Police bust global cyber gang accused of industrial-scale fraud (2024)

  • Published

Police bust global cyber gang accused of industrial-scale fraud (1)

By Tom Symonds

Home Affairs correspondent

Police have taken down a gang accused of using a technology service that helped criminals use fraudulent text messages to steal from victims.

They have arrested 37 people worldwide and are contacting victims.

Officers say younger people who grew up with the internet were the most likely to fall for the "phishing" scam.

The technology allowed scammers without technical skills to bombard victims with messages designed to trick them into making payments online.

Police targeted the gang's site, LabHost, which helped criminals send the messages and direct victims to fake websites appearing to be legitimate online payment or shopping services.

It had enabled the criminals to steal identity information, including 480,000 card numbers and 64,000 Pin codes, known in criminal slang as "fullz data", the police said.

Detectives do not know how much money was stolen but estimate the LabHost site made nearly £1m ($1.25m) in profits.

  • Banks warn of big increase in online scams

  • Warning UK losing £2,300 per minute to fraud

Metropolitan Police Deputy Commissioner Dame Lynne Owens said: "You are more likely to be a victim of fraud than any other crime.

"Our approach is to be more precise and targeted, with a clear focus on those enabling online fraud to be carried out on an international scale."

National Economic Crime Centre director Adrian Searle said: "Technology is enabling crime to be delivered at scale in an almost industrial fashion."

And LabHost had given criminals without technical skills the opportunity to "buy them off the shelf online and use them against victims in the UK and elsewhere".

The arrests were the result of a two-year operation involving the Metropolitan Police, National Crime Agency, City of London Police and law-enforcement bodies in 17 countries.

In the UK, 24 suspects were taken into custody, with arrests at Luton and Manchester airports.

Worldwide, 70 properties were searched and one British man charged.

Text messages

In the UK, 70,000 victims are believed to have been tricked into giving their details online.

About 25,000, who have been identified, will be sent text messages warning them which fake online payment services and shopping sites could have taken their money.

They will be advised to go to a Metropolitan Police website for advice.

Their cases have been reported to fraud investigators.

And officers say their personal details found in a dump of data, obtained from LabHost, have been "secured".

Personalised videos

Investigators also seized the email addresses of 800 criminals paying up to £300 a month to use the LabHost service.

And they will be sent personalised videos making clear police know who they are and what they have been doing.

The strategy, which follows advice from behavioural psychologists, is designed to undermine criminal confidence in the security of scam services.

Image source, Metropolitan Police

The gang's activities were discovered in 2022 by the Cyber Defence Alliance, a small team of investigators funded by UK financial bodies to infiltrate criminal networks on the dark web.

An alliance official said: "Unless we build a network to defeat a criminal network, we are going to be overwhelmed."

This investigation is an example of a new approach involving police, the National Crime Agency and banking security experts to target criminals offering services to other criminals.

In November 2022, police took down iSpoof, another "crime as a service" operation, which allowed criminals to cold-call victims to take their money.

Tejay Fletcher, 35, who founded the service, responsible for fraud totalling £100m, was jailed for 13 years in 2023.

And in February 2024, the National Crime Agency took down LockBit, "the world's most harmful cyber-crime group", which had used ransomware attacks costing victims billions of pounds.

Have you been the victim of a phishing scam that originated from a text message? Share your experiences by emailing haveyoursay@bbc.co.uk, external.

Please include a contact number if you are willing to speak to a BBC journalist. You can also get in touch in the following ways:

If you are reading this page and can't see the form you will need to visit the mobile version of the BBC website to submit your question or comment or you can email us at HaveYourSay@bbc.co.uk, external. Please include your name, age and location with any submission.

Related Topics

  • Cyber-crime
  • City of London Police
  • Metropolitan Police Service
  • Internet fraud
  • National Crime Agency
  • Fraud
  • Dark web
Police bust global cyber gang accused of industrial-scale fraud (2024)

FAQs

Police bust global cyber gang accused of industrial-scale fraud? ›

Police have taken down a gang accused of using a technology service that helped criminals use fraudulent text messages to steal from victims. They have arrested 37 people worldwide and are contacting victims. Officers say younger people who grew up with the internet were the most likely to fall for the "phishing" scam.

What was LabHost? ›

LabHost was set up in 2021, offering a “phishing service” platform. This allowed criminal users to set up and run websites with the sole purpose of being used to steal information from users, such as card details, personal information, passwords and security questions and answers, also known as phishing.

What is the most investigated cybercrime? ›

The Federal Trade Commission's (FTC) Consumer Sentinel Network took in over 5.39 million reports in 2023, of which 48 percent were for fraud and 19 percent for identity theft.

What is the most common type of internet fraud? ›

Email phishing scams

Email-based phishing scams are among the most prevalent types of internet fraud, which continues to pose a serious threat to internet users and businesses.

How to avoid being scammed online essay? ›

8 things you can do to avoid being scammed
  1. Be suspicious. ...
  2. Don't trust unexpected contact. ...
  3. Do your research. ...
  4. Resist demands to act quickly. ...
  5. Keep your computer virus protection up to date. ...
  6. Never open attachments or click on links in emails if words or images make you feel unsure about the sender.

What is the number 1 cybercrime in USA? ›

Bulk phishing, smishing, and business e-mail compromise (BEC) are the most common types. In 2022, 85 percent of the surveyed worldwide organizations reported encountering bulk phishing attacks, while roughly three in four were targeted by smishing scams.

Who are the top 5 cyber criminals? ›

The top 5 cyber criminals include Kevin Mitnick, Adrian Lamo, Albert Gonzalez, and Jeanson James Ancheta, who have all seen jail time for their activities. Their criminal activities have resulted in significant legal consequences.

Who is the biggest cyber crime in the world? ›

Biggest Cyber Attacks in History
  • Marriott Hotel Data Breach. ...
  • WannaCry Ransomware. ...
  • Ukraine Power Grid Attack. ...
  • The 2014 Yahoo Attack. ...
  • Adobe Cyber Attack. ...
  • The PlayStation Network Attack. ...
  • Estonia Cyber Attack. ...
  • The NASA Cyber Attack.
Jan 23, 2024

What tactics do cybercriminals use to defraud people? ›

Phishing - bogus emails asking for security information and personal details. Malicious software – including ransomware through which criminals hijack files and hold them to ransom. Distributed denial of service (DDOS) attacks against websites – often accompanied by extortion.

Which of the following is not a cyber crime? ›

Online gaming is not a cybercrime.

A crime that does not involve a computer, a network and a networked device is not a cybercrime. In cybercrime, a computer may have been used to target the victim. Some examples of cybercrime are Phishing, Cyberstalking, Spoofing, Privacy breach, Data breach, identity theft, etc.

What is the most common cyber crime called? ›

Malware is the most common type of cyberattack, mostly because this term encompasses many subsets such as ransomware, trojans, spyware, viruses, worms, keyloggers, bots, cryptojacking, and any other type of malware attack that leverages software in a malicious way.

What not to say to a scammer? ›

Never give out personal information.

Even telling a scammer where you live or disclosing your email address can help them find other pieces of your identity on social media or from lists on the Dark Web.

How do I outsmart an online scammer? ›

  1. Don't click on links in an unsolicited email or text message.
  2. Don't use the phone number a potential scammer provided in an email or text message. ...
  3. Don't give out personal information such as passwords, credit card numbers, bank account numbers, dates of birth, or Social Security numbers.
Feb 28, 2023

How to convince someone they are being conned? ›

Here are some tips on how to convince a loved one that they are being scammed:
  1. Present the facts: Gather evidence and present it to your loved one in a clear and factual manner. ...
  2. Ask questions: Encourage your loved one to ask the scammer questions that only someone who is telling the truth would be able to answer.
Feb 13, 2023

What is the most commonly reported cybercrime? ›

9 Most Common Computer and Internet Cyber Crimes
  • Harassment. ...
  • Ransomware. ...
  • Prostitution. ...
  • Child Pornography & Solicitation. ...
  • Intellectual Property Theft. ...
  • Account Hacking. ...
  • Drug Trafficking. ...
  • Credit Card Fraud.

What is the #1 motive for cybercrime? ›

Many cybercriminals are primarily motivated by financial gain. They seek to steal sensitive information, such as credit card data, personal information, or login credentials, which they can sell on the black market or use for fraudulent activities. Espionage.

What is the most damaging cybercrime? ›

The Top 5 Most Dangerous Cyber Attacks of all Time
  1. The WannaCry Ransomware Attack (2017) The first attack on our list is the WannaCry ransomware attack. ...
  2. The NotPetya Virus (2017) The next attack on our list is the NotPetya virus. ...
  3. The Equifax Data Breach (2017) ...
  4. The Mirai Botnet Attack (2016) ...
  5. The Yahoo Data Breach (2014)

Which cybercrime would be the most difficult to detect? ›

Cyber criminals are using encryption as a weapon to hold the data hostage. Ransomware is hard to detect before it's too late, and ransomware techniques continue to evolve. Because of this, your institution should focus on prevention efforts.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Moshe Kshlerin

Last Updated:

Views: 5979

Rating: 4.7 / 5 (57 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Moshe Kshlerin

Birthday: 1994-01-25

Address: Suite 609 315 Lupita Unions, Ronnieburgh, MI 62697

Phone: +2424755286529

Job: District Education Designer

Hobby: Yoga, Gunsmithing, Singing, 3D printing, Nordic skating, Soapmaking, Juggling

Introduction: My name is Moshe Kshlerin, I am a gleaming, attractive, outstanding, pleasant, delightful, outstanding, famous person who loves writing and wants to share my knowledge and understanding with you.