Dozens of people around the world have been arrested after police disrupted a UK-founded website that was defrauding victims on an industrial scale.
LabHost, a site created in 2021, duped up to 70,000 British victims, obtaining 480,000 card numbers and 64,000 PINs worldwide, the Metropolitan Police said.
It was created by a criminal network and allowed more than 2,000 users to create phishing websites designed to steal personal information such as email addresses, passwords and banking details.
Criminal subscribers could log in and choose from existing sites or request bespoke pages replicating those of trusted brands such as banks, health agencies and postal services.
The website even has a tutorial aimed at budding scammers with limited computer knowledge, with a robotic voice saying at the end: “Stay safe and happy spam.”
Those who sign up for a global membership – meaning they can target victims anywhere in the world – pay between £200 and £300 a month.
Since its inception, the site has received just under £1 million in payments from criminal users.
But just after it was seized and disrupted, its 800 customers received a message telling them the police knew who they were and what they were doing.
Thirty-seven people were arrested worldwide, including some at Manchester and Luton airports, as well as in Essex and London.
Detectives also contacted up to 25,000 UK-based victims to tell them their data had been compromised.
Learn more:
Notorious Lockbit cybercrime gang dismantled by NCA, FBI and international coalition
FBI disrupts hacking network ‘linked to Russian intelligence’
Parents of US gun violence victims use AI to recreate their voices
Chinese hackers prepare to ‘wreak havoc’ in US, FBI chief warns
Police began investigating LabHost in June 2022 after being tipped off by the Cyber Defense Alliance, a group of UK-based banks and law enforcement agencies that share intelligence.
Dame Lynne Owens, Assistant Commissioner of the Metropolitan Police Service, said: “Online fraudsters believe they can act with impunity. They believe they can hide behind digital identities and platforms like LabHost and are absolutely certain that these sites are impenetrable by the police.
“But this operation and others over the past year show how law enforcement around the world can, and will, join together and with private sector partners to dismantle networks at the source. international fraud.”
Adrian Searle, director of the NCA’s National Economic Crime Centre, said: “This operation demonstrates once again that UK law enforcement has the capacity and intent to identify, disrupt and completely compromise criminal services that target the UK on an industrial scale. »
Dozens of people around the world have been arrested after police disrupted a UK-founded website that was defrauding victims on an industrial scale.
LabHost, a site created in 2021, duped up to 70,000 British victims, obtaining 480,000 card numbers and 64,000 PINs worldwide, the Metropolitan Police said.
It was created by a criminal network and allowed more than 2,000 users to create phishing websites designed to steal personal information such as email addresses, passwords and banking details.
Criminal subscribers could log in and choose from existing sites or request bespoke pages replicating those of trusted brands such as banks, health agencies and postal services.
The website even has a tutorial aimed at budding scammers with limited computer knowledge, with a robotic voice saying at the end: “Stay safe and happy spam.”
Those who sign up for a global membership – meaning they can target victims anywhere in the world – pay between £200 and £300 a month.
Since its inception, the site has received just under £1 million in payments from criminal users.
But just after it was seized and disrupted, its 800 customers received a message telling them the police knew who they were and what they were doing.
Thirty-seven people were arrested worldwide, including some at Manchester and Luton airports, as well as in Essex and London.
Detectives also contacted up to 25,000 UK-based victims to tell them their data had been compromised.
Learn more:
Notorious Lockbit cybercrime gang dismantled by NCA, FBI and international coalition
FBI disrupts hacking network ‘linked to Russian intelligence’
Parents of US gun violence victims use AI to recreate their voices
Chinese hackers prepare to ‘wreak havoc’ in US, FBI chief warns
Police began investigating LabHost in June 2022 after being tipped off by the Cyber Defense Alliance, a group of UK-based banks and law enforcement agencies that share intelligence.
Dame Lynne Owens, Assistant Commissioner of the Metropolitan Police Service, said: “Online fraudsters believe they can act with impunity. They believe they can hide behind digital identities and platforms like LabHost and are absolutely certain that these sites are impenetrable by the police.
“But this operation and others over the past year show how law enforcement around the world can, and will, join together and with private sector partners to dismantle networks at the source. international fraud.”
Adrian Searle, director of the NCA’s National Economic Crime Centre, said: “This operation demonstrates once again that UK law enforcement has the capacity and intent to identify, disrupt and completely compromise criminal services that target the UK on an industrial scale. »