Tejay Fletcher (pictured) had many reasons to believe he was succeeding in life as he lay on his bed on the evening of November 6, watching his big flat-screen television. Slick online advertising had helped Fletcher to build a lucrative business. At just 34 years of age he had already become a multimillionaire, with a young son, and an upmarket home near the Thames. The luxury car parked on his driveway was just one of several that he owned. It did not look out of place; his neighbors included high-flying bankers who work just a few miles away in London’s Docklands district. But moments later a team of police wearing body armor crashed through Fletcher’s front door, put cuffs on his wrists and hauled him outside. Fletcher was not a drug dealer, nor did he trade in weapons, but the cops did seize 30 mobile phones from his property. He was not a fraudster per the conventional meaning of the word, despite what news journalists would later write about him. Fletcher is best described as the former chief administrator of an enterprise that charged criminals for services that helped them to impersonate banks and other organizations over the phone. He can now also be described as a prisoner, having last week been sentenced to 13 years and 4 months.
A press release from London’s Met Police succinctly explains the service provided by Fletcher’s ‘iSpoof’ business.
iSpoof enabled criminals to appear as if they were calling from banks, tax offices and other official bodies as they attempted to defraud victims who lost millions… At one stage, almost 20 people every minute of the day were being contacted by scammers hiding behind false identities using the site.
The core of the iSpoof business model would be familiar to many VoIP providers. iSpoof sold bundles of minutes for voice traffic to its subscribers, but with one key difference: the CLI would be spoofed to appear as if calls came from a legitimate enterprise. Another popular iSpoof service was designed to intercept one-time passwords (OTPs). The following screenshot is a menu of services as displayed on the iSpoof website before it was taken down.
10 million phone calls have been made globally using iSpoof, of which one-third were made in the UK. Relatively few calls led to meaningful interaction with the intended targets; just 350,000 calls had a duration which exceeded one minute. This was still sufficient to cause a lot of harm. It is estimated that victims collectively lost GBP100mn (USD125mn) at an average of GBP10,000 (USD12,500) each.
Before it was shut down by the police, iSpoof generated total revenues of GBP3mn (USD3.75mn) from its criminal clientele, which had 59,000 users at its peak. Most of the profits went to Fletcher, who pocketed around GBP1.8mn (USD2.2mn). 169 suspected users of iSpoof have been arrested in the UK and the police indicated that they would continue to hunt for other users. Met Police Commissioner Mark Rowley described the investigation of iSpoof as “the UK’s biggest ever fraud operation”.
It is good to see Britain’s police focusing resources in this manner. Using technology to detect and obstruct fraud will be ineffective if criminals remain free to try, try and try again. The sheer number of users for iSpoof, and the enormous profits they generated, means impersonation fraud will remain attractive unless criminals believe they will be caught and punished. London’s Met Police has made an extraordinary effort to publicize their response to iSpoof, not just sharing video footage of Fletcher’s arrest but even producing a slick explanatory video that was shared on Twitter. This shows they understand the importance of consciously deterring fraud, a crime which has typically received less attention than it deserves because it is not violent and it does not generate attention for newspapers or politicians. Other police forces around the world should take note and seek to emulate the high-profile takedown of iSpoof.
Or law enforcement agencies may continue to pay insufficient regard to the harm caused by comms criminals. If they do not act, then they should expect the business model created by Fletcher to be copied many times over. Fletcher treated fraudsters like they were members of a club. He used polished marketing techniques to appeal to thousands of hardened and would-be criminals via his Telegram channel. Most of his clients will have believed they can make easy money without any risk of being caught or punished. To understand the scale of the challenge and the lure of crime, please spare a minute to watch this animated video which was circulated online to advertise iSpoof.