Scotland Yard said its officers have led a major operation to take down an international "one-stop spoofing shop" in the UK's biggest-ever banking fraud operation worth millions of pounds and resulting in 120 arrests.
According to the Metropolitan Police, more than 200,000 potential victims in the UK alone were directly targeted through the fraud website iSpoof.
At one stage, almost 20 people every minute of the day were being contacted by scammers hiding behind false identities using the site and posing as representatives of leading banks such as Barclays, Santander, and HSBC.
Losses reported to Action Fraud in the UK as a result of the spoof calls and texts via iSpoof is estimated at around GBP 48 million but as the frauds are vastly under-reported, the full amount is believed to be much higher.
"By taking down iSpoof we have prevented further offences and stopped fraudsters targeting future victims," said Detective Superintendent Helen Rance, who leads on cybercrime for the Met Police.
"Our message to criminals who have used this website is we have your details and are working hard to locate you, regardless of where you are," she said.
Over the course of this week, around 70,000 UK phone numbers targeted by criminals will be alerted by the Met Police via text message and asked to contact the force.
Scotland Yard's Cyber Crime Unit worked with international law enforcement, including authorities in the US and Ukraine, to dismantle the iSpoof website this week. It enabled criminals to appear as if they were calling from banks, tax offices, and other official bodies as they attempted to defraud victims.
"The exploitation of technology by organised criminals is one of the greatest challenges for law enforcement in the 21st century," said Met Police Commissioner Sir Mark Rowley.
"Together with the support of partners across UK policing and internationally, we are reinventing the way fraud is investigated. The Met is targeting the criminals at the centre of these illicit webs that cause misery for thousands. By taking away the tools and systems that have enabled fraudsters to cheat innocent people at scale, this operation shows how we are determined to target corrupt individuals intent on exploiting often vulnerable victims," he said.
The Met's Cyber and Economic Crime Units co-coordinated the operation with Europol, Eurojust, the Dutch authorities and the FBI. In the UK, the vast majority of the arrests are on suspicion of fraud.
iSpoof allowed users, who paid for the service in Bitcoin, to disguise their phone numbers so it appeared they were calling from a trusted source.
This process is known as "spoofing". Criminals attempt to trick people into handing over money or providing sensitive information, such as one-time passcodes to bank accounts.
The average loss from those who reported being targeted is believed to be GBP 10,000.
The Met's Cyber Crime Unit began investigating iSpoof in June 2021 under the name of Operation Elaborate.
Investigators infiltrated the site and began gathering information alongside international partners.
The website server contained a "treasure trove" of information in 70 million rows of data, including Bitcoin records.
Because the pool of 59,000 potential suspects is so large, investigators are focusing first on UK users and those who have spent at least GBP 100 of Bitcoin to use the site.
A wave of UK arrests followed with details of other suspects passed onto law enforcement partners in the Netherlands, Australia, France, and Ireland.
Earlier this month the suspected organiser of the website was arrested in east London and has been charged with a range of offences and remanded in custody.