College students have turned to cyber fraud to boost their income, police said, revealing they had infiltrated a huge dark web phishing site responsible for scamming tens of thousands of people.
The site called LabHost was active from 2021 and was a cyber fraud hypermarket, allowing users to create realistic-looking websites from well-known names such as big banks, trapping victims around the world, including 70,000 in the UK.
Victims entered their sensitive details, some of which was used to steal money, but those behind the site also made money by selling details on the dark web for scammers to use.
The Metropolitan Police said the main victims were aged between 25 and 44 and spent most of their lives online.
Police believe they arrested one of the site’s main alleged masterminds this week among 37 suspects detained across the UK and abroad. The Met said arrests were made at Manchester and Luton airports, and in Essex and London.
Police in the UK are under pressure to show they are successfully tackling the explosion of cyber fraud.
The site infiltration is a relative drop in the ocean compared to the magnitude of the problem, but police hope to shatter the trust of criminals who believe they can act with impunity and plan to take down more cyber fraud sites.
Fraud and cybercrime are seen as difficult to resolve within the police amid battles for resources against other criminal priorities such as protecting children and boosting what is widely seen as inadequate protection of women.
For now, the Met is celebrating its success. In the United Kingdom, 25,000 victims have been contacted and there have been arrests of the site’s main users. However, some of those who used it will not be arrested since investigators do not know their true identity.
LabHost amassed 480,000 debit or credit card numbers, 64,000 PIN numbers and earned £1 million from 2,000 people’s membership fees alone, which was up to £300 per month per membership, to be paid in cryptocurrency. It was advertised as a “one-stop shop for phishing.”
It offered a video tutorial on how to use the site to commit crimes, similar to a video on how to use a new consumer product. The video said the software installation took five minutes and offered “customer service” if there were any problems. He ended by wishing his criminal users: “Stay safe and spam well.”
DI Oliver Richter said five years ago that a cyber fraudster would need technical skills, such as being able to code. Now the users are between 10 and 20 years old.
He said: “Many of these users are younger, at university and very likely to be pursuing perhaps perfectly legitimate careers.
“They see this, because it’s so easy to do, as anonymous.
“I think they are going into this without fully understanding the risks and possible outcomes.”
After the site was disrupted, 800 users received a message telling them that the police “know who they are and what they have been doing.”
Police did not reveal how they accessed the site’s inner workings, which occurred in June 2022.
Detective Superintendent Helen Rance, head of the Met’s cybercrime unit, said taking down the “incredibly slick” LabHost was part of an effort by the Met to target those who “industrialised” crimes such as fraud and that 17 forces were involved. around the world, as well as the private sector.
She said: “We have managed to infiltrate this service to be able to see those responsible and the scale of the operation.”