UK takes down major 'Russian Coms' caller ID spoofing platform
The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls.
Their targets included people from over 107 countries, including the United Kingdom, the United States, New Zealand, Norway, and France.
Russian Coms was established in 2021 and is believed to be behind tens of millions in financial losses to an estimated 170,000 victims across the U.K. Between 2021 and 2024, criminals used it to make over 1.3 million to 500,000 unique U.K. phone numbers, with average losses reported to Action Fraud of over £9,400.
Hundreds of criminals paid six-month contracts, ranging between £1,200 and £1,400 in cryptocurrency, to use the fraud platform's "flagship" services.
Promoted through Snapchat, Instagram, and Telegram, Russian Coms was available as a handset and later as a web app that could provide customers with encrypted calls, web phone, no logs, instant handset wipes, voice changing services, international calls, and 24/7 support.
NCA took down Russian Coms in March and arrested three men in Newham, London, after months of intelligence gathering and investigative work. Two of the apprehended suspects are believed to be the platform's developers and administrators.
The NCA said on Thursday that "the platform allowed criminals to hide their identity by appearing to call from pre-selected numbers, most commonly of financial institutions, telecommunications companies, and law enforcement agencies."
"This enabled them to gain the trust of victims before stealing their money and personal details," it added.
"Three individuals have been arrested by the NCA, two of whom are believed to have been involved in the creation and development of the platform. They have been released on conditional bail."
Today, the NCA can reveal that they have shut down a platform used by hundreds of criminals to defraud victims across the world. FULL STORY https://t.co/XMtmrnhi3Q pic.twitter.com/toStq5jpRC
— National Crime Agency (NCA) (@NCA_UK) August 1, 2024
Scammers used Russian Coms to spoof bank phone numbers, which allowed them to gain their targets' trust. They then claimed that the victim's account had been involved in fraudulent activity and persuaded the victims to transfer their money to a different account to protect their savings.
They accessed the victims' funds by impersonating legitimate companies and stealing funds for undelivered goods, gaining complete access to the bank accounts, or arranging for the collection of physical debit and credit cards from victims by pretending that replacements were needed.
Law enforcement authorities in the U.K. and partners worldwide, supported by Europol, will also take action over the coming months against those who used Russian Coms to make fraudulent calls.
NCA also added a message to Russian Coms' Telegram channel after seizing it in March, saying "The Police Will Be Seeing You Soon."
"The NCA and our partners here in the UK and overseas are going after both the criminals and the technology they exploit," said Adrian Searle, NCA's Director of the National Economic Crime Centre.
"Whilst this use of technology, which can be called 'crime as a service,' promises anonymity, unbeknown to the criminal users, the services also store the users' data, so we can identify who they are and how they operate."
This action was part of a law enforcement action known as "Operation Henhouse," which cracked down on fraud across England, Scotland, Wales, and Northern Ireland and led to 290 arrests.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024