Dozens of people around the world have been arrested after police disrupted a UK-founded website scamming victims on an industrial scale.
LabHost, a site set up in 2021, tricked as many as 70,000 UK victims, obtaining 480,000 card numbers and 64,000 PINs worldwide, the Metropolitan Police said.
It was created by a criminal network and enabled more than 2,000 users to set up phishing websites designed to steal personal information such as email addresses, passwords and bank details.
Criminal subscribers could log on and choose from existing sites or request bespoke pages replicating those of trusted brands such as banks, healthcare agencies and postal services.
The website even provided a tutorial to cater for wannabe fraudsters with limited IT knowledge, with a robotic voice saying at the end: “Stay safe and good spamming”.
Those subscribing to worldwide membership – meaning they could target victims all around the world – paid between £200 and £300 a month.
Since it began, the site has received just under £1m in payments from criminal users.
But just after it was seized and disrupted, its 800 customers got a message telling them that police knew who they were and what they were doing.
Thirty-seven people were arrested around the world, including some at Manchester and Luton airports, as well as in Essex and London.
Detectives have also contacted up to 25,000 UK-based victims to tell them their data has been compromised.
Read more:
Notorious cyber crime gang Lockbit disrupted by NCA, FBI and international coalition
FBI disrupts hacking network ‘linked to Russian intelligence’
Parents of US gun violence victims use AI to recreate their voices
Chinese hackers preparing to ‘wreak havoc’ on US, warns FBI chief
Items seized by the Metropolitan Police. Pic: Met Police
Police began investigating LabHost in June 2022 after they were tipped off by the Cyber Defence Alliance – a group of British-based banks and law enforcement agencies which share intelligence.
Dame Lynne Owens, deputy commissioner of the Metropolitan Police Service, said: “Online fraudsters think they can act with impunity. They believe they can hide behind digital identities and platforms such as LabHost and have absolute confidence these sites are impenetrable by policing.
“But this operation and others over the last year show how law enforcement worldwide can, and will, come together with one another and private sector partners to dismantle international fraud networks at source.”
Adrian Searle, director of the National Economic Crime Centre in the NCA, said: “This operation again demonstrates that UK law enforcement has the capability and intent to identify, disrupt and completely compromise criminal services that are targeting the UK on an industrial scale.”
