The website allowed those who sign up and pay for its services to anonymously make spoofed telephone calls, send recorded messages and intercept one-time passwords. Users could impersonate an infinite number of entities (such as banks, retail companies and government institutions) for financial gain, leading to substantial losses for victims of scams.
The investigation showed that iSpoof earned over EUR 3.7 million in 16 months. According to UK authorities, losses to victims currently stand at GBP 43 million (EUR 49 million) in the UK alone, with estimated worldwide losses of over GBP 100 million (EUR 115 million).
From August 2021 to August 2022, around 10 million fraudulent calls were made globally via iSpoof. At the point of closure, the website had 59,000 registered users.
In an international coordinated action led by the UK and supported by Eurojust and Europol, 142 users and administrators were arrested across the world. The website was taken offline and servers were seized by US and Ukrainian authorities on 8 November 2022.
The main administrator of the website was arrested two days before, on 6 November. He is believed to have received between GBP 1.7 million and GBP 1.9 million (over EUR 2 million) in profits from running iSpoof. On 18 May 2023, he was sentenced to 13 years and 4 months of imprisonment at Southwark Crown Court in London.
The case was opened at Eurojust in October 2021 at the request of UK authorities. National authorities from 10 countries, including European Union Member States and third countries, supported the investigation. The Agency played a key role in facilitating judicial cross-border cooperation between all parties involved. Two coordination meetings were hosted by Eurojust to coordinate the national investigations and prepare for the action.
Europol’s European Cybercrime Centre (EC3) provided continuous intelligence development to national investigators through the Joint Cybercrime Action Taskforce (J-CAT). In the framework of its analytical work, Europol was able to identify additional users of the iSpoof service, a number of whom were already known for their involvement in other high-profile cybercrime investigations at the European level.